Tag
malicious-package-detection
Safeguard articles tagged "malicious-package-detection" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Software Supply Chain Security
Preventing malicious packages with automated detection
Malicious npm and PyPI packages skip CVEs entirely. Here's how attackers get them published and how automated detection catches them before they ship.
Jun 29, 20266 min read
Software Supply Chain Security
Malicious Package Detection: Behavioral vs Signature-Base...
A side-by-side look at signature-based malicious package detection (like Endor Labs) versus behavioral analysis, using real npm attack timelines from Shai-Hulud to chalk/debug.
May 17, 20267 min read
Buyer's Guides
Best malicious package detection tools for open source de...
A field guide to malicious package detection tools for npm and PyPI, comparing real vendors on detection method, coverage, and dependency confusion handling.
Nov 13, 20258 min read