PYPILINE: Malicious PyPI Package Detection via Suspicious API Knowledge and Agent Workflow

The detection of malicious PyPI packages is crucial for maintaining the security of the open source software supply chain. Existing methods, which primarily rely on rules or traditional machine learning, suffer from poor interpretability and difficulty in adapting to novel attacks. To address this, ...