Skip to main content

SQ30201

Detected presence of software components with potentially unwanted dependencies.

priorityCI/CD statusseverityeffortSAFE levelSAFE assessment
failmediumhigh2malware: fail
Reason: undesirable dependencies found

About the issueโ€‹

Potentially unwanted applications (PUAs) can be considered a risk by some software users. This threat type typically collects private user data, or in more extreme cases, tampers with system security settings. Most threat prevention solutions detect and block PUAs. Some software dependencies may be optional, and could be installed or downloaded only if a certain pre-defined condition is met. When software dependencies are confirmed to be found within the software package, additional issues might also be reported. Software packages that trigger security solution detections also tend to increase the number of support calls and open tickets from users.

How to resolve the issueโ€‹

  • Revise the use of components that raise these alarms. If you can't deprecate those components, make sure they are well-documented.

Incidence statisticsโ€‹

ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.

This section is updated when new data becomes available.

Total amount of packages analyzed

  • RubyGems: 183K
  • Nuget: 644K
  • PyPi: 628K
  • NPM: 3.72M
Statistics are not collected for the SQ30201 policy at this time, or not applicable to this type of issue.