On May 26, OSV withdrew 157 malware reports. FastAPI, Strawberry GraphQL, rdflib, Pulumi, and dozens of other legitimate packages had been flagged as malicious by an automated pipeline.
The cause: Amazon Inspector reports flowing directly into the OpenSSF malicious-packages repository without human review. One algorithm's guess became every scanner's alert.
Builds broke. Maintainers scrambled to prove their own releases weren't compromised. The automation was paused.
The detection model is the problem
Pattern-matching malware detection asks: "Does this behavior look suspicious?" That's a guess. A useful guess, most of the time. But when it's wrong, it's wrong at scale. 157 packages in one batch.
The FastAPI flag was triggered by an "undocumented dependency." No payload. No credential theft. No C2 server. Just a dependency that looked unfamiliar to an algorithm.
What facts look like
I scored every package that was falsely flagged. Here's what behavioral signals (things you can verify yourself) actually say:
| Package | Score | Maintainers | Weekly Downloads | Risk Flag |
|---|---|---|---|---|
| fastapi | 89 | 1 | 110M | CRITICAL: sole maintainer + >10M/wk |
| strawberry-graphql | 63 | 1 | 1.4M | HIGH: sole maintainer + >1M/wk |
| rdflib | 78 | 4 | 2.9M | — |
| pulumi-vcd | 31 | 1 | 147 | — |
FastAPI scored 89 — high quality. But it also flags CRITICAL because it has one PyPI maintainer and 110 million weekly downloads.
That flag isn't a guess. It's a structural fact. One compromised account, 110 million downloads exposed. The flag doesn't say FastAPI IS malware. It says FastAPI is structurally fragile in a way that matters if something goes wrong.
rdflib doesn't flag at all. Four maintainers, reasonable download volume. The structural risk is distributed.
Two different questions
Malware scanners ask: "Is this package attacking you right now?"
Behavioral scoring asks: "If this package were compromised tomorrow, how bad would it be?"
Both questions matter. But only one of them produced 157 false positives last week.
Behavioral signals can't be false positives. FastAPI either has 1 maintainer or it doesn't. It either has 110M weekly downloads or it doesn't. These are checkable facts, not pattern matches.
What this means for your project
If your CI pipeline uses OSV or any scanner fed by automated malware detection, you got 157 false alerts last week. Or your builds broke. Or both.
Adding behavioral scoring alongside malware detection gives you a different layer. One that measures structural risk continuously, not reactive alerts when something looks wrong.
npx proof-of-commitment
Run it in your project directory. It picks up your lockfile automatically and scores every dependency on publisher count, release cadence, contributor depth, and provenance. No account required.
The packages that were falsely flagged as malware? They have real structural risks. FastAPI's sole-maintainer CRITICAL flag has been there for months. It didn't need an algorithm to guess. It's right there in the registry data.
Commit scores npm, PyPI, Cargo, and Go packages on behavioral signals. Free CLI, API, and MCP server. The data in this article is live. Verify it yourself.
Top comments (0)