This repository provides a feed of potential malware packages found in the npm ecosystem. The data is sourced from the various threat intel vendors and is intended to help the community track and identify potentially harmful packages. We encourage other malware researchers to contribute and update this list—if you spot a malicious npm package, please open a PR.
This feed is for informational purposes only.
The data is fetched from the Aikido Security Intel API and other various vendors.
This repository provides the data in both JSON and CSV formats.
The malware_packages.json file contains a JSON array of objects, where each object has the following structure:
[
{
"package_name": "example-package",
"version": "1.0.0"
}
]The malware_packages.csv file contains the same data in CSV format with the following columns:
package_nameversion
You can use this feed in your security automation scripts to check for the presence of these packages in your projects.
# Check if a specific package is in the list
curl -s https://raw.githubusercontent.com/themalwarenews/npm-malware-feed/main/malware_packages.json | jq '.[] | select(.package_name == "some-package-name")'The data in this repository is provided "as is" without any warranty, express or implied. We are not responsible for any damages or losses arising from the use of this data. The data is sourced from a third-party API, and we do not guarantee its accuracy or completeness.
This project is licensed under the MIT License.