Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Announcements Engineering Security Open Source AI SCA Compliance & SBOM Technology CI/CD

Engineering

Analysis of 5000+ Malicious Open Source Packages

Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to...

Agentic Workflows for Malicious Package Analysis

Experiments with agentic workflows for malicious package analysis built using Claude Desktop, Model Context Protocol (MCP) server, static code analysis and SafeDep Cloud API tools.

🚀 Introducing GitLab CI/CD Component

Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.

Malware

Typosquatt alert ! Malicious npm Package: nyc-config

Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.

Previous Next

Ship Code

Not Malware

Install the SafeDep GitHub App to keep malicious packages out of your repos.

Install GitHub App