# OpenSourceMalware > Open intelligence on malicious open-source packages, containers, repositories, IPs, wallets, and supply-chain threats. Free public threat feed with API access for security and developer teams. ## Site - [Home](https://opensourcemalware.com/): Search and browse malicious packages across npm, PyPI, RubyGems, Maven, NuGet, Go, Crates, Packagist, Homebrew, OpenVSX, VSCode, containers, and AI skills registries. - [Use cases](https://opensourcemalware.com/use-cases): Five ways teams use the feed — block before download, detect in code, alert on new threats, respond to incidents, hunt adversaries. - [Blog](https://opensourcemalware.com/blog): Security research, threat reports, and campaign analysis. - [Most wanted](https://opensourcemalware.com/most-wanted): Highest-impact active threats. - [Leaderboard](https://opensourcemalware.com/leaderboard): Top contributors to the public threat feed. - [Activity](https://opensourcemalware.com/activity): Live stream of newly reported malicious packages. - [Report malware](https://opensourcemalware.com/report): Submit a malicious package, container, repo, IP, or wallet. - [Contact](https://opensourcemalware.com/contact): Reach the OpenSourceMalware team. ## API & docs - [API overview](https://docs.opensourcemalware.com/api/overview): Endpoints, authentication, and rate limits. - [Authentication](https://docs.opensourcemalware.com/api/authentication): How to authenticate API requests. - [Threat feed endpoint](https://docs.opensourcemalware.com/api/feed): Polling-optimized endpoint for integrations. ## Feeds - [RSS feed](https://opensourcemalware.com/rss.xml): Latest blog posts. - [Sitemap](https://opensourcemalware.com/sitemap.xml): All public URLs. ## About OpenSourceMalware tracks supply-chain threats across the open-source ecosystem: typosquats, dependency confusion, account takeovers, malicious AI skills, crypto-stealing wallets, C2 infrastructure, and DPRK-attributed campaigns. IOCs include packages, containers, repositories, domains, IPs (defanged), wallets, npm users, and Telegram bots.