This repository is a curated knowledge list. It does not publish executable application code, but security issues can still matter.
Please report:
- Malicious package links.
- Dependency confusion or typosquatting risks.
- Compromised project links.
- Links to impersonated repositories or documentation.
- Unsafe installation instructions.
- Security-sensitive corrections that should not be discussed publicly first.
Use GitHub private vulnerability reporting if it is available for this repository. If private reporting is not available, open a minimal public issue that says a security-sensitive link review is needed, without posting exploit details or unsafe links.
Do not publish personal contact information in reports, and do not disclose private tokens, credentials, or secrets.
Reports about third-party libraries should normally be sent to the maintainers of those projects. This repository can correct or remove links, labels, descriptions, and recommendations when a listed project becomes unsafe, compromised, abandoned, or misleading.