Malicious Packages DB
Xygeni Open Source Security is designed to provide complete protection against vulnerabilities and malicious code, ensuring your applications remain secure and resilient. With a robust suite of capabilities, Xygeni offers unparalleled visibility and control over your open-source components, helping you to manage risks effectively.
In addition to these SCA features, Xygeni offers a Malicious Packages DB to view malicious components.
See Malware Early Warning (MEW) service for further details
You can search for dependencies/packages to inspect whether have some kind of malware evidences. For these purposes, Xygeni provides Malware EW, a search engine that queries the MEW database.
Malware EW displays information about any public software package with malware evidences, not only about those being used by your applications.
If you want to know if you are using some package tagged as malware, you can go to Open Source >> Components (to see all the components that you are using) and filter by Alert Type : Malware (see Inventory - Components for further details)
Malware EW displays information about:
Number of detected Malicious packages by MEW
Evidence distribution according to type (see Common types of Malware packages)
A table that lists all the malicious packages detected by MEW
Filtering fields to search by different criteria:
Current status: Quarantine, Confirmed by Xygeni, Confirmed by Registry (see
Component and version pattern (admitting wildcards)
Likelihood: depending on the maliciousness score, the malware evidences can be tagged as "potential" or high risk")
Component's Publisher
Malware details (MEW)
Clicking on the 
icon of a component with malware detected by Xygeni will open a slide with details.
Summary tab shows detailed information about the component:
Summary info
Info about the Publisher
Malware detected status
Malware evidence tab shows detailed information about the code evidences found:
Last updated