The repository has collected over 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will continue to expand the dataset. Latest update time: 14 Jun. 2026
☆122Jun 14, 2026Updated this week
Alternatives and similar repositories for pypi_malregistry
Users that are interested in pypi_malregistry are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆358Updated this week
- ☆17Jul 25, 2024Updated last year
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆140Oct 5, 2022Updated 3 years ago
- Artifact accompanying our ICSE '22 paper "Practical Automated Detection of Malicious npm Packages"☆47Jan 25, 2022Updated 4 years ago
- A fork of Bandit tool with patterns to identifying malicious python code.☆30Sep 1, 2022Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- This repository complements our paper by offering the training dataset, the best-performing models utilized in our real-world experiment,…☆22Mar 7, 2025Updated last year
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆552Updated this week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆1,126Updated this week
- Collection of tools for analyzing open source packages.☆364Updated this week
- Automatically scan new pypi packages for potentially malicious code☆31Mar 24, 2024Updated 2 years ago
- This repository contains a list of papers about software supply chain☆29May 22, 2024Updated 2 years ago
- Multi-threading Leaks/Intelligence file parser☆16Updated this week
- Modular static malicious JavaScript detection system☆75Jan 18, 2021Updated 5 years ago
- ☆31May 1, 2025Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- 使用 Docker 一键构建 JDK 源码的 CodeQL 数据库,方便使用 CodeQL 查找 JDK 中的数据。☆27May 14, 2025Updated last year
- Resources for our ICSE'24 poster: Prompt-Enhanced Software Vulnerability Detection Using ChatGPT.☆25May 8, 2024Updated 2 years ago
- MDG-based static vulnerability scanner specialized in analyzing npm packages and detecting taint-style and prototype pollution vulnerabil…☆25Dec 10, 2025Updated 6 months ago
- A dataset of software supply chain compromises. Please help us maintain it!☆130Sep 16, 2022Updated 3 years ago
- ☆25Apr 1, 2026Updated 2 months ago
- 这个脚本主要提供对pypi供应链的源头进行安全扫描研究,扫描并发现未知的恶意包情况。☆28May 22, 2023Updated 3 years ago
- Security Vulnerability Repair via Concolic Execution and Code Mutations☆21Sep 12, 2024Updated last year
- ☆13Jan 22, 2024Updated 2 years ago
- Code and dataset for paper C4: Contrastive Cross-Language Code Clone Detection☆30May 24, 2022Updated 4 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Static JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis☆29Feb 26, 2022Updated 4 years ago
- PyPI malware packages☆60Dec 12, 2018Updated 7 years ago
- A manually vetted dataset for security vulnerability detection in Java projects☆105Aug 12, 2025Updated 10 months ago
- TensorFlow API analysis tool and malicious model detection tool☆41May 27, 2025Updated last year
- 安全升级jar包时,辅助检测Java Archive (JAR) 包之间兼容性,各类符号引用的存在检测,包括方法、方法签名、字段定义和引用、类引用等等☆15Jul 7, 2024Updated last year
- YASA-UAST is an intermediate representation structure for multi-language program analysis. The UAST-Parser parses code from different pro…☆85May 21, 2026Updated 3 weeks ago
- AFL++ using the Ball-Larus path profiling algorithm for coverage feedback☆15Oct 31, 2022Updated 3 years ago
- [ALL IN ONE] Everything that I shared to public about Cloud Security is here.☆64Apr 19, 2025Updated last year
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆169Jan 29, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆52Oct 27, 2024Updated last year
- Debug pwn in docker, no need for virtual machines☆38Oct 10, 2025Updated 8 months ago
- Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles☆20Mar 24, 2021Updated 5 years ago
- JEST: N+1-version Differential Testing of Both JavaScript Engines☆14Jun 1, 2021Updated 5 years ago
- [ISSTA 2024] PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open Source Software☆27Sep 13, 2025Updated 9 months ago
- ☆13Jun 26, 2023Updated 2 years ago
- A novel and interpretable ML-based approach to classify malware with high accuracy and explain the classification result meanwhile.☆29Nov 23, 2022Updated 3 years ago