Spectra Assure
Community
failIncident: Malware
Scanned: 13 days ago

runway-python

Artifact:
latest
malicious
Research
Extended date and time utilities - PoC for security research
License: Permissive (MIT)
Published: about 2 months ago
Visit GitHub
See on PyPI

SAFE Assessment

Compliance

Licenses
No license compliance issues
Secrets
No sensitive information found

Security

Vulnerabilities
No known vulnerabilities detected
Hardening
No application hardening issues

Threats

Tampering
2 malware-like behaviors found
Malware
3 supply chain attack artifacts

INCIDENTS FOR THIS VERSION:

malware
6 months agoReported By: ReversingLabs (Researcher)
Learn more about malware detection
malware
5 months agoReported By: Community (OpenSSF)
More info
List of software behaviors discovered with static code analysis.
Info
Count
Category

Prevalence in PyPI community

Behavior often found in this community (Common)
69 packages
found in
Top 100
506 packages
found in
Top 1k
3612 packages
found in
Top 10k
163.85k packages
in community

Prevalence in PyPI community

Behavior commonly used by malicious software (Important)
Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
1 packages
found in
Top 1k
7 packages
found in
Top 10k
492 packages
in community

Prevalence in PyPI community

Behavior often found in this community (Common)
6 packages
found in
Top 100
39 packages
found in
Top 1k
230 packages
found in
Top 10k
5.1k packages
in community

Prevalence in PyPI community

Behavior often found in this community (Common)
9 packages
found in
Top 100
64 packages
found in
Top 1k
343 packages
found in
Top 10k
11.88k packages
in community

Prevalence in PyPI community

Behavior often found in this community (Common)
44 packages
found in
Top 100
286 packages
found in
Top 1k
1787 packages
found in
Top 10k
48.75k packages
in community

Prevalence in PyPI community

Behavior often found in this community (Common)
30 packages
found in
Top 100
166 packages
found in
Top 1k
1155 packages
found in
Top 10k
31.66k packages
in community

Prevalence in PyPI community

Behavior commonly used by malicious software (Important)
Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
2 packages
found in
Top 1k
3 packages
found in
Top 10k
673 packages
in community

Prevalence in PyPI community

Behavior often found in this community (Common)
8 packages
found in
Top 100
46 packages
found in
Top 1k
316 packages
found in
Top 10k
7.17k packages
in community

Prevalence in PyPI community

Behavior often found in this community (Common)
73 packages
found in
Top 100
614 packages
found in
Top 1k
4460 packages
found in
Top 10k
173.79k packages
in community

Prevalence in PyPI community

Behavior often found in this community (Common)
13 packages
found in
Top 100
114 packages
found in
Top 1k
718 packages
found in
Top 10k
18.87k packages
in community

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.