This repository contains the source code and data for the blog post "Taming Bad Python Packages Assessing Python Malware Detectors with a Benchmark Dataset" The main objective is to evaluate the PyPI Malware Checks on three datasets of malicious, popular and random PyPI packages.
The blog post is available at here. The blog is also covered by darkreading at here
You can find in this repository:
- scanning results files: the scanning results of PyPI Malware Checks on the three datasets in Pickle format.
- A jupiter notebook: this will analyze the scanning results and produce statistics about the performance of each tool.
To install the dependencies of this project, we use Poetry.