{"id":105040,"date":"2025-11-05T20:01:41","date_gmt":"2025-11-05T18:01:41","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?page_id=105040"},"modified":"2026-02-10T23:57:30","modified_gmt":"2026-02-10T21:57:30","slug":"malicious-packages-identification-api-mpiapi","status":"publish","type":"page","link":"https:\/\/checkmarx.com\/malicious-packages-identification-api\/","title":{"rendered":"Malicious Packages Identification API (MPIAPI)"},"content":{"rendered":"<section class=\"section-advanced-group no-paddings bottom_padding_is_20px \" style=\"background-color: rgb(250,249,255);\">\n            <div class=\"acf-innerblocks-container\">\n\n<section class=\"section-hero-card with-video-bg hero-card hp-card-v2 top_padding_is_80px \">\n\t<div class=\"hero-card__decor-bg\"><\/div>\n\t<div class=\"hero-card__wrap-videos\">\n\t\t\t<\/div>\n\n\n\n\t<div class=\"hero-card__container\" style=\"background-color:#f0f0ff;\">\n\t\t\n\t\t<div class=\"hero-card__container__wrap-text\">\n\t\t\t\t\t\t<div>\n\t\t\t\t<h1 class=\"hero-card__container__title\">Malicious Packages Identification API (MPIAPI)<\/h1>\t\t\t\t<p class=\"hero-card__container__subtitle\">Software Supply Chain Security<\/p>\t\t\t\t<div class=\"hero-card__container__description\">\n<p>Easily integrate malicious package detection across the entire SDLC to prevent the threats of malicious open-source libraries.<\/p>\n<\/div>\t\t\t<\/div>\n\t\t\t<div class=\"hero-card__footer\">\n\t\t\t\t        <a href=\"\/mpiapi-request-a-demo\/\" class=\"btn btn-2 btn-bg accent demo\">Get a Demo<\/a>\n        \t\t\t\t        <a href=\"#more\" class=\"btn btn-2 border-2 demo\">Discover More<\/a>\n        \t\t\t<\/div>\n\t\t<\/div>\n\t\t<div class=\"hero-card__container__wrap-img\">\n\t\t\t\t\t\t\t\t<picture>\n\t\t\t\t\t\t<source media=\"(min-width: 768px)\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-Checkmarx-Page.webp\">\n\t\t\t\t\t\t<source media=\"(min-width: 320px)\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/Checkmarx-Developer-Assist.webp\">\n\t\t\t\t\t\t        <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-Checkmarx-Page.webp\" alt=\"MPIAPI Checkmarx Page\">\n        \t\t\t\t\t<\/picture>\n\t\t\t\t\t\t<\/div>\n\t<\/div>\n<\/section>\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<section class=\"section-slider-logo section-slider-logo-v2 js-wrap-line-slider-logo bottom_padding_is_20px top_padding_is_20px \">\n    <div class=\"main-wrapper\">\n        <p class=\"section-description\">SCANNING OVER 800 BILLION LINES OF CODE EACH MONTH<\/p>        <div class=\"swiper slider-hero-logo js-wrap-line-slider-logo\">\n            <div class=\"swiper-wrapper\">\n                                    <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/01-Apple.svg\" alt=\"01-Apple\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/02-Salesforce.svg\" alt=\"02-Salesforce\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/03-Siemens.svg\" alt=\"03 -Siemens\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/04-Walmart.svg\" alt=\"04 - Walmart\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/05-Ford.svg\" alt=\"05 - Ford\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/06-CITI.svg\" alt=\"06 - CITI\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/07-VISA.svg\" alt=\"07 - VISA\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/08-\u2013-Carlsberg.svg\" alt=\"08 \u2013 Carlsberg\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/9-Elevance-Health.svg\" alt=\"9 - Elevance-Health\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/10-Orange.svg\" alt=\"10 - Orange\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/11-Airbus-Group.svg\" alt=\"11 - Airbus-Group\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/12-Novartis.svg\" alt=\"12 - Novartis\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/13-GE.svg\" alt=\"13 - GE\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/14-Sainsburys.svg\" alt=\"14 - Sainsburys\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/15-PWC.svg\" alt=\"15 - PWC\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/16-The-weather-company.svg\" alt=\"16 - The-weather company\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/17-CGI.svg\" alt=\"17 - CGI\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/18-Adidas.svg\" alt=\"18 - Adidas\">\n                                <\/div>\n                    <\/div>\n                                        <div class=\"swiper-slide\">\n                        <div>\n                                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/19-SAP.svg\" alt=\"19 - SAP\">\n                                <\/div>\n                    <\/div>\n                                <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<section class=\"section-benefits layout-4 top_padding_is_60px bottom_padding_is_20px  light-theme\" id=\"more\">\n    <div class=\"main-wrapper section-benefits__wrapper\">\n                <div class=\"section-benefits__wrap-top-text has-wide-description\">\n            <h2 class=\"section-title\">Why Malicious Package Defense is Critical<\/h2>\n<div class=\"section-description\">\n<p>The dramatic rise in open-source malicious packages is increasing the frequency and severity of software supply chain attacks.<\/p>\n<\/div>        <\/div>\n\n                    <div class=\"list-card-benefits\">\n                                    <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/92_icon.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                                                <p class=\"card-benefits__description\">Increase in identified malicious packages from 2022 to 2024<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                        <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/76_icon.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                                                <p class=\"card-benefits__description\">Of CISOs are concerned about the dangers of malicious packages<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                        <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/68_icon.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                                                <p class=\"card-benefits__description\">Increase in supply-chain-related breaches between 2023 and 2024<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                        <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/93_icon.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                                                <p class=\"card-benefits__description\">Of companies have experienced a supply chain attack<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                <\/div>\n            <\/div>\n\n\n<\/section>\n<\/div>\n        <\/section>\n\n\n<section class=\"section-advanced-group no-paddings top_padding_is_40px bottom_padding_is_40px \" style=\"background-color: rgb(240,240,255);\">\n            <div class=\"acf-innerblocks-container\">\n<section class=\"tabs-with-images-v1 light-theme top_padding_is_40px\">\n  <div class=\"block-container-v2\">\n    <div class=\"tabs-with-images-v1__wrap-top-text has-wide-description \">\n      <h2 class=\"section-title\">Protect your Organization from <br>the Dangers of Malicious Packages<\/h2>\n<div class=\"section-description\">\n<p>Malicious packages pose a unique AppSec risk because they can compromise your systems merely by being installed. MPIAPI provides a unique solution to this critical defense challenge.<\/p>\n<\/div>    <\/div>\n    <div class=\"why-cx-wrapper\">\n      <div class=\"why-cx-item\">\n        <div class=\"why-cx-item__left\">\n          <div class=\"why-cx-item__left-card swiper-container js-tabs-swiper-images\" style=\"background-color: #d6d4ff;\">\n            <div class=\"swiper-wrapper\">\n                              <div class=\"swiper-slide\">\n                          <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPIEvery-Stage-of-the-SDLC.svg\" alt=\"MPIAPIEvery Stage of the SDLC\" data-id=\"0\">\n                        <\/div>\n                              <div class=\"swiper-slide\">\n                          <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-\u2013-The-Largest-Malicious-Packages-Database.svg\" alt=\"MPIAPI \u2013 The Largest Malicious Packages Database\" data-id=\"1\">\n                        <\/div>\n                              <div class=\"swiper-slide\">\n                          <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-\u2013-Detailed-Risk-Information.svg\" alt=\"MPIAPI \u2013 Detailed Risk Information\" data-id=\"2\">\n                        <\/div>\n                              <div class=\"swiper-slide\">\n                          <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-High-Volume-REST-API.svg\" alt=\"MPIAPI High-Volume REST API\" data-id=\"3\">\n                        <\/div>\n                          <\/div>\n          <\/div>\n\n        <\/div>\n        <div class=\"why-cx-item__right\">\n          <div class=\"why-cx-item__right-tabs\">\n                          <div class=\"why-cx-item__right-single-tab closed\">\n                <div class=\"mobile-image\">\n                  <div class=\"why-cx-item-description \">\n                            <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPIEvery-Stage-of-the-SDLC.svg\" alt=\"MPIAPIEvery Stage of the SDLC\" data-id=\"0\">\n                          <\/div>\n                <\/div>\n                <p class=\"why-cx-item-title\">Available at Every Stage of the SDLC<\/p>\n<div class=\"why-cx-item-description\">\n<p>Incorporate MPIAPI calls at key stages to block malicious packages \u2013 for example, before downloads, during CI\/CD workflows, or before adding packages to a private artifact registry.