Platform
- Products
- Why Sonatype
- Accelerate Pipelines with the World's Leading Artifact Repository Manager
  
  Try It Free
- Explore solutions for you
Solutions
- OSS Management
- Developer Solutions
- Industry
- Sonatype Named a Leader in Forrester Wave™ for SCA Software
  
  Read Report
Pricing
Resources
- Resources
- Customer Resources
- Developer Community
- Explore The Latest Research on AI Component Analysis
  
  Watch On-Demand
Company
- Company
  - About
  - Customer Stories
  - Events
  - Newsroom
  - Careers
  - Blog
  - Contact Us
- Partners
- Contact Us
  
  Speak to a Software Supply Chain Expert
  
  Contact Us
Login Contact Us Book a Demo

This is a search field with an auto-suggest feature attached.

There are no suggestions because the search field is empty.

The 2 Billion Hack: npm Compromised Packages | Sonatype Video

Everything You Need To Know About The Compromised npm Packages

Discover the critical insights from Sonatype's latest research on the recent compromise of popular npm packages like Chalk and Debug. This video unpacks how attackers infiltrated trusted open-source projects, impacting billions of downloads weekly. Learn about the anatomy of the attack, its ripple effects on the software ecosystem, and actionable steps to safeguard your organization.

Related Resources

Blog Post

Serious React2Shell Vulnerabilities Require Immediate Attention

The Second Coming of Shai-Hulud: Attackers Innovating on npm

Why the World's Vulnerability Index Cannot Keep Up

Platform

Nexus One Pricing Nexus Repository Repository Firewall Lifecycle SBOM Manager Maven Central

Why Sonatype

Compare Sonatype Open Source Intelligence Best SCA Tools Best Malware Protection Tools Best Artifact Repository Solutions Best SBOM Compliance Solutions

Resources

Resources Center Blog Product Tours Webinars Customer Stories Analyst Reports Research

Developer

Integrations All Day DevOps (ADDO) Free Nexus Repo Download Sonatype OSS Index MCP Server

Customer Resources

My Sonatype Documentation Support Training & Workshops

Company

About Careers Partners Newsroom

Contact Us

X social logo
LinkedIn social logo
Facebook social logo
YouTube social logo
GitHub social logo

Terms of Service
Privacy Policy
Modern Slavery Statement
Event Terms and Conditions
Do Not Sell My Personal Information
Cookie Preferences
Trust Center

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.