Follow for the latest updates and insights on
open source security & engineering.
Explore how analyzing runtime behaviors using Dynamic Analysis data helps uncover abnormal activities in open source packages. By examining network connections and unusual binary executions during...
Exploring the idea of building a complementary system that can verify and correlate static analysis findings. Thats where dynamic analysis comes in ie. the ability to "run" an open source package in...
Introducing Package Manager Guard (PMG), a new tool to protect developers from malicious packages at the time of installation. Seamless integration with popular package managers like npm, pnpm etc.
A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.
Install the SafeDep GitHub App to keep malicious packages out of your repos.
Install GitHub App