Q3 2024 Evolution of Software Supply Chain Security Report
Software supply chain security faces sophisticated security threats in the open-source ecosystem. Phylum analyzed millions of packages & files. Read more.
Phylum Research Team
Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Typosquat Campaign Targeting npm Developers
Malware authors have published dozens of typosquat npm packages targeting users of the popular Puppeteer library.
Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys
Software supply chain attack targets open-source developers in npm via malicious packages that steal Ethereum private keys, gain SSH persistence.
North Korea Still Attacking Developers via npm
There's a renewed surge of attacks with obfuscated JavaScript and fake job campaigns to compromise developers and infiltrate companies. See Phylum research.
The Great npm Garbage Patch
Open-source spam is a growing threat. The Tea protocol and npm are taking action, but the problem persists. Our research is dedicated to combating this issue and protecting the integrity of the open-source ecosystem. See Phylum Research.