Skip to main content

Multi-language malware detector that orchestrates AST/taint and supply-chain engines into one report.

Project description

malware-detector

A generic, multi-language malware detector for JavaScript, TypeScript, Python, and PHP, tuned to minimize false negatives. It is a thin orchestrator over existing detection engines (Semgrep/Opengrep for AST + taint analysis, GuardDog for supply-chain metadata, malcontent for release diffing), normalizing their findings into one report with a single suppression model.

Install

One command (recommended):

uv tool install malware-detector-py
# or
pipx install malware-detector-py

This pulls the core engine stack (Semgrep + GuardDog) in one step. The optional diff mode also needs malcontent, a standalone Go binary: brew install malcontent.

Requires Python >=3.10,<3.14 (3.13 recommended). See docs/installation.md for the full dependency model, development setup, and install gotchas.

Usage

Scan source files or directories:

malware-detector scan path/to/code            # human report
malware-detector scan src tests               # multiple paths
malware-detector scan . --json                # JSON output
malware-detector scan . --sarif > out.sarif   # SARIF for CI / code scanning
malware-detector scan . --min-severity HIGH   # hide low-confidence findings
malware-detector scan . --explain             # show engine + matched line

Scan a package for supply-chain risk (via GuardDog; npm/PyPI auto-detected):

malware-detector deps ./path/to/package

Incremental scans for git hooks:

malware-detector scan --staged                # pre-commit: staged files only
malware-detector scan --changed               # pre-push: changed vs HEAD + untracked

Exit codes: 0 clean, 1 findings (at/above --fail-on), 2 usage error, 3 engine error. Suppress accepted findings with a .malware-detector-ignore.json at the repo root (match by path, ruleId, and/or line).

As a pre-commit hook

Add to your .pre-commit-config.yaml (requires Python <3.14, see installation):

repos:
  - repo: https://github.com/<owner>/malware-detector
    rev: v0.0.1
    hooks:
      - id: malware-detector

In Docker (offline / CI)

docker build -t malware-detector .
docker run --rm -v "$PWD:/scan:ro" malware-detector scan .
docker run --rm -v "$PWD:/scan:ro" malware-detector deps .

The image bundles the core engines (Semgrep + GuardDog). --with-malcontent needs the mal Go binary, which is not bundled.

Development

make install   # editable install + dev tools
make check     # format check + lint + type-check + tests

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

malware_detector_py-0.1.0rc2.tar.gz (59.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

malware_detector_py-0.1.0rc2-py3-none-any.whl (30.1 kB view details)

Uploaded Python 3

File details

Details for the file malware_detector_py-0.1.0rc2.tar.gz.

File metadata

  • Download URL: malware_detector_py-0.1.0rc2.tar.gz
  • Upload date:
  • Size: 59.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for malware_detector_py-0.1.0rc2.tar.gz
Algorithm Hash digest
SHA256 f7d8d437c4c99f98cfea8137abe717b3dd1a72f5b1abd0ef832e155be9a62bb2
MD5 146a57e410aaa31a0e9d07e28c836c77
BLAKE2b-256 8e24ea45d78826a4024b8f757f49a8a163483862a9b2764ec4e673519dc7621a

See more details on using hashes here.

Provenance

The following attestation bundles were made for malware_detector_py-0.1.0rc2.tar.gz:

Publisher: release.yml on benzid-wael/malware-detector

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file malware_detector_py-0.1.0rc2-py3-none-any.whl.

File metadata

File hashes

Hashes for malware_detector_py-0.1.0rc2-py3-none-any.whl
Algorithm Hash digest
SHA256 5a3512fd9829b1f606dcac7326df10f2c69ae754de008dd3dfc4a21d39e0af9f
MD5 9b2026cce8eb959ef76d713320a859c5
BLAKE2b-256 af61143adaef10d95456c13dc0b852216a5ddf532a7a1a5b33d33214a9586bb0

See more details on using hashes here.

Provenance

The following attestation bundles were made for malware_detector_py-0.1.0rc2-py3-none-any.whl:

Publisher: release.yml on benzid-wael/malware-detector

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page