Blog

SafeDep Blog

Follow for the latest updates and insights on open source security & engineering.

Apr 21, 2025 · SafeDep Team
Malicious npm Package Impersonating Java SLF4J
A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.
Apr 14, 2025 · SafeDep Team
Announcing DefectDojo Integration
Introducing DefectDojo Integration allowing vet users to export scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management while using vet for identifying vulnerable and malicious open source packages.
Apr 10, 2025 · SafeDep Team
Analysis of 5000+ Malicious Open Source Packages
Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to understand the nature of malicious OSS packages and how they are distributed in the wild.
Mar 31, 2025 · SafeDep Team
🚀 Introducing GitLab CI/CD Component
Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.
Mar 28, 2025 · SafeDep Team
Agentic Workflows for Malicious Package Analysis
Experiments with agentic workflows for malicious package analysis built using Claude Desktop, Model Context Protocol (MCP) server, static code analysis and SafeDep Cloud API tools.
- npm
- malware
Mar 13, 2025 · SafeDep Team
Typosquatt alert ! Malicious npm Package: nyc-config
Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.

Newer posts Older posts