Third party package security vulnerability assessment is an essential part of modern software development. As companies rely more heavily on open-source libraries and frameworks, they are also exposed to a greater number of potential security vulnerabilities
Posted in security on January 11, 2023 by Sodim Admin ‐ 2 min read
When we download a package, we download it from npm registry or pypi registry. Are you sure if the package you are downloading a genuine open source package?
Posted in security on November 7, 2022 by Sodim Admin ‐ 3 min read
Typosquatting refers to a social engineering attack which targets users who mistype a package name when trying to install a package.
Posted in security on October 1, 2022 by Sodim Admin ‐ 2 min read