<\/p>\n<\/div>              <\/div>\n                          <div class=\"why-cx-item__right-single-tab closed\">\n                <div class=\"mobile-image\">\n                  <div class=\"why-cx-item-description \">\n                            <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-\u2013-The-Largest-Malicious-Packages-Database.svg\" alt=\"MPIAPI \u2013 The Largest Malicious Packages Database\" data-id=\"1\">\n                          <\/div>\n                <\/div>\n                <p class=\"why-cx-item-title\">The Largest Malicious Packages Database<\/p>\n<div class=\"why-cx-item-description\">\n<p>With over 420K human-verified malicious packages across 92.8M versions (and counting), Checkmarx leads the industry with the most comprehensive malicious package repository.<\/p>\n<\/div>              <\/div>\n                          <div class=\"why-cx-item__right-single-tab closed\">\n                <div class=\"mobile-image\">\n                  <div class=\"why-cx-item-description \">\n                            <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-\u2013-Detailed-Risk-Information.svg\" alt=\"MPIAPI \u2013 Detailed Risk Information\" data-id=\"2\">\n                          <\/div>\n                <\/div>\n                <p class=\"why-cx-item-title\">Detailed Package Risk Information<\/p>\n<div class=\"why-cx-item-description\">\n<p>Query responses provide package details, a 1\u201310 risk score (10 = certain malicious), and IoCs such as suspicious files, domains, or IP addresses.<\/p>\n<\/div>              <\/div>\n                          <div class=\"why-cx-item__right-single-tab closed\">\n                <div class=\"mobile-image\">\n                  <div class=\"why-cx-item-description \">\n                            <img decoding=\"async\" class=\"why-cx-item-image\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/MPIAPI-High-Volume-REST-API.svg\" alt=\"MPIAPI High-Volume REST API\" data-id=\"3\">\n                          <\/div>\n                <\/div>\n                <p class=\"why-cx-item-title\">High-Volume REST API<\/p>\n<div class=\"why-cx-item-description\">\n<p>Send up to 1,000 package research requests to the MPIAPI in a single call, including package ID, ecosystem, and version. Responses return within milliseconds.<\/p>\n<\/div>              <\/div>\n                      <\/div>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n<\/section>\n\n<section class=\"section-mid-page-cta top_padding_is_60px bottom_padding_is_40px\">\n    <div class=\"block-container-v2\" style=\"background-image: url('https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/09\/Mid-Page-CTA-BG-.webp');\">\n        <h2 class=\"section-title\">Maximize Your Software Supply Chain Defenses<\/h2>\n<p class=\"section-description\">Learn how leading enterprises use MPIAPI to reduce the risks of malicious packages in their software supply chains.<\/p>        <a href=\"\/request-a-demo\/\" class=\"btn btn-2 btn-gradient-light demo\" target=\"_blank\">Request a Demo<\/a>\n            <\/div>\n<\/section>\n\n<section class=\"section-benefits layout-4 top_padding_is_60px bottom_padding_is_20px  light-theme\">\n    <div class=\"main-wrapper section-benefits__wrapper\">\n                <div class=\"section-benefits__wrap-top-text has-wide-description\">\n            <h2 class=\"section-title\">Protect your Organization from Malicious Package Threats<\/h2>\n<div class=\"section-description\">\n<p>Reduce OSS security threats and improve your overall security posture by blocking malicious or suspicious third-party packages that can put your organization at risk.<\/p>\n<\/div>        <\/div>\n\n                    <div class=\"list-card-benefits\">\n                                    <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/Eye.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                <p class=\"card-benefits__title\">Unmatched OSS Risk Visibility<\/p>                                <p class=\"card-benefits__description\">Reduce OSS security threats and strengthen your security posture by blocking malicious or suspicious third-party packages that could put your organization at risk.<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                        <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/Shield.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                <p class=\"card-benefits__title\">Protection Across Your Entire Environment <\/p>                                <p class=\"card-benefits__description\">Leverage the industry\u2019s largest malicious package database, with over 420,000 packages spanning multiple OSS ecosystems, including PyPI, npm, RubyGems, NuGet, and Maven Central.<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                        <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/Zoom.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                <p class=\"card-benefits__title\">Turbo-Charged AppSec Research<\/p>                                <p class=\"card-benefits__description\">Rapidly assess third-party packages with detailed intelligence to set security policies, evaluate suspicious components, and balance risk with developer productivity<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                        <div class=\"card-benefits\">\n                        <div class=\"card-benefits__wrap-img\">\n                                                            <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/11\/Diamond.svg\" alt=\"Icon benefit\">\n                                                    <\/div>\n                        <div class=\"card-benefits__wrap-text\">\n                            <div>\n                                <p class=\"card-benefits__title\">Technology Agnostic Solution<\/p>                                <p class=\"card-benefits__description\">No matter which tech stack your org is using you can still utilize the MPIAPI<\/p>                            <\/div>\n                        <\/div>\n                        <div class=\"card-benefits__wrap-buttons\">\n                                                                                <\/div>\n\n                    <\/div>\n                                <\/div>\n            <\/div>\n\n\n<\/section>\n<\/div>\n        <\/section>\n\n\n<section class=\"section-advanced-group no-paddings top_padding_is_40px bottom_padding_is_20px \" style=\"background-color: rgb(250,249,255);\">\n            <div class=\"acf-innerblocks-container\">\n<section class=\"section-related-resources-v2 section-resources-content cx\">\n    <div class=\"related-resources-container\">\n        <div class=\"related-resources-title  has-show-all-btn\">\n            <h2 class=\"title\">New and Noteworthy<\/h2>                            <div class=\"tabs__all-resources\">\n                    <a href=\"\/resources\/\" class=\"\">View All Resources<\/a>\n                <\/div>\n                    <\/div>\n\n                <div class=\"resources_wrapper\">\n            <div class=\"cards resources-grid\">\n                                    <div class=\"tab-content is-active\" data-tab-id=\"0\">\n                        <div class=\"swiper resources-swiper\">\n                            <div class=\"swiper-wrapper\">\n                                                                    <div class=\"swiper-slide \">\n                                        \n<a href=\"https:\/\/checkmarx.com\/resources\/malicious-package-identification-api\/\" target=\"_self\" class=\"new-resource-card webinar-card \" data-post-id=\"105121\" data-tax-terms=\"{&quot;resource_type&quot;:[&quot;solution-briefs&quot;],&quot;products&quot;:[&quot;malicious-package-protection&quot;],&quot;use-cases&quot;:[&quot;software-supply-chain-security-sscs&quot;]}\" data-tax-ids=\"[1311,1332,1385]\">\n            <div class=\"new-resource-card__image\">\n            <span class=\"new-resource-card__image-link\">\n                <span class=\"resource-card__image-image\" style=\"background-image: url(https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/08\/malicious_package_solution_brief_2x-2048x1025-1-1024x513.webp);\"><\/span>\n            <\/span>\n        <\/div>\n                <div id=\"resource_tag_105121\" class=\"new-resource-card__tag\">\n                <p>Solution Briefs<\/p>\n            <\/div>\n            \n\n    <h4 class=\"new-resource-card__title\">\n        <span class=\"new-resource-card__title-link\">\n            Malicious Package Identification API        <\/span>\n    <\/h4>\n\n    \n    <div target=\"_self\" class=\"new-resource-card__readmore\">\n        <p>\n            Read more        <\/p>\n        <svg width=\"11\" height=\"10\" viewbox=\"0 0 11 10\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n            <path d=\"M8.88477 8.73069L8.88477 1.875M8.88477 1.875L2.00977 8.75M8.88477 1.875L2.02907 1.875\" stroke-width=\"1.25\" stroke-linecap=\"square\" stroke-linejoin=\"round\"><\/path>\n        <\/svg>\n    <\/div>\n<\/a>\n                                    <\/div>\n                                                                    <div class=\"swiper-slide \">\n                                        \n<a href=\"\/the-hidden-threat-of-malicious-open-source-packages\/\" target=\"_self\" class=\"new-resource-card webinar-card \" data-post-id=\"104491\" data-tax-terms=\"{&quot;resource_type&quot;:[&quot;whitepapers-reports&quot;],&quot;products&quot;:[&quot;checkmarx-one&quot;,&quot;malicious-package-protection&quot;],&quot;use-cases&quot;:[&quot;devsecops&quot;,&quot;software-supply-chain-security-sscs&quot;]}\" data-tax-ids=\"[1309,1320,1332,1383,1385]\">\n            <div class=\"new-resource-card__image\">\n            <span class=\"new-resource-card__image-link\">\n                <span class=\"resource-card__image-image\" style=\"background-image: url(https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/10\/malicious_packages_report_website_thumbnail_-1024x512.webp);\"><\/span>\n            <\/span>\n        <\/div>\n                <div id=\"resource_tag_104491\" class=\"new-resource-card__tag\">\n                <p>Whitepapers &amp; Reports<\/p>\n            <\/div>\n            \n\n    <h4 class=\"new-resource-card__title\">\n        <span class=\"new-resource-card__title-link\">\n            The Hidden Threat of Malicious Open-Source Packages        <\/span>\n    <\/h4>\n\n    \n    <div target=\"_self\" class=\"new-resource-card__readmore\">\n        <p>\n            Read more        <\/p>\n        <svg width=\"11\" height=\"10\" viewbox=\"0 0 11 10\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n            <path d=\"M8.88477 8.73069L8.88477 1.875M8.88477 1.875L2.00977 8.75M8.88477 1.875L2.02907 1.875\" stroke-width=\"1.25\" stroke-linecap=\"square\" stroke-linejoin=\"round\"><\/path>\n        <\/svg>\n    <\/div>\n<\/a>\n                                    <\/div>\n                                                                    <div class=\"swiper-slide \">\n                                        \n<a href=\"https:\/\/checkmarx.com\/blog\/checkmarx-advances-software-supply-chain-security\/\" target=\"_self\" class=\"new-resource-card webinar-card \" data-post-id=\"98879\" data-tax-terms=\"[]\" data-tax-ids=\"[]\">\n            <div class=\"new-resource-card__image\">\n            <span class=\"new-resource-card__image-link\">\n                <span class=\"resource-card__image-image\" style=\"background-image: url(https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/11\/blog_sscs_launch_2x-1024x512.webp);\"><\/span>\n            <\/span>\n        <\/div>\n                <div id=\"resource_tag_98879\" class=\"new-resource-card__tag\">\n                <p>Resource<\/p>\n            <\/div>\n            \n\n    <h4 class=\"new-resource-card__title\">\n        <span class=\"new-resource-card__title-link\">\n            Checkmarx Advances Software Supply Chain Security        <\/span>\n    <\/h4>\n\n    \n    <div target=\"_self\" class=\"new-resource-card__readmore\">\n        <p>\n            Read more        <\/p>\n        <svg width=\"11\" height=\"10\" viewbox=\"0 0 11 10\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n            <path d=\"M8.88477 8.73069L8.88477 1.875M8.88477 1.875L2.00977 8.75M8.88477 1.875L2.02907 1.875\" stroke-width=\"1.25\" stroke-linecap=\"square\" stroke-linejoin=\"round\"><\/path>\n        <\/svg>\n    <\/div>\n<\/a>\n                                    <\/div>\n                                                            <\/div>\n                            <div class=\"slider-navigation-right-type\">\n                                <span class=\"slider-post-cards__prev swiper-button-prev \"><\/span>\n                                <span class=\"slider-post-cards__next swiper-button-next\"><\/span>\n                            <\/div>\n                        <\/div>\n                    <\/div>\n\n                            <\/div>\n        <\/div>\n    <\/div>\n\n<\/section>\n\n\n<section class=\"section-accordion section-accordion-v2 cx bottom_padding_is_20px \">\n    <div class=\"main-wrapper section-accordion__wrapper\">\n        <h2 class=\"section-title\">FAQ<\/h2>\n        <div class=\"fag-accordion__wrapper\">\n            <div class=\"js-accordion fag-accordion\">\n                <div>\n\n                                            <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                What is the difference between malicious and vulnerable packages?