Install GitHub App 
TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers
A malicious NPM package targeting TensorFlow users was discovered on npm. The package uses typosquatting to target the popular `tensorflow` package.
malware
eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware
A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the...
Malicious npm Package Impersonating Java SLF4J
A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.
Multiple Malicious Python Packages Targeting Bittensor Crypto Developers
Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy...
Malicious npm Package Impersonating Popular Express Cookie Parser
A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.
Typosquatt alert ! Malicious npm Package: nyc-config
Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.
