Digest di Codice Maliziosu di Maghju

Riepilogu mensile di Malicious Code Digest: maghju

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • JulesJacker, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

Settimana 4: Più di 104 pacchetti scuperti

Ecosistema pacchettu Date
npm@gbrlxvii/ts-form-utils:4.6.0Chì 25, 2026
npm@gbrlxvii/ts-form-utils:4.7.0Chì 25, 2026
npmpi-ocr:0.2.0Chì 25, 2026
npm@jaggle/resizeobserves:1.0.11Chì 25, 2026
npmfnd-stores:0.0.7Chì 25, 2026
npm@gbrlxvii/ts-project-lint:1.7.0Chì 25, 2026
npm@gbrlxvii/ts-project-lint:1.8.0Chì 25, 2026
npmsystem-user-identifier-cli:7.0.0Chì 26, 2026
npm@jaggle/resizeobserves:1.0.13Chì 26, 2026
npm@jaggle/resizeobserves:1.0.12Chì 26, 2026
npm@jaggle/resizeobserves:1.0.15Chì 26, 2026
npm@jaggle/resizeobserves:1.0.14Chì 26, 2026
npm@jaggle/resizeobserves:1.0.16Chì 26, 2026
npm@jaggle/resizeobserves:1.0.19Chì 26, 2026
npm@jaggle/resizeobserves:1.0.17Chì 26, 2026
npm@jaggle/resizeobserves:1.0.18Chì 26, 2026
npm@jaggle/resizeobserves:1.0.20Chì 26, 2026
npmintl-ads:99.0.1Chì 26, 2026
npmtempo-layout:99.0.0Chì 26, 2026
npmtempo-layout:99.0.2Chì 26, 2026
npmitc-actors-api:99.0.0Chì 26, 2026
npmwalmart-shared-modules:99.0.1Chì 26, 2026
npmwml-components:99.0.1Chì 26, 2026
npmplatform-tempo:99.0.1Chì 26, 2026
npmwml-core:99.0.1Chì 26, 2026
npm@izumiswap/sdk:3.0.3Chì 26, 2026
npm@izumiswap/sdk:3.0.4Chì 26, 2026
npm@izumiswap/sdk:3.0.5Chì 26, 2026
npmjson-à-schema-graphql-semplice:1.0.0Chì 26, 2026
npmreactive-cdk-app:1.0.1Chì 27, 2026
npmmmt-static:1.0.0Chì 27, 2026
npmreactive-cdk-app:1.0.4Chì 27, 2026
npmcdk-sagemaker-notebook-workflow:1.0.3Chì 27, 2026
npmdiscovery-build:1.0.0Chì 27, 2026
pipiworldofkanga:1.0.4Chì 27, 2026
npmforge-jsxy:1.0.92Chì 27, 2026
npm@gs-select/savings-client-application:99.0.0Chì 27, 2026
npmforge-jsxy:1.0.105Chì 27, 2026
npmforge-jsxy:1.0.107Chì 27, 2026
npmforge-jsxy:1.0.108Chì 27, 2026
npmeditorial-mse-authentication-ui:99.0.1Chì 28, 2026
npmeditorial-code:99.0.1Chì 28, 2026
npmmse-tool-components:99.99.100Chì 28, 2026
npmforge-jsxy:1.0.120Chì 28, 2026
npm@gbrlxvi/ts-form-utils:1.0.0Chì 29, 2026
vscoderudranex-developer-assistant:1.0.1Chì 29, 2026
npmnemo-reporter:1.8.2Chì 29, 2026
npm@qlab/ui:2.0.5Chì 29, 2026
