Skip to main content
This guide walks you through making your first threat check with the OSM API. You’ll sign up for an account, generate an API token, and run a curl command to query the database — all in under 5 minutes.
1

Create an account

Go to opensourcemalware.com/auth and sign in with your GitHub account or email address.Your profile tracks your API usage and any threat reports you contribute to the community. Verified reports you submit count toward your community reputation.
2

Generate an API token

After signing in, go to your profile settings and generate a new API token. All OSM tokens use the osm_ prefix — for example, osm_your_token.Keep your token somewhere safe. You’ll pass it in the Authorization header of every API request.
3

Make your first threat check

Use the check-malicious endpoint to query a resource against the OSM database. The example below checks an npm package named malicious-pkg:
curl -X GET "https://api.opensourcemalware.com/functions/v1/check-malicious?report_type=package&resource_identifier=malicious-pkg&ecosystem=npm" \
  -H "Authorization: Bearer osm_your_token"
When a match is found in the database, the response tells you the severity, a description of the threat, and any associated tags:
{
  "malicious": true,
  "report_type": "package",
  "resource_identifier": "malicious-pkg",
  "ecosystem": "npm",
  "threat_count": 1,
  "details": {
    "id": "uuid-here",
    "status": "verified",
    "severity_level": "critical",
    "description": "Data exfiltration",
    "tags": ["infostealer"],
    "first_seen": "2025-01-05T12:00:00Z",
    "last_seen": "2025-01-10T08:30:00Z"
  }
}
If the resource is not in the OSM database, malicious is false and the response includes a message field:
{
  "malicious": false,
  "report_type": "package",
  "resource_identifier": "malicious-pkg",
  "ecosystem": "npm",
  "message": "Resource not found in malicious database"
}
The report_type parameter controls what kind of resource you’re checking. Try any of these values:
  • package — npm, PyPI, Maven, NuGet, VS Code, AI Skills (use ecosystem to specify)
  • repository — GitHub or GitLab repo URL (include https://)
  • url — a specific URL
  • domain — a domain or subdomain
  • ip — an IP address
  • wallet — a cryptocurrency wallet address
  • container — a container image (use ecosystem for the registry, e.g. dockerhub)

Next steps

  • Read the authentication guide to understand token management and rate limits.
  • Explore the API reference for all available endpoints, including querying the latest threats and submitting reports.