https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Fri, 12 Jun 2026 00:00:00 GMT https://www.youngju.dev/blog/devops/2026-06-12-npm-supply-chain-attack-defense.en https://www.youngju.dev/blog/devops/2026-06-12-npm-supply-chain-attack-defense.en Triggered by the June 2026 incident in which even official Red Hat Cloud Services npm packages were exposed to malicious code, this post dissects the types of npm supply chain attacks and lays out the defense stack organizations need, from lockfile integrity and provenance signing to internal registries and CI network isolation. Ready-to-apply .npmrc and GitHub Actions examples are included. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) npmsupply-chainsecuritydevopssigstoreci https://www.youngju.dev/blog/devops/2026-06-12-npm-supply-chain-attack-defense.ja https://www.youngju.dev/blog/devops/2026-06-12-npm-supply-chain-attack-defense.ja 2026年6月、Red Hat Cloud Servicesの公式npmパッケージまでもが悪意あるコードに晒された事件を契機に、npmサプライチェーン攻撃の類型を解剖し、lockfileの完全性、provenance署名、社内レジストリ、CIネットワーク隔離まで、組織が備えるべき防御スタックを整理します。すぐに適用できる.npmrcとGitHub Actionsの設定例も提供します。 Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) npmsupply-chainsecuritydevopssigstoreci https://www.youngju.dev/blog/devops/2026-06-12-npm-supply-chain-attack-defense https://www.youngju.dev/blog/devops/2026-06-12-npm-supply-chain-attack-defense 2026년 6월 Red Hat Cloud Services 공식 npm 패키지까지 악성 코드에 노출된 사건을 계기로, npm 공급망 공격의 유형을 해부하고 lockfile 무결성, provenance 서명, 사내 레지스트리, CI 네트워크 격리까지 조직이 갖춰야 할 방어 스택을 정리합니다. 바로 적용할 수 있는 .npmrc와 GitHub Actions 설정 예제를 함께 제공합니다. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) npmsupply-chainsecuritydevopssigstoreci https://www.youngju.dev/blog/devops/2026-06-12-property-based-testing-practical.en https://www.youngju.dev/blog/devops/2026-06-12-property-based-testing-practical.en A practice-first guide to property-based testing (PBT), which catches the bugs that example-based tests miss. Covers the core concepts of properties, generators, and shrinking, a pattern catalog for discovering properties, working examples in Python Hypothesis, Java jqwik, and JS fast-check, state machine testing, CI integration, and the synergy with verifying AI-written code. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) testingproperty-based-testinghypothesisjqwikfast-checkciquality https://www.youngju.dev/blog/devops/2026-06-12-property-based-testing-practical.ja https://www.youngju.dev/blog/devops/2026-06-12-property-based-testing-practical.ja 例示ベースのテストが見逃すバグを捕まえるプロパティベーステスト(PBT)を実践中心に整理します。プロパティ/ジェネレーター/シュリンキングの核心概念、プロパティ発見のパターンカタログ、Python HypothesisとJava jqwikとJS fast-checkの動作例、ステートマシンテスト、CI統合、AIが書いたコードの検証とのシナジーまで扱います。 Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) testingproperty-based-testinghypothesisjqwikfast-checkciquality https://www.youngju.dev/blog/devops/2026-06-12-property-based-testing-practical https://www.youngju.dev/blog/devops/2026-06-12-property-based-testing-practical 예제 기반 테스트가 놓치는 버그를 잡는 속성 기반 테스트(PBT)를 실전 중심으로 정리합니다. 속성/제너레이터/슈링킹 핵심 개념, 속성 발견 패턴 카탈로그, Python Hypothesis와 Java jqwik과 JS fast-check 동작 예제, 상태 머신 테스트, CI 통합, AI가 작성한 코드 검증과의 시너지까지 다룹니다. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) testingproperty-based-testinghypothesisjqwikfast-checkciquality