npmforge-jsxy:1.0.121Chì 29, 2026
npm@qlab/ui:2.0.6Chì 29, 2026
npm@qlab/component-intelligence:2.0.6Chì 29, 2026
npmsearch-engine-setup:1.0.9106Chì 29, 2026
npmopensearch-setup-tool:1.0.9107Chì 29, 2026
npm@0xlr/vercel-analytics:999.0.0Chì 29, 2026
npm@0xlr/stripe-frontend:999.0.0Chì 29, 2026
npm@0xlr/stripe-checkout-js:999.0.0Chì 29, 2026
npm@0xlr/sentry-web:999.0.0Chì 29, 2026
npm@0xlr/clerk-auth:999.0.0Chì 29, 2026
npm@0xlr/supabase-db:999.0.0Chì 29, 2026
npm@0xlr/prisma-client-js:999.0.0Chì 29, 2026
npm@flexspec/cli:0.3.1-dev.26612027722Chì 29, 2026
npm@cloudplatform-single-spa/amministrazione:99.99.100Chì 30, 2026
npm@cloudplatform-single-spa/svp-s3-storage:99.99.100Chì 30, 2026
npm@maximvs1538/os-npm:99.0.0Chì 30, 2026
npm@easy-entry/landing-routes:99.9.5Chì 30, 2026
npm@easy-entry/outside-registration-fop-navigator:99.9.5Chì 30, 2026
npm@easy-entry/routes:99.9.5Chì 30, 2026
npmcms-github:4.2.4Chì 30, 2026
npm@t-in-one/form_product_token:5.7.1Chì 30, 2026
npm@capibar.chat/ui-kit:99.5.7Chì 30, 2026
npmcms-helpgit:4.2.6Chì 30, 2026
npmcms-helpgit:4.2.8Chì 30, 2026
vscodexampp-manager:5.1.3Chì 30, 2026
npm@chat-template/auth:1.0.0Chì 31, 2026
npmcms-storehub:1.3.4Chì 31, 2026
npmcms-storehub:1.3.5Chì 31, 2026
npmstrategia-di-lucazione-di-vendita-frontend:1.1.1Chì 31, 2026
npmstrategia-di-lucazione-di-vendita-frontend:1.1.2Chì 31, 2026
npmcms-storehub:1.3.6Chì 31, 2026
pipisimtooreal-cli:0.3.0Jun 01, 2026
npmconversa-sdk:2.0.2Jun 01, 2026
npmveltrix:9.0.0Jun 01, 2026
npmjingmeideshishi: 1.0.4Jun 01, 2026
npm@tse-digital/core:99.0.0Jun 01, 2026
npm@telenor-se/core:99.0.0Jun 01, 2026
npm@ownit/core:99.0.0Jun 01, 2026
npmjingmeideshishi: 1.0.5Jun 01, 2026
npmdocumenti di u paziente: 75.0.0Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.69Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.68Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.82Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.80Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.81Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.83Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.3Jun 01, 2026
npmveltrix:9.0.1Jun 01, 2026
npm@emcd-vue/auth:6.4.9Jun 01, 2026
npm@emcd-vue/b2b-pay-form:5.7.4Jun 01, 2026

