packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain (by ossillate-inc)
Add to my DEV experience Malware Npm Pypi Python Security security-audit security-tools Vulnerability Rubygems supply-chain-security malware-analysis Static Analysis vulnerability-scanners dynamic-analysis sandboxing DevOps developer-tools DevOps Tools Devsecops supply-chain
Source Code
packj.dev
packj Reviews
Suggest alternative
Edit details
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
Sponsored

Packj Alternatives

Similar projects and alternatives to packj

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better packj alternative or higher similarity.
Suggest an alternative to packj

packj reviews and mentions

Posts with mentions or reviews of packj. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-11-14.
  • Rust Without Crates.io
    5 projects | news.ycombinator.com | 14 Nov 2023
    Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

    1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

  • A Study of Malicious Code in PyPI Ecosystem
    4 projects | news.ycombinator.com | 8 Sep 2023
    Cool project. How do you feel about projects like OpenSSF scorecards or even the checks that socket.dev do today on these packages to help determine risk?

    https://github.com/ossillate-inc/packj/blob/main/.packj.yaml

    Secondly, what about impersonation where attackers imitate a popular package and its respective metadata?

  • How to use Podman inside of a container
    4 projects | news.ycombinator.com | 26 Apr 2023
    I built Packj [1] sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.

    1. https://github.com/ossillate-inc/packj

  • NPM Provenance Public Beta
    5 projects | news.ycombinator.com | 19 Apr 2023
    Great work! This provenance check is going to be very valuable for enforcing supply-chain security. We are working on adding support to check for provenance in Packj.

    1. https://github.com/ossillate-inc/packj flags risky/malicious NPM/PyPI/Ruby dependencies

  • Show HN: TypeScript Security Scanner
    2 projects | news.ycombinator.com | 12 Apr 2023
    Cool project. Would love to integrate this in Packj [1] as one of the open-source SAST scanners. Will DM you.

    1. https://github.com/ossillate-inc/packj flags malicious/risky open-source dependencies.

  • Packj flags malicious/risky open-source packages
    1 project | news.ycombinator.com | 14 Feb 2023
  • Show HN: Coder Guard – Protect Your IDE from Malicious Extensions
    1 project | news.ycombinator.com | 26 Jan 2023
    Very cool! I've built something similar, but for packages: https://github.com/ossillate-inc/packj Would love to talk.
  • Ask HN: What Are You Working on This Year?
    49 projects | news.ycombinator.com | 2 Jan 2023
    Working on a marketplace (based on Packj [1]) to allow open-source developers to make money by selling "assured" software artifacts.

    1. Packj https://github.com/ossillate-inc/packj flags malicious and other "risky" open-source dependencies in your software supply chain.

  • Compromised PyTorch-nightly dependency chain December 30th, 2022
    3 projects | news.ycombinator.com | 31 Dec 2022
    I’ve created Packj sandbox [1] for “safe installation” of PyPI/NPM/Rubygems packages

    1. https://github.com/ossillate-inc/packj

    It DOES NOT require a VM/Container; uses strace. It shows you a preview of file system changes that installation will make and can also block arbitrary network communication during installation (uses an allow-list).

  • Vulnerability scanner written in Go that uses osv.dev data
    7 projects | news.ycombinator.com | 16 Dec 2022
    Great to see a developer-friendly tool around OSV! Packj [1] uses OSV APIs to report vulnerable PyPI/NPM/Rubygems packages. Disclaimer: I built it.

    1. https://github.com/ossillate-inc/packj flags malicious/risky packages.

  • A note from our sponsor - SaaSHub
    www.saashub.com | 26 Apr 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic packj repo stats
38
614
7.2
24 days ago

ossillate-inc/packj is an open source project licensed under GNU Affero General Public License v3.0 which is an OSI approved license.

The primary programming language of packj is Python.

Popular Comparisons

  1. packj VS kubesploit
  2. packj VS paperclips
  3. packj VS meta
  4. packj VS maloss
  5. packj VS roqr
  6. packj VS firejail
  7. packj VS djinn
  8. packj VS ThunderCloud
  9. packj VS osv-scanner
  10. packj VS birdcage

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com