Snyk now factors whether a vulnerability originates from a malicious package or not into Snyk’s Priority Score, helping you find, prioritize and fix these issues more efficiently. Snyk will also add a warning on the relevant issue card itself to ensure maximum visibility.
More and more software supply chain attacks are leveraging open source packages to spread malicious code. Continue using open source but stay vigilant!
More information on how Snyk helps you prevent malicious packages in your applications can be found on our blog.