2025 - Cloudsmith

2025

A collection of 6 posts

Multiple Malicious Packages Discovered on PyPI, npm, and RubyGems

software supply chain security

Multiple Malicious Packages Discovered on PyPI, npm, and RubyGems

Evidence of broad and sustained attacks using several npm, Python, and Ruby packages continues to emerge. A series of malicious packages have been added to the npm, PyPI, and RubyGems package repositories. The attacks have been ongoing for some time, with some seeded years ago. Their aims are manifold, including

XRPL Supply Chain Attack and How to Block it Using Cloudsmith’s Enterprise Policy Management

XRPL Supply Chain Attack and How to Block it Using Cloudsmith’s Enterprise Policy Management

Yet another supply chain attack has surfaced, this time using the xrpl library to sneak through malicious packages. xrpl.js is recognised as the recommended npm library for integrating the XRP Ledger (XRPL) with JavaScript/TypeScript applications, and has over 140k downloads a week. No Cloudsmith Customers Affected Our security

Enterprise Policy Management Example: Quarantine Packages Using Policy as Code

Enterprise Policy Management Example: Quarantine Packages Using Policy as Code

Cloudsmith built Enterprise Policy Management (EPM) on Open Policy Agent (OPA) and uses Rego to define policies as code. These policies control how packages move through your systems. They're versioned, reviewable, and enforceable. EPM is in early release, but it already draws on extensive metadata Cloudsmith collects from

Enterprise Policy Management with Cloudsmith

Enterprise Policy Management with Cloudsmith

Enterprise Policy Management (EPM) is a programmable policy-as-code layer that controls the security, compliance, and flow of artifacts across the software supply chain. Teams can codify rules once and apply them continuously across repositories. With Cloudsmith’s platform, organizations extend policy enforcement across teams, environments, and geographies without introducing friction,

Kubernetes 1.33 – What you need to know

Kubernetes 1.33 – What you need to know

Kubernetes 1.33 is right around the corner, and there are quite a lot of changes to unpack! Removing enhancements with the status of “Deferred” or “Removed from Milestone” we have 64 Enhancements in all listed within the official tracker. So, what’s new in 1.33? Kubernetes 1.33

KubeCon London 2025 Recap: Cloud-Native Insights on Security, Wasm, and More

KubeCon London 2025 Recap: Cloud-Native Insights on Security, Wasm, and More

KubeCon London 2025 showed a cloud-native ecosystem shifting from fragmentation to unification of policy, security, observability, and artifact management.