Webinar | June 10th 12PM ET
Stop Malicious Packages Before They Hit Your Build
Register NowModern malicious packages no longer rely on simple typos or obvious fake names. Today’s attackers are publishing packages that look like normal parts of the development ecosystem, plugins, SDKs, configs, wrappers, and helper libraries designed to blend into everyday engineering workflows.
Based on Sonatype’s latest research into more than 4,300 malicious open source packages, this workshop-style webinar explores how naming-variant attacks are evolving beyond traditional typosquatting, and why developers are increasingly becoming the first target. We’ll break down the tactics attackers use to make malicious dependencies appear trustworthy across ecosystems like React, ESLint, and Tailwind.
Rather than focusing on theory alone, this session will help developers and engineering teams build practical instincts for evaluating dependencies before they enter the build. Attendees will learn how to spot risky naming patterns, identify suspicious ecosystem-adjacent packages, and introduce simple checks that reduce the chance of malicious code reaching developer environments and CI/CD pipelines.
Featured Speakers
Andrés Pérez
Product Marketing Manager
.png?width=242&height=208&name=Andr%C3%A9s%20P%C3%A9rez%20-%20Product%20Marketing%20Manager%2c%20Sonatype%20(1).png)
Garrett Calpouzos
Principal Security Researcher
