1. Zack Allen and other contributors. 2022. A CLI tool that allows to identify malicious PyPI and npm packages. https://github.com/DataDog/guarddog
2. Victor M. Alvarez. 2013. The pattern matching swiss knife for malware researchers (and everyone else). https://virustotal.github.io/yara/
3. The Evolution of Project Inter-dependencies in a Software Ecosystem: The Case of Apache
4. Michael Brengel and Christian Rossow. 2021. YARIX: Scalable YARA-based Malware Intelligence. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3541–3558. https://www.usenix.org/conference/usenixsecurity21/presentation/brengel
5. C. Clark. 2013. yaraGenerator: YARA rule generation. https://github.com/Xen0ph0n/YaraGenerator