A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Apache License 2.0
210
stars
19
forks
source link
Add an automated check to ensure package reports are never removed. #487
A malicious package report should never be deleted from the repository.
False positives, must be marked as
withdrawn
. This allows people to see that a previously marked package was actually malicious.To enforce this, a check should be added to ensure a package in the dataset is never removed from the dataset.