W4SP-Stealer
security-wg
W4SP-Stealer | security-wg | |
---|---|---|
2 | 6 | |
121 | 482 | |
- | 0.8% | |
10.0 | 8.9 | |
over 1 year ago | about 10 hours ago | |
Python | JavaScript | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
W4SP-Stealer
- Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
-
Dozens of malicious PyPI packages discovered targeting developers
Yep. You can read the source code for it here: https://github.com/loTus04/W4SP-Stealer
security-wg
-
Securizing your GitHub org
As I was working on an open source security project, I put pressure on myself to be ready. Also as a member of the Node.js Security WG I thought it was an interesting topic and that I was probably not the only one who was worried about not being up to the task 😖.
-
You should use the OpenSSF Scorecard
We began the discussion in this issue, and here you can find the meeting notes:
-
Dozens of malicious PyPI packages discovered targeting developers
Node.js is building something very similar: Permission Model https://github.com/nodejs/security-wg/issues/791
-
Announcing NodeSecure Vulnera
deprecated Node.js Security WG Database
- NodeSecure - What's new in 2022 ?
-
Make your JavaScript project safer by using this workflow
Node.js Security Working Group
What are some alternatives?
cargo-vet - supply-chain security for Rust
Luna-Grabber - The best discord token grabber made in python
scorecard - OpenSSF Scorecard - Security health metrics for Open Source
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
secimport - eBPF Python runtime sandbox with seccomp (Blocks RCE).
wapm-cli - 📦 WebAssembly Package Manager (CLI)
ci - NodeSecure tool enabling secured continuous integration
Contents - Community documentation, code, links to third-party resources, ... See the issues and pull requests for pending content. Contributions are welcome !
scanner - ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
crev - Socially scalable Code REView and recommendation system that we desperately need. See http://github.com/crev-dev/cargo-crev for real implemenation.
cli - Command line interface for the Phylum API