Malicious Code Digest 76

Xygeni Malicious Code Digest 76

Every week, our malware detection systems scan thousands of new and updated packages across public registries like npm and PyPI. This week was no exception.

We confirmed over 150 malicious packages between June 20th and June 26th, 2026, across npm, PyPI, and (for the first time this week) the VSCode extension marketplace.

The dominant campaign was panrouter, which flooded npm with over 30 versions across the 5.x and 6.x ranges between June 20 and June 22,  a sustained, automated publishing wave designed to outlast blocklists. The trimprompt campaign continued from last week, adding versions 1.0.5 through 1.0.17. The atlasora family (seven packages published simultaneously on June 21) and apintergrationpost (seven versions, June 21–22) followed the same dependency confusion playbook against internal monorepo namespaces.

The most significant pattern this week was the concentration of attacks on AI tooling. The ollama-helpers and openai-agents-helpers clusters combined for over 35 versions confirmed on June 24–25, directly targeting packages used in agentic development workflows. monoclaude, ai-sdk-helpers, and @langgraphjs/toolkit extended the same pattern. When an AI agent installs a malicious package autonomously, there is no human reviewer between infection and execution.

In PyPI, tm-ai (seven versions), corvinos (seven versions), request-cache-py (seven versions), and neuralbridge-sdk (continued multi-week campaign) dominated. In VSCode, orbit-agentic-pair-programming-for-smalltalk was confirmed in two versions, a signal that attackers are expanding beyond package registries into IDE extension marketplaces.

This weekly snapshot is part of our ongoing Malicious Code Digest, where we validate new threats and provide actionable intelligence to help DevSecOps teams protect their pipelines before damage occurs. Let’s break down what we found this week and why it matters.

Ecosystem Package Confirmed
npmpanrouter:5.0.2Jun 20, 2026
npmpanrouter:5.1.0Jun 20, 2026
npmpanrouter:5.0.3Jun 20, 2026
npmpanrouter:5.1.1Jun 20, 2026
npmpanrouter:5.2.0Jun 20, 2026
npmaikaf788812:1.0.3Jun 20, 2026
npmyianzzkf6687:1.0.3Jun 20, 2026
npmtrimprompt:1.0.5Jun 20, 2026
npmtrimprompt:1.0.6Jun 20, 2026
npmtrimprompt:1.0.7Jun 20, 2026
npmtrimprompt:1.0.8Jun 20, 2026
npmtrimprompt:1.0.16Jun 20, 2026
npmpanrouter:5.3.0Jun 20, 2026
npmsimplisafe-gatsby:1.0.1Jun 20, 2026
npmdbt-language-server:1.0.1Jun 20, 2026
npmtrimprompt:1.0.17Jun 20, 2026
npmpanrouter:5.3.1Jun 20, 2026
npmstarship-timeline:1.0.1Jun 20, 2026
npmpanrouter:5.3.2Jun 20, 2026
npmpanrouter:5.3.3Jun 20, 2026
npmafterpay-sdk-example-server:1.2.1Jun 20, 2026
pypineuralbridge-sdk:5.4.0Jun 20, 2026
npmmonoclaude:1.0.1Jun 20, 2026
vscodeorbit-agentic-pair-programming-for-smalltalk:1.206.0Jun 20, 2026
npmmonoclaude:1.0.2Jun 20, 2026
npmpanrouter:5.3.4Jun 20, 2026
vscodeorbit-agentic-pair-programming-for-smalltalk:1.211.0Jun 20, 2026
npmpanrouter:5.4.0Jun 20, 2026
npmpanrouter:5.4.1Jun 22, 2026
npmpanrouter:5.4.2Jun 22, 2026
npmpanrouter:5.4.3Jun 22, 2026
npmpanrouter:5.4.4Jun 22, 2026
npmpanrouter:5.4.5Jun 22, 2026
npmpanrouter:5.4.6Jun 22, 2026
pypineuralbridge-sdk:5.6.2Jun 22, 2026
npmpanrouter:5.4.7Jun 22, 2026
npmbackpack-ios:1.0.0Jun 21, 2026
npmoauth-connect:0.1.1Jun 21, 2026
npmmonoclaude:1.0.3Jun 21, 2026
npmtriage-bot:1.0.1Jun 21, 2026
pypitm-ai:2.91.75Jun 22, 2026
pypitm-ai:2.91.74Jun 22, 2026
pypitm-ai:2.91.73Jun 22, 2026
pypitm-ai:2.91.71Jun 22, 2026
pypitm-ai:2.91.70Jun 22, 2026
pypitm-ai:2.91.69Jun 22, 2026
pypitm-ai:2.91.67Jun 22, 2026
pypineuralbridge-sdk:5.6.10Jun 21, 2026
pypitm-ai:2.91.65Jun 22, 2026
pypineuralbridge-sdk:5.6.11Jun 21, 2026
npmatlasora-shared:1.0.0Jun 21, 2026
npmatlasora-client:1.0.0Jun 21, 2026
npmatlasora-api:1.0.0Jun 21, 2026
npmatlasora-sdk:1.0.0Jun 21, 2026
npmatlasora-types:1.0.0Jun 21, 2026
npmatlasora-utils:1.0.0Jun 21, 2026
npmatlasora-config:1.0.0Jun 21, 2026
npmllm-traces-app:1.0.1Jun 21, 2026
npmtwilio-voice-js-reference-components:1.0.1Jun 21, 2026
npmccl-component-resources:99.1.0Jun 25, 2026
npmpaypal-postman-lib:1.0.1Jun 21, 2026
pypid0rk3r-telemetry:1.0.0Jun 21, 2026
pypirequest-cache-py:1.0.4Jun 22, 2026
pypirequest-cache-py:1.0.5Jun 22, 2026
pypirequest-cache-py:1.0.6Jun 22, 2026
pypirequest-cache-py:1.0.7Jun 22, 2026
pypirequest-cache-py:1.0.8Jun 22, 2026
pypirequest-cache-py:1.0.9Jun 22, 2026
pypirequest-cache-py:1.1.0Jun 22, 2026
pypicorvinos:0.17.0Jun 22, 2026
pypicorvinos:0.1.5Jun 22, 2026
pypicorvinos:0.1.4Jun 22, 2026
pypicorvinos:0.1.3Jun 22, 2026
pypicorvinos:0.1.2Jun 22, 2026
pypicorvinos:0.1.1Jun 22, 2026
pypicorvinos:0.1.0Jun 22, 2026
npmsf-storybook:1.0.0Jun 21, 2026
npm@variational/common-ui:1.0.1Jun 21, 2026
npm@variational/common-ui:1.0.2Jun 21, 2026
npmpanrouter:6.0.0Jun 22, 2026
