Safeguard
Tag

malicious-packages

Safeguard articles tagged "malicious-packages" — guides, analysis, and best practices for software supply chain and application security.

44 articles

Software Supply Chain Security

Package Firewall: Blocking Malicious Dependencies at Inst...

Malicious npm and PyPI packages are published daily. See why a package firewall that blocks at install time stops attacks that post-hoc scanners catch too late.

May 17, 20268 min read
Threat Intelligence

Malicious PyPI packages: common infiltration patterns

Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.

May 10, 20268 min read
AI Security

Prompt injection attacks against AI coding/security tools

AI coding assistants like Copilot and Cursor can be hijacked by hidden text in files, comments, and packages. Here's how prompt injection malware works and how Safeguard detects it.

May 9, 20266 min read
Product

Blocking malicious installs with a dependency firewall

How a dependency firewall stops malicious npm installs before they run, where Socket.dev-style scanners fall short, and how Safeguard closes the gap.

May 8, 20267 min read
Best Practices

Why EDR and proxy tools won't stop supply chain malware

EDR and network proxies were built to watch endpoints and traffic, not evaluate what a dependency does before it runs — here's why that gap keeps letting supply chain malware through.

May 3, 20268 min read
Software Supply Chain Security

Malicious dependency attacks in the software supply chain

Dependency confusion attacks let attackers hijack builds by publishing malicious packages with higher version numbers to public registries. Here's how they work and how to stop them.

Apr 4, 20267 min read
Software Supply Chain Security

What is Typosquatting

Typosquatting tricks developers into installing malicious lookalike packages. Learn how it works, real npm/PyPI attacks, and how to detect it.

Apr 4, 20267 min read
Open Source Security

Typosquatting packages

What is typosquatting? A precise breakdown of package typosquatting attacks, real npm and PyPI examples, and how lookalike malicious packages slip into builds.

Mar 3, 20266 min read
Supply Chain

PyPI Security: Malware Campaigns and How to Defend

The Python Package Index has become a first-class malware channel — from the ctx hijack to the ultralytics pipeline compromise. Here are the campaigns worth studying and the defenses that work.

Feb 12, 20266 min read
Vulnerability Analysis

The event-stream npm Attack Explained

In 2018, a hijacked npm maintainer account turned event-stream into a supply chain weapon against crypto wallets. Here's the full CVE-style breakdown.

Feb 10, 20267 min read
Supply Chain Attacks

Cargo supply chain attacks: typosquatting and malicious c...

Crates.io typosquatting tricks Rust developers into pulling malicious crates instead of trusted ones. Here's how these attacks work — and how to spot them before you build.

Feb 5, 20267 min read
Software Supply Chain Security

Case study: crates.io maintainer account takeover and mal...

How a compromised maintainer credential becomes a crates.io account takeover and a malicious crate version in the Rust software supply chain.

Feb 4, 20269 min read
malicious-packages (Page 2) — Safeguard Blog