npm-zoo
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
Free20
Free20
npm-zoo
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignnpm-zoo Description
npm-zoo is a curated repository that maintains a comprehensive list of known malicious NPM packages. The tool serves as a reference database for identifying potentially harmful packages within the NPM ecosystem. The repository provides detailed information about each malicious package, including identification methods and avoidance strategies. It functions as a threat intelligence resource specifically focused on supply chain security for JavaScript and Node.js projects. npm-zoo enables developers and security teams to cross-reference their project dependencies against known malicious packages. The tool helps prevent the inclusion of compromised packages that could introduce security vulnerabilities or malicious code into applications. The resource is maintained as a collaborative effort to track and document malicious NPM packages as they are discovered. It provides both historical data on past threats and current information on newly identified malicious packages in the NPM registry.
npm-zoo FAQ
Common questions about npm-zoo including features, pricing, alternatives, and user reviews.
npm-zoo is npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects. It is a Application Security solution designed to help security teams with NPM, Security Research, Nodejs.
npm-zoo is a free Application Security tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/spaceraccoon/npm-zoo/ for download and installation instructions.
Popular alternatives to npm-zoo include:
1.Aikido Software Supply Chain Security - Software supply chain security platform detecting malware in dependencies (Commercial)
2.Chainguard Libraries - Malware-resistant software libraries rebuilt from source for multiple languages (Commercial)
3.Socket - Detects and blocks malicious/vulnerable open source packages in supply chains. (Commercial)
4.Hunted Labs - Detects foreign adversarial influence in open source software dependencies. (Commercial)
5.pkgsign - A CLI tool for signing and verifying npm and yarn packages. (Free)
Compare all npm-zoo alternatives at https://cybersectools.com/alternatives/npm-zoo
npm-zoo is for security teams and organizations that need NPM, Security Research, Nodejs, Supply Chain Security, Package Security. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Application Security tools can be found at https://cybersectools.com/categories/application-security
Have more questions? Browse our categories or search for specific tools.
