Skip to content

Threat Intelligence Snapshot — 2026-07-04 13:37 UTC

Choose a tag to compare

@github-actions github-actions released this 04 Jul 13:37
78f45bb
pkg-defender logo

Threat Intelligence Snapshot — Latest

Build Time: 2026-07-04 13:37 UTC

PKG-Defender (PKGD) v1.0.1

What Is This?

This "snapshot" is a pre-built, machine-readable threat intelligence database for the open-source package ecosystem, published fresh every 6 hours under the snapshot-latest tag. It aggregates known-malicious packages from multiple data sources, curated automatically by the PKG-Defender project. On each scheduled run, the previous snapshot release is automatically deleted and replaced by the latest published version under the snapshot-latest tag. This ensures users can never accidentally retrieve stale data.

Why this matters: Malicious package attacks (typosquatting, dependency confusion, protestware, credential theft) are on the rise. Fresh threat intelligence is critical for effective detection. This snapshot updates every 6 hours, ensuring your security tooling has the latest data — not last week's.

Who should use this: Security engineers, DevOps teams, platform maintainers, and anyone running automated package risk analysis. Download and use it with pkgd CLI, integrate it into your CI/CD pipelines, or consume the raw database directly.

Latest Snapshot — General Stats

Metric Value
Total known threats 317,516
Ecosystems covered 12
Compressed database size 32.4 MB
SHA-256 checksum fd74e02e61cb5232ce7b00a853959643b5231e3ac403558999c5671f1d73056b

Latest Snapshot — Ecosystem Breakdown

Ecosystem Threats
npm 256,366
pypi 23,460
go 10,598
maven 8,921
packagist 6,726
nuget 4,710
cargo 2,618
rubygems 2,348
composer 1,736
swift 31
pub 1
unknown 1

Latest Snapshot — Data Sources

Source Records
osv 271,168
ossf_malicious 31,183
ghsa 15,165

How to Use a Snapshot

Download the Latest Snapshot

pkgd db snapshot --download

This pulls the latest threats-latest.db.gz and its checksum, verifies integrity, and makes the database available for local queries.

List Available Snapshots

pkgd db snapshot --latest

Shows metadata for the most recent snapshot — build time, threat count, checksum, and file size — without downloading.

Verify a Snapshot

pkgd db snapshot --verify

Checks the SHA-256 hash of your local database against the published checksum to confirm it hasn't been tampered with or corrupted.


Learn More

Resource Link
CLI Reference Snapshot CLI Documentation (pkgd db) →
CI/CD Guide Integrating Threat Snapshots Into Pipelines →
Getting Started PKG-Defender Quickstart →
Architecture Snapshot System Design →
Report an Issue File a Bug or Feature Request →

This release was automatically generated by the PKG-Defender Snapshot workflow (.github/workflows/snapshot.yml). For questions or feedback, please open an issue.

Thank you for supporting PKG-Defender.

— Division 7