OSCAR, a robust dynamic code poisoning detection pipeline for NPM and PyPI ecosystems.
In this experiment, we constructed a labeled dataset that includes both benign and malicious packages.
This experiment involves two specific types of datasets:
- Obfuscated Benign Package Dataset: This dataset consists of benign packages that contain obfuscated code.
- Remote Download and Execution-Like Benign Package Dataset: This dataset includes benign packages that exhibit behaviors similar to remote download and execution, a common tactic used by malicious packages.
In this experiment, we provide information on malicious packages detected over the past 18 months since January 2023. The dataset includes the names, versions, and categories of these malicious packages, offering valuable insights into trends and patterns in malicious package distribution.
All the datasets mentioned above have been uploaded to Zenodo(https://zenodo.org/records/13746167) and are available for future research and analysis.