A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
☆462Feb 26, 2026Updated this week
Alternatives and similar repositories for malicious-packages
Users that are interested in malicious-packages are comparing it to the libraries listed below
Sorting:
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆304Updated this week
- Open Source Package Analysis☆864Updated this week
- The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of…☆115Jan 24, 2026Updated last month
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆1,003Updated this week
- Collection of tools for analyzing open source packages.☆357Updated this week
- The Artifacts for ICSE 2023 paper: Bad Snakes: Understanding and Improving Python Package Index Malware Scanning☆13Feb 8, 2026Updated 3 weeks ago
- Artifact accompanying our ICSE '22 paper "Practical Automated Detection of Malicious npm Packages"☆47Jan 25, 2022Updated 4 years ago
- TACOS framework structural details☆20May 12, 2025Updated 9 months ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,450Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆603Feb 10, 2026Updated 2 weeks ago
- A CLI tool for creating secure by design/default source repos.☆28Jul 29, 2024Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆143Jan 28, 2024Updated 2 years ago
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆136Oct 5, 2022Updated 3 years ago
- OSV-SCALIBR: A library for Software Composition Analysis☆575Updated this week
- Report on quality of SBOM contents☆25Dec 18, 2024Updated last year
- Feed parsing for language package manager updates☆82Dec 4, 2024Updated last year
- Enrich SBOMs with data from third party services☆220Feb 11, 2026Updated 2 weeks ago
- A fork of Bandit tool with patterns to identifying malicious python code.☆28Sep 1, 2022Updated 3 years ago
- Format agnostic SBOM tooling☆132Nov 20, 2025Updated 3 months ago
- OpenSSF Working Group on Securing Software Repositories☆128Dec 18, 2025Updated 2 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆238Aug 13, 2024Updated last year
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages☆215Updated this week
- An SBOM query language and associated utilities☆55Jan 22, 2024Updated 2 years ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆181Dec 11, 2025Updated 2 months ago
- ☆76Dec 10, 2025Updated 2 months ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆908Updated this week
- Machine-readable specification for the attestation of security-relevant data.☆72Updated this week
- A universal SBOM representation in protocol buffers☆316Feb 18, 2026Updated last week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,283Updated this week
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆149Dec 19, 2025Updated 2 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆213Feb 4, 2026Updated 3 weeks ago
- ☆11Dec 19, 2024Updated last year
- Open Source Vulnerability schema.☆235Feb 20, 2026Updated last week
- Collection of Docker honeypot logs from 2021 - 2024☆36Sep 30, 2024Updated last year
- GitHub Actions Pipeline Enumeration and Attack Tool☆733Sep 17, 2025Updated 5 months ago
- Packj stops Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in y…☆683Apr 2, 2024Updated last year
- #supply #chain #attack #detection☆646Updated this week
- A repo to conduct vulnerability enrichment.☆733Updated this week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆980Updated this week