How Developers Are Fighting Supply Chain Attacks in 2026 episode artwork

EPISODE · Jun 3, 2026 · 8 MIN

How Developers Are Fighting Supply Chain Attacks in 2026

from The Programming Languages Podcast with Fexingo: Python, Rust, JavaScript, and Modern Coding · host Fexingo

Software supply chain attacks hit a new record in Q1 2026, with the number of malicious packages discovered on public registries up 80 percent year-over-year. Lucas and Luna break down how a single compromised npm package called 'event-stream' in 2018 foreshadowed today's crisis, and examine the new defenses developers are adopting: signature-based attestation from the Sigstore project, dependency pinning with verified lockfiles, and runtime monitoring tools like OpenGuard. They drill into the specific case of the 'user-agent-parse' attack in February 2026, where a typosquatted package exfiltrated AWS credentials from 2000 CI pipelines before being caught. The episode concludes with a practical checklist any team can implement this week to reduce their exposure, including why 'just audit your dependencies' is no longer enough. No abstract warnings: concrete tools, real CVEs, and a realistic threat model for a mid-sized engineering team in mid-2026. #SupplyChainSecurity #SoftwareSecurity #npm #Sigstore #OpenGuard #Typosquatting #DevOps #CyberSecurity #JavaScript #PythonPackaging #CI/CD #PackageManagement #DependencyHell #Technology #FexingoBusiness #BusinessPodcast #DeveloperTools #OpenSourceSecurity Keep every episode free: buymeacoffee.com/fexingo

Software supply chain attacks hit a new record in Q1 2026, with the number of malicious packages discovered on public registries up 80 percent year-over-year. Lucas and Luna break down how a single compromised npm package called 'event-stream' in 2018 foreshadowed today's crisis, and examine the new defenses developers are adopting: signature-based attestation from the Sigstore project, dependency pinning with verified lockfiles, and runtime monitoring tools like OpenGuard. They drill into the specific case of the 'user-agent-parse' attack in February 2026, where a typosquatted package exfiltrated AWS credentials from 2000 CI pipelines before being caught. The episode concludes with a practical checklist any team can implement this week to reduce their exposure, including why 'just audit your dependencies' is no longer enough. No abstract warnings: concrete tools, real CVEs, and a realistic threat model for a mid-sized engineering team in mid-2026. #SupplyChainSecurity #SoftwareSecurity #npm #Sigstore #OpenGuard #Typosquatting #DevOps #CyberSecurity #JavaScript #PythonPackaging #CI/CD #PackageManagement #DependencyHell #Technology #FexingoBusiness #BusinessPodcast #DeveloperTools #OpenSourceSecurity Keep every episode free: buymeacoffee.com/fexingo

NOW PLAYING

How Developers Are Fighting Supply Chain Attacks in 2026

0:00 8:30

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The Programming Languages Podcast with Fexingo: Python, Rust, JavaScript, and Modern Coding?

This episode is 8 minutes long.

When was this The Programming Languages Podcast with Fexingo: Python, Rust, JavaScript, and Modern Coding episode published?

This episode was published on June 3, 2026.

What is this episode about?

Software supply chain attacks hit a new record in Q1 2026, with the number of malicious packages discovered on public registries up 80 percent year-over-year. Lucas and Luna break down how a single compromised npm package called 'event-stream' in...

Can I download this The Programming Languages Podcast with Fexingo: Python, Rust, JavaScript, and Modern Coding episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!