Malicious open-source packages often sail past code reviews and CI/CD gates, then wake up in production - right where most security tools no longer see them. Oligo’s Cloud Application Detection & Response (CADR) engine extends protection into production environments, mixing public malicious package datasets with per-library behavioural profiling to expose bad packages the instant they run.
The Rising Tide of Malicious OSS Packages
Open-source ecosystems are becoming prime hunting grounds for attackers. A 2024 Linux Foundation survey found that 60% of maintainers feel burned out and can devote fewer than ten hours a month to security work. As patches pile up and issue queues stagnate, threat actors target projects that look abandoned, slipping in malicious pull requests or jockeying for publish rights. Fatigued maintainers don’t just slow fixes - they leave the door wide-open for takeovers.
The data underscore the danger. Rapid7’s 2025 supply-chain report records a 431% surge in open-source supply-chain attacks since 2021, propelled by typosquatting, brandjacking, and AI-generated malware. Public registries like npm, PyPI, and RubyGems have seen orders-of-magnitude jumps in malicious uploads, and roughly three-quarters of organizations suffered a software-supply-chain incident in the past year. With thousands of new libraries reaching production every week, defenders need visibility where the code actually runs.
Traditional Scanners Blind Spots
Static scanners can identify malicious packages early in pipelines, but there are many drawbacks:
- Time-of-check ≠ time-of-use. Freshly uploaded malware can sit in public registries for days-sometimes hundreds of days - before anyone labels it suspicious. A package that looks clean in your CI pipeline may be re-classified as malicious weeks or months after it’s already running in production, silently executing while build-time tools stay oblivious.
- No universal hashing. Unlike binaries, most open-source (like NodeJs or Python) ships as source. manipulations like minification and bundling break simple fingerprints, so reputation-based detections struggle and false positives soar.
- Little behavioural context. Without runtime insight you can’t tell whether a flagged library actually touched data or connected to external IP. Behavioural evidence reveals real impact for rapid triage.
Runtime CADR: Filling the Final Mile of Supply-Chain Security
Oligo instruments every application process with Deep Application Inspection (DAI). DAI enables you to see inside of any running application in your environment, non-intrusively.
For supply-chain threats, CADR adds two pillars:
- Cross-referencing against threat-intel feeds - Packages are matched against multiple repositories such as OSSF, OSV, GHSA and more. If a dataset publishes a new indicator-even months after deployment-CADR flags the package instantly in production.
- Continuous package and function level behavioural profiling - Every loaded, executed and merely installed library is enumerated in real time. For each library, CADR learns its normal patterns at runtime, so anomalies are spotted the moment they occur.
Result: Oligo is the industry’s first runtime sensor that closes the gap between fresh OSS malware threat intelligence and running workloads.
Oligo in Action - Real World Scenario
io.github.leetcrunch:scribejava-core@8.3.5 (a typosquatted impostor of the trusted com.github.scribejava:scribejava-core) is a malicious Maven artifact that covertly harvests and exfiltrates OAuth credentials every 15th of the month while running in production.
Oligo continuously pulls fresh malicious package signatures from different data sources, and together with our sensor’s real-time instrumentation, instantly detects any installation or execution attempt, triggering an immediate critical-priority incident:
Clicking the first detection displays the full details about the malicious package:
Clicking the package name reveals a comprehensive overview of the different installations in the environment:
Package-Level Behavioural Profiling: Catching Zero-Days with Minimal Noise
Static matching catches known bad packages; it can’t see brand-new malware or show whether a “suspicious” lib misbehaves. Oligo’s CADR fixes that blind spot with real-time library-behavior profiling:
- Per-library least-privilege baselines. CADR learns normal network, file-system and syscall patterns for each package; deviations surface zero-days and noisy clones alike. Research such as GoLeash shows that package-granular enforcement detects supply-chain attacks far more precisely than coarse process sandboxes.
Precision impact signals. Alerts show which data the package touched and which hosts it contacted, guiding responders to what else needs checking.
Public malware lists provide a baseline for known threats, while behavioural analytics uncover unknown (zero-day) implants and dramatically reduce false positives.
Why Runtime Completes the Puzzle
Runtime visibility brings security to the malware’s final destination: production. Each alert carries rich context, showing precisely what the package touched or exfiltrated, which turns detection into action. By blending curated threat-intelligence feeds with live behavioural baselines, you get the assurance of known signatures and the ability to surface zero-days with minimal noise. Shift-left controls remain vital, but they can’t shield workloads from the fast-moving reality of open-source ecosystems. Fusing public malicious-package datasets with per-library behavioural analytics, Oligo CADR adds the missing runtime layer-catching supply-chain attacks the instant they unfold, not months after the build.
