Hot Topics

namespace

PyTorch Namespace (Dependency) Confusion Attack

| | dependency confusion, DevZone, namespace, SBN News, Supply Chain Attacks
  ...
Sonatype Blog

Sonatype Spots 150+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

| | FEATURED, namespace, News and Views, Nexus Intelligence Insights, Vulnerabilities
Just three days ago on February 9th, Sonatype released our findings on Alex Birsan’s research in which he used the “dependency or namespace confusion” technique to push his malicious proof-of-concept (PoC) code ...
Sonatype Blog

Why Namespacing Matters in Public Open Source Repositories

| | bintray, Community Product, FEATURED, namespace, News and Views, The Central Repository
Yesterday we saw the disclosure of a report showing how a security researcher was able to successfully infiltrate 35+ name brand companies, primarily via npm. Ironically, the mechanism used to perpetrate the ...
Sonatype Blog

Namespace Confusion: Minimizing Risk with Nexus Repository

| | namespace, Nexus Repository, Product
In case you’re here and you’re not sure why you should care about namespaces and routing rules, I highly recommend you start here.  ...
Sonatype Blog