infected-packages

This repository is a collection of reports of malicious packages.

Quick Start

To validate all OSV reports after making changes:

make validate

Example OSV Report

{
  "schema_version": "1.5.0",
  "id": "MAL-2024-XXXX",
  "summary": "Malicious code in [package] ([ecosystem])",
  "details": "This package was flagged as malicious ...",
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "example-package"
      },
      "versions": [
        "1.2.34"
      ]
    }
  ],
  "credits": [
    {
      "name": "ExampleSource",
      "type": "FINDER",
      "contact": [
        "https://example.com"
      ]
    }
  ],
  "database_specific": {}
}

Documentation

CI & Linting

Validation and linting are run automatically on pull requests. Please ensure your contributions pass validation using make validate before submitting.

Name		Name	Last commit message	Last commit date
Latest commit History 2,460 Commits
.github		.github
cmd		cmd
config		config
docs		docs
internal		internal
osv		osv
.gitignore		.gitignore
.golangci.yml		.golangci.yml
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
SECURITY.md		SECURITY.md
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

infected-packages

Quick Start

Example OSV Report

Documentation

CI & Linting

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

threatcode/malicious-packages

Folders and files

Latest commit

History

Repository files navigation

infected-packages

Quick Start

Example OSV Report

Documentation

CI & Linting

About

Resources

License

Code of conduct

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages