npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-threatdown

v0.1.1

Published

n8n community node for the ThreatDown Nebula API by Malwarebytes

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kb0ykovkb0ykov

Keywords

n8n-community-node-packagen8nthreatdownmalwarebytessecurity

Readme

n8n-nodes-threatdown

An n8n community node for the ThreatDown Nebula API by Malwarebytes.

The node appears in n8n as Threatdown (Malwarebytes) and uses OAuth2 client credentials to call ThreatDown endpoints for detections, endpoints, exclusions, jobs, policies, reports, webhooks, usage, users, and related Nebula resources.

Installation

Install this package as an n8n community node:

npm install n8n-nodes-threatdown

For self-hosted n8n, you can also install it from Settings > Community Nodes using the package name n8n-nodes-threatdown.

Credentials

Create a Threatdown (Malwarebytes) OAuth2 API credential in n8n.

Required values:

  • Client ID
  • Client Secret
  • ThreatDown Nebula Account ID

Optional values:

  • Base URL, defaulting to https://api.malwarebytes.com
  • Scope, defaulting to read write execute

The credential requests tokens from https://api.malwarebytes.com/oauth2/token using the OAuth2 client credentials grant. The Account ID is sent as the accountid header on API calls that require it.

Operations

This package exposes 181 ThreatDown Nebula API operations. The OAuth token route is intentionally handled by the credential and is not exposed as a normal node operation.

Each operation includes:

  • Resource and operation dropdowns
  • Path and query parameter fields
  • JSON body fields for endpoints that accept a body
  • n8n item linking and continue-on-fail handling

OpenAPI Source

The operation catalog was generated from the ThreatDown OpenAPI document used during development. The OpenAPI document itself is intentionally not committed to this repository.

If you need to regenerate the operation catalog, place the OpenAPI file at openapi/MalwareBytes.json locally, then run:

npm run generate:operations

The openapi/ folder is ignored by git.

Development

Install dependencies:

npm install

Run checks:

npm run lint
npm run build

Run a local n8n instance with this node loaded:

npm run dev

Publishing

This repository includes GitHub Actions workflows for CI and npm publishing with provenance, following n8n's community-node guidance for Creator Portal verification.

Before the first publish, configure one of these npm authentication paths:

  • Recommended: add a trusted publisher on npmjs.com for kboykov/n8n-nodes-threatdown with workflow filename publish.yml.
  • Fallback: add a GitHub Actions secret named NPM_TOKEN containing an npm automation token with publish access.

To release:

npm run release

The release command bumps the package version, commits, tags, and pushes. A version tag triggers the publish workflow.

Resources