Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
scam
Source Code Analyzing Maching is an application for the analysis of similarities between source code files. Currently with Python, Java, C, and C++ file checking capabilities.
- Maintainers
- 1
Source Code Analyzing Machine
- A locally run application that demonstrates different matching algorithms
- Current release compares files as a one to one connection
- Outputs given percentage of similarity and highlighted visualization of the matching sections of input documents
- Supports C, C++, Java, and Python files
Getting Started
Install PySide2: pip install scam
Run from directly outside source directory: python3 ./source/scam.py
Getting Started
STEP 1
it is recommended to create and navigate to virtual environemnt using python to run script
python3.8 -m venv <dir>
source <dir>/bin/activate
STEP 2
install source_analyzer python package from Python Package Index. Note: must be running python version 3.8 or greater
pip install scam
OR
Download the latest built compressed file release from source_analyzer-X.X.X.tar.gz
then install downloaded file
pip3 install /<path_to_file>/scam-0.0.2.tar.gz
STEP 3
(make sure xlaunch is running) run script
scam
Known Errors/Issues
Issues- Python files featuring a heavy amount of print statements may cause skewed data.
Project Group: Codalyzers
- Djoni Austin | @dcaust1n
- Jared Dawson | @lukinator1
- Shane Eising | @seising99
- Julian Marott | @jmmoratta
References:
https://theory.stanford.edu/~aiken/publications/papers/sigmod03.pdf
FAQs
Source Code Analyzing Maching is an application for the analysis of similarities between source code files. Currently with Python, Java, C, and C++ file checking capabilities.
We found that scam demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025