Founder of socket.dev here. “AI detected potential malware” is what we call the alerts generated by our automated malware detection engine that runs on all newly published open source packages in real-time. However, these alerts are reviewed by our threat research team and once a human has confirmed the finding, we upgrade it to “Known malware”.

At this point (given we just published research about this) we've upgraded this threat to Known malware.

So in short:

- “AI detected potential malware” = automated system found something suspicious

- “Known malware” = human confirmed it’s real

The wording is intentional because not every automated hit ends up being true malware. It’s better to give developers early visibility into possible threats, even if they turn out to be benign, than to miss a real attack.

TIL you're the founder of Socket. Thank you (and your team) for the help last week.