Your Pipeline Can Now Block 225,000 Malicious Packages. Here's That — and Every Other Way We Plug Into Your Stack.

For months we have indexed every malicious npm and PyPI package OSV publishes — about 225,000 of them, exact named packages, not heuristics. You could search them. You could correlate them. What you could not do was stop one from landing in your build. As of this morning, you can.

The new endpoint is /api/v1/stix-feed/packages.csv (and .json). It is the malicious-package corpus as a deny-list your build pipeline can actually enforce. Point a CI step at https://analytics.dugganusa.com/api/v1/stix-feed/packages.csv?ecosystem=npm, diff the names and versions against your lockfile, and exit non-zero on a match. Add ?ecosystem=pypi for Python, drop the parameter for both. That is the whole integration: pull, compare, fail the build. It is the package equivalent of a firewall blocklist, for the one attack surface — your dependency tree — that most pipelines still install on trust.

That closes a gap we had been honest about: great intelligence trapped in an index protects no one. So this is a good moment to lay out the whole map — every layer of your stack we already plug into, because the strategy has always been the same. We curate one threat-intelligence source, and you consume it wherever you defend.

The network edge

/api/v1/stix-feed/ips.csv is a malicious-IP blocklist built for firewalls and IDS. It drops straight into OPNsense, pfSense, and Suricata — we see those user agents pulling it daily — and into any firewall that ingests an IP list. /api/v1/stix-feed/domains.csv and /api/v1/stix-feed/urls.csv do the same for DNS sinkholes and web filters. /api/v1/stix-feed/hashes.csv feeds endpoint and malware-detection tooling.

The SIEM

We speak STIX 2.1 natively. /api/v1/stix-feed/v2 is the full graph bundle; /api/v1/stix-feed/taxii2 is TAXII 2.1 discovery for platforms that prefer to subscribe. For Splunk Enterprise Security, /api/v1/stix-feed?format=splunk emits observed-data objects ES understands. And for the Elastic crowd, the open-source dugganusa-elastic repo ships a Filebeat config and a Kibana dashboard that ingest the feed into Elasticsearch or OpenSearch — clone it, point it at your key, done.

The CDN edge

dugganusa-edge-shield is a Cloudflare Worker you deploy in about thirty seconds. It pulls our feed at the edge and blocks malicious IPs, detects origin-recon and scanner traffic, and tags requests before they ever reach your origin. It is the same primitive that protects our own properties, packaged for yours.

The build pipeline

The new one. /api/v1/stix-feed/packages.csv and .json — the 225,000-package deny-list, filterable by ecosystem and confidence, for CI/CD, pre-install hooks, and Renovate-style dependency gates. This is where the supply-chain attacks of 2026 actually land — Shai-Hulud, Miasma, the typosquats, the wallet-stealers, the poisoned MCP packages — and now your pipeline can refuse them by name.

The AI-agent layer

This is the surface almost nobody else covers, and it is our home turf. The Jeevesus MCP server gives your AI agents read access to the corpus directly — search across 17 million indexed documents and enrich-ioc on any indicator, as tools the agent can call mid-task. And dredd-mcp is a pre-flight check that sits in front of MCP-server invocations: it blocks calls against known-compromised dependencies, flags tool-surface drift and remote-URL hijacks, and returns HMAC-signed verdicts. As agents start installing and calling tools autonomously, that is the dependency firewall for the agent itself.

The application origin

host-shield is the middleware primitive that rejects off-allowlist Host headers, defeating the origin-FQDN bypass class (CF-Hero and friends) where an attacker finds your real backend hostname and connects around your edge defenses entirely. It is Express today and ports trivially to Fastify, Go, or FastAPI — the pattern is a first-in-chain Host check, not a product you have to buy.

And the raw API

If you would rather build your own integration, the search APIs are the foundation everything above is built on: /api/v1/search across all indexes, /api/v1/search/correlate to cross-reference an indicator against blocks and pulses and actor profiles at once, and /api/v1/threat-intel/enrichment to enrich a single IP on demand.

What it adds up to

One curated source, consumed at every layer you defend: the network edge, DNS, the SIEM, the CDN, the build pipeline, the AI-agent layer, and the application origin. Behind all of it, as of today: about 1.44 million indicators of compromise, 225,000 named-malicious packages, 1,621 CISA known-exploited vulnerabilities mirrored, 386 mapped threat actors, and roughly 17,000 community pulses — refreshed continuously, published in the formats your tools already read.

Authentication is one free API key, sent as a Bearer header, across all of it. No per-integration setup, no separate contracts per layer — the same key works at the firewall, the SIEM, the pipeline, and the agent.

We will not tell you this catches everything. Nothing does, and anyone who says otherwise is selling you the 5% they are about to miss. What we will tell you is that the intelligence is real, it is current, and it now reaches the one place it could not reach yesterday — the build that pulls in your dependencies. The door we just put a bouncer on is the one most teams forgot was open.

The threat feed this post is built on

1.14M+ IOCs, STIX 2.1, precursor signals, supply-chain detection. Free API key in 30 seconds.

Get your free key → analytics.dugganusa.com/stix/register