Skip to main content

SQ30203

Detected presence of software components with political protest dependencies.

priorityCI/CD statusseverityeffortSAFE levelSAFE assessment
failmediumhigh2malware: fail
Reason: protestware dependencies found

About the issueโ€‹

Authors of open source software may decide to use their projects to spread political messages. Running software packages that include protestware dependencies may trigger protest-related functions when executed in the targeted environments or geographies. Protest-motivated code is commonly implemented as a simple display of harmless messages that call for peace. However, over time protestware may evolve to include code that performs excessive logging, issues denial of service, or even deletes user files. Software packages that depend on protestware code are considered to be potentially unwanted applications. When political activism escalates to inclusion of destructive code, additional malware detection policies trigger to flag malicious intent.

How to resolve the issueโ€‹

  • Inspect behaviors exhibited by the detected software components.
  • If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.
  • Revise the use of components that raise these alarms. If you can't deprecate those components, make sure they are well-documented.
  • Avoid using this software package until it is vetted as safe.

Incidence statisticsโ€‹

ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.

This section is updated when new data becomes available.

Total amount of packages analyzed

  • RubyGems: 183K
  • Nuget: 644K
  • PyPi: 628K
  • NPM: 3.72M
Statistics are not collected for the SQ30203 policy at this time, or not applicable to this type of issue.