{"id":18508505,"url":"https://github.com/ossf/malicious-packages","last_synced_at":"2025-05-16T08:04:07.198Z","repository":{"id":168510646,"uuid":"611884074","full_name":"ossf/malicious-packages","owner":"ossf","description":"A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.","archived":false,"fork":false,"pushed_at":"2025-05-12T11:35:32.000Z","size":39020,"stargazers_count":309,"open_issues_count":21,"forks_count":39,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-05-12T12:39:35.115Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ossf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-03-09T18:34:29.000Z","updated_at":"2025-05-12T11:35:36.000Z","dependencies_parsed_at":"2025-05-12T12:39:49.406Z","dependency_job_id":null,"html_url":"https://github.com/ossf/malicious-packages","commit_stats":null,"previous_names":["ossf/malicious-packages"],"tags_count":0,"template":false,"template_full_name":"ossf/project-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fmalicious-packages","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fmalicious-packages/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fmalicious-packages/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fmalicious-packages/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ossf","download_url":"https://codeload.github.com/ossf/malicious-packages/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254493379,"owners_count":22080126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T15:14:34.905Z","updated_at":"2025-05-16T08:04:02.189Z","avatar_url":"https://github.com/ossf.png","language":"Go","readme":"# OpenSSF Malicious Packages\n\nThis repository is a collection of reports of malicious packages identified in\nOpen Source package repositories, consumable via the\n[Open Source Vulnerability (OSV)](https://osv.dev) format.\n\nThis project is closely related to the [OpenSSF\nPackage Analysis project](https://github.com/ossf/package-analysis).\n\n## About\n\n### Background\n\nAttacks against open source ecosystems are gaining popularity. Typosquatting,\ndependency confusion, account takeovers, etc are happening more frequently each\nyear.\n\nWhile some protection can be found through various security solutions, there is\nno comprehensive database of malicious packages published to\nopen source package repositories.\n\n### Objective\n\nThe aim of this project and repository is to be a comprehensive, high quality,\nopen source database of reports of malicious packages published on open source\npackage repositories.\n\nThese public reports help protect the open source community, and provide a data\nsource for the security community to improve their ability to find and detect\nnew open source malware.\n\n## Scope\n\nWhat is in scope?\n\n- any package that belongs to an ecosystem supported by the\n  [OSV Schema](https://ossf.github.io/osv-schema/)\n- malicious packages published under typosquatting type attacks\n- malicious packages published through account takeover\n- malicious prebuilt binaries downloaded or installed with a package\n- security researcher activity\n- dependency and manifest confusion\n\nBorderline:\n\n- typosquatting, or spam packages that are empty or trivial, while not\n  malicious, are allowed to be present in the dataset\n\nOut-of-scope:\n\n- non-malicious packages\n- vulnerability reports\n- compromised infrastructure\n- offensive security tools, unless they execute malicious payloads on install\n\n## Definition of a Malicious Package\n\nBelow is the definition of what this repository considers a malicious package.\n\n- a package publicly available in a package registry\n- and either:\n  - when installed or used, would require some sort of incident response due to\n    the loss of confidentiality, availability and/or integrity; or\n  - exfiltrates an identifier that can be directly used to launch a subsequent \n    attack against the victim (e.g. username for phishing or password\n    bruteforcing)\n- and also either:\n  - violates the terms of the package registry; or\n  - would be reasonably considered to require removal from the package registry\n\n### Dependency and manifest confusion\n\n[Dependency confusion](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)\nand [manifest confusion](https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem)\nare techniques that exploit quirks in the behavior of package systems and how\nthey are used within organizations. Packages using these attacks are malicious.\n\nVery occasionally someone may unintentionally encounter these quirks, but\nthis is considered infrequent.\n\nManifest confusion requires someone to bypass the NPM command line tool and\ndeliberately provide an altered manifest.\n\nDependency confusion are effectively the same as an account takeover where an\nattacker replaces a package's code with their own. This means even trivial or\nempty dependency confusion packages would require incident response.\n\n### Spam and typosquating\n\nSpam, typosquatting are not malicious, unless the package itself exhibits\nmalicious behavior as-per the definition above.\n\nThese types of packages are often empty (i.e. no functional code), or consist of\nonly useless trivial functionality (e.g. printing a message). While these\npackages are not malicious, they are a nuisance and generally unwanted.\n\nTyposquatting packages may be hard to distinguish from dependency confusion. As\na result, these reports are allowed to be present in the malicious packages\nrepository.