Managing Open Source Software Risks With the HeroDevs EOL Dashboard

Wednesday, May 20, 2026 at 01:00 PM UTC·Source: Sonatype (Maven/npm)

Updated: Wednesday, May 20, 2026 at 02:00 PM UTC

Executive Summary

<img src="https://www.sonatype.com/hubfs/blog_herodevs_eol.jpg" alt="Image of two icons side by side. One of them is a logo for the software product Sonatype Lifecycle. The other is a logo for HeroDevs." class="

Analysis

Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across ye ars, end-of-life (EOL) components ar e becoming a structural security challenge.

Indicators of Compromise (5)

URL (3)

https://www.sonatype.com/blog/managing-open-source-software-risks-with-the-herodevs-eol-dashboard

VirusTotal URLhaus

https://www.sonatype.com/hubfs/blog_herodevs_eol.jpg

VirusTotal URLhaus

https://help.sonatype.com/en/component-end-of-life.html

VirusTotal URLhaus

Domain (2)

www.sonatype.com

VirusTotal URLhaus

help.sonatype.com

VirusTotal URLhaus

Source Attribution

Originally published by Sonatype (Maven/npm) on May 20, 2026.

Related Threats

MEDIUMSupply Chain

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek .

3h agoSecurityWeek

MEDIUMSupply Chain

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.

3h agoThe Hacker News

LOWSupply Chain

Why some security fixes never reach your vulnerability dashboard

On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install . The attackers reached Bitwarden’s npm publishing path through a compromised GitHub Action related to the Checkmar

CVE-2026-42994CVE-2020-10148

5h agoCSO Online