Spectra Assure

failIncident: Removal

Scanned:

Dapper

latest

removed

Top 10k

A high performance micro-ORM supporting MariaDB, PostgreSQL, SQL Server, SQLite and more.

License: unknown

Published:

Visit GitHub

See on PowerShell Gallery

SAFE Assessment

Compliance

Licenses

No license compliance issues

Secrets

1 debugging symbols found

Security

Vulnerabilities

No known vulnerabilities detected

Hardening

1 outdated toolchains detected

Threats

Tampering

1 components prone to hijacking

Malware

No evidence of malware inclusion

INCIDENTS FOR THIS VERSION:

removal

N/AReported By: Community

Popularity

2.34k

Total Downloads

Contributors

Declared Dependencies

Dependents

Top issues

See all issues

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. Open source projects are the intellectual property of their respective authors. At any time, the authors may choose to completely remove the software component from a public repository. This often occurs when a software project reaches its end-of-life stage, or when the software authors lose interest in maintaining the project. This kind of removal frees up the software package name, its unique software identifier in the public repository, for other developers to use. However, new software project owners might have malicious intent. Threat actors are continuously monitoring popular package names in case their unique identifiers suddenly become available for hijacking. Once the software projects falls under new ownership, the new maintainers may opt to use the project popularity to spread malware to unsuspecting users.

Prevalence in PowerShell Gallery community

0 packages

found in

Top 100

0 packages

found in

Top 1k

0 packages

found in

Top 10k

2 packages

in community

Next steps

Inspect behaviors exhibited by the detected software components.

If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.

Revise the use of components that raise these alarms. If you can't deprecate those components, make sure that their versions are pinned.

Avoid using this software package until it is vetted as safe.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. While a new software project is a welcome addition to the open source community, it is not always prudent to indiscriminately use the latest components when building a commercial application. Irrespective of the software quality, the danger of being the first to try out a new project lies in the fact that the software component may contain novel, currently undetected malicious code. Therefore, it is prudent to review software component behaviors and even try out software component in a sandbox, an environment meant for testing untrusted code.

Prevalence in PowerShell Gallery community

1 packages

found in

Top 100

2 packages

found in

Top 1k

6 packages

found in

Top 10k

18 packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

Problem

Program database (PDB) files are typically only used during software development. They contain private debug symbols that make it significantly easier to reverse engineer a closed-source application. In some cases, having a program database file is equivalent to having access to the source code. Presence of program databases could indicate that one or more software components have been built using a debug profile, instead of the release.

Prevalence in PowerShell Gallery community

3 packages

found in

Top 100

29 packages

found in

Top 1k

130 packages

found in

Top 10k

237 packages

in community

Next steps

Private debug database files should not be embedded within executables, and you should remove them from the software package before releasing it.

The integrity verification of the embedded database files should not be done with insecure hashing algorithms. SHA1 and MD5 hashes should be deprecated throughout the application, and a more secure SHA256 algorithm should be used instead.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. While a new software project is a welcome addition to the open source community. it is not always prudent to indiscriminately use the latest components when building a commercial application. Irrespective of the software quality, the danger of using components that are rarely used to build applications lies in the fact that the software component may contain novel, currently undetected malicious code. Therefore, it is prudent to review software component behaviors and even try out software component in a sandbox, an environment meant for testing untrusted code.

Prevalence in PowerShell Gallery community

1 packages

found in

Top 100

4 packages

found in

Top 1k

5 packages

found in

Top 10k

20 packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

Problem

Debug databases are typically only used during software development. On Windows, they are usually files embedded into the executable (PDB), while on Linux, they're contained inside special executable sections. The databases contain private debug symbols that make it significantly easier to reverse-engineer a closed-source application. In some cases, having a debug database is equivalent to having access to the source code. Presence of debug databases could indicate that one or more software components have been built using a debug profile, instead of the release. Private debug databases can be embedded into software components by programming language tools.

Prevalence in PowerShell Gallery community

3 packages

found in

Top 100

38 packages

found in

Top 1k

174 packages

found in

Top 10k

331 packages

in community

Next steps

To remediate this issue and remove private debugging information, refer to your programming language toolchain documentation.

