
Developer Tools
1 min read
Socket flags npm and PyPI payment SDK malware targeting CI/CD
Socket says malicious npm and PyPI packages impersonated payment SDKs to steal developer credentials and CI/CD environment data. For technology leaders, the bigger issue is not one fake library but the cost of restoring trust across build pipelines, secrets, and released artifacts.
