GitHub

DataDog/guarddog: GuardDog is a CLI tool to Identify malicious PyPI packages

GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages, Go modules, GitHub actions, or VSCode extensions. It runs a set of heuristics on the package source code (through ...
theregister

Shai-Hulud worm returns, belches secrets to 25K GitHub repos

A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within ...