MUADDIB Scanner

Version updated for https://github.com/DNSZLSK/muad-dib to version v2.10.43.

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

MUAD’DIB is a security-focused GitHub Action and CLI tool designed to detect and analyze threats in npm and PyPI packages. It automates the identification of known vulnerabilities, suspicious behaviors, and malicious patterns using advanced techniques such as deobfuscation, inter-module dataflow analysis, machine learning classifiers, and a Docker sandbox. By providing comprehensive scans, risk scores, and actionable insights, it streamlines supply chain security for developers and helps mitigate the rising threats of dependency-based attacks.

What’s Changed

Detect new unknown dependencies on TRUSTED packages. Bypasses TRUSTED skip if dependency is < 7 days old. Fixes the detection gap that missed the axios supply chain attack.

• DNSZLSK
• GitHub Actions