Recently, Socket.dev published research highlighting malicious gems designed to steal social media credentials. We wanted to use this as an opportunity to share more about how RubyGems.org security operates, how we proactively handled this incident (and others), and the work our team is doing each day to keep the ecosystem safe. How We Detect Malicious Gems RubyGems.org security uses a proactive and multi-layered approach: 1. Automated detection: Every gem upload is analyzed using both static an...