> For the complete documentation index, see [llms.txt](https://docs.stepsecurity.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.stepsecurity.io/developer-machines/packages/oss-package-search.md).

# OSS Package Search

The **OSS Package Search** page provides visibility into all packages that have been installed or used on developer machines.

This includes packages installed by human developers as well as packages installed by tools or AI coding agents.

The OSS Package Search page supports both targeted searches and incident-driven investigations.

You can:

* Search for specific packages and versions
* Filter by device, user, or time range
* Search based on known supply chain incidents, such as compromised packages or specific attack campaigns

This makes it easier to quickly identify exposure during a supply chain incident.

<figure><img src="/files/ejUwqUnf2f6kK93RuEJs" alt=""><figcaption></figcaption></figure>

### Package Locations on Developer Machines

For each package match, Dev Machine Guard shows the exact location where the package exists on the developer machine.

<figure><img src="/files/q9UltuMOZyKaCRp0WUPb" alt=""><figcaption></figcaption></figure>

This includes:

* Package manager used (for example, npm or yarn)
* Project paths where the package is installed

This information is critical for remediation, especially during active supply chain incidents.

### Remediation and Verification

Using the package location information, you can create an MDM or EDR script to remove the affected packages from developer machines.

After the package is removed, you can rescan the device and verify that the package is no longer present.

<figure><img src="/files/BGSbbXxQ6OGwSVThpXqg" alt=""><figcaption></figcaption></figure>

### Upcoming Capabilities

The following capabilities are currently in development and will be available in a future release:

* **Package allowlists** to define which packages are permitted across developer machines
* **Cooldown periods for new package versions**, preventing newly published updates from being installed until they have been evaluated


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.stepsecurity.io/developer-machines/packages/oss-package-search.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
