MalNPMDetector 是一款专为 npm 软件包设计的恶意包检测系统。该系统采用高效的静态规则匹配,能够在大规模数据集中快速筛选出可疑的恶意包和混淆软件包。随后,通过基于字符串的污点分析进一步精确筛查,从初步筛选的可疑软件包中缩小范围。整个流程无需运行 npm 软件包,即可高效识别潜在威胁,从而防止恶意包污染 npm 软件供应链。
It includes ontology learning for Competency questions (CQ) and heterogeneous input from multiple sources, and has a complete front-end user interface. CQ can be used to generate ontology validation.
