Ship Code. Not Malware. SafeDep Launches GitHub App for Malicious Package Protection
Table of Contents
Malicious Package in the Wild
The recent supply chain attack targeting the npm ecosystem, such as the Shai-Hulud and the S1ngularity campaign, has raised serious concerns among the developer and security engineering community. Detecting malicious code in open source packages is a complex problem, and it requires a multi-layered approach. We have been doing this for a while leveraging:
While we handle the complexity, we have always strived to provide the simplest and minimally intrusive solution to protect developers from malicious packages. So we launched SafeDep GitHub App to make it ridiculously simple to protect your code repositories from malicious packages.
Installation is simple and zero configuration - Install Now
Zero Configuration Malicious Package Protection
How To Get Started?
- Install the SafeDep GitHub App
- Wait for the next pull request to be scanned
- Stay protected from malicious packages
That’s it! It is really that simple. Here is how it looks like in action:

How it works?
SafeDep scans all open source packages released to supported registries such as npm, PyPI, RubyGems, Cargo and more. SafeDep applies static, dynamic and agentic analysis to detect malicious packages. While these packages are removed from the registries, SafeDep tools leverage this threat intelligence to protect code repositories from malicious packages.
What are the benefits?
- Zero Configuration: Install the app with zero configuration
- Real-time Protection: Scans every pull request for malicious packages
- Multi-Ecosystem: Supports npm, pnpm, yarn, and more
- Multi-Language: Supports JavaScript, TypeScript, Python, and more
- Multi-Platform: Supports Windows, Linux, and macOS
Documentation and Support
- GitHub App Documentation: SafeDep GitHub App
- Community support: https://docs.safedep.io/community
- npm
- oss
- malware
- supply-chain
Author
SafeDep Team
safedep.io
Share
The Latest from SafeDep blogs
Follow for the latest updates and insights on open source security & engineering
AsyncAPI Packages Compromised with Miasma RAT
Four @asyncapi npm packages were published with obfuscated malware on July 14, 2026 via compromised CI workflows. The payload downloads Miasma RAT, a credential stealer targeting browsers, SSH keys,...
nodemon-sudo: an npm Backdoor With No Install Script
nodemon-sudo copies the real nodemon byte for byte, adds nothing malicious to its own code, and injects one extra dependency, tslint-conf, a repackaged pino logger carrying a backdoor. There is no...
Official jscrambler npm Package Compromised Across Multiple Releases
The official jscrambler npm package (60K monthly downloads) was trojanized starting at 8.14.0 through an npm account or CI compromise. The attacker republished the same Rust infostealer across five...
@marketfront: 25 npm Packages Reuse a Known Lure
On July 1, 2026, npm user marketfront batch-published 25 packages carrying the same README lure SafeDep has tracked across four earlier accounts (mr.4nd3r50n, pik-libs, t-in-one, emcd-vue): "Internal...
Ship Code.
Not Malware.
Start free with open source tools on your machine. Scale to a unified platform for your organization.