This week, we confirmed over 20 packages flagged as malicious among the thousands of analyzed new packages and updates published in the open-source package registries.
Xygeni Malicious Code Digest
In the latest Xygeni Malicious Code Digest, we have highlighted over 20 malicious packages that infiltrated the npm registry. This breach reveals a significant vulnerability within the software supply chain ecosystem.
Total of Maliocus NPM Packages Detected
🚨 (npm) @pocdz/crm-components:3.23.0
🚨 (npm) barrio_sass:8.4.1
🚨 (npm) cta-onboard-express:2.0.0
🚨 (npm) editor-languages:1.0.1
🚨 (npm) editor-languages:1.0.3
🚨 (npm) editor-languages:1.0.4
🚨 (npm) fury-sites:1.11.6
🚨 (npm) income_access_npm_config:1.0.0
🚨 (npm) input-fns:1.0.3
🚨 (npm) link-ui-i20n:1.0.0
🚨 (npm) link-ui-i21n:1.0.0
🚨 (npm) link-ui-i22n:1.0.0
🚨 (npm) link-ui-i23n:1.0.0
🚨 (npm) link-ui-i24n:1.0.0
🚨 (npm) looleh-ts:9.9.9
🚨 (npm) skinport-rest-docs:0.0.1
🚨 (npm) syfadis.experience:1.0.0
🚨 (npm) system-info-sender:2.0.3
🚨 (npm) tcm-app-migration-miles-react:1.0.0
🚨 (npm) this-will-fail:1.0.1
🚨 (npm) walkme-killer:1.0.0
Protect Your Application against Malicious Open Source Dependencies
Xygeni Early Malicious Code Detection supports you by automatically analyzing any new or updated open-source package. We notify you as soon as we detect any suspicious evidence of malware and add the dependency to a blacklist so you can halt the automatic build or delivery of your application before any infection risks.
With Early Detection and Early Warning mechanisms, Xygeni ensures the security and integrity of your applications.
