· SafeDep Team
Typosquatt alert ! Malicious npm Package: nyc-config
Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.
SafeDep Blog
Follow for the latest updates and insights on open source security & engineering.
· SafeDep TeamIntroducing vetpkg.dev - Open Source Component Security Dashboard
Introducing vetpkg.dev - Built using SafeDep API to provide an easy to use visibility of open source component security information.
· SafeDep TeamEliminating SCA Noise using Dependency Usage Evidence
SafeDep Code Analysis framework augments vet, our free and open source tool with code context.
· SafeDep TeamWhat is Next Generation Software Composition Analysis?
Software Composition Analysis has been there for a while. But the problems associated with open source vulnerabilities persist. Next-gen SCA is the promised solution. What is it and how does it work?
· SafeDep TeamMalicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
· SafeDep Teamnpm - The Playground for Malicious Packages
Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.
