Socket flags npm and PyPI payment SDK malware targeting CI/CD
Developer Tools
1 min read

Socket flags npm and PyPI payment SDK malware targeting CI/CD

Socket says malicious npm and PyPI packages impersonated payment SDKs to steal developer credentials and CI/CD environment data. For technology leaders, the bigger issue is not one fake library but the cost of restoring trust across build pipelines, secrets, and released artifacts.

Rohit Kumar
Rohit Kumar