Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.opensourcemalware.com/llms.txt

Use this file to discover all available pages before exploring further.

The /modify-threat-report endpoint lets you update a threat report, whether submitted by you or another community member. Only the fields you include in the request body will be changed. Fields you omit are left as-is. Use it to:
  • Add new evidence: Update a report with newly discovered IOCs, advisory URLs, or supporting references as your investigation develops.
  • Correct report details: Fix inaccurate severity assessments, version information, or payload descriptions after initial submission.
  • Expand threat coverage: Add tags, contributors, or updated publisher information as more becomes known about a threat actor or campaign.
Modified reports go through the OSM community verification process before they are published to the database. This review ensures data quality and prevents false positives. You can track the status of your submissions from your profile on opensourcemalware.com.
Endpoint 
PUT https://api.opensourcemalware.com/functions/v1/modify-threat-report
Required headers 
Authorization: Bearer osm_your_token
Content-Type: application/json

Request body

You must include one of the following to identify the threat:
  • threat_id (the UUID of the threat report)
  • package_name (optionally combined with registry)
  • resource_identifier (optionally combined with registry)

Response examples

Success (200)

{
  "message": "Threat report updated successfully",
  "threat_id": "123e4567-e89b-12d3-a456-426614174000",
  "updated_fields": ["threat_description", "severity_level"],
  "status": "modified"
}

Error (404)

{
  "error": "Threat report not found or you don't have permission to modify it"
}

cURL example

curl -X PUT "https://api.opensourcemalware.com/functions/v1/modify-threat-report" \
  -H "Authorization: Bearer osm_your_token" \
  -H "Content-Type: application/json" \
  -d '{
    "package_name": "malicious-package",
    "registry": "npm",
    "threat_description": "Updated: Package now includes additional malicious functionality.",
    "severity_level": "critical",
    "payload_description": "Downloads both cryptocurrency miner and keylogger.",
    "tags": ["cryptocurrency", "miner", "keylogger", "updated"]
  }'