Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

By Ax Sharma on November 16, 2020 vulnerabilities
Sonatype has discovered more malware in the npm registry, xpc.js, which has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem.
Read More...

Open Source and Cloud Security Together at Last

By Kevin Miller on November 12, 2020 Nexus Lifecycle
Sonatype and Fugue partner to combine Open Source and Cloud Security and Compliance
Read More...

Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits

By Brent Kostak on November 11, 2020 Docker
Nexus as a Container Registry is a robust and completely free solution to help developers insulate themselves against any upstream rate charges from Docker Hub's new rate limit changes.
Read More...

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months

By Ax Sharma on November 09, 2020 vulnerabilities
Sonatype has identified a series of counterfeit components in the npm ecosystem, Discord.dll, that are similar to the malicious “fallguys” npm package discovered in Sept.
Read More...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github
Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...

Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!

By Ax Sharma on November 02, 2020 vulnerabilities
Sonatype’s Release Integrity, malicious code detection service, discovers twilio-npm` is brandjacking malware in disguise.
Read More...

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle
Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

By Brian Fox on October 07, 2020 Nexus Lifecycle
Sonatype's Advanced Development Pack will fundamentally change how teams manage code dependencies.
Read More...

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

By Ax Sharma on September 30, 2020 vulnerabilities
Initially found by Sonatype's malicious code detection bots, our researchers have discovered and confirmed the presence of two new vulnerable npm packages, electorn and loadyaml.
Read More...