Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Securing software supply chains and dependency confusion — An industry perspective

By Derek Weeks on March 08, 2021 featured

29 minute read time

We sat down with experts from The Linux Foundation, Atlantic Council and Sonatype's own CTO to discuss recent software supply chain attacks, dependency.

Read More...

Nexus Firewall Policy Solves for Dependency Confusion

Sonatype releases new Sonatype Repository Firewall policy to secure software supply chains from "dependency confusion" attacks

By Brent Kostak on March 04, 2021 featured

5 minute read time

Sonatype’s new Dependency Confusion Policy Protection using Nexus Firewall and Nexus Repository can now automate dependency confusion protection at scale

Read More...

PyPI and npm see flood of dependency Confusion Copycats

PyPI and npm flooded with over 5,000 dependency confusion copycats

By Ax Sharma on March 03, 2021 vulnerabilities

4 minute read time

Both PyPi and npm are being inundated with malicious dependency confusion packages.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Securing software supply chains and dependency confusion — An industry perspective

Sonatype releases new Sonatype Repository Firewall policy to secure software supply chains from "dependency confusion" attacks

PyPI and npm flooded with over 5,000 dependency confusion copycats

Secure your software supply chain

Subscribe for all the latest software security news and events