Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!

By Ax Sharma on November 02, 2020 vulnerabilities
Sonatype’s Release Integrity, malicious code detection service, discovers twilio-npm` is brandjacking malware in disguise.
Read More...

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

By Ax Sharma on September 30, 2020 vulnerabilities
Initially found by Sonatype's malicious code detection bots, our researchers have discovered and confirmed the presence of two new vulnerable npm packages, electorn and loadyaml.
Read More...

Nexus Intelligence Insights: Sonatype-2020-0003 - npm malicious package 1337qq-js

By Elisa Velarde on January 15, 2020 vulnerabilities
In this month's Nexus Intelligence Insights, we cover Sonatype-2020-0003: npm malicious package 1337qq-js. Here's why it made noise but had no impact.
Read More...