1,300 Malicious Packages Found in Popular npm JavaScript Package Manager

Malicious actors are using the npm registry as the start point for open source software (OSS) supply chain attacks.

Open source software offers huge potential for criminals and nation states to deliver widespread supply chain attacks. OSS registries provide a major feeding ground with easy access.

Read more at Security Week

About Mend.io

Trusted by the world’s leading companies, including Google and Comcast, Mend.io offers a full-spectrum application security platform designed to help leading organizations build and manage mature AppSec programs, enabling them to stop chasing vulnerabilities and start proactively managing application risk.

MEND PLATFORM

Expand AppSec Coverage

Featured

The Forrester Wave™: Software Composition Analysis, Q4 2024

From Reactive to Effective: Building Application Security that Works

1,300 Malicious Packages Found in Popular npm JavaScript Package Manager

Products

Solutions

Company

Resources

Connect

Developer Tools