|
|
|
|
|
|
by ashishbijlani
576 days ago
|
|
|
Good to see Packj[1] as one of the malware scanners used. 1. https://github.com/ossillate-inc/packj Packj detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting). |
|
|