Welcome to the latest edition of the Xygeni Malicious Code Digest (Monthly Edition). Once again, our security team analyzed real package telemetry across public registries to identify what traditional scanners often overlook: malicious code designed to blend into trusted developer workflows.
Over the past few weeks, we confirmed more than 260 malicious packages, primarily across npm, with additional cases affecting PyPI, VS Code, OpenVSX, and Composer. However, this month was not only about volume.
Our research team conducted in-depth analysis into high-impact threats, including:
Recurring malware waves built around fake internal tooling, AI-themed packages, payment and checkout modules, analytics clients, frontend components, developer utilities, Kubernetes and cloud tooling, VS Code and OpenVSX extensions, and repeated version bursts under the same package families.
Coordinated malicious publishing clusters abusing trusted brand-like naming patterns, enterprise-facing package names, UI foundations, web SDKs, component explorers, and internal-style namespaces designed to blend into real software delivery pipelines.
These were not simple typosquatting attempts. They involved credential abuse patterns, supply chain manipulation, repeated namespace abuse, and malicious publishing waves designed to impact real CI/CD pipelines and production environments.
Beyond these investigations, recent waves continued to show automation-driven publishing, aggressive version inflation, internal-tool impersonation patterns, and package clustering across related names, alongside classic tactics such as typosquatting, dependency confusion, and data exfiltration. The objective remains consistent: bypass trust heuristics and quietly compromise developer systems before detection.
This monthly update is part of our ongoing malware report, where we publish validated findings, confirm emerging threats, and provide actionable intelligence to help DevSecOps teams stay ahead of supply chain risk.
For full context across every malicious package analyzed this month, explore the complete Malicious Code Digest.
Week 4: Over 100 Packages Discovered
| Ecosystem | Package | Date |
|---|---|---|
| npm | pa-marked:99.1.10 | Apr 27, 2026 |
| pypi | moonbit-locale-compat:0.2.3 | Apr 27, 2026 |
| npm | @alfa.life.mapp/app.web:99.0.13 | Apr 27, 2026 |
| npm | @sbt_gitverse/analytics-client:99.0.1 | Apr 27, 2026 |
| npm | @frengki0707/google-cloud-clone:1.33.1 | Apr 27, 2026 |
| npm | @alfa.life.mapp/app.web:99.0.14 | Apr 27, 2026 |
| npm | @tochka-ui/foundation:99.0.2 | Apr 27, 2026 |
| openvsx | arcane-spark/ubel:0.1.0 | Apr 28, 2026 |
| npm | @2011-08-19/n:99.9.9 | Apr 28, 2026 |
| npm | @frengki0707/google-cloud-clone:1.38.0 | Apr 27, 2026 |
Week 3: Over 45 Packages Discovered
| Ecosystem | Package | Date |
|---|---|---|
| npm | sn3akysnak3-test:1.1.1 | Apr 17, 2026 |
| npm | node-red-contrib-yolo-object-detection:9.1.11 | Apr 17, 2026 |
| npm | node-red-contrib-yolo-object-detection:9.1.12 | Apr 17, 2026 |
| vscode | ptah-coding-orchestra:0.2.18 | Apr 17, 2026 |
| pypi | deathstar-ai:0.19.9 | Apr 17, 2026 |
| npm | wazir-xlocaletstnpm:9.9.2 | Apr 20, 2026 |
| pypi | notrandompacketname:0.1.12 | Apr 20, 2026 |
| npm | pocbitbarrontest:1.0.0 | Apr 20, 2026 |
| npm | ac-sasskit-internal:100.0.12 | Apr 21, 2026 |
| npm | sy-editor-v3:8.0.0 | Apr 19, 2026 |
Week 2: Over 50 Packages Discovered
| Ecosystem | Package | Date |
|---|---|---|
| npm | admin0911:1.0.23 | Apr 14, 2026 |
| npm | admin0911:1.0.47 | Apr 14, 2026 |
| npm | admin0911:1.0.59 | Apr 14, 2026 |
| npm | @searchos/bot-proxy:0.1.4 | Apr 10, 2026 |
| npm | baidu-ti:1.0.0 | Apr 10, 2026 |
| openvsx | rajdeepchandra/spectrum-design-tokens-for-vscode:0.0.1 | Apr 11, 2026 |
| openvsx | rajdeepchandra/spectrum-design-tokens-for-vscode:0.0.3 | Apr 11, 2026 |
| openvsx | rajdeepchandra/spectrum-design-tokens-for-vscode:0.0.4 | Apr 11, 2026 |
| npm | @genoma-ui/components:99.99.2 | Apr 11, 2026 |
| npm | paysafe-payments-sdk-common:99.0.0 | Apr 13, 2026 |
Week 1: Over 45 Packages Discovered
| Ecosystem | Package | Date |
|---|---|---|
| npm | strapi-plugin-finseven:3.6.8 | Apr 08, 2026 |
| npm | romi-bot:0.1.6 | Apr 03, 2026 |
| npm | romi-bot:0.1.5 | Apr 03, 2026 |
| npm | one-translations:99.0.0 | Apr 03, 2026 |
| npm | okx-data:9999.1.0 | Apr 03, 2026 |
| npm | okxglobal:9999.1.0 | Apr 03, 2026 |
| npm | serverless-env-helpers:1.0.1 | Apr 03, 2026 |
| npm | serverless-env-helpers:1.0.5 | Apr 03, 2026 |
| npm | serverless-env-helpers:1.0.6 | Apr 03, 2026 |
| npm | coviu-client:9.9.9 | Apr 04, 2026 |
Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code
Malware isn’t just a theoretical risk anymore, it’s already hiding in public packages. With Xygeni’s Early Malware Detection, you can reduce exposure by catching threats as soon as they’re published, before they reach your pipeline.
Our real-time scanning and prioritization engine continuously monitors public registries like npm and PyPI. Malicious packages are blocked, flagged, and ranked based on impact, so you know exactly what needs fixing, and when. Whether it’s typosquatting, dependency confusion, or credential stealers, we help your team stay ahead.
If you want full visibility into weekly and monthly findings, check the complete Malicious Code Digest.
Stay secure. Stay fast. Stay in control with Xygeni.