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Most AppSec focuses on potential risk \u2013 vulnerabilities that threat actors might later exploit. But malicious open-source packages are different; they contain harmful code from the outset, often attacking the moment they are installed. Unlike vulnerabilities that represent <strong>potential<\/strong> threats, malicious packages immediately endanger developer workstations, CI\/CD environments, and production systems. Therefore, malicious package defense must commence before installation and at other relevant stages of the SDLC.<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                How prevalent are malicious packages?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>The threat level to organizations of malicious packages has been rapidly rising over the past few years. The numbers tell a disturbing story: Checkmarx\u2019 AppSec research team has discovered more than 420,000 publicly available malicious packages. A recent Checkmarx survey revealed that 76% of CISOs are concerned about the dangers of malicious packages. The average cost of a software supply chain compromise was $4.63 million, which is 8.3% higher than the average cost of a data breach due to other causes (IBM research). It is imperative that CISOs and AppSec teams place more focus on this critical threat vector.<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Why are conventional AppSec solutions not sufficient?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Traditional security measures fall short when dealing with malicious packages for three primary reasons: Timing (by the time SAST or SCA tools run, malicious packages may have already executed their payloads), scope (developer machines often have more permissive configurations and\/or are subject to fewer enterprise security protections), and speed (the rapid pace of package adoption means threats can spread quickly before detection). For these reasons, effective malicious package defense requires a shift from reactive to proactive security: pre-installation checking (verifying packages before they enter any environment), continuous monitoring (regularly scanning existing packages as new threats are discovered), and comprehensive coverage (protection at every stage of the SDLC).<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                How does Checkmarx identify malicious packages?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Checkmarx combines proprietary technology with a team of expert security researchers to effectively identify malicious packages. This threat intelligence system performs automated tests to identify suspicious package behaviors, risky OSS code changes, author reputation issues, and additional factors (secrets, code scanning, static analysis, etc.). When a package is flagged as potentially malicious, Checkmarx\u2019s security research team conducts a thorough manual review to confirm its malicious nature (to avoid false positives), before adding it to the malicious package database (and reporting it externally, when appropriate). On average, Checkmarx scans around 2 million OSS packages every month.<\/p>\n                            <\/div>\n                        <\/div>\n                        <\/div>\n<div>                        <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                What are examples of malicious and suspicious package behaviors?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>A few examples include data exfiltration (stealing sensitive information), harmful file download, network connection to domain address known to be used by attackers, crypto-mining software, repojacking (takes control of the repository of a legitimate package), typosquatting (mimics the name of a popular package, inducing users to inadvertently use this package), chainjacking (stores a package in a renamed GitHub repository), and protestware (software that includes undesirable functionality that aims to protest an issue).<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                What are examples of malicious package attacks?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Here is one malicious attack example per year, for each of the past few years (you can Google them for details):<\/p>\n<ul>\n<li>SolarWinds Supply Chain Attack (2020, Enterprise Infrastructure Compromise)<\/li>\n<li>ua-parser-js (2021, Critical Infrastructure Targeting)<\/li>\n<li>PyTorch (2022, Dependency Confusion Attack)<\/li>\n<li>116 Malicious PyPI Packages Campaign (2023, Widespread Windows\/Linux Targeting)<\/li>\n<li>MUT-8694 Campaign (2024, Cross-Platform npm\/PyPI Attack)<\/li>\n<\/ul>\n<p>NPM Attack Against qix (2025, Cryptocurrency Stealer)<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                How can I protect my organization from malicious packages?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>The most effective way to prevent harm to your organization from malicious packages is to validate third-party packages at every relevant step of the SDLC, starting with the moment developers try to install them on their workstations. Beyond this, it is important to frequently scan all the OSS packages present in your private artifact registries, applications, and container images, and then to remove\/update any package versions that may have been flagged as containing malicious or suspicious code.<\/p>\n                            <\/div>\n                        <\/div>\n                                        <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<script type=\"application\/ld+json\">{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"url\":\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"What is the difference between malicious and vulnerable packages?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Most AppSec focuses on potential risk \u2013 vulnerabilities that threat actors might later exploit. But malicious open-source packages are different; they contain harmful code from the outset, often attacking the moment they are installed. Unlike vulnerabilities that represent potential threats, malicious packages immediately endanger developer workstations, CI\/CD environments, and production systems. Therefore, malicious package defense must commence before installation and at other relevant stages of the SDLC.\"}},{\"@type\":\"Question\",\"name\":\"How prevalent are malicious packages?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The threat level to organizations of malicious packages has been rapidly rising over the past few years. The numbers tell a disturbing story: Checkmarx\u2019 AppSec research team has discovered more than 420,000 publicly available malicious packages. A recent Checkmarx survey revealed that 76% of CISOs are concerned about the dangers of malicious packages. The average cost of a software supply chain compromise was $4.63 million, which is 8.3% higher than the average cost of a data breach due to other causes (IBM research). It is imperative that CISOs and AppSec teams place more focus on this critical threat vector.\"}},{\"@type\":\"Question\",\"name\":\"Why are conventional AppSec solutions not sufficient?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Traditional security measures fall short when dealing with malicious packages for three primary reasons: Timing (by the time SAST or SCA tools run, malicious packages may have already executed their payloads), scope (developer machines often have more permissive configurations and\/or are subject to fewer enterprise security protections), and speed (the rapid pace of package adoption means threats can spread quickly before detection). For these reasons, effective malicious package defense requires a shift from reactive to proactive security: pre-installation checking (verifying packages before they enter any environment), continuous monitoring (regularly scanning existing packages as new threats are discovered), and comprehensive coverage (protection at every stage of the SDLC).\"}},{\"@type\":\"Question\",\"name\":\"How does Checkmarx identify malicious packages?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Checkmarx combines proprietary technology with a team of expert security researchers to effectively identify malicious packages. This threat intelligence system performs automated tests to identify suspicious package behaviors, risky OSS code changes, author reputation issues, and additional factors (secrets, code scanning, static analysis, etc.). When a package is flagged as potentially malicious, Checkmarx\u2019s security research team conducts a thorough manual review to confirm its malicious nature (to avoid false positives), before adding it to the malicious package database (and reporting it externally, when appropriate). On average, Checkmarx scans around 2 million OSS packages every month.\"}},{\"@type\":\"Question\",\"name\":\"What are examples of malicious and suspicious package behaviors?