Addressing the challenge of real-time, accurate, and interpretable detection of malicious packages in the PyPI ecosystem, this paper proposes a novel method integrating graph centrality analysis with explainable machine learning. First, sensitive API call patterns are automatically identified from dependency graphs; then, large language models (LLMs) refine semantic features, while LIME enhances the local interpretability of XGBoost and other models. This work is the first to synergistically combine graph centrality metrics and LIME for malicious package detection—eliminating manual feature engineering while preserving high accuracy and significantly improving decision transparency. Experiments demonstrate that our approach outperforms six state-of-the-art methods, achieving precision gains of 0.5–33.2% and recall improvements of 1.8–22.1%. Over five weeks, it detected 113 previously unknown malicious packages among 64,348 newly uploaded packages, with 109 subsequently removed by PyPI’s official moderation team.

Malicious package detection has become a critical task in ensuring the security and stability of the PyPI. Existing detection approaches have focused on advancing model selection, evolving from traditional machine learning (ML) models to large language models (LLMs). However, as the complexity of the model increases, the time consumption also increases, which raises the question of whether a lightweight model achieves effective detection. Through empirical research, we demonstrate that collecting a sufficiently comprehensive feature set enables even traditional ML models to achieve outstanding performance. However, with the continuous emergence of new malicious packages, considerable human and material resources are required for feature analysis. Also, traditional ML model-based approaches lack of explainability to malicious packages.Therefore, we propose a novel approach MalGuard based on graph centrality analysis and the LIME (Local Interpretable Model-agnostic Explanations) algorithm to detect malicious packages.To overcome the above two challenges, we leverage graph centrality analysis to extract sensitive APIs automatically to replace manual analysis. To understand the sensitive APIs, we further refine the feature set using LLM and integrate the LIME algorithm with ML models to provide explanations for malicious packages. We evaluated MalGuard against six SOTA baselines with the same settings. Experimental results show that our proposed MalGuard, improves precision by 0.5%-33.2% and recall by 1.8%-22.1%. With MalGuard, we successfully identified 113 previously unknown malicious packages from a pool of 64,348 newly-uploaded packages over a five-week period, and 109 out of them have been removed by the PyPI official.