Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Announcements Engineering Security AI Open Source Technology SCA Compliance & SBOM CI/CD

Malware

Malicious npm Package Impersonating Popular Express Cookie Parser

A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.

Announcements

Announcing DefectDojo Integration

Introducing DefectDojo Integration allowing vet users to export scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management while using vet for identifying vulnerable...

Malware

Malicious npm Package Impersonating Java SLF4J

A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.

Engineering

Analysis of 5000+ Malicious Open Source Packages

Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to...

Previous Next

Ship Code

Not Malware

Install the SafeDep GitHub App to keep malicious packages out of your repos.

Install GitHub App