DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
https://securitylabs.datadoghq.com/articles/guarddog-identify-malicious-pypi-packages/
Apache License 2.0
611 stars 44 forks source link

Enhance shady links rule #476

Closed sobregosodd closed 1 week ago

sobregosodd commented 1 week ago

This PR changes the matching on the rule to match on json files and also removal of the slash ending requirement for complete domains regex

No false positives were observed in a test against the top 1k npm and pypi packages.