TH16504
Detected presence of package manifests that execute code written in another programming language.
priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
---|---|---|---|---|---|
pass | medium | high | None | None |
About the issueโ
Many popular programming languages use standardized software packaging formats to distribute reusable code components. Software packages are built from instructions written within package manifests that act as blueprints for package assembly. A package manifest declares the most important software properties, such as the package name, its authors and license, external dependencies, and various actions that may occur during the package lifecycle. Actions defined within the package manifest are executed automatically by the package manager during events such as package installation, compilation, testing, or on package removal. It is unusual to have a package manifest that executes actions using programming languages that are not native to the package ecosystem. Attackers often reuse code across ecosystems, targeting developers that have multiple languages installed on their machines. This is a simple but effective way to avoid detection by security solutions.
How to resolve the issueโ
- Investigate reported detections as indicators of software tampering.
- Consider rewriting the package manifest without using multiple programming languages.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M