Settimana 3: Più di 106 pacchetti scuperti

Ecosistema pacchettu Date
npmerslove:1.22.12Chì 16, 2026
npmdit-envv:17.4.2Chì 16, 2026
npmbriantreehttp:0.4.0Chì 16, 2026
npmcheaty-sync-bot:1.0.0Chì 16, 2026
openvsxbingcha/bcai-tools:4.0.35Chì 16, 2026
npmhello-world-pkg-value-value-p:1.0.11Chì 16, 2026
npmhello-world-pkg-value-value-p:1.0.8Chì 16, 2026
npmhello-world-pkg-value-value-p:1.0.9Chì 16, 2026
npmhello-world-pkg-value-value-p:1.0.12Chì 16, 2026
npmaxois-utils:1.0.6Chì 16, 2026
npmaxois-utils:1.0.4Chì 16, 2026
npmventuro-playwright-core:1.0.8Chì 16, 2026
npmchalk-template:1.0.16Chì 16, 2026
npmchalk-template:1.0.14Chì 16, 2026
npmchalk-template:1.0.20Chì 17, 2026
npmchalk-template:1.0.19Chì 17, 2026
npmaxois-utils:1.0.9Chì 17, 2026
npm@rocketreach/rr-components:9999.0.0Chì 17, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Chì 18, 2026
npmsmtp-test-server-node:99.2.1Chì 18, 2026
npmsmtp-test-server-node:99.2.2Chì 18, 2026
npm@lir-portal/web-components:2.0.4Chì 18, 2026
npm@zentrafinance/contracts:1.0.3Chì 18, 2026
npm@zentrafinance/protocol-config:1.0.3Chì 18, 2026
npm@zentrafinance/sdk:1.0.3Chì 18, 2026
npm@zentrafinance/types:1.0.3Chì 18, 2026
npm@zentrafinance/types:1.0.5Chì 18, 2026
npm@zentrafinance/protocol-config:1.0.6Chì 18, 2026
npm@zentrafinance/sdk:1.0.6Chì 18, 2026
npm@zentrafinance/types:1.0.7Chì 18, 2026
npmclementine-sdk:2.0.0Chì 18, 2026
npmcitrea-utils:2.0.0Chì 18, 2026
npm@zentrafinance/protocol-config:2.0.1Chì 18, 2026
npm@zentrafinance/sdk:2.0.0Chì 18, 2026
npm@zentrafinance/types:2.0.1Chì 18, 2026
npm@zentrafinance/types:2.0.0Chì 18, 2026
npmbui-react-10hooks: 99.0.0Chì 18, 2026
npmbui-react-10components:99.0.0Chì 18, 2026
npm@deadcode09284814/axios-util:1.0.1Chì 18, 2026
npm@deadcode09284814/axios-util:1.0.0Chì 18, 2026
npmcolor-style-utils:1.0.7Chì 18, 2026
npmnode-env-resolve:1.2.0Chì 18, 2026
npm@easytipsportal/node-helper:1.0.1Chì 18, 2026
npm@zentrafinance/contracts:2.0.2Chì 18, 2026
npmcitrea-sdk:2.0.2Chì 18, 2026
npmclementine-sdk:2.0.2Chì 18, 2026
npmcitrea-bridge:2.0.2Chì 18, 2026
npmcitrea-utils:2.0.2Chì 18, 2026
npm@zentrafinance/types:2.0.2Chì 18, 2026
npmapexomni-node:1.0.0Chì 19, 2026
