Malicious code in open sources is real and people get hacked due to it as we have seen with changed-files incident, ultralytics hack and multiple such incidents. vet now supports identification of malicious OSS packages through active code analysis.
π Getting Started
- Install vet
brew tap safedep/tap
brew install safedep/tap/vet
For other installation methods, refer to README.md
- Onboard to SafeDep Cloud to use the code analysis infrastructure using
vet
vet cloud quickstart
π Malicious Package Scanning
- Scan a single package
vet inspect malware --purl pkg:/npm/llm-oracle@1.0.2
- Scan a repository with auto-discovered packages
vet scan -D /path/to/repo --malware
π Supported Ecosystems
| Ecosystem | Support |
|---|---|
| Javascript (npm) | β |
| Python (pypi) | β |
| Java (Maven) | β |
| Go (modules) | β |
| Rust (crates.io) | β |
| Ruby (rubygems) | β |
β‘οΈ Raise an issue to request an ecosystem to be prioritised
πΎ Live Demo
Top comments (0)