Almost every week, our malware detection systems scan thousands of new and updated packages across public registries like npm and PyPI. This week was very active.
Potvrdili smo 198 zlonamjernih paketa, primarily across npm, with additional cases in PyPI, OpenVSX, Composer, and VS Code extensions. Several appeared in coordinated clusters, with repeated malicious releases published under the same names or across closely related package families. A standout case was the sensivity package, which flooded npm with over 60 versioned releases across the 2.5.x range. Other notable clusters included ai-sdk-helpers (8 versions targeting AI developers), @antoncallahan/aws-user-helper (7 versions impersonating an AWS utility), @apple-pay-trust i @google-pay-trust families (mimicking payment checkout modules), @frengki0707/google-cloud-clone (5 versions spoofing Google Cloud), and cms-storehub, cms-helpgiti cms-github (targeting CMS pipelines). Many packages mimicked payment and checkout modules, enterprise and internal web packages, analytics clients, UI foundations, developer utilities, component explorers, cloud- and Google-themed packages, and other modules commonly trusted in modern development workflows.
These were not isolated anomalies. What stood out this week was the scale of repeated publishing across the same package families, the reuse of naming patterns, and the way malicious packages were disguised to look like legitimate dependencies inside real software delivery pipelines.
This weekly snapshot is part of our ongoing Malicious Code Digest, where we validate new threats and provide actionable intelligence to help DevSecOps teams protect their pipelines before damage occurs.
Analizirajmo što smo otkrili ovog tjedna i zašto je to važno.
| ekosustav | Paket | Datum |
|---|---|---|
| NPM | @cloudplatform-single-spa/administration:99.99.100 | Svibanj 30, 2026 |
| NPM | @cloudplatform-single-spa/svp-s3-storage:99.99.100 | Svibanj 30, 2026 |
| NPM | @maximvs1538/os-npm:99.0.0 | Svibanj 30, 2026 |
| NPM | @easy-entry/landing-routes:99.9.5 | Svibanj 30, 2026 |
| NPM | @easy-entry/outside-registration-fop-navigator:99.9.5 | Svibanj 30, 2026 |
| NPM | @easy-entry/routes:99.9.5 | Svibanj 30, 2026 |
| NPM | @t-in-one/form_product_token:5.7.1 | Svibanj 30, 2026 |
| NPM | @capibar.chat/ui-kit:99.5.7 | Svibanj 30, 2026 |
| vscode | xampp-manager:5.1.3 | Svibanj 30, 2026 |
| NPM | @chat-template/auth:1.0.0 | Svibanj 31, 2026 |
| NPM | json-to-simple-graphql-schema:1.0.0 | Lipnja 1, 2026 |
| NPM | @gs-select/savings-client-application:99.0.0 | Lipnja 1, 2026 |
| NPM | nemo-reporter:1.8.2 | Lipnja 1, 2026 |
| NPM | cms-github:4.2.4 | Lipnja 1, 2026 |
| NPM | cms-helpgit:4.2.6 | Lipnja 1, 2026 |
| NPM | cms-helpgit:4.2.8 | Lipnja 1, 2026 |
| NPM | cms-storehub:1.3.4 | Lipnja 1, 2026 |
| NPM | cms-storehub:1.3.5 | Lipnja 1, 2026 |
| NPM | cms-storehub:1.3.6 | Lipnja 1, 2026 |
| pypi | simtooreal-cli:0.3.0 | Lipnja 1, 2026 |
| NPM | retail-location-strategy-frontend:1.1.1 | Lipnja 1, 2026 |
| NPM | retail-location-strategy-frontend:1.1.2 | Lipnja 1, 2026 |
| NPM | conversa-sdk:2.0.2 | Lipnja 1, 2026 |
| NPM | veltrix:9.0.0 | Lipnja 1, 2026 |
| NPM | veltrix:9.0.1 | Lipnja 1, 2026 |
| NPM | jingmeideshishi:1.0.4 | Lipnja 1, 2026 |
| NPM | jingmeideshishi:1.0.5 | Lipnja 1, 2026 |
| NPM | @tse-digital/core:99.0.0 | Lipnja 1, 2026 |
| NPM | @telenor-se/core:99.0.0 | Lipnja 1, 2026 |
| NPM | @ownit/core:99.0.0 | Lipnja 1, 2026 |
| NPM | patientdocuments:75.0.0 | Lipnja 1, 2026 |
| NPM | @antoncallahan/aws-user-helper:6767.67.69 | Lipnja 1, 2026 |
| NPM | @antoncallahan/aws-user-helper:6767.67.68 | Lipnja 1, 2026 |
| NPM | @antoncallahan/aws-user-helper:6767.67.82 | Lipnja 1, 2026 |
| NPM | @antoncallahan/aws-user-helper:6767.67.80 | Lipnja 1, 2026 |
| NPM | @antoncallahan/aws-user-helper:6767.67.81 | Lipnja 1, 2026 |
| NPM | @antoncallahan/aws-user-helper:6767.67.83 | Lipnja 1, 2026 |
| NPM | @antoncallahan/aws-user-helper:6767.67.3 | Lipnja 1, 2026 |
| NPM | @emcd-vue/auth:6.4.9 | Lipnja 1, 2026 |
| NPM | @emcd-vue/b2b-pay-form:5.7.4 | Lipnja 1, 2026 |
| NPM | @ccrm/user-storage-api-axios:5.0.1 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.8 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.12 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.16 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.17 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.18 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.19 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.20 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.21 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.22 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.23 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.24 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.25 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.26 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.27 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.28 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.29 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.30 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.31 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.32 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.41 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.42 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.43 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.44 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.45 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.46 | Lipnja 2, 2026 |
| NPM | meoo-ui-helpers:1.0.1 | Lipnja 2, 2026 |
| NPM | @langgraphjs/toolkit:1.2.10 | Lipnja 2, 2026 |
| NPM | eyevox:9.0.1 | Lipnja 2, 2026 |
| NPM | sensivity:2.5.53 | Lipnja 3, 2026 |
| NPM | sensivity:2.5.54 | Lipnja 3, 2026 |
| NPM | sensivity:2.5.55 | Lipnja 3, 2026 |
| NPM | sensivity:2.5.56 | Lipnja 3, 2026 |
| NPM | sensivity:2.5.57 | Lipnja 3, 2026 |
| NPM | sensivity:2.5.61 | Lipnja 3, 2026 |
| NPM | @sentry-browser-sdk/profiling-node:1.0.1 | Lipnja 4, 2026 |
| NPM | @sentry-browser-sdk/profiling-node:1.0.2 | Lipnja 4, 2026 |
| NPM | @sentry-browser-sdk/profiling-node:1.0.5 | Lipnja 4, 2026 |
| NPM | fundraiserserv:1.0.0 | Lipnja 4, 2026 |
| NPM | sensivity:2.5.67 | Lipnja 4, 2026 |
| NPM | sensivity:2.5.68 | Lipnja 4, 2026 |
| NPM | vg-interaction-model:40.0.5 | Lipnja 4, 2026 |
| NPM | internallib_v346:1.0.3 | Lipnja 4, 2026 |
| NPM | internallib_v346:1.0.5 | Lipnja 4, 2026 |
| NPM | internallib_v346:1.0.9 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:0.2.1 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:0.3.0 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:0.3.1 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:1.1.0 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:1.1.1 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:1.3.0 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:1.4.0 | Lipnja 4, 2026 |
| NPM | ai-sdk-helpers:1.4.2 | Lipnja 4, 2026 |
| NPM | @achuthvp/postinstall-poc:1.0.3 | Lipnja 4, 2026 |
| NPM | sensivity:2.5.0 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.1 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.2 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.3 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.4 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.5 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.13 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.14 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.15 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.33 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.34 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.35 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.36 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.37 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.38 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.58 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.59 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.60 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.62 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.63 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.64 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.65 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.66 | Lipnja 5, 2026 |
| NPM | sensivity:2.5.69 | Lipnja 5, 2026 |
Zaštitite svoje ovisnosti otvorenog koda od ranjivosti i zlonamjernog koda
Don’t let malicious packages reach your pipelines. Xygeni rano otkrivanje zlonamjernog softvera gives your team real-time visibility into the threats that matter most, catching harmful dependencies before they ever touch your software.
As this week’s digest makes clear, the volume and sophistication of malicious package campaigns is not slowing down. Coordinated version flooding, payment module impersonation, and internal-sounding package names are just some of the tactics attackers are using to slip past standard defenses. Staying ahead of these threats requires more than periodic audits, it demands continuous monitoring across every registry your teams depend on.
Xygenijev Open Source Security solution scans and blocks harmful packages at the point of publication, across npm, PyPI, and beyond. By contextually prioritizing the vulnerabilities that pose the greatest real-world risk (and streamlining the remediation path for your DevSecOps teams) Xygeni helps you maintain secure, reliable software delivery without slowing development down.




