The talk will be a technical showcase of the different types of malicious packages that are prevalent today in popular package repositories. Many examples shown in the presentation will be based on real data and malicious packages that were identified and disclosed by JFrog. We will dive into the types of attacks and payloads contained in these malicious packages and explain how these packages can be identified and rejected, using a recommended secure development workflow and relevant OSS tools.