Tag: risky open-source software packages

Packj flags malicious/risky open-source packages Packj (pronounced package) is a command-line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev which continuously vets packages and provides free reports. How it works It first downloads the metadata…