Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Security Announcements AI Engineering Technology Open Source SCA Compliance & SBOM CI/CD

Malware

Multiple Malicious Python Packages Targeting Bittensor Crypto Developers

Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy...

Secure Vibe Coding with AI Agents

AI coding agents make development faster but can inadvertently introduce security risks by suggesting unvetted packages. Learn how to use vet MCP server for adding security to your vibe coding...

Open Source

Security Risks in PEP 723 and uv: Inline Metadata Gone Wrong?

PEP 723 introduces inline metadata for Python scripts, making tools like `uv` more convenient—but also potentially more dangerous. This post explores security pitfalls when dependencies are declared...

Malware

eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware

A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the...

Previous Next

Ship Code.

Not Malware.

Start free with open source tools on your machine. Scale to a unified platform for your organization.

Star on GitHub Book a Demo