Top behaviors

See all behaviors

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

100 packages

found in

Top 100

804 packages

found in

Top 1k

6511 packages

found in

Top 10k

11.95k packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

9 packages

found in

Top 100

210 packages

found in

Top 1k

1129 packages

found in

Top 10k

1.86k packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

97 packages

found in

Top 100

694 packages

found in

Top 1k

4447 packages

found in

Top 10k

7.42k packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

1 packages

found in

Top 100

68 packages

found in

Top 1k

429 packages

found in

Top 10k

705 packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

15 packages

found in

Top 100

101 packages

found in

Top 1k

803 packages

found in

Top 10k

1.24k packages

in community

Top vulnerabilities

No vulnerabilities found.

FAQ for Dapper

What is Dapper?

A high performance micro-ORM supporting MariaDB, PostgreSQL, SQL Server, SQLite and more. For more information about this package, visit its homepage.

Is Dapper malicious or is it safe to use?

The PS Gallery package Dapper has been removed from registry. It was scanned for malware, software tampering, risky behaviors, exposed secrets and known vulnerabilities. Malware or tampering has been detected, making it unsafe to use. The package contains risks, and the analysis results should be reviewed before it is used. Visit the Issues and Behaviors sections of the analysis for more details. All versions of the Dapper package were removed.

Is Dapper popular?

The PS Gallery package Dapper ranks among the top 10000 projects in this community. It has 2K recorded downloads. A package's popularity is not a good indicator of its safety, visit the SAFE Assessment section to see the full analysis of package deployment risk categories.

How do I secure Dapper once it is in my app?

Since we can't know when or where malicious attacks will happen, we recommend tracking how Dapper behaviors change over multiple software releases. By adopting differential analysis in your release process, you can detect unexpected changes to a Dapper version, which can prevent advanced software supply chain attacks. Read how our technology can help prevent future attacks similar to SolarWinds and 3CX.

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.

This website uses cookies to ensure the best website experience. By continuing to use this website you are giving your consent to cookies being used. Detailed information about our use of cookies is here.

Popularity

2.34k

Total Downloads

Contributors

Declared Dependencies

Dependents

Top issues

See all issues

Problem

Prevalence in PowerShell Gallery community

0 packages

found in

Top 100

0 packages

found in

Top 1k

0 packages

found in

Top 10k

2 packages

in community

Next steps

Inspect behaviors exhibited by the detected software components.

If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.

Revise the use of components that raise these alarms. If you can't deprecate those components, make sure that their versions are pinned.

Avoid using this software package until it is vetted as safe.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. While a new software project is a welcome addition to the open source community, it is not always prudent to indiscriminately use the latest components when building a commercial application. Irrespective of the software quality, the danger of being the first to try out a new project lies in the fact that the software component may contain novel, currently undetected malicious code. Therefore, it is prudent to review software component behaviors and even try out software component in a sandbox, an environment meant for testing untrusted code.

Prevalence in PowerShell Gallery community

1 packages

found in

Top 100

2 packages

found in

Top 1k

6 packages

found in

Top 10k

18 packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

Problem

Prevalence in PowerShell Gallery community

3 packages

found in

Top 100

29 packages

found in

Top 1k

130 packages

found in

Top 10k

237 packages

in community

Next steps

Private debug database files should not be embedded within executables, and you should remove them from the software package before releasing it.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. While a new software project is a welcome addition to the open source community. it is not always prudent to indiscriminately use the latest components when building a commercial application. Irrespective of the software quality, the danger of using components that are rarely used to build applications lies in the fact that the software component may contain novel, currently undetected malicious code. Therefore, it is prudent to review software component behaviors and even try out software component in a sandbox, an environment meant for testing untrusted code.

Prevalence in PowerShell Gallery community

1 packages

found in

Top 100

4 packages

found in

Top 1k

5 packages

found in

Top 10k

20 packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

Problem

Prevalence in PowerShell Gallery community

3 packages

found in

Top 100

38 packages

found in

Top 1k

174 packages

found in

Top 10k

331 packages

in community

Next steps

To remediate this issue and remove private debugging information, refer to your programming language toolchain documentation.

