The way software gets built is changing fast. Developers are no longer the only ones choosing dependencies. AI agents can now recommend, install, and wire open source packages into applications as part of the build process.
Replit is at the center of that shift, giving millions of builders a faster path from idea to working software. As more of that work happens inside AI-powered workflows, dependency security has to move closer to the moment packages are selected and installed.
Socket Firewall is now built into that experience to give Replit users stronger protection. It evaluates open source packages as they are introduced into the build, helping stop attacks that do not wait for code review, such as typosquatted and impersonated packages, malicious transitive dependencies, install scripts that fetch second-stage payloads, credential stealers, and packages tied to known malicious infrastructure.
The impact is already visible at scale. Since rolling out the firewall, Replit is already blocking around 8,000 packages per day across builders on the platform. Over the course of a year, that adds up to millions of blocked package installs, giving Replit users stronger protection by default.
We’ve seen a relentless wave of fast-moving attacks hitting open source lately: malicious packages that do serious damage during installation, before anyone has time for manual review. Once they land in the build environment, it's already too late. By partnering with Replit, we are putting Socket’s threat intelligence directly in the install path, helping builders move fast while blocking supply chain attacks.
“Software is being created faster than at any moment in history, and attackers are racing to take advantage. This is one of the defining problems of the AI era. Replit and Socket are putting security in the building loop, blocking malicious code before it ever runs, so millions of builders stay protected while they create.” — Amjad Masad, CEO of Replit.
Open source makes modern software possible. It also gives attackers a direct path into the development process. That risk is amplified in AI-assisted development where agents are empowered to pull in dependencies automatically when completing tasks.
The answer is not to slow builders down. It is to put better security inside the tools they already use. We’re excited to partner with Replit to help builders continue shipping with confidence.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。