sobregosodd
sobregosodd
This issue is fixed in version `1.9.0`: ``` $ guarddog npm scan requests --exclude-rules empty_information --output-format json {"issues": 1, "errors": {}, "results": {"release_zero": null, "unclaimed_maintainer_email_domain": null, "npm_metadata_mismatch": null, "potentially_compromised_email_domain": "The...
closing this due to inactivity
This is [solved](https://github.com/richardpenman/whois/issues/204#issuecomment-2015050413)
Closing this issue, since https://github.com/DataDog/supply-chain-firewall/ was introduced to do this. Is not the same, since scfw works on known malicious items rather than live data, but further extending scfw is...
I don't think we should document this, this is a limitation of the tool being used and the way we craft our rules
Hello @ColdHeat , thank you reaching out. We are considering this enhancement, personally I consider than malware is more prone to running executions in the setup.py but executions by themselves...
Hello @xp4u1, Thank you for the analysis. I agree that extending the rule to the entire package will yield a lot of FP, but __init__.py looks promising, and FPs manageable....
Hello @juju4 , Thanks for reporting this one, I agree we should add the the location of the finding. The `region` entry is used to point to the exact position...
> On the obfuscation method and typing-extensions, do you agree this is a false-positive? I ran guarddog directly against the `typing-extensions` and got ``` guarddog pypi scan typing-extensions Found 2...
Hello @sandekap , thanks for the suggestions. > Also for aggregate_results potentially the refactored version could be more useful > def aggregate_results(self, *results_dicts): > aggregated = {"issues": 0, "errors": {},...