npm-zoo is a curated repository that maintains a comprehensive list of known malicious NPM packages. The tool serves as a reference database for identifying potentially harmful packages within the NPM ecosystem. The repository provides detailed information about each malicious package, including identification methods and avoidance strategies. It functions as a threat intelligence resource specifically focused on supply chain security for JavaScript and Node.js projects. npm-zoo enables developers and security teams to cross-reference their project dependencies against known malicious packages. The tool helps prevent the inclusion of compromised packages that could introduce security vulnerabilities or malicious code into applications. The resource is maintained as a collaborative effort to track and document malicious NPM packages as they are discovered. It provides both historical data on past threats and current information on newly identified malicious packages in the NPM registry.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A project sharing malicious URLs used for malware distribution to help protect networks.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
Packet Storm is a global security resource providing around-the-clock information and tools to mitigate personal data and fiscal loss on a global scale.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.