The Federal Threat: 98% of npm & PyPI Malware Neutralized With a Source-First Approach

Recent npm and PyPI attacks underscore the urgency for more trusted open-source dependencies across civilian agencies. Chainguard’s research, which analyzes thousands of malicious packages, shows that rebuilt-from-source libraries can prevent nearly all known malware - signaling a fundamental shift in how federal software supply chains can be secured. This secure-by-default approach isn’t just an improvement; it represents a groundbreaking change in how the government can build, trust, and operate modern software.

Preview image

Sponsored by

Sponsored by

Email *

Full Name *

Employer *

Agency/Department *

Organization Function *

Please Provide Your Organization's Name *

Grade/Rank *

Job Function *

Job Title *

Phone *

City *

State *

Zip Code *

Country *

Country (Other) *

I want to receive occasional news and updates from trusted partners

I want to receive occasional news and updates from trusted partners

I agree to the use of my personal data by Government Executive Media Group and its partners to serve you targeted ads. Learn more.

Please save my information for future visits

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms and Conditions apply.

Exercise Your Privacy Rights