DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
https://securitylabs.datadoghq.com/articles/guarddog-identify-malicious-pypi-packages/
Apache License 2.0
628 stars 44 forks source link

Enhance shady links rule #476

Closed sobregosodd closed 1 month ago

sobregosodd commented 1 month ago

This PR changes the matching on the rule to match on json files and also removal of the slash ending requirement for complete domains regex

No false positives were observed in a test against the top 1k npm and pypi packages.