Yesterday at noon BST a new github issue was opened in the popular eslint repository on github. Someone had highjacked this package and published a version that attempts to download malicious javascript code from pastebin and then collects and sends out the user's npmrc token (a token used to authenticate with a remote repository) to the perpetrator.

In IT it is especially easy to get caught up in the How of just about any facet of our work. It all seems so mechanical, just tell me what tools to use and how you want it architected and we can go bang out a solution, it's what we do. DevOps and DevSecOps have been no different as we tend to focus on the CI/CD pipelines and which tools to integrate into it. Hopefully this article will ground us in what DevOps is when we pull back the curtain and why that matters.

Last Monday, the open source developer community woke up to news that GitHub was being acquired by Microsoft for an incredible $7.5 billion. For many, there was an emotional response to the announcement. And, understandably so. GitHub is not just a place to put code, but it’s a venue for collaboration, expression and discovery. No one wants that to change, and with Microsoft’s involvement, I don’t think it will. It’s only going to get stronger.