Skip to content

shivamsaraswat/PkgSafe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
index.html
index.html
Β 
Β 

Repository files navigation

πŸ›‘οΈ PkgSafe

A simple web tool to check if an open source package contains malware.

πŸ”— Live Demo: https://charming-frangollo-27a49b.netlify.app/

✨ What it does

PkgSafe checks packages against OSV.dev (Google's Open Source Vulnerability database) to identify known malicious packages. It specifically looks for packages flagged with MAL- identifiers from the OpenSSF Malicious Packages repository.

πŸ“¦ Supported Ecosystems

  • 🟨 npm (JavaScript)
  • 🐍 PyPI (Python)
  • πŸ”΅ Go
  • β˜• Maven (Java)
  • πŸ¦€ crates.io (Rust)
  • 🟣 NuGet (.NET)
  • πŸ’Ž RubyGems (Ruby)

πŸ” How it works

  1. Enter a package name and optionally a version
  2. Select the package ecosystem
  3. Click "Check Package"
  4. The tool queries the OSV.dev API for malware reports
  5. Results show if the package is flagged as malicious

πŸ“Š Data Source

All data comes from OSV.dev, which aggregates malware reports from:

  • OpenSSF Malicious Packages Repository
  • GitHub Security Advisories
  • And other trusted sources

πŸ§ͺ Example Malicious Packages

Test the tool with these known malicious packages:

Ecosystem Package Type
PyPI httpad Spyware
npm colorsss Token stealer

⚠️ Limitations

  • A clean result doesn't guarantee safety
  • Only detects packages already reported to OSV.dev
  • Always review package code and maintainers before use

πŸ“„ License

MIT

About

A simple web tool to check if an open source package contains malware.

charming-frangollo-27a49b.netlify.app/

Topics

osv malicious-packages openssf

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages