Tag: malware

Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to...

Experiments with agentic workflows for malicious package analysis built using Claude Desktop, Model Context Protocol (MCP) server, static code analysis and SafeDep Cloud API tools.

Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.

Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.

Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.

Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.