Featured Article
Introducing our 9th annual State of the Software Supply Chain report
Remember npm Library 'colors'? There's No Such Thing as 'colors-2.0'
5 minute read time
Alongside the popular 'colors' library on npm come unwanted malicious typosquats called 'colors-2.0', 'colors-3.0, 'colorsss', and so on.
Read More...
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
8 minute read time
Sonatype discovered new malware within the npm registry, jdb.js and db-json.js This time, the typosquatting packages are laced with a popular Remote Access Trojan (RAT).
Read More...
Sonatype’s Release Integrity, malicious code detection service, discovers twilio-npm` is brandjacking malware in disguise.
Read More...
Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
7 minute read time
Initially found by Sonatype's malicious code detection bots, our researchers have discovered and confirmed the presence of two new vulnerable npm packages, electorn and loadyaml.
Read More...
Nexus Intelligence Insights: Sonatype - 2020-0003 - npm Malicious Package 1337qq-js
4 minute read time
In this month's Nexus Intelligence Insights, we cover Sonatype-2020-0003: npm malicious package 1337qq-js. Here's why it made noise but had no impact.
Read More...