Skip to content

 Defend Developers

Protect against malicious attacks and unintended consequences

New call-to-action

Protect Developer Keys & Secrets 

Pre-install open-source packages in an environment that restricts access to the network, filesystem, and environment variables

Regular Installation

With Phylum Birdcage

SSH keys stolen
A package is installed that ships SSH keys to a service listening on :9090 
Birdcage Install.Gif
The sandbox prevents the malicious package from reaching out to the service and protects the SSH keys

New call-to-action

The Phylum Birdcage

An open-source, freely available solution to sandbox package installations and protect developers

Birdcage Instructions1

Birdcage Bug Bounty

Attack the developer during package install and steal their secret key

Birdcage Bug Bounty

Phylum Research

Phylum Discovers NPM Package mathjs-min Contains Credential Stealer
Malware   |   Mar 29, 2023

Phylum Discovers NPM Package mathjs-min Contains Credential Stealer

Phylum identifies software supply chain attackers subtly modifying a...

Phylum Discovers NPM Package mathjs-min Contains Credential Stealer The Phylum Research Team
Malicious Actors Use Unicode Support in Python to Evade Detection
Malware   |   Mar 22, 2023

Malicious Actors Use Unicode Support in Python to Evade Detection

Phylum uncovers a threat actor taking advantage of how the Python in...

Malicious Actors Use Unicode Support in Python to Evade Detection The Phylum Research Team
A PyPI typosquatting campaign post-mortem
Malware   |   Feb 28, 2023

A PyPI typosquatting campaign post-mortem

Phylum performs a thorough breakdown of a typosquat campaign on PyPI...

A PyPI typosquatting campaign post-mortem The Phylum Research Team