Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.opensourcemalware.com/llms.txt

Use this file to discover all available pages before exploring further.

The query-by-username endpoint returns all verified threats linked to a specific publisher or author username within an ecosystem.
Subscription Required: This is a paid endpoint available to Researcher Pro and Enterprise users.
Use this endpoint to:
  • Investigate suspicious publishers: Look up all known malicious packages associated with a specific npm publisher, PyPI author, or other ecosystem account.
  • Track threat actors: Monitor whether a known malicious username has published additional packages across registries.
  • Enrich incident response: Quickly surface all threats tied to a publisher identified during an active investigation.
Endpoint 
GET https://api.opensourcemalware.com/functions/v1/query-by-username
Required header 
Authorization: Bearer osm_your_token
Alternative: Pass API key as query parameter: ?apikey=osm_your_token

Query parameters

ecosystem is required. Package ecosystem (npm, pypi, rubygems, vscode, skills, etc.) username is required. Publisher/author username to search for.

Response examples

Threats found

{
  "ecosystem": "npm",
  "username": "malicious-user",
  "threat_count": 3,
  "threats": [
    {
      "id": "uuid",
      "package_name": "evil-pkg-1",
      "threat_description": "...",
      "severity_level": "critical",
      "created_at": "2024-01-01T00:00:00Z"
    }
  ]
}

No threats

{
  "ecosystem": "npm",
  "username": "clean-user",
  "threat_count": 0,
  "threats": []
}

cURL example

curl -H "Authorization: Bearer osm_your_token" \
  "https://api.opensourcemalware.com/functions/v1/query-by-username?ecosystem=npm&username=suspicious-publisher"