Xygeni Malicious Code Digest: Over 30 packages discovered

This week, in the Xygeni Malicious Code Digest, we’ve identified questionable packages that have made their way into the NPM registry, exposing a significant weak point in the software supply chain ecosystem.

As soon as new packages are published, Xygeni conducts a real-time scan to detect and block malware based on code behavior analysis, alleviating the need for extensive and urgent post-build remediation. Our systematic process ensures proactive security measures are in place, safeguarding the integrity of the software supply chain.

Total of Maliocus NPM Packages Detected

🚨 (npm) @diligentcorp/atlas-ng:9999.0.0
🚨 (npm) epc-core-error-handling:66.6.0
🚨 (npm) epc-core-error-handling:66.6.1
🚨 (npm) epc-menu-header-poc:66.6.0
🚨 (npm) epc-onboarding-web:6.6.6
🚨(npm) epc-staticpages-web:66.6.0
🚨(npm) epc-staticpages-web:66.6.1
🚨(npm) epc-staticpages-web:66.6.2
🚨(npm) epc-teste-lykos:66.6.2
🚨(npm) hw-popup:66.6.1
🚨(npm) hw-popup:66.6.2
🚨(npm) hw-tooltip:66.6.6
🚨(npm) hw-webpack-config:66.6.0
🚨(npm) libx-amount:1.0.2
🚨(npm) test1_lykos:66.6.1

🚨 (npm) epc-notification-setting-web:66.6.9
🚨 (npm) epc-primer-ui-tags:66.6.9
🚨 (npm) hw-transition-animation:66.6.9
🚨 (npm) not-exist-lykos-poc2:66.6.9
🚨 (npm) eslint-config1:0.100.1
🚨 (npm) agencyportal-web:5.1.0
🚨 (npm) actions-next-bundle-analyzer:1.1.4

  • @diligentcorp/atlas-ng: Version 9999.0.0
  • epc-core-error-handling: Version 66.6.0 and Version 66.6.1
  • epc-menu-header-poc: Version 66.6.0
  • epc-onboarding-web: Version 6.6.6
  • epc-staticpages-web: Versions 66.6.0, 66.6.1, and 66.6.2
  • epc-teste-lykos: Version 66.6.2
  • hw-popup: Versions 66.6.1 and 66.6.2
  • hw-tooltip: Version 66.6.6
  • hw-webpack-config: Version 66.6.0
  • libx-amount: Version 1.0.2
  • test1_lykos: Version 66.6.1


Secure Your Open Source Dependencies against Vulnerabilities and Malicious Code

Minimize risks and protect your applications from malicious packages with Xygeni Early Malware Detection. Prioritize and address the vulnerabilities that matter most. Our comprehensive solution offers real-time monitoring of your dependencies to detect and mitigate threats before they impact your software.

Managing open-source components in the current software development landscape is crucial due to the rising vulnerabilities and malicious code threats. Xygeni’s Open Source Security solution scans and blocks harmful packages upon publication, dramatically minimizing the risk of malware and vulnerabilities infiltrating your systems. Our comprehensive monitoring spans multiple public registries, ensuring all dependencies are scrutinized for safety and integrity. Xygeni enhances your team’s ability to maintain secure and reliable software projects by contextually prioritizing critical issues and facilitating streamlined remediation processes.

Unifying Risk Management from Code to Cloud

with Xygeni ASPM Security