Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
GettyImages-1043609746
READ MORE

Corrupting the Software Supply Chain: Lessons From the Bootstrap-sass Hack

By Elisa Velarde on April 09, 2019 vulnerability

2 minute read time

The boldness of bad actors is escalating in the world of open source software. From the event-stream / NPM incident in November of 2018, to the recent bootstrap-sass / Ruby Gems hack, bad actors are
Read More...
2019 Updated-1
READ MORE

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec

5 minute read time

Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components.
Read More...
crime scene
READ MORE

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities

3 minute read time

Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...