Blog

Follow for the latest updates and insights on
open source security & engineering.

Latest From SafeDep

Announcements

Contributing to SafeDep Open Source Projects during Hacktoberfest 2025

Learn how to contribute to SafeDep open source projects during Hacktoberfest 2025 and help secure the open source software supply chain.

Malware Announcements Engineering Security Open Source AI SCA Compliance & SBOM Technology CI/CD

Ship Code. Not Malware. SafeDep Launches GitHub App for Malicious Package Protection

SafeDep launches a GitHub App for zero-configuration protection against malicious open source packages. Instantly scan pull requests and keep your code repositories safe from supply chain attacks.

Diff-based SCA with AI is Broken — Real Examples from Pipfile.lock, yarn.lock, and Cargo.lock

Diff-based Software Composition Analysis (SCA) scanners in pull requests are prone to blind spots. By relying only on git diff data, they miss package context, suffer from nondeterministic...

Shai-Hulud Supply Chain Attack Incident Response

The Shai-Hulud supply chain attack is a major incident targeting developers through malicious packages in the npm ecosystem. This post outlines the incident response steps that can be taken to...

Malware

npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More

npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will analyze the attack and its impact on the npm...

Ship Code

Not Malware

Install the SafeDep GitHub App to keep malicious packages out of your repos.

Install GitHub App