npmpanrouter:6.1.0Jun 22, 2026
npmpanrouter:6.1.1Jun 22, 2026
npmpanrouter:6.2.0Jun 22, 2026
npmpanrouter:6.2.1Jun 22, 2026
npmpanrouter:6.3.0Jun 22, 2026
npmapintergrationpost:4.0.2Jun 21, 2026
npmpanrouter:6.3.2Jun 22, 2026
npmapintergrationpost:4.0.3Jun 21, 2026
npmapintergrationpost:4.0.4Jun 21, 2026
npmpanrouter:6.3.3Jun 22, 2026
npmapintergrationpost:4.0.5Jun 21, 2026
npmapintergrationpost:4.0.6Jun 21, 2026
npmapintergrationpost:4.0.8Jun 21, 2026
npmpanrouter:6.3.4Jun 22, 2026
npmapintergrationpost:4.1.0Jun 22, 2026
npmpanrouter:6.3.5Jun 22, 2026
npmpanrouter:6.3.6Jun 22, 2026
npmpanrouter:6.3.7Jun 22, 2026
npmpanrouter:6.3.8Jun 22, 2026
npmpanrouter:6.3.9Jun 22, 2026
npmpanrouter:6.3.10Jun 22, 2026
npmpanrouter:6.3.11Jun 22, 2026
npmpanrouter:6.3.12Jun 22, 2026
npmpanrouter:6.3.13Jun 22, 2026
npmforge-jsx3:1.0.122Jun 22, 2026
npmforge-jsx4:1.0.122Jun 22, 2026
npmpanrouter:6.4.0Jun 22, 2026
npmpanrouter:6.4.1Jun 22, 2026
npmpanrouter:6.4.2Jun 23, 2026
npmmonohsidyd:1.0.1Jun 23, 2026
npmmonohsidyd:1.0.2Jun 23, 2026
npmsearch-from-feed:999.0.0Jun 23, 2026
npmforge-jsx4:1.0.123Jun 23, 2026
npmsetka-editor:999.0.0Jun 23, 2026
npmgd-auth-client:999.0.0Jun 23, 2026
npmmonotacos:1.0.1Jun 23, 2026
npmmonocross:1.0.1Jun 23, 2026
npmshadxino:1.0.7Jun 23, 2026
npmzod-pino:1.0.122Jun 26, 2026
npmweb3-token-helper:1.1.1Jun 23, 2026
npmweb3-token-helper:1.1.3Jun 23, 2026
npmmonocross:1.0.3Jun 23, 2026
npmweb3-token-helper:1.2.0Jun 23, 2026
npmmonogrok:1.0.8Jun 24, 2026
npmhashd-edu:1.0.5Jun 24, 2026
npmreact-simple-utils-kit:1.3.0Jun 24, 2026
npmreact-simple-utils-kit:1.4.2Jun 24, 2026
npmollama-helpers:0.2.0Jun 24, 2026
npmollama-helpers:0.2.1Jun 24, 2026
npmollama-helpers:0.1.0Jun 24, 2026
npmollama-helpers:1.0.0Jun 24, 2026
npmollama-helpers:0.8.0Jun 24, 2026
npmollama-helpers:0.7.0Jun 24, 2026
npmollama-helpers:0.4.0Jun 24, 2026
npmollama-helpers:0.7.1Jun 24, 2026
npmollama-helpers:0.5.1Jun 24, 2026
npmollama-helpers:1.1.0Jun 24, 2026
npmollama-helpers:0.9.0Jun 24, 2026
npmollama-helpers:0.1.1Jun 24, 2026
npmollama-helpers:0.3.1Jun 24, 2026
npmollama-helpers:0.6.0Jun 24, 2026
npmollama-helpers:0.4.1Jun 24, 2026
npmollama-helpers:1.1.1Jun 24, 2026
npmollama-helpers:0.5.0Jun 24, 2026
npmollama-helpers:1.2.0Jun 24, 2026
npmollama-helpers:0.3.0Jun 24, 2026
npmopenai-agents-helpers:0.1.1Jun 24, 2026
npmollama-helpers:1.0.1Jun 24, 2026
npmopenai-agents-helpers:0.9.0Jun 24, 2026
npmopenai-agents-helpers:0.5.0Jun 24, 2026
npmopenai-agents-helpers:0.6.0Jun 24, 2026
npmopenai-agents-helpers:0.3.0Jun 24, 2026
npmopenai-agents-helpers:1.1.1Jun 24, 2026
npmopenai-agents-helpers:0.7.0Jun 24, 2026
npmopenai-agents-helpers:0.3.1Jun 24, 2026
npmopenai-agents-helpers:0.8.1Jun 24, 2026
npmopenai-agents-helpers:0.2.0Jun 24, 2026
npmopenai-agents-helpers:1.1.0Jun 24, 2026
npmopenai-agents-helpers:0.6.1Jun 24, 2026
npmopenai-agents-helpers:0.5.1Jun 24, 2026
