Malicious Packages
Trusty integrates with osv.dev, a distributed vulnerability database for Open Source, to consume information about malicious packages. The OSV database consumes information from different databases and centralizes the information, publishing that in OpenSSF OSV format. From Trusty we are consuming this information hourly to provide updated information about all the malicious packages for all the different ecosystems.
When a package is malicious, the related information about the type of attack is shown, as well as a link to the original osv.dev report, so users can check all the possible information and take an informed decision.