Malpacks

Tools to find malicious packages inside package manager (PyPI, npm, and Gem)

Total data

• npm: 1823
• pypi: 5985
• gem: 725

Installation

Simply clone the repository, install requirements and run the script

• $ git clone https://github.com/daffainfo/malpacks
• $ pip3 install -r requirements.txt
• $ python3 main.py

Usage

Available options:

• --all option

To scan all the package managers (PyPI, npm, and Gem)

Example:

$ python3 main.py --all

• --packages option

Define package manager to test (PyPI, npm, and Gem)

Example:

$ python3 main.php --packages npm,pypi

To-Do List

• Scan a file that contain list of packages
  • Scan requirements.txt (Python)
  • Scan package.json (npm)
• More output options
  • JSON
  • YAML
• Add more package manager
  • PyPI
  • npm
  • Gem
  • Go
  • Composer
• Add more malicious packages
  • https://blog.phylum.io/phylum-discovers-another-attack-on-pypi/
  • https://www.reversinglabs.com/blog/mining-for-malicious-ruby-gems
  • https://github.com/DataDog/malicious-software-packages-dataset