You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata.
GuardDog can be used to scan local or remote PyPI and npm packages using any of the available heuristics.
Running the above command, you will encounter an error:
Found 1 potentially malicious indicators in frictionless
exec-base64: found 1 source code matches
* This package contains a call to the `eval` function with a `base64` encoded string as argument.
This is a common method used to hide a malicious payload in a module as static analysis will not decode the
string.
at frictionless-5.16.1/frictionless/console/commands/explore.py:62
os.system(f"vd {' '.join(paths)}")
The text was updated successfully, but these errors were encountered:
Overview
After installing datadog's guarddog to scan pypi packages, guarddog finds 1 "potentially malicious indicators".
FYI, "GuardDog is a CLI tool to Identify malicious PyPI and npm packages" or
To reproduce the error message :
!
)The text was updated successfully, but these errors were encountered: