Tagged with

Library-audit

This post thumbnail
Library Audit: from a PURL to vulnerabilities and compromises

Many npm and PyPI compromises never get a CVE — the package is yanked and an OSV advisory is shipped instead. Library Audit takes raw PURLs from any ecosystem to flag CVE-tracked vulnerabilities and registry-yanked compromises before `pip install`, not the morning after.

21 May 2026 12:00 AM