SafeDep Blog
Follow for the latest updates and insights on open source security & engineering.
· Kunal SinghCatching the Silent Threat: How Dynamic Analysis Revealed a Complex npm Attack Chain
Explore how analyzing runtime behaviors using Dynamic Analysis data helps uncover abnormal activities in open source packages. By examining network connections and unusual binary executions during package installation, we identify potential malicious actors and packages.
· SafeDep TeamIntroducing Package Manager Guard (PMG)
Introducing Package Manager Guard (PMG), a new tool to protect developers from malicious packages at the time of installation. Seamless integration with popular package managers like npm, pnpm etc.
· SafeDep TeamDynamic Malware Analysis of Open Source Packages at Scale
Exploring the idea of building a complementary system that can verify and correlate static analysis findings. Thats where dynamic analysis comes in ie. the ability to "run" an open source package in an observed environment and determine its safety status based on real behavior at runtime
· SafeDep TeamMalicious npm Package Impersonating Popular Express Cookie Parser
A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.
· SafeDep TeamMalicious npm Package Impersonating Java SLF4J
A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.
