Nexus Intelligence Insights: Protect Your Bitcoins from 700+ Malicious RubyGems with sonatype-2020-0196

Last week news broke about how 700 typosquatting libraries had made their way into the famous RubyGems repository. The complete list, first published by Reversing Labs, reveals how crafty attackers can take ...

How Do Application-Level Package Managers Work?

This is an excerpt from Out of the Wild: A Beginner's Guide to Package and Dependency Management, a Sonatype Guide. This is the second of three installments. Read the first one here ...

What is a Package Dependency Manager?

This is an excerpt from Out of the Wild: A Beginner's Guide to Package and Dependency Management, a Sonatype Guide. This is the first of three installments ...

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source - ...