Issue Tags
Phylum uses tags to uniquely identify issues raised by the system. These tags can be used in custom policy creation.
- Severities
- Minimum (
I) - Medium (
M) - High (
H) - Critical (
C) - Situation-dependent severity is represented in the table by
.
- Minimum (
- Domains
- Author Risk (
A) - Engineering Risk (
E) - Malicious Code (
M) - Vulnerabilities (
V) - License Risk (
L)
- Author Risk (
| Tag ID | Issue Name | Issue Description |
|---|---|---|
| CA0001 | Bad Author | Author is known malicious |
| CM0001 | IP Detection | Package contains suspicious IP addresses |
| CM0003 | Landing Binary | Package is using living off the land binaries in a known malicious way |
| .M0004 | Landing Binary | Package uses suspicious executables |
| IL0005 | License | Commercial license risk detected |
| IM0006 | NPM Hooks | Package uses install hooks to ask for donations |
| CM0007 | NPM Hooks | Package executes shell commands in installation hooks |
| IM0007 | NPM Hooks | Package runs the software immediately after installation |
| HM0008 | Typosquatting | Package appears to be typosquatted |
| CM0011 | Hostname Detection | Package contains suspicious hostnames |
| MM0012 | Native Code | Package contains calls used to load native code |
| IM0013 | Dynamic Code | Package contains calls used to run dynamic classes |
| ME0016 | Secrets | Secrets/tokens found in package not in test or example file |
| IE0016 | Secrets | Secrets/tokens found in package in test or example file |
| IM0017 | Compiled Binaries | Package contains compiled binaries |
| HM0018 | Dependency Confusion | Package has unusual semver or not found in registry |
| IL0022 | License Mismatch | Package has a license mismatch between metadata and files |
| HA0023 | Ephemeral Author Domain | A disposable domain was used by a maintainer |
| IE0023 | IP Detection | This package may contain hardcoded IP addresses |
| HM0023 | Strange Python Imports | Package imports things in a strange way |
| CM0024 | Remote Executable | Package runs remote executable |
| MM0024 | Remote Executable | Package references remote executable |
| HM0025 | Environment Variable Enumeration | Package enumerates sensitive system environment variables |
| IE0027 | Trivial Package | Package may be too small to be worth the security risk |
| MM0028 | Suspicious URL References | Package references sites uncommon to legitimate software |
| HM0029 | Obfuscated Python | Package contains obfuscated Python |
| .M0031 | Suspicious Python Setup Commands | Package contains unusual commands in setup.py |
| HM0032 | Exec on Remote URL | Package executes code from a remote URL |
| HM0036 | Webhook Exfil | Package exfiltrates data through a webhook |
| CM0037 | Malware Bazaar Check | Package contains a file whose hash is in Malware Bazaar |
| CM0038 | Triaged Malware Rule (via threat feed) | Manually reviewed and confirmed to contain malware |
| CM0039 | Depends On Malware Rule | Package has dependency found in triaged malware table |
| IM0040 | Decodes Hardcoded Base64 Strings | Package decodes hardcoded Base64 strings |
| IM0041 | High Entropy Blobs | Package contains high entropy blobs |
| IM0042 | Nuget Install Scripts Rule | Package contains scripts that will run on install |
| IM0043 | Cargo Build File Rule | Package contains build.rs file that will run on build and compile |
| IM0044 | Rubygems Install Hooks Rule | Package contains Ruby pre or post install hooks |
| CM0045 | npm Security Holding Package | Package removed by npm as a security holding package |
| CE0046 | Deprecated Package | Package has been deprecated |
| HM0099 | Basic Javascript Obfuscation | Package contains obfuscated Javascript |