> The two tools consist of a comprehensive ruleset for Semgrep and Opengrep designed to detect malicious code patterns with minimal false positives and PRevent, a GitHub-integrated scanner, that detects and alerts on suspicious code in pull requests (PRs).<p>> Specifically, the detection accuracy of the ruleset for PyPI packages is 94.3%, while it drops to the still impressive 88.4% for npm packages. PRevent successfully flags malicious PRs in 91.5% of the examined cases.