TH16501
Detected presence of package manifests with entry points dependent on localization.
| priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
|---|---|---|---|---|---|
 | pass | medium | high | None | None |
About the issueโ
Many popular programming languages use standardized software packaging formats to distribute reusable code components. Software packages are built from instructions written within package manifests that act as blueprints for package assembly. A package manifest declares the most important software properties, such as the package name, its authors and license, external dependencies, and various actions that may occur during the package lifecycle. Software applications are required to have one or more entry points. Entry points are functions contained within the application that need be executed before any other code. These functions are used to initialize the application, after which they pass the execution to other application functions depending on software configuration or user input. Therefore, it is uncommon to have entry points that are dependent on localization, the language, or the region in which the software is used. Localization should be handled by the application logic, not by declaring different entry point functions within the package manifest. Threat actors often abuse package localization features to avoid detection by security solutions.
How to resolve the issueโ
- Investigate reported detections as indicators of software tampering.
- Consider rewriting the package manifest without localizing software entry points.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M