Detecting a malicious package associated with a software repository. A method identifies a subject package in a software repository, and extracts a feature set from the subject package. The feature set includes single-version features, including whether the subject package accesses personally identifying information, accesses specified system resource(s), uses specified application programming interface(s), includes installation script(s), and/or includes a binary, minified, or obfuscated file. The feature set also includes change features, including an amount of time since publication of a prior version of the subject package, a semantic update type, and/or how single-version feature(s) have changed since the prior version. The method provides the feature set as input to a set of classifiers, each being configured to use the feature set to generate a prediction of whether the subject package is malicious or benign. Based at least on the prediction, the method classifiers the subject package as being malicious or benign.