Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

This Week in Malware — Killing Windows Defender with an npm package

By Ax Sharma on June 17, 2022 vulnerabilities

3 minute read time

This Week in Malware we discuss a malicious npm package that disables Windows Defender before dropping a trojan, and ongoing dependency confusion findings.

Read More...

86 malicious npm packages named after popular NodeJS functions

By Ax Sharma on March 28, 2022 vulnerabilities

3 minute read time

Sonatype has now discovered 83 packages on the npm open source repository named after popular NodeJS & JavaScript functions that exfiltrate system information.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

This Week in Malware — Killing Windows Defender with an npm package

86 malicious npm packages named after popular NodeJS functions

Secure your software supply chain

Subscribe for all the latest software security news and events