🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages
Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages 🔥
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
Detect Glassworm & trojan source attacks that employ unicode bidi attacks to inject malicious code
Campaigns of (mostly) malicious packages - currently only in PyPI
This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.
Project Aura: Security auditing and code introspection
Detect, assess, and respond to supply chain attacks across npm/yarn and Python (pip/poetry/uv). Claude Code skill + standalone scripts. Built during axios RAT (2026-03-31) and Starlette BadHost CVE-2026-48710 (2026-05-22).
🛡️ Advanced NPM supply chain attack detection tool - Specialized in detecting Shai-Hulud compromise indicators with beautiful CLI interface and automated security reporting
Unofficial tools for blocking malicious packages by integrating Checkmarx MPIAPI into CI/CD and similar systems
Lightweight AI security guard for install/download commands - blocks malicious npm/pip/cargo packages before they install. Zero overhead, <1s check. Built from a real supply chain attack experience.
Free, no-login security scanner for any public GitHub repo. Check for leaked secrets, malware, malicious packages, typosquats, vulnerable dependencies (OSV) and bad binaries (VirusTotal) before you clone. Swap github.com to friskit.dev.
Open-source dependency behavioral diff engine. This detects malicious changes across multiple development ecosystems: npm, PyPI, Go, Cargo, Maven, and NuGet
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Hackers attacks intercepted
Personal research portfolio and cyber threat intelligence blog focused on malware analysis, software supply chain, and open source security.
🛠️ Build cross-platform, position-independent Windows shellcode in C++ for user or kernel mode, supporting x86 and x64 development environments.
A simple web tool to check if an open source package contains malware.
Add a description, image, and links to the malicious-packages topic page so that developers can more easily learn about it.
To associate your repository with the malicious-packages topic, visit your repo's landing page and select "manage topics."