PyPI New Account Suspension Pauses Attacks

PyPI suspended new account registration for about 30 hours over this past weekend because malicious attacks exceeded the human bandwidth available among the PyPI administrators to properly deal with them. For the moment,

Phylum Discovers Mischievous NPM Publications

That’s right, we’re not talking about a malicious discovery today, but rather a mischievous one. Phylum’s automated risk detection platform alerted us to the publication of some obfuscated JavaScript packages

Bad Beat Poetry

Lockfiles are great. They can also be hard to review and a source of malicious code injection.