Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages

In Hacker News by Blog Writer

Post Sharing
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories.
Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the