Welcome To Mend Research Reports Center

Read research reports about application security, DevSecOps, open source license compliance and audit

Choose Your Type

Choose Your Topic

Our Latest Research Reports

npm Threat Report

What’s in the report? Learn how the most popular JavaScript package manager – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto. Why should you care about malicious npm activity? JavaScript is the most commonly used programming language globally, and 68% of developers depend upon it...

Mend Research Report — Remediating Vulnerabilities in npm Packages

As AppSec practices continue to shift left into development, the task of ensuring that open source libraries are up-to-date and vulnerability-free falls on developers’ shoulders -- and it is quite a task. In order to gain a better understanding of the process of open source vulnerability management, our Knowledge Team analyzed vulnerable npm packages, checking the CVE publication date and comparing it to the release date of the vulnerabilities’ fix.