Explainable multi-modal ML for detecting malicious PyPI packages. Three-modality detection (metadata + AST static analysis + code stylometry), SHAP-driven Ladisa taxonomy mapping (7 attack vectors), real-time CLI scanner, and live PyPI monitoring. F1=0.9993 on 18.5K packages.
machine-learning static-analysis pypi-package open-source-security supply-chain-security code-stylometry pip-security
-
Updated
May 14, 2026 - Python