Supply chain security
Attackers exploit the trust placed in shared code infrastructure, from invisible Unicode payloads in npm packages to self-propagating credential stealers, while defenses range from commit signing to agentic vulnerability scanning.
5 sources · Jul 9, 2026
Compiled by Claude · How this works →
Systems · 41 neighbors
Supply chain attacks target the distribution layer of software rather than applications directly. Two recent npm incidents illustrate how varied the techniques can be. Invisible Unicode variation-selector characters were used to encode malicious payloads in 151 packages, hiding them from code review and static analysis while remaining executable at runtime. Separately, the TeamPCP actor compromised four SAP-ecosystem npm packages with a self-propagating payload that harvested cloud secrets and browser passwords, exfiltrated them via GitHub, and used Claude Code and VS Code configuration files as persistence vectors.
Authentication hygiene is a baseline defense. SSH key-based authentication and commit signing reduce reliance on tokens that can be stolen from environment variables or config files, which is exactly the credential surface the SAP-related attack exploited.
On the detection side, Anthropic’s defending-code-reference-harness demonstrates an agentic pipeline using Claude for autonomous vulnerability discovery, triage, and patching, with gVisor sandboxing to contain the agent itself. A complementary infrastructure angle comes from a developer wishlist for a reimagined code forge, which calls for signed, offline-usable Actions and stronger CI controls to reduce trust placed in third-party runners and remote scripts.
The through-line across these sources is that supply chain risk lives wherever one project silently depends on another: package registries, CI runners, editor configuration, and version control tooling are all attack surface.