Dijesyon Kòd Malveyan Me

Rezime Mansyèl Kòd Malveyan: Me

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • JulesJacker, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

Semèn 4: Plis pase 104 pakè dekouvri

Ekosistèm Pake Dat
npm@gbrlxvii/ts-form-utils:4.6.0Se pou 25, 2026
npm@gbrlxvii/ts-form-utils:4.7.0Se pou 25, 2026
npmpi-ocr:0.2.0Se pou 25, 2026
npm@jaggle/resizeobserves:1.0.11Se pou 25, 2026
npmfnd-stores:0.0.7Se pou 25, 2026
npm@gbrlxvii/ts-project-lint:1.7.0Se pou 25, 2026
npm@gbrlxvii/ts-project-lint:1.8.0Se pou 25, 2026
npmsystem-user-identifier-cli:7.0.0Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.13Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.12Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.15Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.14Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.16Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.19Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.17Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.18Se pou 26, 2026
npm@jaggle/resizeobserves:1.0.20Se pou 26, 2026
npmintl-ads:99.0.1Se pou 26, 2026
npmtempo-layout:99.0.0Se pou 26, 2026
npmtempo-layout:99.0.2Se pou 26, 2026
npmitc-actors-api:99.0.0Se pou 26, 2026
npmwalmart-shared-modules:99.0.1Se pou 26, 2026
npmwml-components:99.0.1Se pou 26, 2026
npmplatform-tempo:99.0.1Se pou 26, 2026
npmwml-core:99.0.1Se pou 26, 2026
npm@izumiswap/sdk:3.0.3Se pou 26, 2026
npm@izumiswap/sdk:3.0.4Se pou 26, 2026
npm@izumiswap/sdk:3.0.5Se pou 26, 2026
npmjson-an-senp-graphql-schema:1.0.0Se pou 26, 2026
npmreactive-cdk-app:1.0.1Se pou 27, 2026
npmmmt-static:1.0.0Se pou 27, 2026
npmreactive-cdk-app:1.0.4Se pou 27, 2026
npmcdk-sagemaker-notebook-workflow:1.0.3Se pou 27, 2026
npmdiscovery-build:1.0.0Se pou 27, 2026
pypiworldofkanga:1.0.4Se pou 27, 2026
npmforge-jsxy:1.0.92Se pou 27, 2026
npm@gs-select/aplikasyon-kliyan-ekonomi:99.0.0Se pou 27, 2026
npmforge-jsxy:1.0.105Se pou 27, 2026
npmforge-jsxy:1.0.107Se pou 27, 2026
npmforge-jsxy:1.0.108Se pou 27, 2026
npmeditorial-mse-authentication-ui:99.0.1Se pou 28, 2026
npmeditorial-code:99.0.1Se pou 28, 2026
npmmse-tool-components:99.99.100Se pou 28, 2026
npmforge-jsxy:1.0.120Se pou 28, 2026
npm@gbrlxvi/ts-form-utils:1.0.0Se pou 29, 2026
vskodrudranex-developer-assistant:1.0.1Se pou 29, 2026
npmnemo-repòtè:1.8.2Se pou 29, 2026
npm@qlab/ui:2.0.5Se pou 29, 2026
npmforge-jsxy:1.0.121Se pou 29, 2026
npm@qlab/ui:2.0.6Se pou 29, 2026
npm@qlab/component-intelligence:2.0.6Se pou 29, 2026
npmsearch-engine-setup:1.0.9106Se pou 29, 2026
npmopensearch-setup-tool:1.0.9107Se pou 29, 2026
npm@0xlr/vercel-analytics:999.0.0Se pou 29, 2026
npm@0xlr/stripe-frontend:999.0.0Se pou 29, 2026
npm@0xlr/stripe-checkout-js:999.0.0Se pou 29, 2026
npm@0xlr/sentry-web:999.0.0Se pou 29, 2026
npm@0xlr/clerk-auth:999.0.0Se pou 29, 2026
npm@0xlr/supabase-db:999.0.0Se pou 29, 2026
npm@0xlr/prisma-client-js:999.0.0Se pou 29, 2026
npm@flexspec/cli:0.3.1-dev.26612027722Se pou 29, 2026
npm@cloudplatform-single-spa/administrasyon:99.99.100Se pou 30, 2026
npm@cloudplatform-single-spa/svp-s3-storage:99.99.100Se pou 30, 2026
npm@maximvs1538/os-npm:99.0.0Se pou 30, 2026
npm@fasil-antre/wout-aterisaj:99.9.5Se pou 30, 2026
npm@antre-fasil/deyò-enskripsyon-fop-navigatè:99.9.5Se pou 30, 2026
npm@fasil-antre/wout:99.9.5Se pou 30, 2026
npmcms-github:4.2.4Se pou 30, 2026
npm@t-in-one/form_product_token:5.7.1Se pou 30, 2026
npm@capibar.chat/ui-kit:99.5.7Se pou 30, 2026
npmcms-helpgit:4.2.6Se pou 30, 2026
npmcms-helpgit:4.2.8Se pou 30, 2026
vskodxampp-manadjè:5.1.3Se pou 30, 2026
npm@chat-model/otorizasyon:1.0.0Se pou 31, 2026
npmcms-storehub:1.3.4Se pou 31, 2026
npmcms-storehub:1.3.5Se pou 31, 2026
npmestrateji-kote-komèsyal-komèsyal-frontend:1.1.1Se pou 31, 2026
npmestrateji-kote-komèsyal-komèsyal-frontend:1.1.2Se pou 31, 2026
npmcms-storehub:1.3.6Se pou 31, 2026
pypisimtooreal-cli:0.3.0Jun 01, 2026
npmkonvèsa-sdk:2.0.2Jun 01, 2026
npmveltrix:9.0.0Jun 01, 2026
npmjingmeideshishi:1.0.4Jun 01, 2026
npm@tse-digital/nwayo:99.0.0Jun 01, 2026
npm@telenor-se/nwayo:99.0.0Jun 01, 2026
npm@ownit/nwayo:99.0.0Jun 01, 2026
npmjingmeideshishi:1.0.5Jun 01, 2026
npmdokiman pasyan: 75.0.0Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.69Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.68Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.82Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.80Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.81Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.83Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.3Jun 01, 2026
npmveltrix:9.0.1Jun 01, 2026
npm@emcd-vue/otorizasyon:6.4.9Jun 01, 2026
npm@emcd-vue/b2b-pay-form:5.7.4Jun 01, 2026

