Dale Bustad
@dale.link
divmain on x. Working at @socket.dev. Fmr Salesforce, Vercel, Microsoft, Formidable, non-tech NGO. Core values: kindness, partnership, & creation. Political aficionado, musician, person of faith, devoted learner. Might occasionally post about my dog.
You can watch our blog for the exact timing of what we detected and when. But that’s the mechanics of it.
November 26, 2025 at 8:57 PM
You can watch our blog for the exact timing of what we detected and when. But that’s the mechanics of it.
Folks would have seen a warning in sfw within minutes of the original publish, when automated scanning detected the potential malware and it was marked as “potential malware”. Further along in the malware campaign, human review was roughly happening in realtime, so sfw was blocking more quickly.
November 26, 2025 at 8:57 PM
Folks would have seen a warning in sfw within minutes of the original publish, when automated scanning detected the potential malware and it was marked as “potential malware”. Further along in the malware campaign, human review was roughly happening in realtime, so sfw was blocking more quickly.
sfw blocks as soon as a package is marked as malware in our system. When that happens varies a bit, depending on when the malicious package is detected and when it undergoes human review.
November 26, 2025 at 8:53 PM
sfw blocks as soon as a package is marked as malware in our system. When that happens varies a bit, depending on when the malicious package is detected and when it undergoes human review.
The free version blocks malware only. We're also rolling out an enterprise version that, among other things, will allow configurable blocking policies.
September 30, 2025 at 8:16 PM
The free version blocks malware only. We're also rolling out an enterprise version that, among other things, will allow configurable blocking policies.