|
|
|
|
|
|
by ashishbijlani
978 days ago
|
|
|
Good to see more attempts at analyzing dependencies for malware. Plug: we've been building Packj [1] to detect malicious Python/NPM/Ruby/Rust/Java/PHP packages. It carries out static/dynamic/metadata analysis to look for "suspicious” attributes such as spawning of shell, use of files, network communication, use of decode+eval, mismatch of GitHub code vs packaged code, and several more. 1. https://github.com/ossillate-inc/packj |
|
|