The number of malicious packages uploaded to open-source repositories has surged by over 150% in the last year, highlighting a significant security concern for developers.
Brian Fox noted that while projects have improved their release speed, the time to fix vulnerabilities in dependencies has increased, reflecting a disturbing trend in development priorities.
The report indicates that more than 500,000 of 7 million open-source projects contained malicious packages, underscoring the growing threat to software integrity.
Developers are prioritizing speed over security, which is problematic as the cyber landscape continues to evolve and attackers become more adept.
[
Collection
]
[
|
...
]