To address the challenge of automatically identifying malicious packages in open-source ecosystems, this paper proposes a novel malware package detection method that integrates dynamic analysis with machine learning. The approach executes packages in sandboxed environments to extract fine-grained runtime behavioral features—including system command invocations, file operations, and network activities—and constructs lightweight temporal behavioral representations. A tailored supervised learning classifier is then trained on these representations. Crucially, this work is the first to systematically combine dynamic behavioral modeling with supervised learning for package-level threat detection, significantly enhancing generalization against zero-day malicious packages. Evaluated on nearly 2,000 real-world npm packages, the model achieves an AUC of 0.91 and a near-zero false positive rate, outperforming existing tools in mitigating blind spots for previously unseen threats.

Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures (CVEs) in open-source packages, there are very few studies on detecting malicious packages. Malicious open-source package detection typically requires static, dynamic analysis, or both. Dynamic analysis is more effective as it can expose a package's behaviors at runtime. However, current dynamic analysis tools (e.g., ossf's package-analysis) lack an automatic method to differentiate malicious packages from benign packages. In this paper, we propose an approach to extract the features from dynamic analysis (e.g., executed commands) and leverage machine learning techniques to automatically classify packages as benign or malicious. Our evaluation of nearly 2000 packages on npm shows that the machine learning classifier achieves an AUC of 0.91 with a false positive rate of nearly 0%.