DONAPI is a comprehensive tool designed to detect and classify malicious npm packages by analyzing behavior sequences. The tool combines static and dynamic analysis techniques to provide accurate results. By synchronizing a local package cache with real-time updates, DONAPI can efficiently process a large number of packages for security evaluation.
The growing popularity of npm as a package manager has led to an increase in security risks due to the presence of malicious packages. DONAPI aims to address these risks by automatically identifying and categorizing potentially harmful software.
Through manual inspection, API call sequence analysis, and hierarchical classification, DONAPI can identify sensitive behaviors in third-party open-source packages. The tool focuses on speed, accuracy, and comprehensiveness in evaluating the degree of maliciousness in software packages.
Overall, DONAPI offers developers a valuable resource for establishing secure dependency bases and proactively preventing the use of malicious packages in their projects.
Naar een andere taal
vanuit de broninhoud
arxiv.org
Belangrijkste Inzichten Gedestilleerd Uit
by Cheng Huang ... om arxiv.org 03-14-2024
https://arxiv.org/pdf/2403.08334.pdfDiepere vragen