← Back to Discover
ossf

ossf/malicious-packages

GoApache-2.0active
76Health

A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

Stars564
Forks118
Open Issues49
Contributors118
Last Push2d ago

Health Breakdown

Activity
25
Community
13
Maintenance
13
Popularity
25
View on GitHub ↗Issues (49) ↗Pull Requests ↗

Should you contribute to ossf/malicious-packages?

ossf/malicious-packages has a FoundDev health score of 76/100, which puts it in the active-and-maintained tier. The maintainer team is shipping recently, issues are being closed, and a PR you open this week has a realistic chance of being reviewed.

Last push was 2 days ago — that signals an actively maintained project. New issues are likely to get a maintainer response within days. The project is written primarily in Go, so prior Go experience will shorten ramp-up.

Licensed under Apache-2.0, a standard OSI-approved license — safe to contribute to under normal employer IP policies.

Community

ossf76

A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

active
564118 contributors49 issues
2d ago

More Go repos

cloudfoundry
cloudfoundry/java-buildpack
Cloud Foundry buildpack for running Java applications
45399
kubevirt
kubevirt/hyperconverged-cluster-operator
Operator pattern for managing multi-operator products
18598
SAP
SAP/jenkins-library
Jenkins shared library for Continuous Delivery pipelines.
81995