Multi-language malware detector that orchestrates AST/taint and supply-chain engines into one report.
Project description
malware-detector
A generic, multi-language malware detector for JavaScript, TypeScript, Python, and PHP, tuned to minimize false negatives. It is a thin orchestrator over existing detection engines (Semgrep/Opengrep for AST + taint analysis, GuardDog for supply-chain metadata, malcontent for release diffing), normalizing their findings into one report with a single suppression model.
Install
One command (recommended):
uv tool install malware-detector-py
# or
pipx install malware-detector-py
This pulls the core engine stack (Semgrep + GuardDog) in one step. The optional diff mode
also needs malcontent, a standalone Go binary: brew install malcontent.
Requires Python >=3.10,<3.14 (3.13 recommended). See docs/installation.md
for the full dependency model, development setup, and install gotchas.
Usage
Scan source files or directories:
malware-detector scan path/to/code # human report
malware-detector scan src tests # multiple paths
malware-detector scan . --json # JSON output
malware-detector scan . --sarif > out.sarif # SARIF for CI / code scanning
malware-detector scan . --min-severity HIGH # hide low-confidence findings
malware-detector scan . --explain # show engine + matched line
Scan a package for supply-chain risk (via GuardDog; npm/PyPI auto-detected):
malware-detector deps ./path/to/package
Incremental scans for git hooks:
malware-detector scan --staged # pre-commit: staged files only
malware-detector scan --changed # pre-push: changed vs HEAD + untracked
Exit codes: 0 clean, 1 findings (at/above --fail-on), 2 usage error, 3 engine
error. Suppress accepted findings with a .malware-detector-ignore.json at the repo root
(match by path, ruleId, and/or line).
As a pre-commit hook
Add to your .pre-commit-config.yaml (requires Python <3.14, see installation):
repos:
- repo: https://github.com/<owner>/malware-detector
rev: v0.0.1
hooks:
- id: malware-detector
In Docker (offline / CI)
docker build -t malware-detector .
docker run --rm -v "$PWD:/scan:ro" malware-detector scan .
docker run --rm -v "$PWD:/scan:ro" malware-detector deps .
The image bundles the core engines (Semgrep + GuardDog). --with-malcontent needs the
mal Go binary, which is not bundled.
Development
make install # editable install + dev tools
make check # format check + lint + type-check + tests
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file malware_detector_py-0.1.0rc2.tar.gz.
File metadata
- Download URL: malware_detector_py-0.1.0rc2.tar.gz
- Upload date:
- Size: 59.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f7d8d437c4c99f98cfea8137abe717b3dd1a72f5b1abd0ef832e155be9a62bb2
|
|
| MD5 |
146a57e410aaa31a0e9d07e28c836c77
|
|
| BLAKE2b-256 |
8e24ea45d78826a4024b8f757f49a8a163483862a9b2764ec4e673519dc7621a
|
Provenance
The following attestation bundles were made for malware_detector_py-0.1.0rc2.tar.gz:
Publisher:
release.yml on benzid-wael/malware-detector
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
malware_detector_py-0.1.0rc2.tar.gz -
Subject digest:
f7d8d437c4c99f98cfea8137abe717b3dd1a72f5b1abd0ef832e155be9a62bb2 - Sigstore transparency entry: 2063624107
- Sigstore integration time:
-
Permalink:
benzid-wael/malware-detector@ebb969f6b17e4aff88648235c007d20771aa050e -
Branch / Tag:
refs/tags/v0.1.0-rc.2 - Owner: https://github.com/benzid-wael
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ebb969f6b17e4aff88648235c007d20771aa050e -
Trigger Event:
push
-
Statement type:
File details
Details for the file malware_detector_py-0.1.0rc2-py3-none-any.whl.
File metadata
- Download URL: malware_detector_py-0.1.0rc2-py3-none-any.whl
- Upload date:
- Size: 30.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5a3512fd9829b1f606dcac7326df10f2c69ae754de008dd3dfc4a21d39e0af9f
|
|
| MD5 |
9b2026cce8eb959ef76d713320a859c5
|
|
| BLAKE2b-256 |
af61143adaef10d95456c13dc0b852216a5ddf532a7a1a5b33d33214a9586bb0
|
Provenance
The following attestation bundles were made for malware_detector_py-0.1.0rc2-py3-none-any.whl:
Publisher:
release.yml on benzid-wael/malware-detector
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
malware_detector_py-0.1.0rc2-py3-none-any.whl -
Subject digest:
5a3512fd9829b1f606dcac7326df10f2c69ae754de008dd3dfc4a21d39e0af9f - Sigstore transparency entry: 2063624115
- Sigstore integration time:
-
Permalink:
benzid-wael/malware-detector@ebb969f6b17e4aff88648235c007d20771aa050e -
Branch / Tag:
refs/tags/v0.1.0-rc.2 - Owner: https://github.com/benzid-wael
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ebb969f6b17e4aff88648235c007d20771aa050e -
Trigger Event:
push
-
Statement type: