trivialPackage

Rendered from docs/alerts/trivialPackage.md

Back to index

trivialPackage

Flags packages that appear extremely small or “single-purpose” in a way that is often abused for malware distribution.

Implemented in: src/lib/detection/plugins/trivial-package.ts
Enabled by default: no (available plugin; enable in the detection service/plugin set)

What it means

The package is likely a very small wrapper/alias or otherwise provides minimal functionality relative to its risk surface.

Why it matters

Trivial packages are a common place for attackers to hide malicious payloads because they attract less scrutiny and are easy to replace.

What to do

  • Consider vendoring or removing the dependency if it provides little value.
  • Audit any install scripts, network access, or obfuscated content with extra scrutiny.

Common fields

  • metadata may include heuristics like file counts/size thresholds