Malicious Packages DB
Last updated
Last updated
Xygeni Open Source Security is designed to provide complete protection against vulnerabilities and malicious code, ensuring your applications remain secure and resilient. With a robust suite of capabilities, Xygeni offers unparalleled visibility and control over your open-source components, helping you to manage risks effectively.
In addition to these SCA features, Xygeni offers a Malicious Packages DB to view malicious components.
You can search for dependencies/packages to inspect whether have some kind of malware evidences. For these purposes, Xygeni provides Malware EW, a search engine that queries the MEW database.
Malware EW displays information about:
Number of detected Malicious packages by MEW
A table that lists all the malicious packages detected by MEW
Filtering fields to search by different criteria:
Current status: Quarantine, Confirmed by Xygeni, Confirmed by Registry (see
Component and version pattern (admitting wildcards)
Component's Publisher
Summary tab shows detailed information about the component:
Symmary info
Info about the Publisher
Scoring of the component
Malware detected status
Malware evidence tab shows detailed information about the code evidences found:
If you want to know if you are using some package tagged as malware, you can go to Open Source >> Components (to see all the components that you are using) and filter by Alert Type : Malware (see for further details)
Evidence distribution according to type (see packages)
Likelihood: depending on the , the malware evidences can be tagged as "potential" or high risk")
Clicking on the icon of a component with malware detected by Xygeni will open a slide with details.