Threat Intelligence Feed
Malicious Package Threat Intelligence
Malicious Package Threat Intelligence
for Security Operations
The same intelligence that caught LiteLLM, Telnyx, and axios — delivered as a feed your security stack already knows how to consume.
1000+
Malicious Packages Detected
1000+
Projects Protected
2M+
Packages Scanned
14hr
Avg Detection Lead
1000+
Malicious Packages Detected
1000+
Projects Protected
2M+
Packages Scanned
14hr
Avg Detection Lead
Live Threat Stream
Real malicious package verdicts, IOCs, and campaign intelligence streaming from our detection pipeline. Updated continuously as new threats emerge.
safedep-threat-feed LIVE 62 threats/30d 6 ecosystems
VERDICT
npm
eslint-config-prettier@9.1.1
|
scavenger_malware
|
99%
|
verified
VERDICT
pypi
litellm@1.82.8
|
credential_stealer
|
98%
|
verified
IOC:SHA256
d2a0d5f564628773b6af7b9c11f6b86531a875bd2d186d7081ab62748a800ebb
|
setup.py
|
[email protected]
VERDICT
pypi
telnyx@4.87.2
|
trojan_dropper
|
97%
|
verified
IOC:SHA256
7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9
|
setup.py
|
[email protected]
VERDICT
npm
nx@21.5.0
|
credential_stealer
|
99%
|
verified
VERDICT
npm
react-refresh-update@2.0.5
|
trojan_dropper
|
96%
|
verified
VERDICT
npm
express-cookie-parser@1.4.12
|
trojan_dropper
|
95%
|
verified
VERDICT
npm
tensorflowjs@0.7.0
|
trojan_dropper
|
94%
|
verified
IOC:SHA256
863d274bbeb22ab969f742a06d89bdf0ababb99fdeb074a0fd9057f28b1ef257
|
index.js
|
[email protected]
VERDICT
pypi
bitensor@9.9.4
|
crypto_stealer
|
97%
|
verified
VERDICT
npm
pino-sdk-v2@9.9.0
|
credential_stealer
|
93%
|
verified
IOC:DOMAIN
tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io
|
TeamPCP/CanisterWorm
|
[email protected], [email protected]
IOC:FILEPATH
~/.config/sysmon/sysmon.py , ~/.config/systemd/user/sysmon.service
|
persistence
|
TeamPCP
IOC:FILEPATH
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\msbuild.exe
|
persistence
|
TeamPCP
CAMPAIGN
TeamPCP
|
ICP canister C2, targets CI/CD credentials, K8s escape
|
4 pkgs
/
3 domains
/
5 hashes
_ awaiting next threat...
Built for Security Teams,
Not Just Developers
Intelligence that fits your existing stack. No new platform to deploy. No agents to install.
See how SafeDep works →Plugs Into What
You Already Run
Wire SafeDep threat intelligence into your existing security infrastructure. No new tools to adopt.
SIEM / SOAR
Splunk, Sentinel, QRadar
Web Proxy / SWG
Zscaler, Palo Alto
Artifact Registry
Artifactory, Nexus
CI/CD Pipeline
GitHub Actions, GitLab CI
Get Early Access
We're onboarding a small number of security teams. Tell us about your use case.