Hot Topics

RubyGems

2 New RubyGems laced with cryptocurrency stealing malware taken down

| | FEATURED, Nexus Intelligence Insights, RubyGems, Vulnerabilities
This month, RubyGems removed 2 gems from its open source software repository that contained malicious code. These gems, tracked as sonatype-2020-1222 by us, are: ...
Sonatype Blog

Nexus Intelligence Insights: Protect Your Bitcoins from 700+ Malicious RubyGems with sonatype-2020-0196

| | Bitcoin, FEATURED, Nexus Intelligence Insights, RubyGems, Vulnerabilities, vulnerability
Last week news broke about how 700 typosquatting libraries had made their way into the famous RubyGems repository. The complete list, first published by Reversing Labs, reveals how crafty attackers can take ...
Sonatype Blog

How Do Application-Level Package Managers Work?

| | Apache Maven, Nexus Repository, npm, packages, Post developers/devops, Product, PyPI, repository manager, RubyGems
This is an excerpt from Out of the Wild: A Beginner's Guide to Package and Dependency Management, a Sonatype Guide. This is the second of three installments. Read the first one here ...
Sonatype Blog

What is a Package Dependency Manager?

| | Apache Maven, npm, Nuget, Post developers/devops, Product, PyPI, RubyGems
This is an excerpt from Out of the Wild: A Beginner's Guide to Package and Dependency Management, a Sonatype Guide. This is the first of three installments ...
Sonatype Blog

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

| | DevSecOps, embedded malicious code, Everything Open Source, Open Source Security, RubyGems
Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source - ...
Sonatype Blog