Charles Coggins

Senior Software Engineer, responsible for integrations and author of the "phylum" Python package. Documentation and quality champion, runner, baseball and scout dad, pod-faster, and lover of outdoors.

Bad Beat Poetry

Phylum Research

Lockfiles are great. They can also be hard to review and a source of malicious code injection.

Charles Coggins Apr 30, 2023 13 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Pick a Python Lockfile and Improve Security

Phylum Insights and Resources

Python dependency management is a nightmare because there are so many ways to do it (ironically un-pythonic) and that can lead to dependency confusion, mis-managed dependencies, stale dependencies, etc. Phylum can read lockfiles from many different sources to make sure you're safe.

Charles Coggins Nov 23, 2022 8 min read