Dragonfly is the operational tooling layer behind the research and response work.
Dragonfly spans release intake, job distribution, compute-node scanning, reporting services, and operator review workflows. The surrounding repos fit together as one response system for package ecosystem abuse.
A distributed computing approach to package ecosystem threat detection.
Each Dragonfly component supports one stage of the workflow, but the value comes from how release intake, scanning, reporting, and operator review connect.
Dragonfly Server
Mainframe service that coordinates workload flow, accepts analysis results, and backs package lookup, queue, and reporting flows used by operators.
Dragonfly Client
Rust compute node that authenticates, retrieves rule content, downloads package distributions, scans package files, and sends structured results back upstream.
Dragonfly Bot
Discord interface that keeps community-assisted triage close to the operating workflow instead of separating collaboration from action.
Dragonfly Loader
Automated job that reads new PyPI release activity from RSS and loads those releases into the mainframe for downstream scanning.
Dragonfly Reporter
Reporting microservice used to submit malicious package reports back to PyPI once review has been completed.
Additional tools support adjacent parts of the workflow.
Vipyr also maintains tooling for package triage sandboxes and public intelligence work, while Dragonfly remains the core operating system for package response.
Vipyrsec-Deobfuscator
Public deobfuscation tooling used to support malware analysis work around protected or packed Python samples encountered during investigations.
Snakehook Runner
Public Python package triage sandbox with constrained execution and webhook reporting for focused package review.