
product
$4.6M Series Seed to defend open source from supply chain attacks
Redefining open source security through proactive supply chain risk management
By Feross Aboukhadijeh
Install scripts
Native code
Bin script confusion
Bin script shell injection
Filesystem access
Network access
Shell access
Debug access
High entropy strings
URL strings
26 more issues →
Missing dependency
Peer dependency
Uncaught optional dependency
Unresolved require
Extraneous dependency
Bad text encoding
Unicode homoglyphs
Invalid package.json
File dependency
No tests
6 more issues →
Long strings
No bug tracker
No contributors or author data
Unmaintained
Critical CVE
CVE
Mild CVE
Unsafe copyright
License change
Non OSI license
Deprecated license
Missing license
Non SPDX license
Unclear license
Mixed license
Legal notice
Modified license
3 more issues →
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in less than 5 minutes and get protected today.
Block 60+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Jan 06, 2022
Maintainer intentionally adds malware
Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.
Oct 22, 2021
Hijacked package adds cryptominers and password-stealing malware
Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.
Nov 26, 2018
Package hijacked adding organization specific backdoors
Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.
Nov 15, 2021
npm discovers a platform vulnerability allowing unauthorized publishing of any package
Attackers could publish new versions of any npm package without authorization for multiple years.
product
Redefining open source security through proactive supply chain risk management
By Feross Aboukhadijeh
deep dive
Examples of recent supply chain attacks and concrete steps you can take to protect your team from this emerging threat.
By Feross Aboukhadijeh