This repository was archived by the owner on Jun 5, 2025. It is now read-only.
Wrong packages reported on analyzing requirements.txt #249
Comments
|
Also with anthropic: I don't detect any known malicious or archived packages in the provided list. The packages listed appear to be common, legitimate Python packages from PyPI. -> most of the time. But i have seen randomly: Let me analyze the package list for any known malicious or archived packages. Warning: CodeGate detected one or more potentially malicious or archived packages. fastapi-cors: trustypkg.dev/python/fastapi-cors |
|
I believe this is fixed by #250 Can you retest after that PR is merged? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Testing with vllm (qwen model). Passing a requiements.txt file and tell it to report any malicious packages. It returns packages not listed in our db, and with wrong formatting. Same prompt returns different results all the time:
Warning: CodeGate detected one or more potentially malicious or archived packages.
Pkg 1: kafka-python==2.0.2
Pkg 2: yara_python==4.5.1
Warning: CodeGate detected one or more potentially malicious or archived packages.
Pkg 1: trustypkg.dev/ecosystem/yara_python
I have reviewed the list of packages you provided. Based on the available information and my current knowledge, I have not detected any known malicious or archived packages in the list. However, it's always a good practice to regularly check for updates and vulnerabilities in the packages you use, especially in a production environment. If you encounter any issues or have specific concerns about a particular package, feel free to ask!
Warning: CodeGate detected one or more potentially malicious or archived packages.
Pkg 1: trustypkg.dev/ecosystem/asyncpg
Pkg 2: trustypkg.dev/ecosystem/binaryornot
The text was updated successfully, but these errors were encountered: