How do you know if you can trust your open source dependencies? Open source code makes up 90% of most codebases. It is critical to manage your dependencies effectively to reduce risk, but most teams have an ad-hoc process where any developer can introduce dependencies, leaving organizations open to risk from malicious dependencies. Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022. We’ll dive into examples of recent supply chain attacks – node-ipc, ua-parser-js,rc, coa, colors, faker – and what concrete steps you can take to protect your team from this emerging threat. We'll also introduce a new free, open source tool which helps detect supply chain attacks in real-time.