# npm
3 articlestagged with “npm”
Agent Supply Chain Attacks
Compromising AI agents through poisoned packages, backdoored MCP servers, malicious model registries, and weaponized agent frameworks -- including the Postmark MCP breach and NullBulge campaigns.
agentssupply-chainmcpnpmpoisoningsbomdependencies
MCP Supply Chain Security: Defending Against Backdoored MCP Packages
A defense-focused guide to securing the MCP package supply chain -- analyzing the Postmark MCP breach, understanding how malicious MCP servers are distributed, and implementing package verification, dependency scanning, and policy enforcement.
mcpsupply-chaindefensepackage-securitynpmpostmark-breach
Dependency Scanning for AI/ML
Defense-focused guide to scanning AI/ML dependencies for vulnerabilities, covering AI-specific dependency risks, malicious package detection, automated scanning pipelines, and policy enforcement for ML toolchains.
supply-chaindependenciesscanningpipnpmvulnerabilitysnyktrivydefense