Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
vt-graph-api
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.0.1
- Maintainers
- 2
VirusTotal Graph API
VirusTotal Graph API allows you programatically interact with VirusTotal dataset.
Installing the API
Install VirusTotal Graph Python API.
git clone https://github.com/VirusTotal/vt_graph_api
cd vt_graph_api
pip install . --user
Verifying the installation
>>> import vt_graph_api
>>> vt_graph_api.__version__
X.X.X
Documentation
For more information about how to use vt_graph_api visit the documentation page.
You may also want to take a look at some of our example scripts, which besides doing useful work for you can be used as a guidance on how to use vt_graph_api.
In addition, you can find the documentation for the VirusTotal Graph REST API at the API reference
Test it!
Use tox to test:
>>> tox
Changelog
V2.2.0
- Support for loading Graphs with special relationships (Groups, Intelligence, Livehunt, Retrohunt, Commonalities).
- New method for creating groups of nodes.
V2.1.0
- Support for setting Graph representation.
V2.0.0
- Removed
carbonblack_childrenandcarbonblack_parentrelationships in File entity. - Create a Collection from a Graph.
- Added new entity types:
- collection
- reference
- whois
- ssl_cert
- Added new relationships:
- Files: dropped_files, collections, email_attachments, itw_ips, overlay_children, pe_resource_children, references, urls_for_embedded_js
- Domains: historical_ssl_certificates, historical_whois, caa_records, cname_records, mx_records, ns_records, soa_records, collections, references.
- IP Addresses: historical_ssl_certificates, historical_whois, collections, references.
- Urls: contacted_domains, contacted_ips, redirects_to, urls_related_by_tracker_id, communicating_files, referrer_files, embedded_js_files, collections, references
- Collections: files, domains, ip_addresses, urls, references.
- Whois: network_location.
V1.1.3
- Bug fixing.
V1.1.2
- Bug fixing.
V1.1.1
- Bug fixing.
- Fixing documentation.
V1.1.0
- Added download graph screenshot from VirusTotal.
V1.0.1
- Fixing documentation.
V1.0.0
- Added autosearch algorithm to find links between graph's nodes.
- Accept MD5 and SHA1 as valid ID for nodes with file type.
- Added VTIntelligence search for nodes without any information.
- Accept custom node types.
- Added load graph from VirusTotal.
- Added clone graph from VirusTotal.
FAQs
The official Python client library for VirusTotal Graph API
We found that vt-graph-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025