Phylum Research | Software Supply Chain Security (Page 7)

Digital Detritus: Unintended Consequences of Open Source Sustainability Platforms

Phylum Research

Developing story: Open source repositories are polluted with thousands of dubious packages published by opportunistic actors exploiting a protocol. Read more...

Phylum Research Team Apr 9, 2024 11 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

The xz/liblzma Compromise and Software Supply Chain Security

A Major Threat to Software Supply Chain Security. This attack highlights the risks of relying on open-source libraries without proper scrutiny....

Aaron Bray Apr 2, 2024 4 min read

Malicious npm Package Caught Hijacking ERC20 Contracts to Drain USDT

On 26 March 2024, Phylum’s automated risk detection platform flagged a suspicious publication to npm called vue2util. It bills itself as, and upon first...

Phylum Research Team Mar 29, 2024 7 min read

Typosquatting Campaign Targets Python Developers

Phylum detects massive typosquat campaign targeting popular Python libraries on PyPI. Over 500 variations published. Protect your software supply chain from these threats....

Phylum Research Team Mar 28, 2024 36 min read

An Introduction to Open-Source Software Supply Chain Risk

Phylum celebrates four years of fighting open-source software supply chain risk scanning packages in seven ecosystems: npm, PyPI, NuGet, crates.io, RubyGems, Golang, and Maven Central....

Phylum Research Team Mar 20, 2024 9 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

Subscribe to our research