Packj Alternatives

packj reviews and mentions

• A Study of Malware Prevention in Linux Distributions
  1 project | news.ycombinator.com | 21 Nov 2024

  Good to see Packj[1] as one of the malware scanners used.

  1. https://github.com/ossillate-inc/packj

  Packj detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).

• Rust Without Crates.io
  5 projects | news.ycombinator.com | 14 Nov 2023

  Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

  1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

• A Study of Malicious Code in PyPI Ecosystem
  4 projects | news.ycombinator.com | 8 Sep 2023

  Cool project. How do you feel about projects like OpenSSF scorecards or even the checks that socket.dev do today on these packages to help determine risk?

  https://github.com/ossillate-inc/packj/blob/main/.packj.yaml

  Secondly, what about impersonation where attackers imitate a popular package and its respective metadata?

• How to use Podman inside of a container
  4 projects | news.ycombinator.com | 26 Apr 2023

  I built Packj [1] sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.

  1. https://github.com/ossillate-inc/packj

• NPM Provenance Public Beta
  5 projects | news.ycombinator.com | 19 Apr 2023

  Great work! This provenance check is going to be very valuable for enforcing supply-chain security. We are working on adding support to check for provenance in Packj.

  1. https://github.com/ossillate-inc/packj flags risky/malicious NPM/PyPI/Ruby dependencies

• Show HN: TypeScript Security Scanner
  2 projects | news.ycombinator.com | 12 Apr 2023

  Cool project. Would love to integrate this in Packj [1] as one of the open-source SAST scanners. Will DM you.

  1. https://github.com/ossillate-inc/packj flags malicious/risky open-source dependencies.

• Packj flags malicious/risky open-source packages
  1 project | news.ycombinator.com | 14 Feb 2023
• Show HN: Coder Guard – Protect Your IDE from Malicious Extensions
  1 project | news.ycombinator.com | 26 Jan 2023

  Very cool! I've built something similar, but for packages: https://github.com/ossillate-inc/packj Would love to talk.

• Ask HN: What Are You Working on This Year?
  49 projects | news.ycombinator.com | 2 Jan 2023

  Working on a marketplace (based on Packj [1]) to allow open-source developers to make money by selling "assured" software artifacts.

  1. Packj https://github.com/ossillate-inc/packj flags malicious and other "risky" open-source dependencies in your software supply chain.

• Compromised PyTorch-nightly dependency chain December 30th, 2022
  3 projects | news.ycombinator.com | 31 Dec 2022

  I’ve created Packj sandbox [1] for “safe installation” of PyPI/NPM/Rubygems packages

  1. https://github.com/ossillate-inc/packj

  It DOES NOT require a VM/Container; uses strace. It shows you a preview of file system changes that installation will make and can also block arbitrary network communication during installation (uses an allow-list).

• A note from our sponsor - SaaSHub
  www.saashub.com | 23 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →