Skip to main content
This guide walks you through making your first threat check via API. In less than 5 minutes, you’ll sign up for an account, generate an API token, and run a curl command to query the database.
1

Create a free account

Go to opensourcemalware.com/auth and sign in with your GitHub account.
Contact us to open an account using email.Your profile tracks your API usage and any threat reports you contribute to the community. Verified reports you submit count toward your community reputation. You can choose to make your account public or private.
Part of account creation includes accepting the Terms of Use. Please review them so you understand approved usage.
2

Generate an API token

After signing in, go to your profile settings and generate a new API token. All OpenSourceMalware tokens use the osm_ prefix — for example, osm_your_token.Keep your token somewhere safe. You’ll pass it in the Authorization header of every API request.
3

Make your first threat check

Use the check-malicious endpoint to query a resource against the OpenSourceMalware database.
The report_type parameter controls what kind of resource you’re checking. Try any of these values:
  • package — npm, PyPI, Maven, NuGet, VS Code, AI Skills (use ecosystem to specify)
  • repository — GitHub or GitLab repo URL (include https://)
  • url — a specific URL
  • domain — a domain or subdomain
  • ip — an IP address
  • wallet — a cryptocurrency wallet address
  • container — a container image (use ecosystem for the registry, e.g. dockerhub)
The example below checks an npm package named malicious-pkg:
curl -X GET "https://api.opensourcemalware.com/functions/v1/check-malicious?report_type=package&resource_identifier=malicious-pkg&ecosystem=npm" \
  -H "Authorization: Bearer osm_your_token"
When a match is found in the database, the response tells you the severity, a description of the threat, and any associated tags:
{
  "malicious": true,
  "report_type": "package",
  "resource_identifier": "malicious-pkg",
  "ecosystem": "npm",
  "threat_count": 1,
  "details": {
    "id": "uuid-here",
    "status": "verified",
    "severity_level": "critical",
    "description": "Data exfiltration",
    "tags": ["infostealer"],
    "first_seen": "2025-01-05T12:00:00Z",
    "last_seen": "2025-01-10T08:30:00Z"
  }
}
If the resource is not in the database, malicious is false and the response includes a message field:
{
  "malicious": false,
  "report_type": "package",
  "resource_identifier": "malicious-pkg",
  "ecosystem": "npm",
  "message": "Resource not found in malicious database"
}

Next steps

  • Read the authentication guide to understand token management and rate limits.
  • Explore the API reference for all available endpoints, including querying the latest threats and submitting reports.