Observe new NPM packages, looking for suspicious code.
- yara, or yara64.exe in your path.
- oss-download available in your path.
webscraper/scrape_libraries_io.py
- scrape the most recent package names from Libraries.io
- stored in a sqlite database
downloader/download_recent.py
- gets the most recent unscanned packages from database
- uses oss-download to save the package
- uses yara to scan the package
- saves results in database
