Spectra Assure® Community for Developers

Build SAFE with Secure Open-Source Software

The Largest Resource of Comprehensive Risk Assessments on Open Source. Totally Free.

CommunityFind the Safest Dependencies for Your App BlogVet Your NuGet Packages Right Here Press ReleaseRL Launches Spectra Assure® Community

Build Fast. Build Safe.

Attacks on public open-source repositories are now as pervasive as developers' use of open-source dependencies. Spectra Assure® Community monitors over six million open-source packages to identify malware, code tampering, and indicators of software supply chain attacks. It provides a free risk assessment for open-source components from the most popular package repositories such as npm, NuGet, PyPi, and RubyGems, so you can be sure the open-source packages in your applications are free from malicious code and supply chain attacks.

RL icon sorting and ranking safety of open-source softwares

The Largest Repository of OSS Risk Assessments

To build the safest applications, you need the safest building blocks. This is why Spectra Assure Community provides free access to risk assessments for more than six million code packages from open-source repositories including npm, PyPI, RubyGems, and NuGet. We also acknowledge that not everyone uses the latest package versions. To address this, we retain assessments of each version of each package in the repository.

6 million in gradient text over black cubes

The Most Complete Risk Assessments

Spectra Assure Community checks for malicious code, code tampering, suspicious behaviors, known vulnerabilities, license compliance issues, exposed secrets, and overall package health. Thorough assessments are more important than ever as developers have become a prime target for criminal and nation state sponsored actors.

RL icon shooting out paths to text blocks saying software, tampering, vulnerabilities, hardening, secrets, licensing

Build Fast Without Compromising Safety

With instant access and easy search capabilities, you can rapidly curate open-source with confidence. Quick and easy to understand risk assessment via web app that ensures consistent security without slowing down development. The Spectra Assure SAFE Report is presented in a normalized format for the selected package, allowing users to make a simple comparison and fast decision.

Spectra Assure Community Is Free. Really, Free.

ReversingLabs loves Open-Source Software. See for yourself at secure.software with no cost, no account, and no email. Spectra Assure Community is completely free to use via web app. Just like any search engine, enter the open-source package you’d like a risk assessment for into the search bar and the results are instantaneous.

Dedicated Threat Research

ReversingLabs provides community insights from our team of dedicated threat researchers. From insight into malicious activity in the VSCode marketplace to compromised ultralytics PyPI packages, our mission is to keep the community forewarned and forearmed of novel supply chain attacks. Additionally, Spectra Assure helps with removing malicious code from package repositories, and we contribute to the Linux Foundations OSSF Malicious Packages Database.