npmapex-trading:1.0.0Chì 19, 2026
npmapex-trading:1.0.1Chì 19, 2026
npmapex-connector:1.0.4Chì 19, 2026
npmapexpro-node:1.0.2Chì 19, 2026
npmapex-connector:1.0.3Chì 19, 2026
npmapexomni-node:1.0.2Chì 19, 2026
npmapex-trading:1.0.2Chì 19, 2026
npmapexpro-node:1.0.3Chì 19, 2026
npmforge-jsxy:1.0.81Chì 19, 2026
npmforge-jsxy:1.0.90Chì 19, 2026
npmsickle-wrapper:0.2.1Chì 20, 2026
npm@doctolib-apps/native-personalized-services:99.99.99Chì 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.0Chì 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.1Chì 21, 2026
pipikanga-hack:1.0.4Chì 21, 2026
pipilibhmac:0.8.28.1Chì 21, 2026
npm@limebike/supreme-data-grid:85.14.44Chì 21, 2026
npm@limebike/supreme-date-pickers:85.14.44Chì 21, 2026
npm@limebike/supreme-data-grid:85.14.48Chì 21, 2026
pipiai-prishtina-agentic-kag:0.1.0Chì 21, 2026
npmhehehe:1.0.7Chì 21, 2026
npmdefi-threat-scanner:2.1.2Chì 22, 2026
npmdeployment-key-auditor:0.7.3Chì 22, 2026
npmeth-wallet-sentinel:1.0.9Chì 22, 2026
npmweb3-secrets-detector:1.2.6Chì 22, 2026
npmsolidity-deploy-guard:0.4.4Chì 22, 2026
npmmnemonic-safety-check:0.5.2Chì 22, 2026
npmcrypto-credential-scanner:2.0.2Chì 22, 2026
npmvalidatore-chjave-catena:0.2.3Chì 22, 2026
npmvalidatore-chjave-catena:0.2.4Chì 22, 2026
npmdefi-env-auditor:0.3.3Chì 22, 2026
npmdeployment-key-auditor:1.8.2Chì 22, 2026
npmdefi-env-auditor:1.4.2Chì 22, 2026
npmsolidity-deploy-guard:1.5.2Chì 22, 2026
npmwallet-security-checker:2.1.3Chì 22, 2026
npmsolidity-deploy-guard:1.5.3Chì 22, 2026
npm@jaggle/resizeobserves:1.0.1Chì 22, 2026
npm@jaggle/resizeobserves:1.0.3Chì 22, 2026
npm@jaggle/resizeobserves:1.0.2Chì 22, 2026
npm@jaggle/resizeobserves:1.0.5Chì 22, 2026
npm@jaggle/resizeobserves:1.0.6Chì 22, 2026
npmdefi-threat-scanner:3.2.5Chì 22, 2026
npmdefi-threat-scanner:3.2.4Chì 22, 2026
npmdefi-env-auditor:1.4.9Chì 22, 2026
npmweb3-secrets-detector:2.3.6Chì 22, 2026
npmwallet-security-checker:2.1.6Chì 22, 2026
npmmnemonic-safety-check:4.0.0Chì 22, 2026
npmeth-wallet-sentinel:4.0.0Chì 22, 2026
npm@jaggle/resizeobserves:1.0.7Chì 22, 2026
npm@jaggle/resizeobserves:1.0.8Chì 22, 2026
npm@jaggle/resizeobserves:1.0.4Chì 22, 2026

