Every week, our malware detection systems scan thousands of new and updated packages across public registries like npm and PyPI.
This week was especially active.
We confirmed 92 malicious packages, primarily across npm, with additional cases in PyPI. Several appeared in coordinated clusters, with repeated malicious releases published under the same names or across closely related package families. Many mimicked AI-related tools, enterprise modules, internal packages, SDKs, frontend assets, and other components commonly trusted in modern development workflows.
These were not isolated anomalies. What stood out this week was the scale of repeated publishing, the reuse of naming patterns, and the way malicious packages were disguised to look like legitimate dependencies inside real software delivery pipelines.
This weekly snapshot is part of our ongoing Malicious Code Digest, where we validate new threats and provide actionable intelligence to help DevSecOps teams protect their pipelines before damage occurs.
Let’s break down what we found this week and why it matters.
| Ecosystem | Package | Date |
|---|---|---|
| pypi | parascode:1.1.2 | Mar 27, 2026 |
| pypi | shopyo-dashboard:1.5.0 | Mar 27, 2026 |
| npm | @immuta/pxl-components:99.99.0 | Mar 27, 2026 |
| npm | @immuta/flag-providers-web:99.99.0 | Mar 27, 2026 |
| npm | @adamallana0909/apple-research-test:99.9.21 | Mar 27, 2026 |
| npm | @appleseed-apple/ac-sass-kit:100.0.2 | Mar 27, 2026 |
| npm | apple-internal-telemetry-agent:100.0.1 | Mar 27, 2026 |
| npm | corp-utils:9.9.9 | Mar 27, 2026 |
| npm | ac-dom-nodes:1.9.1 | Mar 27, 2026 |
| npm | soul-ai:1.10.4 | Mar 27, 2026 |
| npm | rtxaspnet:1.0.0 | Mar 27, 2026 |
| npm | estaspnet:1.0.0 | Mar 27, 2026 |
| npm | ac-element-engagement:3.0.1 | Mar 27, 2026 |
| pypi | pymnemonic:1.1.3 | Mar 27, 2026 |
| pypi | pymnemonic:1.2.5 | Mar 27, 2026 |
| pypi | header-spoofer:3.0.1 | Mar 27, 2026 |
| npm | ahhc:1.1.0 | Mar 27, 2026 |
| npm | ahmed_salem_ph:1.0.4 | Mar 27, 2026 |
| npm | @cdktf-constructs/azure-resourcegroup:2.3.0 | Mar 27, 2026 |
| npm | @promptions/promptions-ui:1.3.0 | Mar 27, 2026 |
| npm | @promptions/promptions-image:1.3.0 | Mar 27, 2026 |
| npm | @promptions/promptions-llm:1.3.0 | Mar 27, 2026 |
| npm | @promptions/promptions-chat:1.3.0 | Mar 27, 2026 |
| npm | local-rules:2.0.0 | Mar 27, 2026 |
| npm | whatfix-icons:7.0.0 | Mar 28, 2026 |
| npm | navi-design-system:7.0.0 | Mar 27, 2026 |
| npm | declarative-tracker:9999.0.0 | Mar 28, 2026 |
| npm | navi-design-system:99.1.0 | Mar 27, 2026 |
| npm | folio-data-utils:1.0.0 | Mar 27, 2026 |
| npm | xpna-context:1.0.0 | Mar 27, 2026 |
| npm | react-appfabric-shell:0.6.1 | Mar 28, 2026 |
| npm | promethios-bridge:1.7.0 | Mar 28, 2026 |
| npm | promethios-bridge:1.7.5 | Mar 28, 2026 |
| npm | autoshipment-public-front:99.99.0 | Mar 31, 2026 |
| npm | promethios-bridge:1.7.7 | Mar 30, 2026 |
| npm | promethios-bridge:1.7.9 | Mar 30, 2026 |
| npm | promethios-bridge:1.8.0 | Mar 30, 2026 |
| npm | daytona-test-npm:1.0.0 | Mar 30, 2026 |
| npm | spr-i18n-labels:1.0.4 | Mar 30, 2026 |
| npm | package-with-import-assertions:99.0.0 | Mar 30, 2026 |
| npm | separadordeinfo:1.0.0 | Mar 30, 2026 |
| npm | spr-i18n-labels:1.0.5 | Mar 29, 2026 |
| npm | sn3akysnak3-test:1.0.0 | Mar 29, 2026 |
| npm | sn3akysnak3-test:1.0.1 | Mar 29, 2026 |
| npm | dial-app-version:9999.0.0 | Mar 29, 2026 |
| npm | bizsignupnodeweb:99.10.9 | Mar 29, 2026 |
| npm | bizsignupnodeweb:99.11.9 | Mar 29, 2026 |
| npm | sn3akysnak3-test:1.0.2 | Mar 29, 2026 |
| npm | dial-app-version:9999.0.1 | Mar 29, 2026 |
| npm | dial-app-version:9999.0.3 | Mar 29, 2026 |
| npm | cardreadermgmtserv:99.13.9 | Mar 29, 2026 |
| npm | business-data:99.13.9 | Mar 29, 2026 |
| npm | f0-state-manager:99.13.9 | Mar 29, 2026 |
| npm | nemo-datadrive:99.13.9 | Mar 29, 2026 |
| npm | merchservicingnodeserv:99.13.9 | Mar 29, 2026 |
| npm | idaasfinancialnodeserv:99.13.9 | Mar 29, 2026 |
| npm | f0-fpti-tracking:99.13.9 | Mar 29, 2026 |
| npm | f0-email-verification:99.13.9 | Mar 29, 2026 |
| npm | country-specialization:99.13.9 | Mar 29, 2026 |
| npm | promethios-bridge:2.0.1 | Mar 29, 2026 |
| npm | promethios-bridge:2.1.2 | Mar 29, 2026 |
| npm | promethios-bridge:2.1.5 | Mar 29, 2026 |
| npm | promethios-bridge:2.1.7 | Mar 29, 2026 |
| npm | promethios-bridge:2.1.8 | Mar 30, 2026 |
| npm | bos-decoration-elements:9.0.0 | Mar 30, 2026 |
| npm | promethios-bridge:2.2.0 | Mar 30, 2026 |
| npm | earthengine-api:9.0.0 | Mar 30, 2026 |
| npm | characterai-poc:1.0.0 | Mar 31, 2026 |
| npm | @thiagoemmanuell/unhandledrejection:1.0.0 | Mar 31, 2026 |
| npm | envseed:0.3.14 | Mar 31, 2026 |
| npm | rosud-call:2.4.7 | Mar 31, 2026 |
| npm | envseed:0.3.18 | Mar 31, 2026 |
| npm | insomnia-api:99.0.0 | Mar 31, 2026 |
| npm | moltbook-api-helper:1.0.0 | Apr 02, 2026 |
| npm | moltbook-health:1.0.11 | Apr 01, 2026 |
| npm | moltbook-health:1.0.13 | Apr 01, 2026 |
| npm | strapi-plugin-finseven:3.6.8 | Apr 01, 2026 |
| npm | romi-bot:0.1.4 | Apr 01, 2026 |
| npm | heibai:2.1.88-claude.hk-4 | Apr 01, 2026 |
| npm | nodecheck-health:1.0.0 | Apr 02, 2026 |
| npm | moltbook-health:1.0.15 | Apr 02, 2026 |
| npm | moltbook-health:1.0.16 | Apr 02, 2026 |
| npm | ripio-fn:99.0.0 | Apr 02, 2026 |
| npm | super-useful-omega-package-123:0.2.2 | Apr 02, 2026 |
| pypi | ether-account:0.13.7 | Apr 02, 2026 |
| npm | @aspect-security/argon2:1.0.1 | Apr 02, 2026 |
| npm | bytefrontier-tracker:99.0.0 | Apr 02, 2026 |
| npm | bytefrontier-partner:99.0.0 | Apr 02, 2026 |
| npm | partner-tracker:99.0.0 | Apr 02, 2026 |
| npm | vv-ftend-core:99.0.0 | Apr 02, 2026 |
| npm | vv-ftend-api:99.0.0 | Apr 02, 2026 |
| npm | chatbotloader:9999.1.0 | Apr 02, 2026 |
Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code
Minimize risks and protect your applications from malicious packages with Xygeni Early Malware Detection. Prioritize and address the vulnerabilities that matter most. Our comprehensive solution offers real-time monitoring of your dependencies to detect and mitigate threats before they impact your software.
Managing open-source components in the current software development landscape is crucial due to the rising vulnerabilities and malicious code threats. Xygeni’s Open Source Security solution scans and blocks harmful packages upon publication, dramatically minimizing the risk of malware and vulnerabilities infiltrating your systems. Our comprehensive monitoring spans multiple public registries, ensuring all dependencies are scrutinized for safety and integrity. Xygeni enhances your team’s ability to maintain secure and reliable software projects by contextually prioritizing critical issues and facilitating streamlined remediation processes.
Xygeni uses multi-layered techniques to stop malicious code before it spreads. First of all, static code analysis detects obfuscation patterns, hidden payloads, and script abuse. In addition, behavioral sandboxing analyzes install hooks, runtime commands, and persistence tricks. Moreover, machine learning detection identifies zero-day npm malware and pypi malware variants missed by signature scanners. Finally, the Early Warning System monitors public repositories in real time, validates findings, and alerts DevOps teams immediately.
As a result, this combination ensures developers receive fast, actionable intelligence integrated directly into CI/CD workflows.
Why Developers Should Care About Malicious npm Packages
Modern threats rarely wait for runtime. For example, malicious npm packages often execute during installation, while pypi malicious packages hide token exfiltration or backdoors. Attackers:
- Flip private GitHub repos to public to replicate them.
- Exfiltrate credentials and secrets using encoded payloads.
- Use obfuscated JavaScript loaders to deploy ransomware or botnets.
In fact, malicious open-source packages surged 156% in one year. Therefore, teams that rely only on delayed feeds or basic scanners fall behind.
What This Malware Report Tracks in npm and PyPI
This digest is the central hub for:
- Confirmed malicious npm packages
- Confirmed pypi malicious packages
- Behavior-based detections of malicious code
- Registry-confirmed incidents
- Weekly and monthly malware report summaries
- Historical changelog of all npm malware and pypi malware findings
In other words, it provides a single point of reference. The research team at Xygeni updates this page weekly with links to full technical analyses and GitHub IOCs.
How to Protect Against Malicious npm Packages and PyPI Malware
Because of this growing risk, organizations need strong defenses:
- Enforce lockfile-only installs (
npm ci) in CI/CD. - Additionally, scan dependencies pre-install with Xygeni’s Early Warning Engine.
- Furthermore, block builds on malicious code signals using Guardrails.
- Generate SBOMs to trace indirect dependencies and apply policies.
- Above all, train developers to detect typosquatting, obfuscation, and suspicious install scripts.
Try Xygeni’s Malware Detection Tools
Xygeni delivers:
- Real-time detection of malicious code, including backdoors, spyware, and ransomware.
- In contrast to basic scanners, analysis across npm, PyPI, Maven, NuGet, RubyGems, and more.
- Automatic build blocking when the malware report identifies risk.
- Exploitability insights, maintainer reputation checks, and anomaly detection.
