Safeguard
Tag

malicious-packages

Safeguard articles tagged "malicious-packages" — guides, analysis, and best practices for software supply chain and application security.

44 articles

Open Source Security

Why Malicious Package Counts Are Rising Faster Than Detec...

Malicious packages hit 245,000+ in 2023 alone, outpacing 2019-2022 combined. Here's why detection tooling can't keep up, and how the gap actually closes.

Aug 2, 20258 min read
Buyer's Guides

Comparing Malicious Package Tactics Across npm, PyPI, Rub...

npm, PyPI, RubyGems, and crates.io each get hit by malicious packages differently. Real incidents from 2018-2025 show how attacker tactics shift by ecosystem.

Aug 1, 20257 min read
Open Source Security

Credential-Stealing Packages: What They Target and How Th...

Credential-stealing packages harvest env vars, browser passwords, and npm tokens at install time. Here's how ctx, W4SP, and Shai-Hulud actually work.

Aug 1, 20257 min read
Open Source Security

The Economics of Publishing Fake Packages at Scale

Publishing a malicious package costs an attacker almost nothing while payouts run into the millions. Here's the cost-benefit math behind fake packages — and how to break it.

Jul 31, 20256 min read
Concepts

What is Typo-Squatting Detection

Typo-squatting detection identifies malicious packages named one keystroke away from real ones — requets instead of requests — before they reach your build.

Jun 7, 20256 min read
Threat Intelligence

North Korean Threat Actors Flood npm with Malicious Packages

In 2024, DPRK-linked groups dramatically escalated their campaign to compromise developers through malicious npm packages, using fake job offers and typosquatting to deploy infostealers and backdoors.

Sep 1, 20246 min read
Best Practices

Malicious Package Quarantine Procedures

How to quarantine a malicious package across your registries, caches, and running systems without breaking every developer's workflow.

Jun 20, 20246 min read
Threat Intelligence

Threat Intelligence Feeds for Supply Chain Security

Supply chain threat intelligence goes beyond CVE databases. Specialized feeds track malicious packages, compromised maintainers, and emerging attack techniques targeting the software supply chain.

Apr 5, 20245 min read
malicious-packages (Page 4) — Safeguard Blog