# OSS Package Security OSS Package Security helps organizations safeguard the integrity of their software supply chain by monitoring both threats and artifacts in real time. It provides visibility into external supply chain compromises as well as continuous validation of your own published software. OSS Package Security includes four key features: * Threat Center – Central hub for tracking supply chain compromises detected across open-source ecosystems. View active incidents, investigate details, and apply remediation steps directly within StepSecurity. * Artifact Monitor – Continuous compliance monitoring for your own artifacts (e.g., npm packages). Detects unauthorized or rogue releases, verifies provenance against approved CI/CD pipelines, and alerts your team immediately. * OSS Package Search- Search across your organization or tenant to identify where specific npm/pypi packages were added in pull requests, branches and developer machines. Quickly assess exposure to compromised or vulnerable dependencies and take targeted remediation actions. * OSS Security Feed- The OSS Security Feed is an open intelligence resource that tracks compromised or suspicious npm package releases and maintainers in a single, searchable interface. It gives developers and security teams a real-time view of malicious packages before those packages reach their pipelines or developer machines. Together, these tools enable security teams to: * Detect compromises in third-party dependencies before they spread * Ensure internal artifacts are published only from trusted pipelines * Receive instant alerts via Slack, email, S3, and webhooks * Automate response workflows through SIEM and SOC integrations --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/oss-package-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.