Snyk now factors whether a vulnerability originates from a malicious package or not into Snyk’s Priority Score, helping you find, prioritize and fix these issues more efficiently. Snyk will also add a warning on the relevant issue card itself to ensure maximum visibility.
More and more software supply chain attacks are leveraging open source packages to spread malicious code. Continue using open source but stay vigilant!
For more details, please see the Snyk Priority Score docs.