OSV Watch

A modern web application for tracking and monitoring open source vulnerabilities (CVE, GHSA, and more) built with Next.js 16. Stay informed about security vulnerabilities affecting your dependencies and open source projects.

Overview

OSV Watch provides a comprehensive interface for discovering, tracking, and monitoring security vulnerabilities in open source software. The application helps developers, security teams, and organizations stay up-to-date with the latest vulnerability information from various sources including:

• CVE (Common Vulnerabilities and Exposures)
• GHSA (GitHub Security Advisories)
• OSV (Open Source Vulnerabilities) database
• And other vulnerability databases

Features

• 🔍 Search Vulnerabilities - Search for vulnerabilities by package name, CVE ID, or description
• 📊 Vulnerability Details - View comprehensive information about each vulnerability
• 📦 Package Monitoring - Track vulnerabilities for specific packages or dependencies
• 📱 Responsive Design - Works seamlessly on desktop and mobile devices

Supported Ecosystems

OSV Watch supports 38+ ecosystems for vulnerability scanning, including:

• Package Managers: npm, PyPI, Maven, Go, NuGet, RubyGems, Cargo, Packagist, Pub, Hex, Hackage, CRAN, Julia, GHC
• Linux Distributions: Debian, Ubuntu, Alpine, Red Hat, SUSE, openSUSE, Rocky Linux, AlmaLinux, Mageia, openEuler, MinimOS, Wolfi
• Container Images: Chainguard, Bitnami, BellSoft Hardened Containers, Alpaquita
• Other: Android, Linux, GIT, GitHub Actions, OSS-Fuzz, SwiftURL, VSCode, Echo

Prerequisites

Before you begin, ensure you have the following installed on your machine:

• Node.js 20.9+ (LTS version recommended)
• npm or yarn
• TypeScript 5+ (included as dependency)

Browser Support

• Chrome 111+
• Edge 111+
• Firefox 111+
• Safari 16.4+

Installation

1. Clone the repository

git clone <repository-url>
cd "OSV Watch"

2. Install dependencies

npm install

3. Run the development server

npm run dev

Open http://localhost:3000 with your browser to see the application.

Available Scripts

• npm run dev - Starts the development server on http://localhost:3000
• npm run build - Builds the app for production
• npm run start - Starts the production server (run after npm run build)
• npm run lint - Runs the linter (Biome) to check for code issues
• npm run format - Formats the code using Biome

Tech Stack

• Framework: Next.js 16, utilizing the latest cache components for improved performance
• React: 19.2+
• React Compiler: 1.0
• Language: TypeScript 5+
• Styling: Tailwind CSS 4
• Linting & Formatting: Biome 2+
• Package Manager: npm

Usage

Development

1. Start the development server:

   npm run dev

2. Open your browser and navigate to http://localhost:3000

3. Start building your vulnerability tracking features!

Production

1. Build the application:

   npm run build

2. Start the production server:

   npm run start

License

This project is licensed under the MIT License - see the LICENSE file for details.

Resources

• OSV Database
• CVE Database
• GitHub Security Advisories