Skip Navigation

Platform
- - Platform overview Automate your software supply chain security
  - Integrations Work in the tools, languages, and packages you already use
Solutions
- - Integrated Innovation Align dev, security, and ops teams to fuel secure deployment
- By Industry
Pricing
Resources
- - Resource Center Articles, videos, and reports that help transform the way you innovate.
Partners
- - Become a Partner Join our extensive Sonatype Partner Network
  - Find a Partner Find and connect with a certified Sonatype partner
Company

Book a Demo

Resources Whitepapers JavaScript: Thou Shall Not Depend On Me

WHITEPAPER

JavaScript: Thou Shall Not Depend On Me

If not properly maintained, JavaScript dependencies can create attack vectors allowing a site to be compromised.

Read the Report

Thou-Shall-not-depend-on-me

Read this research study and learn:

How pervasive are client side javascript libraries and what are the resulting security implications?
What can be done to underline the need for more thorough approaches to dependency management, code maintenance, and third-party code inclusion?
Are existing remediation strategies effective or widely used?

Related Resources

See All Vulnerabilities Resources

Blog Post

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

Read More

Blog Post

npm flooded with 748 packages that store movies

Read More

Blog Post

Fake 'distube-config' npm package drops Windows info-stealing malware

Read More

Platform

Solutions

Community

Partners

Company
- Careers
- Contact
- About
- Newsroom
- Trust Center
- Investors
- Press Kit

Subscribe for all the latest software security news and events

Terms of Service
Privacy Policy
Modern Slavery Statement
Event Terms and Conditions
Do Not Sell My Personal Information

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.