Open Source

Everyone loves open source, and for good reason. We want to help you use open source and stay secure. Read more to learn how this is achievable!

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks

Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.

May 24, 2022

These aren’t the npm packages you’re looking for

Earlier in the year, over 500 malicious packages were released into the npm ecosystem to create dependency confusion. Let’s look at some ways to help protect applications from dependency injection.

May 4, 2022

3 Jedi-inspired lessons to level up your JavaScript security

You might think of Star Wars as a movie reserved for geeks, but what if I told you that there are deep life lessons that can be applied to developer security practices? Get your lightsaber ready and prepare to dive into JavaScript security!

May 4, 2022

Targeted npm dependency confusion attack caught red-handed

Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found in npm: gxm-reference-web-auth-server.

April 29, 2022

Under the C: A glance at C/C++ vulnerabilities in Python land

In this post, we'll discuss why developers include native C/C++ extensions in their high-level language projects. Then, we'll use Python and the PyPI registry to detect hidden C-related vulnerabilities in higher-level language projects and reveal how low-level vulnerabilities can impact higher-level code.

April 28, 2022

5 tips for securing PHP Laravel

A discussion of best practices for securing PHP Laravel, including framework configuration, preventing SQL injection attacks, managing cookies and sessions management.

April 21, 2022

An unintimidating introduction to the dark arts of C/C++ vulnerabilities

Following the addition of C/C++ security scanning to Snyk Open Source, we discuss some common C/C++ vulnerabilities and ways to mitigate them.

April 15, 2022

SnykCon recap: Automation for better compliance and faster feedback loops

Customers discuss how they used Snyk tools to automate elements of their software development process.

April 13, 2022

Spring4Shell extends to Glassfish and Payara: same vulnerability, new exploit

You've heard of Spring4Shell, now learn about similar exploits for Glassfish and Payara that leverage the same issue in Spring, but with a different payload.

April 8, 2022

Snyk Open Source adds C/C++ security scanning for unmanaged dependencies

Announcing the general availability of unmanaged C/C++ security scanning in Snyk Open Source, enabling developers to find and fix known security vulnerabilities.

April 5, 2022

Alert: LaughTilYouCry ransomware sabotages npm package (with puns)

Alert: Faxios has been breached by the LaughTilYouCry ransomware, which has flooded the hard drives of users with horrible puns and dad jokes.

April 1, 2022