malicious-packages
Safeguard articles tagged "malicious-packages" — guides, analysis, and best practices for software supply chain and application security.
44 articles
Why Malicious Package Counts Are Rising Faster Than Detec...
Malicious packages hit 245,000+ in 2023 alone, outpacing 2019-2022 combined. Here's why detection tooling can't keep up, and how the gap actually closes.
Comparing Malicious Package Tactics Across npm, PyPI, Rub...
npm, PyPI, RubyGems, and crates.io each get hit by malicious packages differently. Real incidents from 2018-2025 show how attacker tactics shift by ecosystem.
Credential-Stealing Packages: What They Target and How Th...
Credential-stealing packages harvest env vars, browser passwords, and npm tokens at install time. Here's how ctx, W4SP, and Shai-Hulud actually work.
The Economics of Publishing Fake Packages at Scale
Publishing a malicious package costs an attacker almost nothing while payouts run into the millions. Here's the cost-benefit math behind fake packages — and how to break it.
What is Typo-Squatting Detection
Typo-squatting detection identifies malicious packages named one keystroke away from real ones — requets instead of requests — before they reach your build.
North Korean Threat Actors Flood npm with Malicious Packages
In 2024, DPRK-linked groups dramatically escalated their campaign to compromise developers through malicious npm packages, using fake job offers and typosquatting to deploy infostealers and backdoors.
Malicious Package Quarantine Procedures
How to quarantine a malicious package across your registries, caches, and running systems without breaking every developer's workflow.
Threat Intelligence Feeds for Supply Chain Security
Supply chain threat intelligence goes beyond CVE databases. Specialized feeds track malicious packages, compromised maintainers, and emerging attack techniques targeting the software supply chain.