Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
licant
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.20.0
- Maintainers
- 1
Licant
Licant is designed to build small modular projects with a complex dependency tree.
What is it?
Initially Likant was written as a system for assembling code for projects on microcontrollers.
The core of the Lycant system is a make-like assembly tree solver written in python.
But, the main feature of Licant in the system of modules. The Likant paradigm consists in the description of a project by a set of modules that link to each other. Connecting the module automatically tightens the connection of dependent modules.
Modules can have several implementations, which allows flexible configuration of the project. (For example, you can change the initialization code of the microcontroller or the implementation of the input-output system simply by replacing the implementation of the corresponding module).
One of the goals of the project is to work with submodules located in remote directories. The library subsystem allows a project to refer to modules located in remote directories, which allows several projects to use the same code.
Installing
python3 -m pip install licant
HelloWorld
#!/usr/bin/env python
import licant.make as lmake
import licant
lmake.source("a.txt")
lmake.copy(tgt = "build/b.txt", src = "a.txt")
lmake.copy(tgt = "build/c.txt", src = "build/b.txt")
print("licant targets list:" + str(licant.default_core().targets))
licant.ex(default = "build/c.txt")
Example projects
https://github.com/mirmik/nos
https://github.com/mirmik/igris
https://github.com/mirmik/genos
FAQs
licant make system
We found that licant demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025