Top issues
Detected presence of software components with malicious dependencies.
Causes risk: malicious dependencies found
threats
Problem
Proprietary ReversingLabs malware detection algorithms have determined that the software package has one or more malicious dependencies. Some software dependencies may be optional, and could be installed or downloaded only if a certain pre-defined condition is met. When software dependencies are confirmed to be found within the software package, additional issues might also be reported. The detection was made by either a static byte signature, software component identity, or a complete file hash. This malware detection method is considered highly accurate, and can typically attribute malware to previously discovered software supply chain attacks.Prevalence in npm community
0 packages
found in
Top 100
4 packages
found in
Top 1k
37 packages
found in
Top 10k
7092 packages
in community
Next steps
Inspect behaviors exhibited by the detected software components.
If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.
Revise the use of components that raise these alarms. If you can't deprecate those components, make sure they are well-documented.
Avoid using this software package until it is vetted as safe.
Problem
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. A port number is associated with a network address of a host, such as an IP address, and the type of network protocol used for communication. Within URLs, the ports are optional. Ports can be specified in a URL immediately following the domain name. Each network protocol, or schema, has a set of standard ports on which the service operates. This issue is raised when a mismatch between a network protocol and its expected port number is detected. While the presence of non-standard ports does not imply malicious intent, all of their uses in a software package should be documented and approved.Prevalence in npm community
6 packages
found in
Top 100
41 packages
found in
Top 1k
869 packages
found in
Top 10k
490844 packages
in community
Next steps
Investigate reported detections.
If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider changing the port to one that is standard for the networking protocol.
Problem
Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Each of these components can have dozens, or even hundreds, of its own dependencies. When building applications, software developers download and install components from public repositories. For components to work properly, all of their dependencies also need to be installed. Some package repositories, like Node Package Manager (NPM), allow components to declare dependencies that are hosted remotely. Such dependencies are automatically downloaded from a specified location during software component installation. Since remotely hosted dependencies are not immutable, that enables a threat actor to change the dependency contents even after a component was published and vetted by security solutions. It is uncommon to find open source components that use remotely hosted source dependencies.Prevalence in npm community
No prevalence information at this timeNext steps
Review software component remote dependency locations.
If the software component resolves dependencies from unusual locations, investigate the build and release environment for software supply chain compromise.
Consider vendoring the software component with all of its dependencies.
Avoid using this software package until it is vetted as safe.
Top behaviors
Opens URLs during installation or upon launch.
network
Prevalence in npm community
No behavior prevalence information at this timeExecutes files during installation or upon launch.
execution
Prevalence in npm community
No behavior prevalence information at this timeCreates an HTTP server.
network
Prevalence in npm community
Behavior often found in this community (Common)
8 packages
found in
Top 100
31 packages
found in
Top 1k
431 packages
found in
Top 10k
135010 packages
in community
Contains URLs that use non-standard ports.
network
Prevalence in npm community
Behavior often found in this community (Common)
6 packages
found in
Top 100
41 packages
found in
Top 1k
869 packages
found in
Top 10k
491126 packages
in community
Contains IP addresses.
network
Prevalence in npm community
Behavior often found in this community (Common)
16 packages
found in
Top 100
80 packages
found in
Top 1k
1432 packages
found in
Top 10k
442524 packages
in community
Top vulnerabilities
No vulnerabilities found.