Unmasking Malicious Open Source Components

Explore the Backstabber's Knife Collection: A comprehensive dataset of real-world malicious packages.

Understand the threats lurking in open source dependencies and strengthen your software supply chain security.

Learn More Read the Paper

About the Dataset

The Backstabber's Knife Collection is a unique dataset meticulously curated to provide insights into malicious open source software components observed in real-world attacks starting 2015. Sourced from popular package repositories like npm, PyPI, RubyGems, and more, this collection is an invaluable resource for researchers, security professionals, and developers aiming to understand and mitigate software supply chain risks.

Key Features

Real-World Attacks

Contains samples from actual attacks, offering practical insights into prevalent malicious techniques.

Multi-Ecosystem Coverage

Includes malicious packages from npm, PyPI, RubyGems, and more, reflecting diverse attack vectors.

Research Backing

Based on research presented in a scientific paper, ensuring data quality and relevance.

Explore Malicious Package Examples

Browse examples of malicious packages included in the dataset, categorized by ecosystem.

Access the Dataset for the Full Index and Metadata

Media Coverage

Explore articles and mentions of the Backstabbers' Knife Collection in the media and research.

How to Access the Dataset

The Backstabbers' Knife Collection is available for research and security purposes.

Send me an email (ohm[at]cs.uni-bonn.de) from your institute's email address containing your research idea and your GitHub account name. We will only respond to inquiries from individuals with a valid email address from reputable organizations.

Contact and More Information

For questions, collaborations, or more details about the Backstabber's Knife Collection, please visit the official repository or refer to the associated research paper.

Official Repository: https://github.com/cybertier/Backstabbers-Knife-Collection

Associated Research Paper: Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks

Related Dataset (PyPI): pypi_malregistry - This dataset is described by Guo et al. in the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem" and has been integrated into the Backstabber's Knife Collection.

Citation Recommendation:
@inproceedings{ohm2020backstabber,
  title={Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks},
  author={Ohm, Marc and Plate, Henrik and Sykosch, Arnold and Meier, Michael},
  booktitle={International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment},
  year={2020},
  organization={Springer}
}