Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
selectinf
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.1.2
- Maintainers
- 1
The selection project
This project contains software for selective inference, with emphasis on selective inference in regression.
Some key references
A significance test for the lasso: http://arxiv.org/abs/1301.7161Tests in adaptive regression via the Kac-Rice formula: http://arxiv.org/abs/1308.3020Post-selection adaptive inference for Least Angle Regression and the Lasso: http://arxiv.org/abs/1401.3889Exact post-selection inference with the lasso: http://arxiv.org/abs/1311.6238Exact Post Model Selection Inference for Marginal Screening: http://arxiv.org/abs/1402.5596
Install
.. code:: python
git submodule init # travis_tools and C-software git submodule update pip install -r requirements.txt python setup.py install
Potential speedups
-
We can condition on “parts” of each draw of the sampler, in particular if we condition on the projection of the rejection
sample - centeronto direction then resampling on the ray can be sped up for some things like LASSO. Could be some cost in power. -
Learning a higher dimensional function can perhaps save some time – proper conditioning has to be checked.
FAQs
Testing a fixed value of lambda
We found that selectinf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025