The Open Source Security Foundation (OpenSSF) has announced the launch of a new project aimed at assisting in the detection of malicious packages in open source repositories.
According to OpenSSF, the Package Analysis project intends to detect the behaviour and capabilities of open source packages, including the files they access, commands they support, and IP addresses they connect to, as well as track alterations that could indicate suspicious activity.
Package Analysis searches popular open source repositories for packages and stores the findings in a BigQuery table. More than 200 malicious PyPI and npm packages have already been identified by the project.
Read More: https://www.securityweek.com/new-openssf-project-hunts-malicious-packages-open-source-repositories