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A few examples include data exfiltration (stealing sensitive information), harmful file download, network connection to domain address known to be used by attackers, crypto-mining software, repojacking (takes control of the repository of a legitimate package), typosquatting (mimics the name of a popular package, inducing users to inadvertently use this package), chainjacking (stores a package in a renamed GitHub repository), and protestware (software that includes undesirable functionality that aims to protest an issue).\"}},{\"@type\":\"Question\",\"name\":\"What are examples of malicious package attacks?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Here is one malicious attack example per year, for each of the past few years (you can Google them for details):\\n\\nSolarWinds Supply Chain Attack (2020, Enterprise Infrastructure Compromise)\\nua-parser-js (2021, Critical Infrastructure Targeting)\\nPyTorch (2022, Dependency Confusion Attack)\\n116 Malicious PyPI Packages Campaign (2023, Widespread Windows\/Linux Targeting)\\nMUT-8694 Campaign (2024, Cross-Platform npm\/PyPI Attack)\\n\\nNPM Attack Against qix (2025, Cryptocurrency Stealer)\"}},{\"@type\":\"Question\",\"name\":\"How can I protect my organization from malicious packages?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The most effective way to prevent harm to your organization from malicious packages is to validate third-party packages at every relevant step of the SDLC, starting with the moment developers try to install them on their workstations. Beyond this, it is important to frequently scan all the OSS packages present in your private artifact registries, applications, and container images, and then to remove\/update any package versions that may have been flagged as containing malicious or suspicious code.\"}}]}<\/script>\n<\/div>\n        <\/section>","protected":false},"excerpt":{"rendered":"","protected":false},"author":108,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":true,"footnotes":""},"class_list":["post-105040","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Malicious Packages Identification API (MPIAPI)<\/title>\n<meta name=\"description\" content=\"Easily integrate malicious package detection across the entire SDLC to prevent the threats of malicious open-source libraries.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malicious Packages Identification API (MPIAPI)\" \/>\n<meta property=\"og:description\" content=\"Easily integrate malicious package detection across the entire SDLC to prevent the threats of malicious open-source libraries.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-10T21:57:30+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\",\"url\":\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\",\"name\":\"Malicious Packages Identification API (MPIAPI)\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"datePublished\":\"2025-11-05T18:01:41+00:00\",\"dateModified\":\"2026-02-10T21:57:30+00:00\",\"description\":\"Easily integrate malicious package detection across the entire SDLC to prevent the threats of malicious open-source libraries.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malicious Packages Identification API (MPIAPI)","description":"Easily integrate malicious package detection across the entire SDLC to prevent the threats of malicious open-source libraries.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/malicious-packages-identification-api\/","og_locale":"en_US","og_type":"article","og_title":"Malicious Packages Identification API (MPIAPI)","og_description":"Easily integrate malicious package detection across the entire SDLC to prevent the threats of malicious open-source libraries.","og_url":"https:\/\/checkmarx.com\/malicious-packages-identification-api\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-02-10T21:57:30+00:00","twitter_card":"summary_large_image","twitter_site":"@checkmarx","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/malicious-packages-identification-api\/","url":"https:\/\/checkmarx.com\/malicious-packages-identification-api\/","name":"Malicious Packages Identification API (MPIAPI)","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"datePublished":"2025-11-05T18:01:41+00:00","dateModified":"2026-02-10T21:57:30+00:00","description":"Easily integrate malicious package detection across the entire SDLC to prevent the threats of malicious open-source libraries.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/malicious-packages-identification-api\/"]}]},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/pages\/105040","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/108"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=105040"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/pages\/105040\/revisions"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=105040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}