Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.opensourcemalware.com/llms.txt

Use this file to discover all available pages before exploring further.

The query-latest endpoint pulls the most recent verified threats (up to 100) added to the database for a given ecosystem. This is a free endpoint available to all authenticated users. Use this endpoint to:
  • Monitor recent threats in your ecosystem: Poll this endpoint on a schedule to stay current on new verified threats in the registries your organization depends on.
  • Build real-time security dashboards: Feed the response into an internal dashboard to give your security team visibility into emerging supply chain threats as they are verified.
  • Automate security scanning: Integrate the endpoint into CI/CD pipelines or dependency scanning workflows to flag newly verified threats against packages in your environment.
  • Research attack patterns: Pull recent threats to analyze trends in attacker behavior, targeting patterns, or payload types across ecosystems.
Use the /query-latest endpoint to pull the most recent verified threats added to the database for a given ecosystem. The endpoint returns up to 100 records per request, ordered by most recently added. This is a free endpoint available to all authenticated users. Endpoint 
GET https://api.opensourcemalware.com/functions/v1/query-latest
Required header 
Authorization: Bearer osm_your_token
Alternative: Pass API key as query parameter: ?apikey=osm_your_token

Query parameters

An ecosystem string (package ecosystem or threat type) is required. Valid values: npm, pypi, crates, nuget, maven, go, packagist, rubygems, vscode, openvsx, repositories, domains. Use repositories for repository threats (GitHub, GitLab, Bitbucket) and domains for malicious domain threats.

Response example

Success (200)

{
  "ecosystem": "npm",
  "count": 100,
  "threats": [
    {
      "id": "uuid",
      "package_name": "malicious-pkg",
      "threat_description": "Contains cryptocurrency miner",
      "severity_level": "critical",
      "registry": "npm",
      "publisher": "evil-user",
      "version_info": "1.0.0",
      "created_at": "2024-01-15T12:00:00Z",
      "tags": ["cryptocurrency", "miner"]
    }
  ]
}

cURL example

curl -H "Authorization: Bearer osm_your_token" \
  "https://api.opensourcemalware.com/functions/v1/query-latest?ecosystem=npm"