Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Company News
Feross Aboukhadijeh
March 15, 2023
Socket is thrilled to announce our partnership with Ecosystems, an effort to build shared infrastructure for researchers, policymakers, funders, and developers seeking to identify, secure, and sustain critical open source components.
As Ecosystems' first commercial customer and financial supporter, Socket is committed to supporting the ongoing development and maintenance of this critical open source project.
Socket's partnership with Ecosystems is a natural fit. Both organizations care deeply about improving the relationship between open source users and producers. This shared vision has brought us together to address some of the key challenges faced by the open source community, such as package security, funding, and project sustainability.
Thanks to Ecosystems, Socket's recently announced Python support is now even more robust. And with Ecosystems' standardized data, we can rapidly expand our support for other language ecosystems in the future.
We are honored to be the first partner and customer on this journey, and we look forward to working together to support the global open source community.
Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies.
The Socket platform enables security and developer teams to work together to securely use and maintain OSS within the organization. The company was built by prolific open source maintainers whose software is installed over 1 billion times per month, as well as a Stanford security instructor. Customers include top tech organizations and startups.
Ecosystems is a set of free and open resources about the production, distribution, and use of open source software. It comprises a structured dataset, released periodically for researchers, funders, and policymakers, and a set of tools and services for application developers. Ecosystems combines data on 6m+ open source components from over 30 package registries with over 100m dependent repositories on GitHub, GitLab, and BitBucket.
With this data they create a map of open source interdependency from which we can infer much about the state of the open source infrastructure on which we all depend.
To learn more about Socket and how we can help you navigate the world of open source software, visit https://socket.dev or book a demo with a technical expert on our team. If you're interested in utilizing Ecosystems for your research, policy decisions, funding program, or application, check out https://ecosyste.ms.
Let's work together to create a safer, more sustainable open source future!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.