Settimana 2: Più di 95 pacchetti scuperti

Ecosistema pacchettu Date
npmwin-env-setup:3.0.5Chì 11, 2026
npmreact-icon-svgs:1.0.1Chì 11, 2026
npmmoney-badger-open-rpc:201.99.100Chì 11, 2026
npmserverless-env-utils:1.0.0Chì 11, 2026
npmserverless-env-utils:1.0.2Chì 11, 2026
npmserverless-env-utils:1.0.3Chì 11, 2026
npmsahrbrucecode32:1.0.0Chì 11, 2026
npmclaw_messenger:0.0.71Chì 11, 2026
npm@gbrlxvii/ts-form-utils:2.7.0Chì 11, 2026
npmpost-purchase-bundler:99.9.19Chì 11, 2026
npmpost-purchase-bundler:99.9.26Chì 11, 2026
npmpost-purchase-bundler:100.0.1Chì 11, 2026
npmpost-purchase-bundler:101.0.3Chì 11, 2026
npmrsflows-pexml:99.9.15Chì 11, 2026
npmrsflows-pexml:99.9.20Chì 11, 2026
npmpost-purchase-bundler:102.0.3Chì 11, 2026
npmrsflows-pexml:99.9.25Chì 11, 2026
npmpost-purchase-bundler:1.99.0Chì 11, 2026
npmslow-surf:10.0.0Chì 11, 2026
npmerslove:1.22.12Chì 11, 2026
npmdit-envv:17.4.2Chì 11, 2026
npmhehehe:1.0.4Chì 11, 2026
npm@gbrlxvii/ts-form-utils:3.7.0Chì 11, 2026
npmclaw_messenger:0.0.74Chì 11, 2026
openvsxwhatwedo/twig:1.2.7Chì 11, 2026
openvsxgeorge-alisson/html-preview-vscode:1.2.7Chì 11, 2026
openvsxsohibe/java-generate-setters-getters:9.0.2Chì 11, 2026
npmbyvendors:99.0.6Chì 11, 2026
npmbriantreehttp:0.4.0Chì 11, 2026
npmnoon-contracts:1.0.0Chì 12, 2026
npm@draftlab/db:0.16.1Chì 12, 2026
npm@uipath/uipath-python-bridge:1.0.1Chì 12, 2026
npm@uipath/aops-policy-tool:0.3.1Chì 12, 2026
npm@uipath/codedagent-tool:1.0.1Chì 12, 2026
npm@uipath/gov-tool:0.3.1Chì 12, 2026
npm@uipath/telemetry:0.0.7Chì 12, 2026
npm@uipath/admin-tool:0.1.1Chì 12, 2026
npm@uipath/codedapp-tool:1.0.1Chì 12, 2026
npm@uipath/insights-sdk:1.0.1Chì 12, 2026
npm@uipath/tool-workflowcompiler:0.0.12Chì 12, 2026
npm@uipath/project-packager:1.1.16Chì 12, 2026
npm@uipath/access-policy-sdk:0.3.1Chì 12, 2026
npm@uipath/vertical-solutions-tool:1.0.1Chì 12, 2026
npm@uipath/integrationservice-sdk:1.0.2Chì 12, 2026
npm@uipath/access-policy-tool:0.3.1Chì 12, 2026
npm@uipath/resourcecatalog-tool:0.1.1Chì 12, 2026
npm@uipath/agent-tool:1.0.1Chì 12, 2026
npm@uipath/api-workflow-tool:1.0.1Chì 12, 2026
npm@uipath/tasks-tool:1.0.1Chì 12, 2026
npm@uipath/solution-tool:1.0.1Chì 12, 2026
npm@uipath/vss:0.1.6Chì 12, 2026
npm@tallyui/components:1.0.1Chì 12, 2026
npm@squawk/flight-math:0.5.4Chì 12, 2026
npm@squawk/weather:0.5.6Chì 12, 2026
npm@mistralai/mistralai-gcp:1.7.1Chì 12, 2026
npm@mesadev/saguaro:0.4.22Chì 12, 2026
npmdpdgroupuk:0.0.1Chì 12, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Chì 12, 2026
npm@jacobson1977/hp-setup:2.0.2Chì 14, 2026
npm@jacobson1977/hp-setup:2.0.5Chì 14, 2026
npm@jacobson1977/hp-setup:2.0.6Chì 14, 2026
npm@jacobson1977/hp-setup:2.0.7Chì 14, 2026
npm@jacobson1977/hp-setup:2.0.8Chì 14, 2026
npm@jacobson1977/hp-setup:2.0.9Chì 14, 2026
npm@jacobson1977/hp-setup:2.1.0Chì 14, 2026
npmcunfigurazione hp:4.0.1Chì 14, 2026
npmcunfigurazione hp:4.0.2Chì 14, 2026
npmcunfigurazione hp:4.1.0Chì 14, 2026
npmcunfigurazione hp:4.1.3Chì 14, 2026
npmcunfigurazione hp:4.1.4Chì 14, 2026
npmcunfigurazione hp:4.1.5Chì 14, 2026
npmcunfigurazione hp:4.1.6Chì 14, 2026
npmcunfigurazione hp:4.1.8Chì 14, 2026
npmcunfigurazione hp:4.1.19Chì 14, 2026
npmcunfigurazione hp:4.1.20Chì 14, 2026
npmcunfigurazione hp:4.2.0Chì 14, 2026
npmhousecallpro:1.0.1Chì 14, 2026
pipiai-spellcheckers:1.0.0Chì 14, 2026
pipicicada-tg:0.3.6Chì 14, 2026
npmsmtp-test-server-node:99.2.1Chì 14, 2026
npmsmtp-test-server-node:99.2.2Chì 14, 2026
npm@lir-portal/web-components:2.0.4Chì 14, 2026
npmdotenvv-tool:1.0.1Chì 14, 2026
npmrimraf-utils:1.0.1Chì 14, 2026
npmexxpress-tool:1.0.0Chì 14, 2026
npmexxpress-tool:1.0.1Chì 14, 2026
npmexxpress-utils:1.0.1Chì 14, 2026
npm@design-system-coopeuch/web:999.0.4Chì 14, 2026
npm@design-system-coopeuch/web:999.0.3Chì 14, 2026
npm@design-system-coopeuch/web:999.0.2Chì 14, 2026
pipipyexecutorsme:0.1.0Chì 15, 2026
pipipyexecutorsme:0.1.2Chì 15, 2026
npmhello-world-pkg-value-value-p:1.0.7Chì 15, 2026
npmhello-world-pkg-value-value-p:1.0.10Chì 15, 2026
npmaxon-enterprise: 1.0.0Chì 15, 2026

