Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Rule over your dependencies and scan at your own open source risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.
Read More...
Question marks on a chalkboard
READ MORE

Why are dependency confusion attacks not going away?

By Ax Sharma on February 09, 2022 dependencies

4 minute read time

Sonatype has caught more than 63,000 suspicious packages, the majority of which are dependency confusion candidates. Why are these attacks not going away?
Read More...
GettyImages-530418574
READ MORE

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection

3 minute read time

Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...
READ MORE

How not to download the Internet

By Tim OBrien on April 19, 2011 Nexus Repo Reel

3 minute read time

How not to download the Internet
Read More...
READ MORE

Adding Dependencies Using m2eclipse

By Heather Loney on March 10, 2010 repository

1 minute read time

Adding Dependencies Using m2eclipse
Read More...