Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

PyTorch namespace (dependency) confusion attack

By Ilkka Turunen on January 04, 2023 News

4 minute read time

During the 2022 holiday season, a dependency confusion attack targeted PyTorch. Here's what users of PyTorch-NightlyBuild need to know.
Read More...
Sonatype Spots Malicious npm Packages Copying Novel Software Supply Chain Attack
READ MORE

Sonatype spots 275+ malicious npm packages copying recent software supply chain attacks that hit 35 organizations

By Ax Sharma on February 12, 2021 vulnerabilities

7 minute read time

48 hours after a security researcher breached 35+ tech companies in a novel software supply chain attack, Sonatype’s Nexus Intelligence flagged 150+ copycat.
Read More...
The importance of Namespacing in Public Open Source Repositories
READ MORE

Why namespacing matters in public open source repositories

By Brian Fox on February 10, 2021 The Central Repository

8 minute read time

Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too.
Read More...
Namespace Confusion Nexus Repository Routing Rules
READ MORE

Namespace confusion: Minimizing risk with Sonatype Nexus Repository

By Michael Prescott on February 10, 2021 namespace

3 minute read time

Nexus Repository (NXRM) can help minimize your risk against namespace confusion with a feature called repository routing rules.
Read More...