Discord Contact

Phylum Insights and Resources

The State of the NPM Ecosystem

The State of the NPM Ecosystem

Phylum Insights and Resources
What does the upstream for major packages really look like? Over the past few years, the shape of the open source ecosystem landscape has shifted drastically, exploding both in the volume of published code, and also the number of dependencies that live upstream from a given library.
Phylum Research Team 9 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Subscribe to our insights

Keep up with the latest insights

⏲Please hold while we check our collection.

Something's gone wrong. Please try again.

Success! Check your inbox for our email.