Supply Chain & Malware Detection
Supply Chain & Malware
The challenge: Malicious packages appear in registries faster than manual review can catch — and traditional vulnerability scanners don't look for them. Typosquatting, dependency confusion, and backdoored packages require a fundamentally different detection approach.
What you get: Automated detection of typosquatting, dependency confusion, backdoored packages, and known-malicious code across every major registry. Package-level intelligence that augments your existing SCA tooling.
| Source | Prefix | Description | |
|---|---|---|---|
 | OpenSSF Malicious Packages | MAL- | Open Source Security Foundation. Curated database of confirmed malicious packages across npm, PyPI, and other registries. |
 | OpenSSF Malicious Packages (OSV) | MAL- | OpenSSF malicious package data surfaced through the OSV schema for ecosystem-level correlation. |
 | CrowdSec | Community-driven IP reputation and threat intelligence. Crowdsourced attacker behaviour data and blocklists. | |
 | opensourcemalware.com | OSM- | Open source malware intelligence database. Catalogued malicious packages with analysis and indicators. |
 | Chainguard Security Data | Chainguard distroless container security data. Minimal container image vulnerability intelligence and SBOM data. | |
 | Wolfi Security Data | Wolfi OS security advisories. Undistro Linux security data for container-native workloads. | |
 | Docker Hardened Images | Docker's open-sourced hardened container image catalogue. SBOM and VEX data for 1,000+ distroless images; automated CVE rebuilds within 7 days for critical issues. Apache 2.0. | |
 | in-toto | in-toto supply chain integrity framework. Attestation and verification data for software supply chain security. | |
 | Spamhaus | Spamhaus threat intelligence. IP and domain reputation data for identifying malicious infrastructure. | |
 | CleanStart Advisory | CleanStart vulnerability advisories for supply chain and dependency security analysis. |
See the Licensing Appendix for redistribution terms applicable to each source.