Follow for the latest updates and insights on open source security & engineering.
Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to understand the nature of malicious OSS packages and how they are distributed in the wild.
Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.
Experiments with agentic workflows for malicious package analysis built using Claude Desktop, Model Context Protocol (MCP) server, static code analysis and SafeDep Cloud API tools.
Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.
Introducing vetpkg.dev - Built using SafeDep API to provide an easy to use visibility of open source component security information.
SafeDep Code Analysis framework augments vet, our free and open source tool with code context.
Secure your projects