AI coding agents make development faster but can inadvertently introduce security risks by suggesting unvetted packages. Learn how to use vet MCP server for adding security to your vibe coding adventures.
A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.
Hidden transitive dependencies create security blind spots. This blog shows developers and CISOs how SafeDep vet uncovers full Maven dependency graphs, generating CycloneDX SBOMs and compliance-ready visuals.
Introducing Container Image Scanning, a new feature in vet to identify vulnerabilities and malicious packages in container images.
Explore how analyzing runtime behaviors using Dynamic Analysis data helps uncover abnormal activities in open source packages. By examining network connections and unusual binary executions during package installation, we identify potential malicious actors and packages.
Introducing Package Manager Guard (PMG), a new tool to protect developers from malicious packages at the time of installation. Seamless integration with popular package managers like npm, pnpm etc.
