Since we debuted our Advanced Development Pack in late 2020, Sonatype’s discovery of malicious packages infiltrating npm has been making headlines over and over [1, 2, 3, 4, 5].
Article Link: https://blog.sonatype.com/meet-the-developers-behind-sonatypes-automated-malware-detection-system-securing-open-source-supply-chains