Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Product
Arjun Barrett
June 22, 2023
The Socket Security extension for VSCode now fully supports Python and will highlight issues in your Python dependencies automatically. Projects using Pipfile
, pyproject.toml
, requirements.txt
, and setup.py
are now able to view Socket issues for their Python dependencies in both the VSCode "Problems" tab and the editor itself. The extension integrates with VSCode's official Python extension to provide full support for all current and future Python 3 versions (plus support for the legacy Python 2.7.18).
Problematic package imports in Python files will now also show diagnostic warnings when you hover over them, even in dynamic import expressions. With this change, we've matched our Python support in VSCode with that of JavaScript and TypeScript.
We've been hard at work adding support for new issues in Python over the last few months, and with this update the VSCode extension will automatically highlight any new issues Socket finds in your project as we improve our internal detections. You can rest easy knowing your project will only become more secure as time goes on.
We have exciting plans for our VSCode integration in the near future! You'll soon be able to synchronize your issue highlights with your organization settings and even use the extension on web-based VSCode instances like github.dev.
Want to defend your entire organization against supply chain attacks? Install the Socket Security GitHub app for free and get protected today!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.