Discord Contact
Into The W4SPs Nest

Into The W4SPs Nest

Phylum Research
Overview Phylum has been busy in 2022, disrupting actors keen on publishing malware into open-source ecosystems, helping to identify and remove malicious software packages, and poking fun at the attackers to their faces. We released our
Phylum Research Team 7 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Subscribe to our research

Keep up with the latest software supply chain attacks

⏲Please hold while we check our collection.

Something's gone wrong. Please try again.

Success! Check your inbox for our email.

Pick a Python Lockfile and Improve Security

Pick a Python Lockfile and Improve Security

Python dependency management is a nightmare because there are so many ways to do it (ironically un-pythonic) and that can lead to dependency confusion, mis-managed dependencies, stale dependencies, etc. Phylum can read lockfiles from many different sources to make sure you're safe....
Charles Coggins 8 min read