Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
In addition to this, we've also developed and released an open-source sandbox [3] that provides facilities for limiting access to disk, network, and environment variables. This is baked into our `npm`, `yarn`, and `pip` CLI extensions; we're working on adding it to more.
Would greatly appreciate any feedback on our Cargo extension and suggestions for improving our sandbox! If anyone is interested in a pro account on Phylum, DM me your email and I'll make it happen.
Happy to answer any questions about software supply chain attacks or security in general!
1. https://blog.phylum.io/junes-sophisticated-npm-attack-attrib...
2. https://github.com/phylum-dev/cli
3. https://github.com/phylum-dev/birdcage
We're actively working on this with our sandbox (https://github.com/phylum-dev/birdcage). We've wrapped the likes of pip, yarn, and npm already and are making moves to similarly provide support for cargo.
Currently comes as part of the Phylum CLI (https://github.com/phylum-dev/cli), so that doing something like:
phylum npm install
Related posts
- Attackers Repurposing existing Python-based Malware for Distribution on NPM
- Ransomware being published to PyPI in ongoing campaign
- Attackers are hiding malware in minified packages distributed to NPM
- A Study of Malicious Code in PyPI Ecosystem
- Can rustc generate identical binaries, with the same hash, from the same souce code?