When using Open Source Packages, we tend to rely on strangers to deliver us code. There are many ways to determine the legitimacy of a package, whether it will be the number of stars of the package or the maintainer 's GitHub account credibility.
Unfortunately all you can see can be easily spoofed.
Senior Security Researcher, Checkmarx
Tal brings over 7 years of experience to her role as a principal supply chain security research within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.
Software Engineering Team Leader
Alik is a security researcher and software engineer at Checkmarx supply chain security group, leading the development of the behavior analysis engine of code packages.