Sending a POST Request for Malicious Package Identification

Note

In order to use this service you must obtain an MPIAPI license from your Sales Rep.

Method

POST

URL

https://api.scs.checkmarx.com/v4/packages

Network Requirements

Make sure that your firewall allows access to the following URL and port for making REST API calls over HTTPS.

Host: https://api.scs.checkmarx.com/v4/packages
Port: 443

Authentication

Authentication is done using an access token. You can obtain the required token from your Sales Rep.

Rate Limit

Maximum 1000 items in a single request
Maximum 100 concurrent requests in a window of one minute

Request Parameters

The POST method must be submitted with an authentication header and with the following body parameters.

Parameter	Mandatory	Type	Enum	Description
name	yes	string	N/A	The name of the package. Tip For Java packages, the package name is formed by combining the "group Id" and the "artifact Id", see example below.
type	yes	string	rubygems mvn npm pypi pub go packagist nuget swift	The type of package, see enum.
version	yes	string	N/A	The version of the package. Tip You can submit "latest" for the most recent version.

Body Parameters Sample

[
  {
    "name": "package-name-1",
    "type": "npm",
    "version": "1.0.0"
  }
]

cURL Sample

curl --location 'https://api.scs.checkmarx.com/v4/packages' \--header 'Authorization: token <Your_Token> \--header 'Content-Type: text/plain' \--data '[{"name": "ambar","type": "npm","version": "11.1.0"}]'TBD

Success Response

The success response returns an array with the following info for each package that you submitted. For packages with no know issues, the Risks section is empty. For packages for which risks were identified, info about the risk is given.

Parameter	Type	Description
name	string	The name of the package.
type	string	The type of package. See enum in request parameters table.
version	string	The version of the package.
ioc	array	Returns a list of "indicators of compromise" (optional, array of strings).
status		The status of our research team's analysis of the package. Possible statuses are: PENDING - package is being analyzed and manually vetted by our research team SCANNED - package analysis has been completed NOT_FOUND - package was not found in our database
publish_date	string	Date this version of the package was published. Example: `2025-11-24T04:10:28Z`
risks[]	array	For packages with an identified SCS risk, this field contains details about the risk, as described below. For packages for which no risks have been identified this field is empty.
risks/id	string	A unique identifier assigned by Checkmarx to this risk.
risks/title	string	The title of the risk.
risks/description	string	A detailed description of the risk.
risks/score	integer	A score indicating the severity of the risk, from 0 (low) to 10 (high).
risks/remediation	object	Suggested remediation steps.
risks/remediation/type	string	Type of remediation step to implement.
risks/remediation/value	object	Specific remediation instructions.

Response Example

[
  {
    "type": "npm",
    "name": "@actbase/react-native-actionsheet",
    "status": "SCANNED",
    "version": "1.0.3",
    "ioc": [
      "4d6b9efc22ec229be58b90c7991c02dd",
      "6914d930998108adfc93b7fe1aa3e64e",
      "github/workflows/discussion.yaml",
      "github/workflows/formatter_123456789.yml"
    ],
    "publish_date": "2025-11-24T04:10:28Z",
    "risks": [
      {
        "id": "2cb52206fb619c75ede1c8af0e256588dcb004e8",
        "title": "Malicious Package",
        "score": 10,
        "description": "This package was manually inspected by a security researcher and flagged as malicious...",
        "remediation": {
          "type": "use_alternative_version",
          "value": {
            "alternative_version": "1.0.2"
          }
        }
      },
      {
        "id": "876c047baa07661d5c0a9757cb5b1796f3ebce70",
        "title": "Data Exfiltration",
        "score": 6,
        "description": "This package exfiltrates computer and operating system information...",
        "remediation": {
          "type": "use_alternative_version",
          "value": {
            "alternative_version": "1.0.2"
          }
        }
      },
      {
        "id": "b28da519bd4dc2371313e5edba5d81d1cfc92d4f",
        "title": "Harmful File Download",
        "score": 9,
        "description": "This package downloads a harmful file...",
        "remediation": {
          "type": "use_alternative_version",
          "value": {
            "alternative_version": "1.0.2"
          }
        }
      },
      {
        "id": "cc0dfbf04ef97b96d538f62f2a5f49c82998459e",
        "title": "Data Exfiltration",
        "score": 8,
        "description": "This package exfiltrates sensitive data to a remote location...",
        "remediation": {
          "type": "use_alternative_version",
          "value": {
            "alternative_version": "1.0.2"
          }
        }
      },
      {
        "id": "shai_hulud_2",
        "title": "Shai-Hulud 2.0 Campaign Malicious Package",
        "score": 10,
        "description": "This package is part of the Shai-Hulud 2.0 campaign...",
        "remediation": {
          "type": "use_alternative_version",
          "value": {
            "alternative_version": "1.0.2"
          }
        }
      }
    ]
  },
  {
    "type": "pypi",
    "name": "requests",
    "status": "SCANNED",
    "version": "2.33.1",
    "ioc": [],
    "publish_date": "2026-03-30T16:09:13Z",
    "risks": []
  },
  {
    "type": "pypi",
    "name": "non_existed_package123",
    "status": "NOT_FOUND",
    "version": "2.33.1",
    "ioc": [],
    "publish_date": null,
    "risks": []
  }
]

In this section: