Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Security Announcements AI Engineering Technology Open Source SCA Compliance & SBOM CI/CD

Agentic Workflows for Malicious Package Analysis

Experiments with agentic workflows for malicious package analysis built using Claude Desktop, Model Context Protocol (MCP) server, static code analysis and SafeDep Cloud API tools.

Announcements

Introducing vetpkg.dev - Open Source Component Security Dashboard

Introducing vetpkg.dev - Built using SafeDep API to provide an easy to use visibility of open source component security information.

Malware

Typosquatt alert ! Malicious npm Package: nyc-config

Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.

Announcements

Eliminating SCA Noise using Dependency Usage Evidence

SafeDep Code Analysis framework augments vet, our free and open source tool with code context.

Previous Next

Ship Code.

Not Malware.

Start free with open source tools on your machine. Scale to a unified platform for your organization.

Star on GitHub Book a Demo