Your Packaging Ecosystem
Malware Free

Vipyr Hero Image
Our Goal: A safer supply chain and a more resilient open source ecosystem.


How does Vipyr Security protect you?

Here are a few reasons we think we stand out from the crowd.

1000+ Positive Detections

A structured incident response pipeline triaging and analyzing potential malware with an average takedown of 10 minutes or less.

Open Source Development

End user configurable, language agnostic design can be extended to scan and triage any type of file, and scaled to fit any workload.

All Volunteer Team

Maintained by a dedicated team of open source security enthusiasts rapidly adapting to tomorrow's cyber threat landscape.

24/7 Packaging Ecosystem Scanning

Utilizing cloud-native application development and cutting-edge monitoring to maintain constant vigilance over the open source supply chain.


Packages Scanned


Package Takedowns


Detection Signatures




Supply Chain Security


A scalable suite of detection applications and automated triaging for analysis results.

Dragonfly - Client

A dockerized malware scanner written in Rust to safely perform static analysis on files using VirusTotal YARA rules.

Dragonfly - Server

A FastAPI-based command and control server performing data aggregation and file distribution functions for use with the client scanning application.

Dragonfly - Bot

A Discord front end to allow for community triaging and analysis of potentially malicious files detected by the Dragonfly framework.

Catch up with our latest research!

View all posts »

Want to know what threats are affecting the software supply chain? Check out some of the articles by our team of malware analysts and engineers.

The Dependency Dilemma

Examining the cascading effect of software supply chain compromises and their mitigation strategies.

Nuisance Malware

Discussing a persistent threat actor group utilizing automated malware pipelines to productionize malware uploads.