packj VS maloss

Compare packj vs maloss and see what are their differences.

packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain (by ossillate-inc)
Malware Npm Pypi Python Security security-audit security-tools Vulnerability Rubygems supply-chain-security malware-analysis Static Analysis vulnerability-scanners dynamic-analysis sandboxing DevOps developer-tools DevOps Tools Devsecops supply-chain
Source Code
packj.dev
Suggest alternative
Edit details

maloss

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages (by osssanitizer)
open-source Npm Rubygems Pypi Packagist Maven Static Analysis dynamic-analysis software-supply-chain attack-detection Security
Source Code
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
packj maloss
38 3
614 106
3.3% -
7.2 0.0
29 days ago over 1 year ago
Python Java
GNU Affero General Public License v3.0 MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

packj

Posts with mentions or reviews of packj. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-11-14.
  • Rust Without Crates.io
    5 projects | news.ycombinator.com | 14 Nov 2023
    Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

    1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

  • A Study of Malicious Code in PyPI Ecosystem
    4 projects | news.ycombinator.com | 8 Sep 2023
    Cool project. How do you feel about projects like OpenSSF scorecards or even the checks that socket.dev do today on these packages to help determine risk?

    https://github.com/ossillate-inc/packj/blob/main/.packj.yaml

    Secondly, what about impersonation where attackers imitate a popular package and its respective metadata?

  • How to use Podman inside of a container
    4 projects | news.ycombinator.com | 26 Apr 2023
    I built Packj [1] sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.

    1. https://github.com/ossillate-inc/packj

  • NPM Provenance Public Beta
    5 projects | news.ycombinator.com | 19 Apr 2023
    Great work! This provenance check is going to be very valuable for enforcing supply-chain security. We are working on adding support to check for provenance in Packj.

    1. https://github.com/ossillate-inc/packj flags risky/malicious NPM/PyPI/Ruby dependencies

  • Show HN: TypeScript Security Scanner
    2 projects | news.ycombinator.com | 12 Apr 2023
    Cool project. Would love to integrate this in Packj [1] as one of the open-source SAST scanners. Will DM you.

    1. https://github.com/ossillate-inc/packj flags malicious/risky open-source dependencies.

  • Packj flags malicious/risky open-source packages
    1 project | news.ycombinator.com | 14 Feb 2023
  • Show HN: Coder Guard – Protect Your IDE from Malicious Extensions
    1 project | news.ycombinator.com | 26 Jan 2023
    Very cool! I've built something similar, but for packages: https://github.com/ossillate-inc/packj Would love to talk.
  • Ask HN: What Are You Working on This Year?
    49 projects | news.ycombinator.com | 2 Jan 2023
    Working on a marketplace (based on Packj [1]) to allow open-source developers to make money by selling "assured" software artifacts.

    1. Packj https://github.com/ossillate-inc/packj flags malicious and other "risky" open-source dependencies in your software supply chain.

  • Compromised PyTorch-nightly dependency chain December 30th, 2022
    3 projects | news.ycombinator.com | 31 Dec 2022
    I’ve created Packj sandbox [1] for “safe installation” of PyPI/NPM/Rubygems packages

    1. https://github.com/ossillate-inc/packj

    It DOES NOT require a VM/Container; uses strace. It shows you a preview of file system changes that installation will make and can also block arbitrary network communication during installation (uses an allow-list).

  • Vulnerability scanner written in Go that uses osv.dev data
    7 projects | news.ycombinator.com | 16 Dec 2022
    Great to see a developer-friendly tool around OSV! Packj [1] uses OSV APIs to report vulnerable PyPI/NPM/Rubygems packages. Disclaimer: I built it.

    1. https://github.com/ossillate-inc/packj flags malicious/risky packages.

maloss

Posts with mentions or reviews of maloss. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-12-16.

What are some alternatives?

When comparing packj and maloss you can also consider the following projects:

kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev

paperclips - Universal Paperclips mirror

pypi_malware - PyPI malware packages

meta - Meta discussions and unicorns. Not necessarily in that order.

melange - build APKs from source code

roqr - QR codes that will rock your world

software-supply-chain-compromises - A dataset of software supply chain compromises. Please help us maintain it!

firejail - Linux namespaces and seccomp-bpf sandbox

apko - Build OCI images from APK packages directly without Dockerfile

djinn - Source code for the Djinn CI platform

trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

packj vs kubesploit maloss vs osv-scanner packj vs paperclips maloss vs pypi_malware packj vs meta maloss vs melange packj vs roqr maloss vs software-supply-chain-compromises packj vs firejail maloss vs apko packj vs djinn maloss vs trivy