Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Announcements Engineering Security AI Open Source Technology SCA Compliance & SBOM CI/CD

Malware

Typosquatt alert ! Malicious npm Package: nyc-config

Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.

Announcements

Eliminating SCA Noise using Dependency Usage Evidence

SafeDep Code Analysis framework augments vet, our free and open source tool with code context.

Announcements

Introducing vetpkg.dev - Open Source Component Security Dashboard

Introducing vetpkg.dev - Built using SafeDep API to provide an easy to use visibility of open source component security information.

What is Next Generation Software Composition Analysis?

Software Composition Analysis has been there for a while. But the problems associated with open source vulnerabilities persist. Next-gen SCA is the promised solution. What is it and how does it work?

Previous Next

Ship Code

Not Malware

Install the SafeDep GitHub App to keep malicious packages out of your repos.

Install GitHub App