|
| ▲ | 33a 4 days ago | parent | next [-] |
| It's actually pretty easy to detect that something is obfuscated, but it's harder to prove that the obfuscated code is actually harmful. This is why we still have a team of humans review flagged packages before we try to get them taken down, otherwise you would end up with way too many false positives. |
| |
| ▲ | Yoric 3 days ago | parent [-] | | Yeah, what I meant is that obfuscation is a strong sign that something needs to be flagged for review. Sadly, there's only a thin line between obfuscation and minification, so I was wondering how many false positives you get. Thanks for the links in your other comment, I'll take a look! |
|
|
| ▲ | justusthane 4 days ago | parent | prev [-] |
| Probably. It’s trivial to plug some obfuscated code into an LLM and ask it what it does. |
| |
| ▲ | spartanatreyu 4 days ago | parent [-] | | Yeah, but just imagine how many false positives and false negatives there would be... |
|
