This week, we confirmed over 100 packages flagged as malicious among the thousands of analyzed new packages and updates published in the open-source package registries.
Xygeni Malicious Code Digest
In the latest Xygeni Malicious Code Digest, we have highlighted over 100 malicious packages that infiltrated the most common registries. This breach reveals a significant vulnerability within the software supply chain ecosystem.
Total of Malicious Packages Detected
NPM Packages
🔥 (npm) alex_evil-test-package:1.0.4
🔥 (npm) alex_evil-test-package:1.0.5
🔥 (npm) alex_evil-test-package:1.0.7
🔥 (npm) bnppf-font-icons:3.0.3
🔥 (npm) bnppf-font-icons:3.0.4
🔥 (npm) bnppf-font-icons:3.0.5
🔥 (npm) bnppf-font-icons:3.0.6
🔥 (npm) maplibre:2.4.0
🔥 (npm) ovh_sentry:100.0.0
🔥 (npm) react-is-16:6.5.8
🔥 (npm) react-is-17:6.5.8
🔥 (npm) sso-map:10.1.9
🔥 (npm) viz_schema:9.1.9
🚨 (npm) alex_evil-test-package:1.0.9
🚨 (npm) bnppf-font-icons:3.0.2
🚨 (npm) dapp-test-runner:7.2.5
🚨 (npm) evil-package-for-test:1.0.0
🚨 (npm) ffers:1.0.0
🚨 (npm) node-elm-stdio:7.4.6
🚨 (npm) odyssey-storybook:5.999.0
🚨 (npm) react-domain-components:6.5.8
🚨 (npm) react-fatigue-dev:5.2.7
🚨 (npm) react-pro-components-next:6.5.8
🚨 (npm) react-pro-components:6.5.8
🚨 (npm) realtime-translation-package:6.5.8
🚨 (npm) redux-store-immutable:6.5.8
🚨 (npm) release-notice:6.5.8
🚨 (npm) release-platform-utils:6.5.8
🚨 (npm) retail-common:6.5.8
🚨 (npm) rich-text-slate-rc:6.5.8
🚨 (npm) rn-i18n-extensions:6.5.8
🚨 (npm) rn-native-portals:6.5.8
🚨 (npm) rnt-demo-text:6.5.8
🚨 (npm) rollup-plugin-amd-output-enhance:6.5.8
🚨 (npm) rollup-plugin-hotreload:6.5.8
🚨 (npm) rtn-centered-text:6.5.8
🚨 (npm) s-page-legacy:8.1.9
🚨 (npm) sc-case-dispute:6.5.8
🚨 (npm) scan-cli:6.5.8
🚨 (npm) scfe-joint-test-tool:6.5.8
🚨 (npm) scm-retail-ui:6.5.8
🚨 (npm) seatalk-openapi:6.5.8
🚨 (npm) seatalk-protocol:6.5.8
🚨 (npm) secure-fetch-utils-latest:6.5.8
🚨 (npm) secure-fetch-utils-stable:6.5.8
🚨 (npm) seller-address-common:6.5.8
🚨 (npm) seller-admin-common:6.5.8
🚨 (npm) seller-assistance-common:6.5.8
🚨 (npm) seller-assistance-service:6.5.8
🚨 (npm) seller-base-common:6.5.8
🚨 (npm) seller-base:6.5.8
🚨 (npm) seller-base.environment:6.5.8
🚨 (npm) seller-base.preview:6.5.8
🚨 (npm) seller-center-puppeteer:6.5.8
🚨 (npm) seller-common:6.5.8
🚨 (npm) seller-core:6.5.8
🚨 (npm) seller-fulfillment-common:6.5.8
🚨 (npm) seller-fulfillment-service:6.5.8
🚨 (npm) seller-listing-common:6.5.8
🚨 (npm) seller-listing-rn-lib:6.5.8
🚨 (npm) seller-node-logger:6.5.8
🚨 (npm) seller-package-common:6.5.8
🚨 (npm) seller-payment-common:6.5.8
🚨 (npm) seller-payment-service:6.5.8
🚨 (npm) seller-pure-component:6.5.8
🚨 (npm) seller-return-common:6.5.8
🚨 (npm) seller-rn-mng-lib:6.5.8
🚨 (npm) seller-service:6.5.8
🚨 (npm) seller-vuex-report-plugin:6.5.8
🚨 (npm) seller-webchat-build-sdk:6.5.8
🚨 (npm) seller-webchat-common:6.5.8
🚨 (npm) seller-webchat-modules:6.5.8
🚨 (npm) seller-webchat-service:9.4.9
🚨 (npm) seller-webchat-ui:6.4.10
🚨 (npm) seller-webchat-utils:6.5.8
🚨 (npm) shopee-dashjs:6.5.8
🚨 (npm) shopee-guide:6.5.8
🚨 (npm) shopee-loading-report-sdk:8.1.1
🚨 (npm) shopee-rich-editor:6.2.1
🚨 (npm) spex-dts:8.2.2
🚨 (npm) spex-node-client:6.5.3
🚨 (npm) spid-csvautofilljs:7.4.3
🚨 (npm) spid-gc-config:5.1.4
🚨 (npm) spid-gc-ui-leaderboard:10.1.2
🚨 (npm) spid-growth-notifier-config:9.5.2
🚨 (npm) spid-sharing-panel:9.2.1
🚨 (npm) ssc-element-pro:7.5.2
🚨 (npm) ssc-mobile-ui-react:9.4.1
🚨 (npm) ssc-org-vue:5.2.10
🚨 (npm) ssc-ui-react-next:5.2.3
🚨 (npm) ssc-ui-react:9.3.9
🚨 (npm) ssc-ui-static:6.2.4
🚨 (npm) ssc-ui-vue-pro:8.5.7
🚨 (npm) ssc-ui-vue:7.3.10
🚨 (npm) ssc-upload-react:5.1.9
🚨 (npm) ssc-user-guide-pro:5.5.1
🚨 (npm) starter-assets-sass:9.9.11
🚨 (npm) storage-atom:7.2.5
🚨 (npm) stormapp:1.0.5
🚨 (npm) tbi-editor:6.1.9
🚨 (npm) techtrans:9.9.10
🚨 (npm) upload-to-shopee-cdn:5.3.10
🚨 (npm) uuid-latest:5.1.9
🚨 (npm) viewercontext:8.4.5
🚨 (npm) vite-plugin-unus-api-register:6.2.3
🚨 (npm) vs-table-plugins-antd:9.2.10
Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code
Minimize risks and protect your applications from malicious packages with Xygeni Early Malware Detection. Prioritize and address the vulnerabilities that matter most. Our comprehensive solution offers real-time monitoring of your dependencies to detect and mitigate threats before they impact your software.
Managing open-source components in the current software development landscape is crucial due to the rising vulnerabilities and malicious code threats. Xygeni’s Open Source Security solution scans and blocks harmful packages upon publication, dramatically minimizing the risk of malware and vulnerabilities infiltrating your systems. Our comprehensive monitoring spans multiple public registries, ensuring all dependencies are scrutinized for safety and integrity. Xygeni enhances your team’s ability to maintain secure and reliable software projects by contextually prioritizing critical issues and facilitating streamlined remediation processes.