\n\n### Reverse engineering protection (e.g. obfuscation)\n\nReverse engineering protections are not malicious, unless it exhibits malicious\nbehavior as-per the definition above.\n\nObfuscation, debugger evasion, and other reverse engineering protection\ntechniques, are used by both developers seeking to protect their source code\nand attackers seeking to evade detection.\n\nMalicious obfuscated packages may be hard to distinguish from non-malicious\nobfuscated packages. As a result, reports are allowed in the malicious package\nrepository for obfuscated packages, even if they are not clearly malicious, when\nthey belong to an ecosystem where obfuscation is forbidden in their terms of use\n(e.g. PyPI, Crates.IO).\n\n### Telemetry\n\nTelemetry, on its own, is not malicious.\n\nMany open source packages use telemetry to track installs or the behavior and\nperformance of the package.\n\nHowever, if telemetry is abused to exfiltrate and steal sensitive data, or\nprovide remote access, this can be considered malicious.\n\n### Protestware\n\nProtestware is not malicious if it does not affect the availability, integrity\nor confidentiality of the systems the package is run on. For example, a message\nlogged to a console may be annoying to a developer, but is not malicious.\n\nHowever, protestware that destroys files, slows performance, or otherwise\naffects availability, integrity or confidentiality as part of the protest may be\nconsidered malicious.\n\n### Offensive Security Tools\n\nOffensive security tools, libraries, hacking tools, etc are not malicious.\n\nWhile an offensive security tool being discovered in an environment may\nindicate the presence of compromise, the package itself is not itself malicious.\n\nThese packages don't necessarily violate the terms of the registries hosting\nthem, and are often used by security researchers.\n\nHowever, offensive security tools that execute malicious payloads during\ninstallation are considered malicious packages.\n\n## Get Involved\n\n### Contribute Malicious Package Reports\n\nSee our [contributing guide](CONTRIBUTING.md) for complete details.\n\n#### OSV reports via Pull Request\n\nWe accept new reports, and updates to existing reports.\n\nWe will also accept bulk imports via PR (please create an issue first).\n\n#### Automated Sources\n\nIf you regularly produce high-quality detections with few\nfalse-positives, and have them accumulating in a database, we can\nautomatically consume them as OSV from a cloud storage\nenvironment (S3, GCS).\n\n### Comms\n\n- Most communication occurs in the [OpenSSF Package Analysis Slack channel](https://openssf.slack.com/archives/package_analysis)\n- Official communications occur on the https://lists.openssf.org/g/openssf-wg-securing-crit-prjs mailing list. \\\n[Manage your subscriptions to Open SSF mailing lists](https://lists.openssf.org/g/main/subgroups).\n\n### Meeting Times\n\n- Every other Thursday @ either an APAC or EMEA friendly time (See\n  [shared calendar](https://calendar.google.com/calendar/u/2?cid=czYzdm9lZmhwNWk5cGZsdGI1cTY3bmdwZXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ)).\n- [Meeting Minutes](https://docs.google.com/document/d/1MIXxadtWsaROpFcJnBtYnQPoyzTCIDhd0IGV8PIV0mQ/edit).\n\n## False Positives\n\nWhile we do our best to ensure false positives are not present, they may\nbe present in our dataset from time-to-time.\n\nIf you see a non-malicious package is flagged as malicious\n[create an issue](https://github.com/ossf/malicious-packages/issues/new).\nPlease include the following:\n\n- The affected ecosystem and package.\n- Which versions are false positives, if specific versions are false\n  positives.\n- Any relevant links.\n\nWe will then either:\n\n- Move the entire report into the `./osv/withdrawn/` directory and add the\n  `withdrawn` time to the report - if the whole report is a false positive.\n- Move the affected versions into a `database_specific` array\n  indicating that which versions were false positives - if\n  some versions are malicious and some are false positives.\n\nFinally, reports that have been added to the malicious packages repository will\nnot be removed.\n\n**Note:** support for handling false positives is TBC.\n\n## Prior and Related Work\n\n- GitHub's [Advisory Database (filtered by malware)](https://github.com/advisories?query=type%3Amalware), for the NPM ecosystem.\n- https://github.com/lxyeternal/pypi_malregistry (PyPI)\n- https://dasfreak.github.io/Backstabbers-Knife-Collection/ (PyPI and npm), by Marc Ohm et al.\n- https://github.com/datadog/malicious-software-packages-dataset (PyPI), by Datadog\n\n## Governance\n\nThis work is associated with the\n[Package Analysis project](https://github.com/ossf/package-analysis).\n\nThis project belongs to the [Securing Critical Projects Working Group](https://github.com/ossf/wg-securing-critical-projects) in the [OpenSSF](https://openssf.org/) ([Slack](https://openssf.slack.com/archives/wg_securing_critical_projects)).\n\nThe working group's [CHARTER.md](https://github.com/ossf/wg-securing-critical-projects/blob/main/CHARTER.md)\noutlines the scope and governance of our group activities.\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fmalicious-packages","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fossf%2Fmalicious-packages","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fmalicious-packages/lists"}