npmopenai-agents-helpers:0.4.0Jun 24, 2026
npmopenai-agents-helpers:1.0.1Jun 24, 2026
npmopenai-agents-helpers:1.2.0Jun 24, 2026
npmopenai-agents-helpers:0.2.1Jun 24, 2026
npmopenai-agents-helpers:1.2.1Jun 24, 2026
npmopenai-agents-helpers:0.8.0Jun 24, 2026
npmopenai-agents-helpers:1.0.0Jun 24, 2026
npmopenai-agents-helpers:0.1.0Jun 24, 2026
npmopenai-agents-helpers:1.3.0Jun 24, 2026
npmopenai-agents-helpers:0.5.1Jun 24, 2026
npmppt-creator:1.0.0Jun 24, 2026
npmbug-monorepo:3.1.94Jun 24, 2026
npmollama-helpers:1.2.1Jun 25, 2026
npmopenai-agents-helpers:1.3.1Jun 25, 2026
npmai-sdk-helpers:1.4.3Jun 25, 2026
npm@langgraphjs/toolkit:1.2.11Jun 25, 2026
npm@vaibot/guard:1.0.0Jun 25, 2026
npmsignup-embedder:99.99.99-poc3Jun 25, 2026
npmhs-locale-management:99.99.99-poc3Jun 25, 2026
npmsignup-embedder:99.99.99-poc2Jun 25, 2026
npmhs-locale-management:99.99.99-poc2Jun 25, 2026
npmeasy-string-kit:1.0.1Jun 26, 2026
npmeasy-string-kit:1.0.4Jun 26, 2026
npmeasy-string-kit:1.0.3Jun 26, 2026
npmeasy-string-kit:1.0.2Jun 26, 2026
npmeasy-string-kit:1.0.5Jun 26, 2026
npmeasy-string-kit:1.0.6Jun 26, 2026
npmeasy-string-kit:1.0.7Jun 26, 2026
npmeasy-string-kit:1.0.8Jun 26, 2026
npmeasy-string-kit232:1.0.8Jun 26, 2026
npm@vpms/design-system:1.1.2Jun 26, 2026
npm@vpms/design-system:1.0.1Jun 26, 2026
npm@vpms/design-system:0.1.3Jun 26, 2026
npmunsafe-malicious-package:1.0.0Jun 26, 2026
npmunsafe-malicious-package:1.0.2Jun 26, 2026
npmunsafe-malicious-package:1.0.4Jun 26, 2026
npmunsafe-malicious-package:1.0.6Jun 26, 2026
npmunsafe-malicious-package:1.0.8Jun 26, 2026
npmunsafe-malicious-package:1.0.9Jun 26, 2026
npmdttfdsdee:1.0.1Jun 26, 2026
npmccl-component-resources:99.0.0Jun 25, 2026

150 Malicious Packages. One Week. Don’t Be Next.

This week’s digest was not about a single threat, it was about scale and intent. Over 150 confirmed packages, sustained version flooding across multiple days, coordinated namespace attacks, and a sharp acceleration in targeting of AI tooling and IDE extensions. The attackers are not waiting for you to catch up.

Xygeni Early Malware Detection monitors npm, PyPI, VSCode, and other registries continuously, flagging threats at the moment of publication,  not after they’ve landed in a build. When a campaign publishes 30 versions of the same malicious package across three days, or an AI agent autonomously installs a compromised dependency, a weekly scan catches nothing in time.

Xygeni’s Open Source Security solution gives your DevSecOps teams the real-time visibility and prioritization they need to stay ahead of exactly this kind of coordinated pressure,  so your pipelines stay clean without slowing your teams down.

sca-tools-software-composition-analysis-tools
Prioritize, remediate, and secure your software risks
7-day free trial
No credit card required

Secure your Software Development and Delivery

with Xygeni Product Suite