npm-zoo
npm-zoo is a curated repository that maintains a comprehensive list of known malicious NPM packages. The tool serves as a reference database for identifying potentially harmful packages within the NPM ecosystem. The repository provides detailed information about each malicious package, including identification methods and avoidance strategies. It functions as a threat intelligence resource specifically focused on supply chain security for JavaScript and Node.js projects. npm-zoo enables developers and security teams to cross-reference their project dependencies against known malicious packages. The tool helps prevent the inclusion of compromised packages that could introduce security vulnerabilities or malicious code into applications. The resource is maintained as a collaborative effort to track and document malicious NPM packages as they are discovered. It provides both historical data on past threats and current information on newly identified malicious packages in the NPM registry.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A project sharing malicious URLs used for malware distribution to help protect networks.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
Packet Storm is a global security resource providing around-the-clock information and tools to mitigate personal data and fiscal loss on a global scale.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.