GitHub

DataDog/guarddog: GuardDog is a CLI tool to Identify malicious PyPI packages

GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages, Go modules, GitHub actions, or VSCode extensions. It runs a set of heuristics on the package source code (through ...
IEEE

Bad Snakes: Understanding and Improving Python Package Index Malware Scanning

Abstract: Open-source, community-driven package repositories see thousands of malware packages each year, but do not currently run automated malware detection systems. In this work, we explore the ...
GitHub

KAT - The K-mer Analysis Toolkit

KAT is a suite of tools that analyse jellyfish hashes or sequence files (fasta or fastq) using kmer counts. The following tools are currently available in KAT: kmer: Produces a k-mer hash containing ...
thecyberexpress

New Shai-Hulud Attack Hits Nearly 500 npm Packages with 100+ Million Downloads

A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a total of 132 million monthly downloads. The latest campaign follows one in September that infected nearly 200 npm packages ...