Bleeping Computer: Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages

Bleeping Computer: Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages. “The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.”

Leave a Reply

%d bloggers like this: