[ashishbijlani]

Plug: we've been building Packj [1] to detect malicious Python/NPM/Ruby/Rust/Java/PHP packages. It carries out static/dynamic/metadata analysis to look for "suspicious” attributes such as spawning of shell, invalid/expired email (i.e., no 2FA), use of files, network communication, use of decode+eval, mismatch of GitHub code vs packaged code, and several more.

1. https://github.com/ossillate-inc/packj

[aftbit]

Can you show the result of running a scan against this compromised repo? Would your tool have caught this crypto drainer live on revoke.cash?

[cmeacham98]

Tried it myself and they don't appear to have implemented the part of the scan that would catch this, relevant snippet from the logs:

    [+]    Analyzing repo-pkg src code match.... N/A [Coming soon!]

[capableweb]

And since you're bragging/plugging it here, I take it you tested it against this repository+version and it detected it?