# OSS Package Search

The **OSS Package Search** page provides visibility into all packages that have been installed or used on developer machines.

This includes packages installed by human developers as well as packages installed by tools or AI coding agents.

The OSS Package Search page supports both targeted searches and incident-driven investigations.

You can:

* Search for specific packages and versions
* Filter by device, user, or time range
* Search based on known supply chain incidents, such as compromised packages or specific attack campaigns

This makes it easier to quickly identify exposure during a supply chain incident.

<figure><img src="/files/ejUwqUnf2f6kK93RuEJs" alt=""><figcaption></figcaption></figure>

### Package Locations on Developer Machines

For each package match, Dev Machine Guard shows the exact location where the package exists on the developer machine.

<figure><img src="/files/q9UltuMOZyKaCRp0WUPb" alt=""><figcaption></figcaption></figure>

This includes:

* Package manager used (for example, npm or yarn)
* Project paths where the package is installed

This information is critical for remediation, especially during active supply chain incidents.

### Remediation and Verification

Using the package location information, you can create an MDM or EDR script to remove the affected packages from developer machines.

After the package is removed, you can rescan the device and verify that the package is no longer present.

<figure><img src="/files/BGSbbXxQ6OGwSVThpXqg" alt=""><figcaption></figcaption></figure>

### Upcoming Capabilities

The following capabilities are currently in development and will be available in a future release:

* **Package allowlists** to define which packages are permitted across developer machines
* **Cooldown periods for new package versions**, preventing newly published updates from being installed until they have been evaluated


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stepsecurity.io/developer-machines/oss-package-search.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.