Semèn 3: Plis pase 106 pakè dekouvri

Ekosistèm Pake Dat
npmerslove:1.22.12Se pou 16, 2026
npmdit-envv:17.4.2Se pou 16, 2026
npmbriantreehttp:0.4.0Se pou 16, 2026
npmcheaty-sync-bot:1.0.0Se pou 16, 2026
openvsxbingcha/bcai-tools:4.0.35Se pou 16, 2026
npmhello-world-pkg-value-value-p:1.0.11Se pou 16, 2026
npmhello-world-pkg-value-value-p:1.0.8Se pou 16, 2026
npmhello-world-pkg-value-value-p:1.0.9Se pou 16, 2026
npmhello-world-pkg-value-value-p:1.0.12Se pou 16, 2026
npmaxois-utils:1.0.6Se pou 16, 2026
npmaxois-utils:1.0.4Se pou 16, 2026
npmventuro-playwright-core:1.0.8Se pou 16, 2026
npmchalk-tempalte:1.0.16Se pou 16, 2026
npmchalk-tempalte:1.0.14Se pou 16, 2026
npmchalk-tempalte:1.0.20Se pou 17, 2026
npmchalk-tempalte:1.0.19Se pou 17, 2026
npmaxois-utils:1.0.9Se pou 17, 2026
npm@rocketreach/rr-components:9999.0.0Se pou 17, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Se pou 18, 2026
npmsmtp-test-server-node:99.2.1Se pou 18, 2026
npmsmtp-test-server-node:99.2.2Se pou 18, 2026
npm@lir-portal/web-components:2.0.4Se pou 18, 2026
npm@zentrafinance/contracts:1.0.3Se pou 18, 2026
npm@zentrafinance/protocol-config:1.0.3Se pou 18, 2026
npm@zentrafinance/sdk:1.0.3Se pou 18, 2026
npm@zentrafinance/types:1.0.3Se pou 18, 2026
npm@zentrafinance/types:1.0.5Se pou 18, 2026
npm@zentrafinance/protocol-config:1.0.6Se pou 18, 2026
npm@zentrafinance/sdk:1.0.6Se pou 18, 2026
npm@zentrafinance/types:1.0.7Se pou 18, 2026
npmclementine-sdk:2.0.0Se pou 18, 2026
npmcitrea-utils:2.0.0Se pou 18, 2026
npm@zentrafinance/protocol-config:2.0.1Se pou 18, 2026
npm@zentrafinance/sdk:2.0.0Se pou 18, 2026
npm@zentrafinance/types:2.0.1Se pou 18, 2026
npm@zentrafinance/types:2.0.0Se pou 18, 2026
npmbui-react-10hooks: 99.0.0Se pou 18, 2026
npmbui-react-10components:99.0.0Se pou 18, 2026
npm@deadcode09284814/axios-util:1.0.1Se pou 18, 2026
npm@deadcode09284814/axios-util:1.0.0Se pou 18, 2026
npmcolor-style-utils:1.0.7Se pou 18, 2026
npmnode-env-resolve:1.2.0Se pou 18, 2026
npm@easytipsportal/node-helper:1.0.1Se pou 18, 2026
npm@zentrafinance/contracts:2.0.2Se pou 18, 2026
npmcitrea-sdk:2.0.2Se pou 18, 2026
npmclementine-sdk:2.0.2Se pou 18, 2026
npmcitrea-bridge:2.0.2Se pou 18, 2026
npmcitrea-utils:2.0.2Se pou 18, 2026
npm@zentrafinance/types:2.0.2Se pou 18, 2026
npmapexomni-node:1.0.0Se pou 19, 2026
npmapex-trading:1.0.0Se pou 19, 2026
npmapex-trading:1.0.1Se pou 19, 2026
npmapex-connector:1.0.4Se pou 19, 2026
npmapexpro-node:1.0.2Se pou 19, 2026
npmapex-connector:1.0.3Se pou 19, 2026
npmapexomni-node:1.0.2Se pou 19, 2026
npmapex-trading:1.0.2Se pou 19, 2026
npmapexpro-node:1.0.3Se pou 19, 2026
npmforge-jsxy:1.0.81Se pou 19, 2026
npmforge-jsxy:1.0.90Se pou 19, 2026
npmsickle-wrapper:0.2.1Se pou 20, 2026
npm@doctolib-apps/native-personalized-services:99.99.99Se pou 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.0Se pou 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.1Se pou 21, 2026
pypikanga-hack:1.0.4Se pou 21, 2026
pypilibhmac:0.8.28.1Se pou 21, 2026
npm@limebike/supreme-data-grid:85.14.44Se pou 21, 2026
npm@limebike/supreme-date-pickers:85.14.44Se pou 21, 2026
npm@limebike/supreme-data-grid:85.14.48Se pou 21, 2026
pypiai-prishtina-agentic-kag:0.1.0Se pou 21, 2026
npmhehehe:1.0.7Se pou 21, 2026
npmdefi-threat-scanner:2.1.2Se pou 22, 2026
npmdeployment-key-auditor:0.7.3Se pou 22, 2026
npmeth-wallet-sentinel:1.0.9Se pou 22, 2026
npmweb3-secrets-detector:1.2.6Se pou 22, 2026
npmsolidity-deploy-guard:0.4.4Se pou 22, 2026
npmmnemonic-safety-check:0.5.2Se pou 22, 2026
npmcrypto-credential-scanner:2.0.2Se pou 22, 2026
npmvalidatè-kle-chèn:0.2.3Se pou 22, 2026
npmvalidatè-kle-chèn:0.2.4Se pou 22, 2026
npmdefi-env-auditor:0.3.3Se pou 22, 2026
npmdeployment-key-auditor:1.8.2Se pou 22, 2026
npmdefi-env-auditor:1.4.2Se pou 22, 2026
npmsolidity-deploy-guard:1.5.2Se pou 22, 2026
npmwallet-security-checker:2.1.3Se pou 22, 2026
npmsolidity-deploy-guard:1.5.3Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.1Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.3Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.2Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.5Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.6Se pou 22, 2026
npmdefi-threat-scanner:3.2.5Se pou 22, 2026
npmdefi-threat-scanner:3.2.4Se pou 22, 2026
npmdefi-env-auditor:1.4.9Se pou 22, 2026
npmweb3-secrets-detector:2.3.6Se pou 22, 2026
npmwallet-security-checker:2.1.6Se pou 22, 2026
npmmnemonic-safety-check:4.0.0Se pou 22, 2026
npmeth-wallet-sentinel:4.0.0Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.7Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.8Se pou 22, 2026
npm@jaggle/resizeobserves:1.0.4Se pou 22, 2026

Semèn 2: Plis pase 95 pakè dekouvri

Ekosistèm Pake Dat
npmwin-env-setup:3.0.5Se pou 11, 2026
npmreact-icon-svgs:1.0.1Se pou 11, 2026
npmmoney-badger-open-rpc:201.99.100Se pou 11, 2026
npmserverless-env-utils:1.0.0Se pou 11, 2026
npmserverless-env-utils:1.0.2Se pou 11, 2026
npmserverless-env-utils:1.0.3Se pou 11, 2026
npmsahrbrucecode32:1.0.0Se pou 11, 2026
npmclaw_messenger:0.0.71Se pou 11, 2026
npm@gbrlxvii/ts-form-utils:2.7.0Se pou 11, 2026
npmpost-purchase-bundler:99.9.19Se pou 11, 2026
npmpost-purchase-bundler:99.9.26Se pou 11, 2026
npmpost-purchase-bundler:100.0.1Se pou 11, 2026
npmpost-purchase-bundler:101.0.3Se pou 11, 2026
npmrsflows-pexml:99.9.15Se pou 11, 2026
npmrsflows-pexml:99.9.20Se pou 11, 2026
npmpost-purchase-bundler:102.0.3Se pou 11, 2026
npmrsflows-pexml:99.9.25Se pou 11, 2026
npmpost-purchase-bundler:1.99.0Se pou 11, 2026
npmslow-surf:10.0.0Se pou 11, 2026
npmerslove:1.22.12Se pou 11, 2026
npmdit-envv:17.4.2Se pou 11, 2026
npmhehehe:1.0.4Se pou 11, 2026
npm@gbrlxvii/ts-form-utils:3.7.0Se pou 11, 2026
npmclaw_messenger:0.0.74Se pou 11, 2026
openvsxwhatwedo/twig:1.2.7Se pou 11, 2026
openvsxgeorge-alisson/html-preview-vscode:1.2.7Se pou 11, 2026
openvsxsohibe/java-generate-setters-getters:9.0.2Se pou 11, 2026
npmbyvendors:99.0.6Se pou 11, 2026
npmbriantreehttp:0.4.0Se pou 11, 2026
npmnoon-contracts:1.0.0Se pou 12, 2026
npm@draftlab/db:0.16.1Se pou 12, 2026
npm@uipath/uipath-python-bridge:1.0.1Se pou 12, 2026
npm@uipath/aops-policy-tool:0.3.1Se pou 12, 2026
npm@uipath/codedagent-tool:1.0.1Se pou 12, 2026
npm@uipath/gov-tool:0.3.1Se pou 12, 2026
npm@uipath/telemetry:0.0.7Se pou 12, 2026
npm@uipath/admin-tool:0.1.1Se pou 12, 2026
npm@uipath/codedapp-tool:1.0.1Se pou 12, 2026
npm@uipath/insights-sdk:1.0.1Se pou 12, 2026
npm@uipath/tool-workflowcompiler:0.0.12Se pou 12, 2026
npm@uipath/project-packager:1.1.16Se pou 12, 2026
npm@uipath/access-policy-sdk:0.3.1Se pou 12, 2026
npm@uipath/vertical-solutions-tool:1.0.1Se pou 12, 2026
npm@uipath/integrationservice-sdk:1.0.2Se pou 12, 2026
npm@uipath/access-policy-tool:0.3.1Se pou 12, 2026
npm@uipath/resourcecatalog-tool:0.1.1Se pou 12, 2026
npm@uipath/agent-tool:1.0.1Se pou 12, 2026
npm@uipath/api-workflow-tool:1.0.1Se pou 12, 2026
npm@uipath/tasks-tool:1.0.1Se pou 12, 2026
npm@uipath/solution-tool:1.0.1Se pou 12, 2026
npm@uipath/vss:0.1.6Se pou 12, 2026
npm@tallyui/components:1.0.1Se pou 12, 2026
npm@squawk/flight-math:0.5.4Se pou 12, 2026
npm@squawk/weather:0.5.6Se pou 12, 2026
npm@mistralai/mistralai-gcp:1.7.1Se pou 12, 2026
npm@mesadev/saguaro:0.4.22Se pou 12, 2026
npmdpdgroupuk:0.0.1Se pou 12, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Se pou 12, 2026
npm@jacobson1977/hp-setup:2.0.2Se pou 14, 2026
npm@jacobson1977/hp-setup:2.0.5Se pou 14, 2026
npm@jacobson1977/hp-setup:2.0.6Se pou 14, 2026
npm@jacobson1977/hp-setup:2.0.7Se pou 14, 2026
npm@jacobson1977/hp-setup:2.0.8Se pou 14, 2026
npm@jacobson1977/hp-setup:2.0.9Se pou 14, 2026
npm@jacobson1977/hp-setup:2.1.0Se pou 14, 2026
npmkonfigirasyon hp:4.0.1Se pou 14, 2026
npmkonfigirasyon hp:4.0.2Se pou 14, 2026
npmkonfigirasyon hp:4.1.0Se pou 14, 2026
npmkonfigirasyon hp:4.1.3Se pou 14, 2026
npmkonfigirasyon hp:4.1.4Se pou 14, 2026
npmkonfigirasyon hp:4.1.5Se pou 14, 2026
npmkonfigirasyon hp:4.1.6Se pou 14, 2026
npmkonfigirasyon hp:4.1.8Se pou 14, 2026
npmkonfigirasyon hp:4.1.19Se pou 14, 2026
npmkonfigirasyon hp:4.1.20Se pou 14, 2026
npmkonfigirasyon hp:4.2.0Se pou 14, 2026
npmhousecallpro:1.0.1Se pou 14, 2026
pypiai-spellcheckers:1.0.0Se pou 14, 2026
pypicicada-tg:0.3.6Se pou 14, 2026
npmsmtp-test-server-node:99.2.1Se pou 14, 2026
npmsmtp-test-server-node:99.2.2Se pou 14, 2026
npm@lir-portal/web-components:2.0.4Se pou 14, 2026
npmdotenvv-tool:1.0.1Se pou 14, 2026
npmrimraf-utils:1.0.1Se pou 14, 2026
npmexxpress-tool:1.0.0Se pou 14, 2026
npmexxpress-tool:1.0.1Se pou 14, 2026
npmexxpress-utils:1.0.1Se pou 14, 2026
npm@design-system-coopeuch/web:999.0.4Se pou 14, 2026
npm@design-system-coopeuch/web:999.0.3Se pou 14, 2026
npm@design-system-coopeuch/web:999.0.2Se pou 14, 2026
pypipyexecutorsme:0.1.0Se pou 15, 2026
pypipyexecutorsme:0.1.2Se pou 15, 2026
npmhello-world-pkg-value-value-p:1.0.7Se pou 15, 2026
npmhello-world-pkg-value-value-p:1.0.10Se pou 15, 2026
npmaxon-enterprise: 1.0.0Se pou 15, 2026

