Skip to content
Change the repository type filter

All

    Repositories list

    • packj

      Public
      Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
      Python
      GNU Affero General Public License v3.0
      36650113Updated Apr 2, 2024Apr 2, 2024
    • Packj audits pull requests for malicious/risky open-source deps
      41010Updated Aug 29, 2023Aug 29, 2023
    • sinopia

      Public
      Private npm repository server
      JavaScript
      654001Updated Jun 14, 2023Jun 14, 2023
    • top-1m

      Public
      0000Updated May 25, 2023May 25, 2023
    • This test repo demos usage of Packj.dev GitHub Action to flag risky devs
      Apache License 2.0
      02127Updated May 12, 2023May 12, 2023
    • Demo for Packj NPM registry firewall action
      Apache License 2.0
      0004Updated May 9, 2023May 9, 2023
    • Packj firewall for NPM registry
      Apache License 2.0
      0000Updated May 9, 2023May 9, 2023
    • packj-npm

      Public
      packj-npm
      TypeScript
      MIT License
      2001Updated May 4, 2023May 4, 2023
    • Packj CircleCI Orb
      0000Updated Feb 28, 2023Feb 28, 2023
    • Packj GitLab Runner
      0000Updated Feb 20, 2023Feb 20, 2023
    • confused

      Public
      Tool to check for dependency confusion vulnerabilities in multiple package management systems
      Go
      MIT License
      94000Updated Nov 30, 2022Nov 30, 2022
    • Frelatage

      Public
      The Python Fuzzer that the world deserves 🐍
      Python
      MIT License
      16100Updated Mar 22, 2022Mar 22, 2022
    • Symbolica

      Public
      Symbolica's open-source symbolic execution engine.
      C#
      MIT License
      6000Updated Feb 25, 2022Feb 25, 2022
    • 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
      Shell
      Other
      522000Updated Feb 1, 2022Feb 1, 2022
    • This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, if currently supported, possible backdoors (malicio…
      Python
      MIT License
      16000Updated Aug 6, 2021Aug 6, 2021
    • maloss

      Public
      Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
      Java
      MIT License
      22000Updated Apr 26, 2021Apr 26, 2021
    • A dataset of software supply chain compromises. Please help us maintain it!
      Creative Commons Zero v1.0 Universal
      29000Updated Jan 5, 2021Jan 5, 2021
    • exploits

      Public
      exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House
      C
      Other
      109000Updated Dec 9, 2020Dec 9, 2020
    • pypi-scan

      Public
      Scan pypi for typosquatting
      Python
      Apache License 2.0
      13000Updated Nov 24, 2020Nov 24, 2020
    • PyPI malware packages
      Python
      The Unlicense
      7000Updated Dec 12, 2018Dec 12, 2018
    • pypi-bad

      Public
      Bad packages from the pypi repository
      Python
      6000Updated Dec 3, 2018Dec 3, 2018
    • osspolice

      Public
      Identifying Open-Source License Violation and 1-day Security Risk at Large Scale
      Python
      GNU General Public License v3.0
      30000Updated Jan 23, 2018Jan 23, 2018