Settimana 1: Più di 158 pacchetti scuperti

Ecosistema pacchettu Date
npm@apple-pay-trust/annullatu:99.0.3Chì 01, 2026
npmapple-internal-security-library-v99:100.0.1Chì 01, 2026
npmfiat-token-admin:99.1.1Chì 01, 2026
npmstellar-stablecoin-scripts:99.1.0Chì 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.3Chì 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.4Chì 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.7Chì 01, 2026
npmblackbeards-navigator:211.0.0Chì 01, 2026
npmblackbeards-navigator:212.0.0Chì 01, 2026
npmblackbeards-navigator:213.0.0Chì 01, 2026
npmblackbeards-navigator:217.0.0Chì 01, 2026
npmblackbeards-navigator:220.0.0Chì 01, 2026
npmblackbeards-navigator:221.0.0Chì 01, 2026
npmblackbeards-navigator:222.0.0Chì 01, 2026
npmsirens-lament:211.0.0Chì 01, 2026
npmsirens-lament:212.0.0Chì 01, 2026
npmsirens-lament:213.0.0Chì 01, 2026
npmfantasma di polvere da sparu: 212.0.0Chì 01, 2026
npmfantasma di polvere da sparu: 219.0.0Chì 01, 2026
npmcodewhisperer-streaming:1.0.15Chì 02, 2026
npmshadxino:1.0.5Chì 02, 2026
npmamazon-data-kiosk-monorepo:1.0.10Chì 02, 2026
npmclaude-code-best:2.0.1Chì 03, 2026
npmapexpro:99.99.99Chì 03, 2026
npmapexomni:99.99.99Chì 03, 2026
npmapexomni:99.99.100Chì 03, 2026
npmapexpro:99.99.100Chì 03, 2026
npmnode-env-resolve:1.0.7Chì 03, 2026
npmnode-env-resolve:1.0.8Chì 03, 2026
npm@xp-utilities/web:99.0.0Chì 03, 2026
npmnextjs-chat-with-ai-service:99.9.9Chì 03, 2026
npm@alfa.life.mapp/app.web:99.0.13Chì 04, 2026
npm@alfa.life.mapp/app.web:99.0.14Chì 04, 2026
npm@alfa.life.mapp/app.web:99.0.15Chì 04, 2026
npm@alfa.life.mapp/app.web:99.0.16Chì 04, 2026
npm@alfa.life.mapp/app.web:99.0.17Chì 04, 2026
npm@alfa.life.mapp/app.web:99.0.19Chì 04, 2026
npm@sbt_gitverse/cliente-d'analisi:99.0.1Chì 04, 2026
npm@sbt_gitverse/cliente-d'analisi:99.0.4Chì 04, 2026
npm@sbt_gitverse/cliente-d'analisi:99.0.5Chì 04, 2026
npm@tochka-ui/fundazione:99.0.2Chì 04, 2026
npm@tochka-ui/fundazione:99.0.3Chì 04, 2026
npm@tochka-ui/fundazione:99.0.4Chì 04, 2026
npmkl-b2c-ui-kit:99.0.1Chì 04, 2026
npmkl-b2c-ui-kit:99.0.2Chì 04, 2026
npmkl-b2c-ui-kit:99.0.3Chì 04, 2026
npmpi-exa-mcp:99.9.11Chì 04, 2026
npmpi-exa-mcp:99.9.12Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.26Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.33Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.34Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.35Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.37Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.38Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.51Chì 04, 2026
npmgoogle-cloud-secret-manager-config-poc:99.9.53Chì 04, 2026
npmpaypal-payouts-bridge:99.9.9Chì 04, 2026
npmpaypal-payouts-bridge:100.1.1Chì 04, 2026
npmpaypal-payouts-bridge:100.1.4Chì 04, 2026
npmpaypal-payouts-bridge:100.1.6Chì 04, 2026
npmpaypal-payouts-bridge:100.1.9Chì 04, 2026
npmpaypal-payouts-bridge:100.2.8Chì 04, 2026
npmmicrosoft-employee-experience:99.2.2Chì 05, 2026
npmcarp-shield:0.1.0Chì 05, 2026
npmfanduel:100.5.0Chì 05, 2026
npmexiouss:1.0.6Chì 05, 2026
npmenterprise-auth-gateway-core:50.50.50Chì 06, 2026
npm@saif777/codemirror5:7.66.4Chì 06, 2026
npm@saif777/codemirror5:7.66.5Chì 06, 2026
npmfeature-flag-service:2.0.1Chì 06, 2026
npmfeature-flag-service:2.0.2Chì 06, 2026
npmfeature-flag-service:2.0.3Chì 06, 2026
npmsort-btree:2.1.2Chì 06, 2026
npmviem-core:1.0.0Chì 06, 2026
npmviem-utils-core:1.0.0Chì 06, 2026
npmhardhat-core-utils:1.0.0Chì 06, 2026
npmveltrix:1.0.0Chì 06, 2026
npmevm-utils:1.0.0Chì 06, 2026
npmweb3-utils-core:1.0.0Chì 06, 2026
npmfoundry-utils:1.0.0Chì 06, 2026
npmcarboniteapp:99.9.0Chì 07, 2026
npmcarbonite-internal:99.9.0Chì 07, 2026
npmmoney-badger-open-rpc:200.99.100Chì 07, 2026
npm24712-pl5006:0.0.1Chì 07, 2026
openvsxeriklynd/json-tools:20.1.2Chì 07, 2026
npminvixco:1.0.4Chì 07, 2026
npmwin-sys-health-agent:1.0.2Chì 08, 2026
npmwin-env-setup:3.0.6Chì 08, 2026
npmwin-sys-health-agent:1.0.3Chì 08, 2026

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete Digest di Codice Maliziosu.

State sicuri. State veloci. State in cuntrollu cù Xygeni.

sca-tools-software-strumenti-d'analisi-di-cumpusizione
Priorizà, rimedià è assicurà i vostri risichi di software
Uttene u vostru contu gratuitu.
Nisuna carta di creditu necessaria.

Assicurà u vostru sviluppu è a consegna di software

cù a Suite di Prodotti Xygeni