An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
☆304Feb 26, 2026Updated this week
Alternatives and similar repositories for malicious-software-packages-dataset
Users that are interested in malicious-software-packages-dataset are comparing it to the libraries listed below
Sorting:
- The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of…☆115Jan 24, 2026Updated last month
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆462Updated this week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆1,003Feb 25, 2026Updated last week
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆136Oct 5, 2022Updated 3 years ago
- Artifact accompanying our ICSE '22 paper "Practical Automated Detection of Malicious npm Packages"☆47Jan 25, 2022Updated 4 years ago
- ☆17Jul 25, 2024Updated last year
- This repository complements our paper by offering the training dataset, the best-performing models utilized in our real-world experiment,…☆21Mar 7, 2025Updated 11 months ago
- A fork of Bandit tool with patterns to identifying malicious python code.☆29Sep 1, 2022Updated 3 years ago
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages☆215Updated this week
- This repository contains a list of papers about software supply chain☆29May 22, 2024Updated last year
- The Artifacts for ICSE 2023 paper: Bad Snakes: Understanding and Improving Python Package Index Malware Scanning☆13Feb 8, 2026Updated 3 weeks ago
- Open Source Package Analysis☆864Updated this week
- ☆18Jul 30, 2024Updated last year
- This is a custom SSM agent which is sorta functional☆17Jul 5, 2021Updated 4 years ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆143Jan 28, 2024Updated 2 years ago
- Collection of tools for analyzing open source packages.☆357Feb 24, 2026Updated last week
- A Python pickling decompiler and static analyzer☆604Updated this week
- GitHub Actions Cache Native Malware - for Educational and Research Purposes only.☆97Jan 28, 2026Updated last month
- Scan your account for the use of untrusted AMIs☆31Feb 13, 2026Updated 2 weeks ago
- A simple web app to get the latest EPSS data for a CVE ID☆12Dec 14, 2025Updated 2 months ago
- A Multi-Threaded PE Export Collection Utility☆14May 13, 2023Updated 2 years ago
- My malware analysis code snippets☆28Jul 15, 2023Updated 2 years ago
- NOVA: The Prompt Pattern Matching☆98Jan 27, 2026Updated last month
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆187Updated this week
- Kubernetes Security Testing Guide☆26Apr 22, 2024Updated last year
- A catalog of services that can be publicly exposed within different cloud providers.☆14Aug 30, 2024Updated last year
- This repo contains IOC, malware and malware analysis associated with Public cloud☆249Nov 11, 2024Updated last year
- HASH (HTTP Agnostic Software Honeypot)☆141Updated this week
- Repository to archive GCP Documentation for local use☆16Feb 11, 2025Updated last year
- MDG-based static vulnerability scanner specialized in analyzing npm packages and detecting taint-style and prototype pollution vulnerabil…☆22Dec 10, 2025Updated 2 months ago
- ShootCutMe an .LNK file creator tool for redteamer☆16Oct 2, 2024Updated last year
- Cloud Commotion intends to cause chaos to simulate security incidents☆146Jun 18, 2024Updated last year
- ☆65May 21, 2024Updated last year
- AWS STS token decoder☆46Mar 18, 2025Updated 11 months ago
- ☆10Dec 4, 2020Updated 5 years ago
- A Golang program to rotate AWS & GCP account keys☆67May 12, 2025Updated 9 months ago
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- Some of my rough notes for Docker threat detection☆49Aug 26, 2023Updated 2 years ago
- A canary designed to minimize the impact from certain Ransomware actors☆102Mar 3, 2021Updated 5 years ago