Trusty provides a free-to-use service with scoring and metrics about a package’s repo and author activity.
Minder is an open source platform that helps project owners build more secure software and prove that what they’ve built is secure.
Browse our latest blog posts, view videos from our team, and more.
How npm preinstall and postinstall scripts can serve as methods to inject malicious code into open source packages.
Meet Minder’s new features: two rule types aimed at guarding against homoglyph attacks. Learn what homoglyph attacks are, and why you’ve never seen one before.
The metric of the CVE, while initially sounding ominous and urgent, may not accurately reflect the actual real-world risk present to an organization. In fact, a majority of the time it's noise and rarely a threat at all. We should instead seek to leverage other signals to establish the risk of software.