Sigil Blog
Security research for AI tooling
Threat analysis, supply chain intelligence, and practical guides for developers building with AI.
How to Stop npm Postinstall Malware in 2026
Stopping npm postinstall malware requires a proactive, multi-layered defense that blocks malicious code before it executes. This guide details four essential steps: implementing pre-install behavioral scanning, hardening your npm configuration, enforcing CI/CD policies, and establishing an incident response plan to protect your projects in 2026.
Scanning Git Repos for Obfuscated Code in 2026
Scanning Git repositories for obfuscated code requires a multi-layered approach. This guide details a 2026 workflow combining static pattern matching and behavior-based analysis to detect and quarantine malicious payloads before they execute.
Subscribe to Sigil threat research
New threat analysis, detection signatures, and security research delivered to your inbox.