Spectra Assure Community Release Notes
This page shows only Community product updates for every release. Documentation changes are tracked separately on the docs changelog page.
2026โ
2026-01-29โ
Model Context Protocol (MCP) Registry support: MCP is an open standard for connecting AI applications to other systems. MCP Registry support in Spectra Assure Community is a meta-index that consists of packages that are already found in npm, PyPI, and NuGet, but are labeled as MCP servers. Community pages get new icons and there's a separate directory and search category for MCP servers.
AI summary for detected vulnerabilities: Community reports for packages now have a concise description of the vulnerability. This makes it easier to read, understand and act on analysis reports.
2026-01-15โ
Incident Filtering on Versions Page: Users can now filter for versions of a package which are malicious or have been removed on the Versions page.
Performance and Usability Update: Improved API performance and refreshed stats, examples, and tooltips.
2025โ
2025-12-18โ
Community User Accounts: Community visitors can quickly create an account on the website and log in using their Google or GitHub credentials. By creating an account, users immediately get access to free Community APIs today and more integrations in the coming months.
2025-11-05โ
New versions of packages are labeled: Recent supply chain attacks have challenged the assumption that new versions of popular packages are unlikely to be compromised. Moving forward, all new versions are marked as such. It is recommended that users wait until the ReversingLabs threat research team has verified new versions as safe.
Malware Page in Community: Package pages in Spectra Assure Community now have a dedicated page for detected malware. This page provides more information about the detected malware including the threat name, classification, and description.
2025-10-23โ
Website redesign: New site has improved reports, search, and directory pages which make it easier to browse and pivot among the millions of analyzed open source software packages. Verdict and key factors affecting it are readily available, package metadata and links are neatly organized, and information density has been greatly improved. Each section of the report page makes it simple to jump to the most interesting version โ whether it's the latest, or the one which had a recorded incident.
ReversingLabs Spectra Intelligence Supply Chain Security APIs: Community data can be consumed via API as part of Spectra Intelligence. This allows users to programmatically fetch information about open source packages collected for Community. Users can fetch data via a bulk search, package name, or specific package version.
2025-10-10โ
Public availability of the Community API: Spectra Assure Community API provides access to the data and features available on the secure.software website, allowing users to automate common actions, speed up their workflows, and build custom integrations.
2025-09-25โ
PowerShell Gallery support: PowerShell Gallery is the official repository for PowerShell scripts and modules, and a great resource for IT admins, SREs, and DevOps engineers. PowerShell Gallery support has been added to Spectra Assure Community, and it now provides users with access to analysis reports for over 15k modules, scripts, and resources.
2025-06-18โ
Visual Studio Code (VS Code) support: VS Code is the most popular source-code editor in the world, with capabilities that help developers manage code across multiple programming languages and environments. Those capabilities can be expanded with numerous extensions available on the VS Code Marketplace.
This update adds analysis reports for over 100k VS Code extensions, enabling the Spectra Assure Community platform to act as a resource for developers, DevOps, and IT engineers in everything they do.
2025-04-10โ
Improved package search: Most popular packages that match the searched term (either exactly or partially) will show up at the top. This makes it more likely that the desired package appears first in the search results list.
2025-02-13โ
Detect undeclared dependencies: Detect more components than were declared by the package in its manifest file. When Spectra Assure finds more components via our analysis, there will be a notice prompting the users to learn more about how Spectra Assure helps them build and ship secure software.
2025-01-30โ
Package page hierarchy improvement: Improved hierarchy on the Package page, refreshed blogs and examples.
2025-01-16โ
Export package dependencies CycloneDX: It is now possible to export dependencies as CycloneDX files by clicking a button on the Dependencies page. Incident sorting on the Overview page has also been improved to show the earliest report on top, and to correctly attribute reports.
2024โ
2024-12-12โ
Badges support: People can now easily create GitHub-like badges with assessment of packages, and embed them in their websites.
2024-09-05โ
NuGet support: NuGet is the central repository for .NET packages that simplifies the process of incorporating third-party libraries and tools into development projects. Spectra Assure Community now provides analysis reports for over 400k .NET packages.
2024-06-26โ
Spectra Assure Community launch: New Community resource vets key threats, catalogs analysis of 5 million packages across open source repositories including npm, PyPI and RubyGems; contributes findings to the OpenSSF Malicious Packages project.