Skip to main content

Issue Tags

Phylum uses tags to uniquely identify issues raised by the system. These tags can be used in custom policy creation.

  • Severities
    • Minimum (I)
    • Medium (M)
    • High (H)
    • Critical (C)
    • Situation-dependent severity is represented in the table by .
  • Domains
    • Author Risk (A)
    • Engineering Risk (E)
    • Malicious Code (M)
    • Vulnerabilities (V)
    • License Risk (L)

Tag IDIssue NameIssue Description
CA0001Bad AuthorAuthor is known malicious
CM0001IP DetectionPackage contains suspicious IP addresses
CM0003Landing BinaryPackage is using living off the land binaries in a known malicious way
.M0004Landing BinaryPackage uses suspicious executables
IL0005LicenseCommercial license risk detected
IM0006NPM HooksPackage uses install hooks to ask for donations
CM0007NPM HooksPackage executes shell commands in installation hooks
IM0007NPM HooksPackage runs the software immediately after installation
HM0008TyposquattingPackage appears to be typosquatted
CM0011Hostname DetectionPackage contains suspicious hostnames
MM0012Native CodePackage contains calls used to load native code
IM0013Dynamic CodePackage contains calls used to run dynamic classes
ME0016SecretsSecrets/tokens found in package not in test or example file
IE0016SecretsSecrets/tokens found in package in test or example file
IM0017Compiled BinariesPackage contains compiled binaries
HM0018Dependency ConfusionPackage has unusual semver or not found in registry
IL0022License MismatchPackage has a license mismatch between metadata and files
HA0023Ephemeral Author DomainA disposable domain was used by a maintainer
IE0023IP DetectionThis package may contain hardcoded IP addresses
HM0023Strange Python ImportsPackage imports things in a strange way
CM0024Remote ExecutablePackage runs remote executable
MM0024Remote ExecutablePackage references remote executable
HM0025Environment Variable EnumerationPackage enumerates sensitive system environment variables
IE0027Trivial PackagePackage may be too small to be worth the security risk
MM0028Suspicious URL ReferencesPackage references sites uncommon to legitimate software
HM0029Obfuscated PythonPackage contains obfuscated Python
.M0031Suspicious Python Setup CommandsPackage contains unusual commands in setup.py
HM0032Exec on Remote URLPackage executes code from a remote URL
HM0036Webhook ExfilPackage exfiltrates data through a webhook
HM0037Malware Bazaar CheckPackage contains a file whose hash is in Malware Bazaar
CM0038Triaged Malware Rule (via threat feed)Manually reviewed and confirmed to contain malware
CM0039Depends On Malware RulePackage has dependency found in triaged malware table
IM0040Decodes Hardcoded Base64 StringsPackage decodes hardcoded Base64 strings
IM0041High Entropy BlobsPackage contains high entropy blobs
IM0042Nuget Install Scripts RulePackage contains scripts that will run on install
IM0043Cargo Build File RulePackage contains build.rs file that will run on build and compile
IM0044Rubygems Install Hooks RulePackage contains Ruby pre or post install hooks
CM0045npm Security Holding PackagePackage removed by npm as a security holding package
CE0046Deprecated PackagePackage has been deprecated
HM0099Basic Javascript ObfuscationPackage contains obfuscated Javascript