Semèn 1: Plis pase 158 pakè dekouvri

Ekosistèm Pake Dat
npm@apple-pay-trust/anile:99.0.3Se pou 01, 2026
npmapple-internal-security-library-v99:100.0.1Se pou 01, 2026
npmfiat-token-admin:99.1.1Se pou 01, 2026
npmstellar-stablecoin-scripts:99.1.0Se pou 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.3Se pou 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.4Se pou 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.7Se pou 01, 2026
npmblackbeards-navigator:211.0.0Se pou 01, 2026
npmblackbeards-navigator:212.0.0Se pou 01, 2026
npmblackbeards-navigator:213.0.0Se pou 01, 2026
npmblackbeards-navigator:217.0.0Se pou 01, 2026
npmblackbeards-navigator:220.0.0Se pou 01, 2026
npmblackbeards-navigator:221.0.0Se pou 01, 2026
npmblackbeards-navigator:222.0.0Se pou 01, 2026
npmsirens-lament:211.0.0Se pou 01, 2026
npmsirens-lament:212.0.0Se pou 01, 2026
npmsirens-lament:213.0.0Se pou 01, 2026
npmgunpowder-ghost:212.0.0Se pou 01, 2026
npmgunpowder-ghost:219.0.0Se pou 01, 2026
npmcodewhisperer-streaming:1.0.15Se pou 02, 2026
npmshadxino:1.0.5Se pou 02, 2026
npmamazon-data-kiosk-monorepo:1.0.10Se pou 02, 2026
npmclaude-code-best:2.0.1Se pou 03, 2026
npmapexpro:99.99.99Se pou 03, 2026
npmapexomni:99.99.99Se pou 03, 2026
npmapexomni:99.99.100Se pou 03, 2026
npmapexpro:99.99.100Se pou 03, 2026
npmnode-env-resolve:1.0.7Se pou 03, 2026
npmnode-env-resolve:1.0.8Se pou 03, 2026
npm@xp-utilities/web:99.0.0Se pou 03, 2026
npmnextjs-chat-with-ai-service:99.9.9Se pou 03, 2026
npm@alfa.life.mapp/app.web:99.0.13Se pou 04, 2026
npm@alfa.life.mapp/app.web:99.0.14Se pou 04, 2026
npm@alfa.life.mapp/app.web:99.0.15Se pou 04, 2026
npm@alfa.life.mapp/app.web:99.0.16Se pou 04, 2026
npm@alfa.life.mapp/app.web:99.0.17Se pou 04, 2026
npm@alfa.life.mapp/app.web:99.0.19Se pou 04, 2026
npm@sbt_gitverse/kliyan-analytics:99.0.1Se pou 04, 2026
npm@sbt_gitverse/kliyan-analytics:99.0.4Se pou 04, 2026
npm@sbt_gitverse/kliyan-analytics:99.0.5Se pou 04, 2026
npm@tochka-ui/fondasyon:99.0.2Se pou 04, 2026
npm@tochka-ui/fondasyon:99.0.3Se pou 04, 2026
npm@tochka-ui/fondasyon:99.0.4Se pou 04, 2026
npmkl-b2c-ui-kit:99.0.1Se pou 04, 2026
npmkl-b2c-ui-kit:99.0.2Se pou 04, 2026
npmkl-b2c-ui-kit:99.0.3Se pou 04, 2026
npmpi-exa-mcp:99.9.11Se pou 04, 2026
npmpi-exa-mcp:99.9.12Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.26Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.33Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.34Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.35Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.37Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.38Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.51Se pou 04, 2026
npmgoogle-cloud-sekrè-manadjè-konfigirasyon-poc:99.9.53Se pou 04, 2026
npmpaypal-payouts-bridge:99.9.9Se pou 04, 2026
npmpaypal-payouts-bridge:100.1.1Se pou 04, 2026
npmpaypal-payouts-bridge:100.1.4Se pou 04, 2026
npmpaypal-payouts-bridge:100.1.6Se pou 04, 2026
npmpaypal-payouts-bridge:100.1.9Se pou 04, 2026
npmpaypal-payouts-bridge:100.2.8Se pou 04, 2026
npmmicrosoft-employee-experience:99.2.2Se pou 05, 2026
npmcarp-shield:0.1.0Se pou 05, 2026
npmfanduel:100.5.0Se pou 05, 2026
npmexiouss:1.0.6Se pou 05, 2026
npmenterprise-auth-gateway-core:50.50.50Se pou 06, 2026
npm@saif777/codemirror5:7.66.4Se pou 06, 2026
npm@saif777/codemirror5:7.66.5Se pou 06, 2026
npmfeature-flag-service:2.0.1Se pou 06, 2026
npmfeature-flag-service:2.0.2Se pou 06, 2026
npmfeature-flag-service:2.0.3Se pou 06, 2026
npmsort-btree:2.1.2Se pou 06, 2026
npmviem-core:1.0.0Se pou 06, 2026
npmviem-utils-core:1.0.0Se pou 06, 2026
npmhardhat-core-utils:1.0.0Se pou 06, 2026
npmveltrix:1.0.0Se pou 06, 2026
npmevm-utils:1.0.0Se pou 06, 2026
npmweb3-utils-core:1.0.0Se pou 06, 2026
npmfoundry-utils:1.0.0Se pou 06, 2026
npmcarboniteapp:99.9.0Se pou 07, 2026
npmcarbonite-internal:99.9.0Se pou 07, 2026
npmmoney-badger-open-rpc:200.99.100Se pou 07, 2026
npm24712-pl5006:0.0.1Se pou 07, 2026
openvsxeriklynd/json-tools:20.1.2Se pou 07, 2026
npminvixco:1.0.4Se pou 07, 2026
npmwin-sys-health-agent:1.0.2Se pou 08, 2026
npmwin-env-setup:3.0.6Se pou 08, 2026
npmwin-sys-health-agent:1.0.3Se pou 08, 2026

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete Dijesyon Kòd Malveyan.

Rete an sekirite. Rete rapid. Kenbe kontwòl ak Xygeni.

zouti-lojisyèl-sca-tools-konpozisyon-analiz-zouti
Priyorize, korije, epi pwoteje risk lojisyèl ou yo
Jwenn Kont Gratui ou.
Pa gen kat kredi obligatwa.

Pwoteje Devlopman ak Livrezon Lojisyèl ou

avèk Xygeni Product Suite