Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Announcements Engineering Security Open Source AI SCA Compliance & SBOM Technology CI/CD

Malware

eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware

A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the...

Compliance & SBOM

SBOM and the EU Cyber Resilience Act (CRA) – What Software Vendors Need to Know

The EU Cyber Resilience Act makes SBOMs mandatory for software products sold in Europe starting December 2027, with fines up to €15 million for non-compliance. Here's what software vendors need to...

SBOM Completeness with Direct & Transitive Dependencies

Hidden transitive dependencies create security blind spots. This blog shows developers and CISOs how SafeDep vet uncovers full Maven dependency graphs, generating CycloneDX SBOMs and compliance-ready...

Introducing SafeDep Model Context Protocol (MCP) Server to Secure AI Generated Code

Introducing SafeDep Model Context Protocol (MCP) Server, a new feature in SafeDep vet to secure AI generated code and protect against slopsquatting attacks, vulnerable and malicious packages.

Previous Next

Ship Code

Not Malware

Install the SafeDep GitHub App to keep malicious packages out of your repos.

Install GitHub App