Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Security Announcements AI Engineering Technology Open Source SCA Compliance & SBOM CI/CD

Malware

Malicious npm Packages Backdoor Claude Code Sessions

Five typosquatting npm packages ship a hidden ELF binary that fires on install and re-runs via Claude Code's SessionStart hook on every developer session. C2 is 207.90.194.2:443.

Malware

Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages

Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of...

Security

Cache Poisoning Through pull_request_target: The TanStack Incident

A GitHub user opened a PR against TanStack Router from a fork, poisoned the shared pnpm cache through a pull_request_target workflow, then force-pushed the branch clean. When the release pipeline...

Endpoint Protection for Developer Machines

PMG blocks malicious package installs before post-install scripts run. Sync with SafeDep Cloud for fleet-wide visibility across your team's endpoints and CI runners.

Previous Next

Ship Code.

Not Malware.

Start free with open source tools on your machine. Scale to a unified platform for your organization.

Star on GitHub Book a Demo