Research

Phylum Discovers Mischievous NPM Publications

That’s right, we’re not talking about a malicious discovery today, but rather a mischievous one. Phylum’s automated risk detection platform alerted us to the publication of some obfuscated JavaScript packages

Bad Beat Poetry

Lockfiles are great. They can also be hard to review and a source of malicious code injection.

Q1 2023 Evolution of Software Supply Chain Security

Software supply chains are unique among the broader supply chain family. Logistics-based supply chain risks can be contained or limited by industry or region. However, all software applications, everywhere, rely on the same