Vipyr Security

Who Are We?

A community of open source software enthusiasts trying to improve and ensure the supply chain security of various packaging ecosystems and software sources.

Not For Profit

We don't have a product to sell, our costs are fixed and reasonably low. If you want to help with our projects, we simply ask that you get involved and program with security in mind!

Community First

We value each of our contributors. We offer an environment to co-develop and host cybersecurity applications to streamline the implementation of new security concepts.

By Everyone, For Everyone

We continually make a deliberate and meaningful effort to share threat information responsibly, to ensure that security analysts and detection engineers are equipped to update threat models, without hoarding proprietary data.


Frequently Asked Questions

How did Vipyr Security start?

In March 2023, a surge of malware was noted on PyPI. We began combing recently added and uploaded packages by hand. The amount of data and triaging requirements necessitated a full SOC be stood up. We occupied a space out of a passion for securing the community and eliminating malware.

How can you operate without a product to sell?

Security is and will continue to be relevant to everyone, developer and end-user alike. We aim to provide the same level of quality and support that you can expect through standard open source software, all with the goal of maintaining a more secure supply chain.

How can I get involved?

Our repositories are open source and our Discord is available for everyone to join and engage in. We want communication with the community to be open and free, and encourage anyone with an idea that might improve the software supply chain to reach out to us.

What are your plans for the future?

Our method of operation is simple, eliminate malware. Whether that be in a different package ecosystem, or every packaging ecosystem, we're continually looking for new ways to provide a more secure open source ecosystem for all users.