Top behaviors

See all behaviors

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

100 packages

found in

Top 100

804 packages

found in

Top 1k

6511 packages

found in

Top 10k

11.95k packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

9 packages

found in

Top 100

210 packages

found in

Top 1k

1129 packages

found in

Top 10k

1.86k packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

97 packages

found in

Top 100

694 packages

found in

Top 1k

4447 packages

found in

Top 10k

7.42k packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

1 packages

found in

Top 100

68 packages

found in

Top 1k

429 packages

found in

Top 10k

705 packages

in community

Prevalence in PowerShell Gallery community

Behavior often found in this community (Common)

15 packages

found in

Top 100

101 packages

found in

Top 1k

803 packages

found in

Top 10k

1.24k packages

in community

Top vulnerabilities

No vulnerabilities found.

Dapper

SAFE Assessment

Compliance

Security

Threats

IMPORTANT: All versions of this package have been removedLatest version with removal incident detected: 6 months agoVersion: 0.3.0

INCIDENTS FOR THIS VERSION:

Popularity

Top issues

TH30103Detected presence of software components that were removed from the public package repository.Causes risk: components prone to hijackinghunting

Problem

Prevalence in PowerShell Gallery community

Next steps

TH30106Detected presence of software components that have low popularity or number of downloads.hunting

Problem

Prevalence in PowerShell Gallery community

Next steps

SQ14160Detected Windows executable files that embed PDB files whose integrity is verified with an insecure hashing algorithm.Causes risk: outdated toolchains detectedhardening

Problem

Prevalence in PowerShell Gallery community

Next steps

TH30107Detected presence of software components that are rarely included by other public software packages.hunting

Problem

Prevalence in PowerShell Gallery community

Next steps

SQ34203Detected presence of hardcoded debug databases.Causes risk: debugging symbols foundsecrets

Problem

Prevalence in PowerShell Gallery community

Next steps

Top behaviors

Interacts with Microsoft .NET Framework code, types and assemblies.execution

Prevalence in PowerShell Gallery community

Contains URLs that link to interesting file formats.network

Prevalence in PowerShell Gallery community

Contains IP addresses.network

Prevalence in PowerShell Gallery community

Contains URLs related to release pages of projects hosted on GitHub.network

Prevalence in PowerShell Gallery community

Contains generic SQL database queries.network

Prevalence in PowerShell Gallery community

Top vulnerabilities

FAQ for Dapper

What is Dapper?

Is Dapper malicious or is it safe to use?

Is Dapper popular?

How do I secure Dapper once it is in my app?

Did you know...

Popularity

Top issues

TH30103Detected presence of software components that were removed from the public package repository.Causes risk: components prone to hijackinghunting

Problem

Prevalence in PowerShell Gallery community

Next steps

TH30106Detected presence of software components that have low popularity or number of downloads.hunting

Problem

Prevalence in PowerShell Gallery community

Next steps

SQ14160Detected Windows executable files that embed PDB files whose integrity is verified with an insecure hashing algorithm.Causes risk: outdated toolchains detectedhardening

Problem

Prevalence in PowerShell Gallery community

Next steps

TH30107Detected presence of software components that are rarely included by other public software packages.hunting

Problem

Prevalence in PowerShell Gallery community

Next steps

SQ34203Detected presence of hardcoded debug databases.Causes risk: debugging symbols foundsecrets

Problem

Prevalence in PowerShell Gallery community

Next steps

Top behaviors

Interacts with Microsoft .NET Framework code, types and assemblies.execution

Prevalence in PowerShell Gallery community

Contains URLs that link to interesting file formats.network

Prevalence in PowerShell Gallery community

Contains IP addresses.network

Prevalence in PowerShell Gallery community

Contains URLs related to release pages of projects hosted on GitHub.network

Prevalence in PowerShell Gallery community

Contains generic SQL database queries.network

Prevalence in PowerShell Gallery community