Threat Intelligence Snapshot — 2026-07-04 13:37 UTC
Threat Intelligence Snapshot — Latest
Build Time: 2026-07-04 13:37 UTC
PKG-Defender (PKGD) v1.0.1
What Is This?
This "snapshot" is a pre-built, machine-readable threat intelligence database for the open-source package ecosystem, published fresh every 6 hours under the snapshot-latest tag. It aggregates known-malicious packages from multiple data sources, curated automatically by the PKG-Defender project. On each scheduled run, the previous snapshot release is automatically deleted and replaced by the latest published version under the snapshot-latest tag. This ensures users can never accidentally retrieve stale data.
Why this matters: Malicious package attacks (typosquatting, dependency confusion, protestware, credential theft) are on the rise. Fresh threat intelligence is critical for effective detection. This snapshot updates every 6 hours, ensuring your security tooling has the latest data — not last week's.
Who should use this: Security engineers, DevOps teams, platform maintainers, and anyone running automated package risk analysis. Download and use it with pkgd CLI, integrate it into your CI/CD pipelines, or consume the raw database directly.
Latest Snapshot — General Stats
| Metric | Value |
|---|---|
| Total known threats | 317,516 |
| Ecosystems covered | 12 |
| Compressed database size | 32.4 MB |
| SHA-256 checksum | fd74e02e61cb5232ce7b00a853959643b5231e3ac403558999c5671f1d73056b |
Latest Snapshot — Ecosystem Breakdown
| Ecosystem | Threats |
|---|---|
| npm | 256,366 |
| pypi | 23,460 |
| go | 10,598 |
| maven | 8,921 |
| packagist | 6,726 |
| nuget | 4,710 |
| cargo | 2,618 |
| rubygems | 2,348 |
| composer | 1,736 |
| swift | 31 |
| pub | 1 |
| unknown | 1 |
Latest Snapshot — Data Sources
| Source | Records |
|---|---|
| osv | 271,168 |
| ossf_malicious | 31,183 |
| ghsa | 15,165 |
How to Use a Snapshot
Download the Latest Snapshot
pkgd db snapshot --downloadThis pulls the latest threats-latest.db.gz and its checksum, verifies integrity, and makes the database available for local queries.
List Available Snapshots
pkgd db snapshot --latestShows metadata for the most recent snapshot — build time, threat count, checksum, and file size — without downloading.
Verify a Snapshot
pkgd db snapshot --verifyChecks the SHA-256 hash of your local database against the published checksum to confirm it hasn't been tampered with or corrupted.
Learn More
| Resource | Link |
|---|---|
| CLI Reference | Snapshot CLI Documentation (pkgd db) → |
| CI/CD Guide | Integrating Threat Snapshots Into Pipelines → |
| Getting Started | PKG-Defender Quickstart → |
| Architecture | Snapshot System Design → |
| Report an Issue | File a Bug or Feature Request → |
This release was automatically generated by the PKG-Defender Snapshot workflow (.github/workflows/snapshot.yml). For questions or feedback, please open an issue.
Thank you for supporting PKG-Defender.
— Division 7