This folder hosts the list of malicious packages reported by the community and by the authors.
Regarding the actual packages, maloss-samples is a private repo that contains the supply chain attack samples and are updated periodically. Please fill out the Google Form to request access. We will respond ASAP.
-
For RubyGems
- download the user page as html, e.g.
shaggy.html - get packages:
grep -o "gems/[^\"]*.\"" shaggy.html > shaggy_packages.txt - get downloads:
grep ' [0-9]\+' shaggy.html > shaggy_downloads.txt
- download the user page as html, e.g.
-
For NpmJS
- download the user page as html, e.g.
davidribyrne.html - get packages:
grep -o 'package/[^"]*' davidribyrne.html > davidribyrne_packages.txt
- download the user page as html, e.g.