Topic: malicious packages

OpenSSF launches Malicious Packages repository to track reports of compromised open source packages

The Open Source Security Foundation (OpenSSF) is attempting to tackle the issue of malicious open source software with a new repository that will aggregate reports of malicious packages.  “Currently, each open source package repository has its own approach to handling malicious packages. When a malicious package is reported by the community, it is common for … continue reading Protection Status