Skip to main content
OpenSourceMalware (OSM) provides community-driven threat intelligence that helps you identify malicious resources across the open-source supply chain. Whether you’re a security engineer scanning dependencies in CI/CD, a developer vetting a third-party package, or a researcher tracking attack infrastructure, OSM gives you a queryable database of verified threats backed by community reports and expert review.

Supported asset types

OSM tracks threats across a broad range of asset types in one unified database:

Packages

Malicious packages on npm, PyPI, Maven, NuGet, VS Code Marketplace, and AI Skills registries.

Repositories

GitHub and GitLab repositories linked to malware distribution, credential harvesting, or other malicious activity.

Domains & URLs

Command-and-control (C2) servers, phishing domains, and specific malicious URLs used in attacks.

IP addresses

Malicious IP addresses tied to C2 infrastructure, attack sources, and known threat actors.

Crypto wallets

Cryptocurrency wallet addresses associated with ransomware, scams, and extortion campaigns.

Container images

Malicious container images on Docker Hub, GitHub Container Registry (GHCR), Quay, and other registries.

How it works

OSM is built on a community-driven verification pipeline. When a threat is reported, it’s reviewed and validated it before it is published to the database. Every entry you query reflects a verified signal, not unvetted noise.
  1. Community reports — anyone signed in to OSM can submit a threat report for a package, repository, URL, domain, IP, wallet, or container image.
  2. Verification — select community members and OSM maintainers review reports for accuracy and quality before they are accepted.
  3. Published to the database — verified threats are added to the OSM database with metadata including severity, tags, and timestamps.
  4. Queryable via API — you can check any resource against the database in real time using the REST API.

Who OSM is for

OSM is useful across a range of security and development roles:
  • Security teams integrating automated threat checks into CI/CD pipelines, dependency scanners, or SIEM workflows
  • Developers who want to verify a package or repository before adding it as a dependency
  • Researchers tracking malware campaigns, attack infrastructure, or supply-chain threats
You are welcome to use free or licensed OpenSourceMalware (OSM) data for non-commercial purposes. Here are some great examples of acceptable usage! Research
  • Studying malware trends, threat actors, campaigns, or attack techniques
  • Academic or independent security research
Protecting your own organization
  • Using threat records to investigate whether your organization has been exposed to a known threat
  • Checking whether a software package is malicious before using it in your own projects
  • Building an internal platform to serve internal customers (e.g. analysts)
  • Feeding OSM data into your internal tools, processes, or pipelines to help your security team work more effectively
  • Responding to a security incident inside your own organization
  • Producing internal reports, briefings, or executive summaries that draw on OSM data (including sharing those with leadership, legal counsel, or your cyber insurer in connection with an incident)
Using the API to power these activities is encouraged, including automated lookups as part of your security workflows. Large-scale or bulk API use to sweep your own environment retroactively (for example, during an active incident) is also permitted for internal use. Read the Terms of Use for more info on acceptable and unacceptable use.

Where to go next

Quickstart

Make your first API threat check in under 5 minutes.

API overview

Explore all endpoints for querying and submitting threat data.

Report a threat

Learn how to submit high-quality threat reports to the community database.

Community guidelines

Understand the standards that keep OSM accurate and trustworthy.