macOS
brew install malcontentlocal Homebrew formula metadata
brew
Supply Chain Attack Detection, via context differential analysis and YARA. Version 1.25.1 via Homebrew; verified 2026-07-06.
install
brew install malcontentlocal Homebrew formula metadata
sudo apk add malcontentAlpine Linux edge package indexes · malcontent · source: dl-cdn.alpinelinux.org
sudo apt install gir1.2-malcontent-0Debian stable package indexes · gir1.2-malcontent-0 · source: deb.debian.org
sudo dnf install malcontentFedora Rawhide package metadata · malcontent · source: dl.fedoraproject.org
nix profile install nixpkgs#malcontentnixpkgs package indexes · malcontent · source: raw.githubusercontent.com
sudo pacman -S malcontentArch Linux sync databases · malcontent · source: geo.mirror.pkgbuild.com
sudo zypper install libmalcontent-0-0openSUSE Tumbleweed package metadata · libmalcontent-0-0 · source: download.opensuse.org
overview
Supply Chain Attack Detection, via context differential analysis and YARA
history
malcontent is Chainguard's open source command-line scanner for discovering supply-chain compromises through context, differential analysis, and YARA rules. Its executable is `mal`, and the README describes analyze, diff, and scan modes for binaries, archives, directories, and OCI images.
The GitHub repository was created in February 2024 and is maintained under the Chainguard organization. The README presents it as a "subtle malware discovery tool" for supply-chain attack detection, using a large embedded YARA rule set and contextual comparisons rather than only standalone signature hits.
malcontent's project shape reflects the post-SolarWinds and post-3CX supply-chain security era: it is built for CI/CD use, supports container images and archives, and treats behavior changes between releases as a key signal. The README uses the 3CX compromise as an example of differential analysis surfacing newly risky behavior.
Public adoption is still young but visible through the GitHub repository's releases, stars, forks, and companion GitHub Action. The README emphasizes Linux programs while noting useful coverage for other Unix platforms such as macOS and, to a lesser extent, Windows.
Chainguard also references malcontent in its supply-chain security writing as a binary analysis tool that can surface newly introduced capabilities without requiring full reverse engineering. That positions it as a practical package-review tool for maintainers evaluating suspicious upstream or dependency changes.
`mal analyze` enumerates capabilities in a target, `mal diff` compares two paths, archives, reports, or images, and `mal scan` reports findings above a risk threshold. It supports output formats including JSON, YAML, Markdown, text, terminal, and TUI-style output, and includes an opt-in `--oci-auth` mode for private image pulls.
malcontent matters to package maintainers because it targets the hard question a package diff raises: did this new release gain suspicious behavior? It is especially relevant to registry ecosystems, binary packages, vendored archives, container images, and CI checks where maintainers need quick triage before publishing or upgrading.
security posture
No matching local secret-handling manifest was found for malcontent. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
mal | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/chainguard-dev/malcontent
install metadata
| Package key | brew:malcontent |
|---|---|
| Version | 1.25.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/malcontent |
| Homepage | https://github.com/chainguard-dev/malcontent |
| Repository | https://github.com/chainguard-dev/malcontent |
| Upstream docs | https://github.com/chainguard-dev/malcontent#readme |
| License | Apache-2.0 |
| Source archive | https://github.com/chainguard-dev/malcontent/archive/refs/tags/v1.25.1.tar.gz |
| Last updated | 2026-07-06T21:40:36Z |
| Pulse | updated |
| Dependencies | yara-x |
| Build dependencies | go, pkgconf |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | malcontent |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
gir1.2-malcontent-0 0.13.0-2+deb13u1
GObject introspection bindings for libmalcontent
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install gir1.2-malcontent-0gir1.2-malcontentui-1 0.13.0-2+deb13u1
GObject introspection bindings for libmalcontent-ui
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install gir1.2-malcontentui-1libmalcontent-0-0 0.13.0-2+deb13u1
library for parental control of applications
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-0-0libmalcontent-0-dev 0.13.0-2+deb13u1
development files for libmalcontent
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-0-devlibmalcontent-ui-1-1 0.13.0-2+deb13u1
library for parental control of applications - GTK widgets and dialogs
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-ui-1-1libmalcontent-ui-dev 0.13.0-2+deb13u1
development files for libmalcontent-ui
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-ui-devlibpam-malcontent 0.13.0-2+deb13u1
PAM module to control the time a user is spending on the computer
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libpam-malcontentmalcontent 0.13.0-2+deb13u1
framework for parental control of applications
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install malcontentmalcontent-gui 0.13.0-2+deb13u1
GUI to configure malcontent
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install malcontent-guimalcontent
nix profile install nixpkgs#malcontentgir1.2-malcontent-0 0.11.1-1build4
GObject introspection bindings for libmalcontent
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install gir1.2-malcontent-0gir1.2-malcontentui-1 0.11.1-1build4
GObject introspection bindings for libmalcontent-ui
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install gir1.2-malcontentui-1libmalcontent-0-0 0.11.1-1build4
library for parental control of applications
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-0-0libmalcontent-0-dev 0.11.1-1build4
development files for libmalcontent
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-0-devlibmalcontent-ui-1-1 0.11.1-1build4
library for parental control of applications - GTK+ widgets and dialogs
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-ui-1-1libmalcontent-ui-dev 0.11.1-1build4
development files for libmalcontent-ui
https://gitlab.freedesktop.org/pwithnall/malcontent/
sudo apt install libmalcontent-ui-devsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.