TH17135
Detected presence of files containing URLs related to software package publishing.
| priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
|---|---|---|---|---|---|
 | pass | high | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. One or more embedded URLs were discovered to link to addresses related to software package publishing. These include package registry publishing endpoints, authentication endpoints used to obtain publishing tokens, and registry administration APIs used to manage or remove published packages. Attackers often abuse access to these network locations to publish malicious packages, tamper with existing releases, or remove legitimate packages under compromised maintainer identities. The presence of such network references in a software package is uncommon and may suggest worm-like behavior, where a compromised package attempts to propagate by publishing additional malicious packages to the same or related repositories.
How to resolve the issueโ
- Investigate reported detections.
- Consult Mitre ATT&CK documentation: T1195.001 - Supply Chain Compromise: Compromise Software Dependencies and Development Tools.
- If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Remove all references to flagged network locations.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- Linux: 562K
- NPM: 5.12M
- Nuget: 735K
- PS Gallery: 17K
- PyPi: 838K
- RubyGems: 203K
- VS Code: 113K
- Windows: 3.7K
Recommended readingโ
- Supply Chain Compromise: Compromise Software Dependencies and Development Tools (External resource)