maloss
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages (by osssanitizer)
pypi_malware
PyPI malware packages (by rsc-dev)
| maloss | pypi_malware | |
|---|---|---|
| 3 | 1 | |
| 106 | 52 | |
| - | - | |
| 0.0 | 10.0 | |
| over 1 year ago | over 5 years ago | |
| Java | Python | |
| MIT License | The Unlicense |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
maloss
Posts with mentions or reviews of maloss.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-16.
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
-
Vulnerability scanner written in Go that uses osv.dev data
We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).
- PyPI: Python packets steal AWS keys from users
pypi_malware
Posts with mentions or reviews of pypi_malware.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-26.
What are some alternatives?
When comparing maloss and pypi_malware you can also consider the following projects:
packj - Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
software-supply-chain-compromises - A dataset of software supply chain compromises. Please help us maintain it!
melange - build APKs from source code
dockerify - Run any CLI command in a docker container
apko - Build OCI images from APK packages directly without Dockerfile
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
firejail - Linux namespaces and seccomp-bpf sandbox