bogus-nydus-op
Advanced tools
Security research — dependency-confusion PoC for GoDaddy bug bounty (harmless callback only)
This package exists solely to demonstrate a dependency-confusion vulnerability in GoDaddy internal infrastructure. It contains no malicious code — only a single HTTP/DNS callback to prove installation occurred. Contact: security@godaddy.com
FAQs
Security research — dependency-confusion PoC for GoDaddy bug bounty (harmless callback only)
We found that bogus-nydus-op demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.
Security News
Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, to discuss the recent surge in open source supply chain attacks.
