Webinar | ON DEMAND

Stop Malicious Packages Before They Hit Your Build

Watch Now

Malicious packages no longer stand out—they blend in. Based on Sonatype’s analysis of 4,300+ malicious open source packages, this session reveals how attackers are moving beyond typosquatting to publish ecosystem-adjacent packages that look like legitimate plugins, SDKs, and developer tools. Learn the naming patterns and tactics behind these attacks, how to spot suspicious dependencies before they enter your build, and practical ways to keep malicious code out of developer environments and CI/CD pipelines.

Featured Speakers

Andrés Pérez

Product Marketing Manager

Garrett Calpouzos

Principal Security Researcher

Stop Malicious Packages Before They Hit Your Build

Featured Speakers

Andrés Pérez

Garrett Calpouzos

Related Resources

What Is Mythos? The AI That Found a 27-Year-Old Vulnerability

Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware

Stop Malicious Packages Before They Hit Your Build