-
In addition to this, we've also developed and released an open-source sandbox [3] that provides facilities for limiting access to disk, network, and environment variables. This is baked into our `npm`, `yarn`, and `pip` CLI extensions; we're working on adding it to more.
Would greatly appreciate any feedback on our Cargo extension and suggestions for improving our sandbox! If anyone is interested in a pro account on Phylum, DM me your email and I'll make it happen.
Happy to answer any questions about software supply chain attacks or security in general!
1. https://blog.phylum.io/junes-sophisticated-npm-attack-attrib...
2. https://github.com/phylum-dev/cli
3. https://github.com/phylum-dev/birdcage
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
We're actively working on this with our sandbox (https://github.com/phylum-dev/birdcage). We've wrapped the likes of pip, yarn, and npm already and are making moves to similarly provide support for cargo.
Currently comes as part of the Phylum CLI (https://github.com/phylum-dev/cli), so that doing something like:
phylum npm install
Related posts
-
Attackers Repurposing existing Python-based Malware for Distribution on NPM
-
Ransomware being published to PyPI in ongoing campaign
-
Attackers are hiding malware in minified packages distributed to NPM
-
A Study of Malicious Code in PyPI Ecosystem
-
Can rustc generate identical binaries, with the same hash, from the same souce code?