What you need to look out for when installing packages from public repositories

This article has been indexed from

Help Net Security

In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by malicious open source packages. Malicious packages can harm systems in many different ways. They can cause a simple proof of concept hacking, data exfiltration, passive cryptomining and outright sabotage. The most common malicious packages seen: Typosquatting and brandjacking Dependency confusion Hijacked legitimate libraries Self-sabotage by maintainers of popular projects is another trend developers should be aware … More

The post What you need to look out for when installing packages from public repositories appeared first on Help Net Security.

Read the original article: