မေလတွင် Malicious Code Digest

Malicious Code Digest လစဉ်အကျဉ်းချုပ်- မေလ

မာတိကာ

မဖြစ်မနေဖတ်သင့်သောပို့စ်များ

စိတ်ဝင်စားဖွယ်ကောင်းသော နောက်ဆုံးပို့စ်များ

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • ဂျူးလ်စ်ဂျက်ကာ, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

အပတ် ၁: အထုပ် ၁၁၈ ထုပ်ကျော် ရှာဖွေတွေ့ရှိခဲ့သည်

ဂေဟစနစ် အထုပ် နေ့စှဲ
npm@gbrlxvii/ts-form-utils:4.6.0မေလ 25, 2026
npm@gbrlxvii/ts-form-utils:4.7.0မေလ 25, 2026
npmpi-ocr:0.2.0မေလ 25, 2026
npm@jaggle/resizeobserves:1.0.11မေလ 25, 2026
npmfnd-stores:0.0.7မေလ 25, 2026
npm@gbrlxvii/ts-project-lint:1.7.0မေလ 25, 2026
npm@gbrlxvii/ts-project-lint:1.8.0မေလ 25, 2026
npmsystem-user-identifier-cli:7.0.0မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.13မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.12မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.15မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.14မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.16မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.19မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.17မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.18မေလ 26, 2026
npm@jaggle/resizeobserves:1.0.20မေလ 26, 2026
npmintl-ads:99.0.1မေလ 26, 2026
npmtempo-layout:99.0.0မေလ 26, 2026
npmtempo-layout:99.0.2မေလ 26, 2026
npmitc-actors-api:99.0.0မေလ 26, 2026
npmwalmart-shared-modules:99.0.1မေလ 26, 2026
npmwml-components:99.0.1မေလ 26, 2026
npmplatform-tempo:99.0.1မေလ 26, 2026
npmwml-core:99.0.1မေလ 26, 2026
npm@izumiswap/sdk:3.0.3မေလ 26, 2026
npm@izumiswap/sdk:3.0.4မေလ 26, 2026
npm@izumiswap/sdk:3.0.5မေလ 26, 2026
npmjson-to-simple-graphql-schema:၁.၀.၀မေလ 26, 2026
npmreactive-cdk-app:1.0.1မေလ 27, 2026
npmmmt-static:1.0.0မေလ 27, 2026
npmreactive-cdk-app:1.0.4မေလ 27, 2026
npmcdk-sagemaker-notebook-workflow:1.0.3မေလ 27, 2026
npmdiscovery-build:1.0.0မေလ 27, 2026
pypiworldofkanga:1.0.4မေလ 27, 2026
npmforge-jsxy:1.0.92မေလ 27, 2026
npm@gs-select/savings-client-application:99.0.0မေလ 27, 2026
npmforge-jsxy:1.0.105မေလ 27, 2026
npmforge-jsxy:1.0.107မေလ 27, 2026
npmforge-jsxy:1.0.108မေလ 27, 2026
npmeditorial-mse-authentication-ui:99.0.1မေလ 28, 2026
npmeditorial-code:99.0.1မေလ 28, 2026
npmmse-tool-components:99.99.100မေလ 28, 2026
npmforge-jsxy:1.0.120မေလ 28, 2026
npm@gbrlxvi/ts-form-utils:1.0.0မေလ 29, 2026
vscoderudranex-developer-assistant:1.0.1မေလ 29, 2026
npmနီမို-သတင်းထောက်: ၁.၈.၂မေလ 29, 2026
npm@qlab/ui:2.0.5မေလ 29, 2026
npmforge-jsxy:1.0.121မေလ 29, 2026
npm@qlab/ui:2.0.6မေလ 29, 2026
npm@qlab/component-intelligence:2.0.6မေလ 29, 2026
npmsearch-engine-setup:1.0.9106မေလ 29, 2026
npmopensearch-setup-tool:1.0.9107မေလ 29, 2026
npm@0xlr/vercel-analytics:999.0.0မေလ 29, 2026
npm@0xlr/stripe-frontend:999.0.0မေလ 29, 2026
npm@0xlr/stripe-checkout-js:999.0.0မေလ 29, 2026
npm@0xlr/sentry-web:999.0.0မေလ 29, 2026
npm@0xlr/clerk-auth:999.0.0မေလ 29, 2026
npm@0xlr/supabase-db:999.0.0မေလ 29, 2026
npm@0xlr/prisma-client-js:999.0.0မေလ 29, 2026
npm@flexspec/cli:0.3.1-dev.26612027722မေလ 29, 2026
npm@cloudplatform-single-spa/အုပ်ချုပ်ရေး:99.99.100မေလ 30, 2026
npm@cloudplatform-single-spa/svp-s3-storage:99.99.100မေလ 30, 2026
npm@maximvs1538/os-npm:99.0.0မေလ 30, 2026
npm@လွယ်ကူစွာဝင်ရောက်/ဆင်းသက်လမ်းကြောင်းများ- ၉၉.၉.၅မေလ 30, 2026
npm@easy-entry/outside-registration-fop-navigator:99.9.5မေလ 30, 2026
npm@easy-entry/routes:99.9.5မေလ 30, 2026
npmcms-github:၄.၂.၄မေလ 30, 2026
npm@t-in-one/form_product_token:၅.၇.၁မေလ 30, 2026
npm@capibar.chat/ui-kit:99.5.7မေလ 30, 2026
npmcms-helpgit:၄.၂.၈မေလ 30, 2026
npmcms-helpgit:၄.၂.၈မေလ 30, 2026
vscodexampp-manager:၅.၁.၃မေလ 30, 2026
npm@chat-template/auth:၁.၀.၀မေလ 31, 2026
npmcms-storehub:၁.၃.၄မေလ 31, 2026
npmcms-storehub:၁.၃.၄မေလ 31, 2026
npmလက်လီ-တည်နေရာ-မဟာဗျူဟာ-ရှေ့မျက်နှာစာ-၁.၁.၂မေလ 31, 2026
npmလက်လီ-တည်နေရာ-မဟာဗျူဟာ-ရှေ့မျက်နှာစာ-၁.၁.၂မေလ 31, 2026
npmcms-storehub:၁.၃.၄မေလ 31, 2026
pypisimtooreal-cli:၀.၃.၀ဇွန် 01, 2026
npmconversa-sdk:၂.၀.၂ဇွန် 01, 2026
npmဗယ်လ်ထရစ်စ်:၉.၀.၁ဇွန် 01, 2026
npmjingmeideshishi-၁.၀.၅ဇွန် 01, 2026
npm@tse-digital/core:99.0.0ဇွန် 01, 2026
npm@telenor-se/core:99.0.0ဇွန် 01, 2026
npm@ownit/core:99.0.0ဇွန် 01, 2026
npmjingmeideshishi-၁.၀.၅ဇွန် 01, 2026
npmလူနာစာရွက်စာတမ်းများ- ၇၅.၀.၀ဇွန် 01, 2026
npm@antoncallahan/aws-user-helper:၆၇၆၇.၆၇.၆၉ဇွန် 01, 2026
npm@antoncallahan/aws-user-helper:၆၇၆၇.၆၇.၆၉ဇွန် 01, 2026
npm@antoncallahan/aws-user-helper:၆၇၆၇.၆၇.၆၉ဇွန် 01, 2026
npm@antoncallahan/aws-user-helper:၆၇၆၇.၆၇.၆၉ဇွန် 01, 2026
npm@antoncallahan/aws-user-helper:၆၇၆၇.၆၇.၆၉ဇွန် 01, 2026
npm@antoncallahan/aws-user-helper:၆၇၆၇.၆၇.၆၉ဇွန် 01, 2026
npm@antoncallahan/aws-user-helper:၆၇၆၇.၆၇.၆၉ဇွန် 01, 2026
npmဗယ်လ်ထရစ်စ်:၉.၀.၁ဇွန် 01, 2026
npm@emcd-vue/auth:၆.၄.၉ဇွန် 01, 2026
npm@emcd-vue/b2b-pay-form:၅.၇.၄ဇွန် 01, 2026

အပတ် ၁: အထုပ် ၁၁၈ ထုပ်ကျော် ရှာဖွေတွေ့ရှိခဲ့သည်

ဂေဟစနစ် အထုပ် နေ့စှဲ
npmerslove:1.22.12မေလ 16, 2026
npmdit-envv:17.4.2မေလ 16, 2026
npmbriantreehttp:0.4.0မေလ 16, 2026
npmcheaty-sync-bot:1.0.0မေလ 16, 2026
openvsxbingcha/bcai-tools:4.0.35မေလ 16, 2026
npmhello-world-pkg-value-value-p:1.0.11မေလ 16, 2026
npmhello-world-pkg-value-value-p:1.0.8မေလ 16, 2026
npmhello-world-pkg-value-value-p:1.0.9မေလ 16, 2026
npmhello-world-pkg-value-value-p:1.0.12မေလ 16, 2026
npmaxois-utils:1.0.6မေလ 16, 2026
npmaxois-utils:1.0.4မေလ 16, 2026
npmventuro-playwright-core:1.0.8မေလ 16, 2026
npmchalk-tempalte:1.0.16မေလ 16, 2026
npmchalk-tempalte:1.0.14မေလ 16, 2026
npmchalk-tempalte:1.0.20မေလ 17, 2026
npmchalk-tempalte:1.0.19မေလ 17, 2026
npmaxois-utils:1.0.9မေလ 17, 2026
npm@rocketreach/rr-components:9999.0.0မေလ 17, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4မေလ 18, 2026
npmsmtp-test-server-node:99.2.1မေလ 18, 2026
npmsmtp-test-server-node:99.2.2မေလ 18, 2026
npm@lir-portal/web-components:2.0.4မေလ 18, 2026
npm@zentrafinance/contracts:1.0.3မေလ 18, 2026
npm@zentrafinance/protocol-config:1.0.3မေလ 18, 2026
npm@zentrafinance/sdk:1.0.3မေလ 18, 2026
npm@zentrafinance/types:1.0.3မေလ 18, 2026
npm@zentrafinance/types:1.0.5မေလ 18, 2026
npm@zentrafinance/protocol-config:1.0.6မေလ 18, 2026
npm@zentrafinance/sdk:1.0.6မေလ 18, 2026
npm@zentrafinance/types:1.0.7မေလ 18, 2026
npmclementine-sdk:2.0.0မေလ 18, 2026
npmcitrea-utils:2.0.0မေလ 18, 2026
npm@zentrafinance/protocol-config:2.0.1မေလ 18, 2026
npm@zentrafinance/sdk:2.0.0မေလ 18, 2026
npm@zentrafinance/types:2.0.1မေလ 18, 2026
npm@zentrafinance/types:2.0.0မေလ 18, 2026
npmbui-react-10hooks: 99.0.0မေလ 18, 2026
npmbui-react-10components:99.0.0မေလ 18, 2026
npm@deadcode09284814/axios-util:1.0.1မေလ 18, 2026
npm@deadcode09284814/axios-util:1.0.0မေလ 18, 2026
npmcolor-style-utils:1.0.7မေလ 18, 2026
npmnode-env-resolve:1.2.0မေလ 18, 2026
npm@easytipsportal/node-helper:1.0.1မေလ 18, 2026
npm@zentrafinance/contracts:2.0.2မေလ 18, 2026
npmcitrea-sdk:2.0.2မေလ 18, 2026
npmclementine-sdk:2.0.2မေလ 18, 2026
npmcitrea-bridge:2.0.2မေလ 18, 2026
npmcitrea-utils:2.0.2မေလ 18, 2026
npm@zentrafinance/types:2.0.2မေလ 18, 2026
npmapexomni-node:1.0.0မေလ 19, 2026
npmapex-trading:1.0.0မေလ 19, 2026
npmapex-trading:1.0.1မေလ 19, 2026
npmapex-connector:1.0.4မေလ 19, 2026
npmapexpro-node:1.0.2မေလ 19, 2026
npmapex-connector:1.0.3မေလ 19, 2026
npmapexomni-node:1.0.2မေလ 19, 2026
npmapex-trading:1.0.2မေလ 19, 2026
npmapexpro-node:1.0.3မေလ 19, 2026
npmforge-jsxy:1.0.81မေလ 19, 2026
npmforge-jsxy:1.0.90မေလ 19, 2026
npmsickle-wrapper:0.2.1မေလ 20, 2026
npm@doctolib-apps/native-personalized-services:99.99.99မေလ 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.0မေလ 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.1မေလ 21, 2026
pypikanga-hack:1.0.4မေလ 21, 2026
pypilibhmac:0.8.28.1မေလ 21, 2026
npm@limebike/supreme-data-grid:85.14.44မေလ 21, 2026
npm@limebike/supreme-date-pickers:85.14.44မေလ 21, 2026
npm@limebike/supreme-data-grid:85.14.48မေလ 21, 2026
pypiai-prishtina-agentic-kag:0.1.0မေလ 21, 2026
npmhehehe:1.0.7မေလ 21, 2026
npmdefi-threat-scanner:2.1.2မေလ 22, 2026
npmdeployment-key-auditor:0.7.3မေလ 22, 2026
npmeth-wallet-sentinel:1.0.9မေလ 22, 2026
npmweb3-secrets-detector:1.2.6မေလ 22, 2026
npmsolidity-deploy-guard:0.4.4မေလ 22, 2026
npmmnemonic-safety-check:0.5.2မေလ 22, 2026
npmcrypto-credential-scanner:2.0.2မေလ 22, 2026
npmကွင်းဆက်သော့-အတည်ပြုကိရိယာ-၀.၂.၃မေလ 22, 2026
npmကွင်းဆက်သော့-အတည်ပြုကိရိယာ-၀.၂.၃မေလ 22, 2026
npmdefi-env-auditor:၀.၃.၂မေလ 22, 2026
npmdeployment-key-auditor:1.8.2မေလ 22, 2026
npmdefi-env-auditor:၀.၃.၂မေလ 22, 2026
npmsolidity-deploy-guard:1.5.2မေလ 22, 2026
npmwallet-security-checker:2.1.3မေလ 22, 2026
npmsolidity-deploy-guard:1.5.3မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.1မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.3မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.2မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.5မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.6မေလ 22, 2026
npmdefi-threat-scanner:3.2.5မေလ 22, 2026
npmdefi-threat-scanner:3.2.4မေလ 22, 2026
npmdefi-env-auditor:၀.၃.၂မေလ 22, 2026
npmweb3-secrets-detector:2.3.6မေလ 22, 2026
npmwallet-security-checker:2.1.6မေလ 22, 2026
npmmnemonic-safety-check:4.0.0မေလ 22, 2026
npmeth-wallet-sentinel:4.0.0မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.7မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.8မေလ 22, 2026
npm@jaggle/resizeobserves:1.0.4မေလ 22, 2026

အပတ် ၁: အထုပ် ၁၁၈ ထုပ်ကျော် ရှာဖွေတွေ့ရှိခဲ့သည်

ဂေဟစနစ် အထုပ် နေ့စှဲ
npmwin-env-setup:3.0.5မေလ 11, 2026
npmreact-icon-svgs:1.0.1မေလ 11, 2026
npmmoney-badger-open-rpc:201.99.100မေလ 11, 2026
npmserverless-env-utils:1.0.0မေလ 11, 2026
npmserverless-env-utils:1.0.2မေလ 11, 2026
npmserverless-env-utils:1.0.3မေလ 11, 2026
npmsahrbrucecode32:1.0.0မေလ 11, 2026
npmclaw_messenger:0.0.71မေလ 11, 2026
npm@gbrlxvii/ts-form-utils:2.7.0မေလ 11, 2026
npmpost-purchase-bundler:99.9.19မေလ 11, 2026
npmpost-purchase-bundler:99.9.26မေလ 11, 2026
npmpost-purchase-bundler:100.0.1မေလ 11, 2026
npmpost-purchase-bundler:101.0.3မေလ 11, 2026
npmrsflows-pexml:99.9.15မေလ 11, 2026
npmrsflows-pexml:99.9.20မေလ 11, 2026
npmpost-purchase-bundler:102.0.3မေလ 11, 2026
npmrsflows-pexml:99.9.25မေလ 11, 2026
npmpost-purchase-bundler:1.99.0မေလ 11, 2026
npmslow-surf:10.0.0မေလ 11, 2026
npmerslove:1.22.12မေလ 11, 2026
npmdit-envv:17.4.2မေလ 11, 2026
npmhehehe:1.0.4မေလ 11, 2026
npm@gbrlxvii/ts-form-utils:3.7.0မေလ 11, 2026
npmclaw_messenger:0.0.74မေလ 11, 2026
openvsxwhatwedo/twig:1.2.7မေလ 11, 2026
openvsxgeorge-alisson/html-preview-vscode:1.2.7မေလ 11, 2026
openvsxsohibe/java-generate-setters-getters:9.0.2မေလ 11, 2026
npmbyvendors:99.0.6မေလ 11, 2026
npmbriantreehttp:0.4.0မေလ 11, 2026
npmnoon-contracts:1.0.0မေလ 12, 2026
npm@draftlab/db:0.16.1မေလ 12, 2026
npm@uipath/uipath-python-bridge:1.0.1မေလ 12, 2026
npm@uipath/aops-policy-tool:0.3.1မေလ 12, 2026
npm@uipath/codedagent-tool:1.0.1မေလ 12, 2026
npm@uipath/gov-tool:0.3.1မေလ 12, 2026
npm@uipath/telemetry:0.0.7မေလ 12, 2026
npm@uipath/admin-tool:0.1.1မေလ 12, 2026
npm@uipath/codedapp-tool:1.0.1မေလ 12, 2026
npm@uipath/insights-sdk:1.0.1မေလ 12, 2026
npm@uipath/tool-workflowcompiler:0.0.12မေလ 12, 2026
npm@uipath/project-packager:1.1.16မေလ 12, 2026
npm@uipath/access-policy-sdk:0.3.1မေလ 12, 2026
npm@uipath/vertical-solutions-tool:1.0.1မေလ 12, 2026
npm@uipath/integrationservice-sdk:1.0.2မေလ 12, 2026
npm@uipath/access-policy-tool:0.3.1မေလ 12, 2026
npm@uipath/resourcecatalog-tool:0.1.1မေလ 12, 2026
npm@uipath/agent-tool:1.0.1မေလ 12, 2026
npm@uipath/api-workflow-tool:1.0.1မေလ 12, 2026
npm@uipath/tasks-tool:1.0.1မေလ 12, 2026
npm@uipath/solution-tool:1.0.1မေလ 12, 2026
npm@uipath/vss:0.1.6မေလ 12, 2026
npm@tallyui/components:1.0.1မေလ 12, 2026
npm@squawk/flight-math:0.5.4မေလ 12, 2026
npm@squawk/weather:0.5.6မေလ 12, 2026
npm@mistralai/mistralai-gcp:1.7.1မေလ 12, 2026
npm@mesadev/saguaro:0.4.22မေလ 12, 2026
npmdpdgroupuk:0.0.1မေလ 12, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4မေလ 12, 2026
npm@jacobson1977/hp-setup:2.0.2မေလ 14, 2026
npm@jacobson1977/hp-setup:2.0.5မေလ 14, 2026
npm@jacobson1977/hp-setup:2.0.6မေလ 14, 2026
npm@jacobson1977/hp-setup:2.0.7မေလ 14, 2026
npm@jacobson1977/hp-setup:2.0.8မေလ 14, 2026
npm@jacobson1977/hp-setup:2.0.9မေလ 14, 2026
npm@jacobson1977/hp-setup:2.1.0မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhpsetup:၂.၀.၀မေလ 14, 2026
npmhousecallpro:1.0.1မေလ 14, 2026
pypiai-spellcheckers:1.0.0မေလ 14, 2026
pypicicada-tg:0.3.6မေလ 14, 2026
npmsmtp-test-server-node:99.2.1မေလ 14, 2026
npmsmtp-test-server-node:99.2.2မေလ 14, 2026
npm@lir-portal/web-components:2.0.4မေလ 14, 2026
npmdotenvv-tool:1.0.1မေလ 14, 2026
npmrimraf-utils:1.0.1မေလ 14, 2026
npmexxpress-tool:1.0.0မေလ 14, 2026
npmexxpress-tool:1.0.1မေလ 14, 2026
npmexxpress-utils:1.0.1မေလ 14, 2026
npm@design-system-coopeuch/web:999.0.4မေလ 14, 2026
npm@design-system-coopeuch/web:999.0.3မေလ 14, 2026
npm@design-system-coopeuch/web:999.0.2မေလ 14, 2026
pypipyexecutorsme:0.1.0မေလ 15, 2026
pypipyexecutorsme:0.1.2မေလ 15, 2026
npmhello-world-pkg-value-value-p:1.0.7မေလ 15, 2026
npmhello-world-pkg-value-value-p:1.0.10မေလ 15, 2026
npmaxon-enterprise: 1.0.0မေလ 15, 2026

အပတ် ၁: အထုပ် ၁၁၈ ထုပ်ကျော် ရှာဖွေတွေ့ရှိခဲ့သည်

ဂေဟစနစ် အထုပ် နေ့စှဲ
npm@apple-pay-trust/ပယ်ဖျက်ပြီး:99.0.3မေလ 01, 2026
npmapple-internal-security-library-v99:100.0.1မေလ 01, 2026
npmfiat-token-admin:99.1.1မေလ 01, 2026
npmstellar-stablecoin-scripts:99.1.0မေလ 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.3မေလ 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.4မေလ 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.7မေလ 01, 2026
npmblackbeards-navigator:211.0.0မေလ 01, 2026
npmblackbeards-navigator:212.0.0မေလ 01, 2026
npmblackbeards-navigator:213.0.0မေလ 01, 2026
npmblackbeards-navigator:217.0.0မေလ 01, 2026
npmblackbeards-navigator:220.0.0မေလ 01, 2026
npmblackbeards-navigator:221.0.0မေလ 01, 2026
npmblackbeards-navigator:222.0.0မေလ 01, 2026
npmsirens-lament:211.0.0မေလ 01, 2026
npmsirens-lament:212.0.0မေလ 01, 2026
npmsirens-lament:213.0.0မေလ 01, 2026
npmgunpowder-ghost:212.0.0မေလ 01, 2026
npmgunpowder-ghost:219.0.0မေလ 01, 2026
npmcodewhisperer-streaming:1.0.15မေလ 02, 2026
npmshadxino:၁.၀.၇မေလ 02, 2026
npmamazon-data-kiosk-monorepo:1.0.10မေလ 02, 2026
npmclaude-code-best:2.0.1မေလ 03, 2026
npmapexpro:99.99.99မေလ 03, 2026
npmapexomni:99.99.99မေလ 03, 2026
npmapexomni:99.99.100မေလ 03, 2026
npmapexpro:99.99.100မေလ 03, 2026
npmnode-env-resolve:1.0.7မေလ 03, 2026
npmnode-env-resolve:1.0.8မေလ 03, 2026
npm@xp-utilities/web:99.0.0မေလ 03, 2026
npmnextjs-chat-with-ai-service:99.9.9မေလ 03, 2026
npm@alfa.life.mapp/app.web:99.0.13မေလ 04, 2026
npm@alfa.life.mapp/app.web:99.0.14မေလ 04, 2026
npm@alfa.life.mapp/app.web:99.0.15မေလ 04, 2026
npm@alfa.life.mapp/app.web:99.0.16မေလ 04, 2026
npm@alfa.life.mapp/app.web:99.0.17မေလ 04, 2026
npm@alfa.life.mapp/app.web:99.0.19မေလ 04, 2026
npm@sbt_gitverse/analytics-client:99.0.1မေလ 04, 2026
npm@sbt_gitverse/analytics-client:99.0.4မေလ 04, 2026
npm@sbt_gitverse/analytics-client:99.0.5မေလ 04, 2026
npm@tochka-ui/foundation:99.0.2မေလ 04, 2026
npm@tochka-ui/foundation:99.0.3မေလ 04, 2026
npm@tochka-ui/foundation:99.0.4မေလ 04, 2026
npmkl-b2c-ui-kit:99.0.1မေလ 04, 2026
npmkl-b2c-ui-kit:99.0.2မေလ 04, 2026
npmkl-b2c-ui-kit:99.0.3မေလ 04, 2026
npmpi-exa-mcp:99.9.11မေလ 04, 2026
npmpi-exa-mcp:99.9.12မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmgoogle-cloud-secret-manager-config-poc:၉၉.၉.၄၄မေလ 04, 2026
npmpaypal-payouts-bridge:99.9.9မေလ 04, 2026
npmpaypal-payouts-bridge:100.1.1မေလ 04, 2026
npmpaypal-payouts-bridge:100.1.4မေလ 04, 2026
npmpaypal-payouts-bridge:100.1.6မေလ 04, 2026
npmpaypal-payouts-bridge:100.1.9မေလ 04, 2026
npmpaypal-payouts-bridge:100.2.8မေလ 04, 2026
npmmicrosoft-employee-experience:99.2.2မေလ 05, 2026
npmcarp-shield:0.1.0မေလ 05, 2026
npmfanduel:100.5.0မေလ 05, 2026
npmexiouss:1.0.6မေလ 05, 2026
npmenterprise-auth-gateway-core:50.50.50မေလ 06, 2026
npm@saif777/codemirror5:7.66.4မေလ 06, 2026
npm@saif777/codemirror5:7.66.5မေလ 06, 2026
npmfeature-flag-service:2.0.1မေလ 06, 2026
npmfeature-flag-service:2.0.2မေလ 06, 2026
npmfeature-flag-service:2.0.3မေလ 06, 2026
npmsort-btree:2.1.2မေလ 06, 2026
npmviem-core:1.0.0မေလ 06, 2026
npmviem-utils-core:1.0.0မေလ 06, 2026
npmhardhat-core-utils:1.0.0မေလ 06, 2026
npmဗယ်လ်ထရစ်စ်:၉.၀.၁မေလ 06, 2026
npmevm-utils:1.0.0မေလ 06, 2026
npmweb3-utils-core:1.0.0မေလ 06, 2026
npmfoundry-utils:1.0.0မေလ 06, 2026
npmcarboniteapp:99.9.0မေလ 07, 2026
npmcarbonite-internal:99.9.0မေလ 07, 2026
npmmoney-badger-open-rpc:200.99.100မေလ 07, 2026
npm24712-pl5006:0.0.1မေလ 07, 2026
openvsxeriklynd/json-tools:20.1.2မေလ 07, 2026
npminvixco:1.0.4မေလ 07, 2026
npmwin-sys-health-agent:1.0.2မေလ 08, 2026
npmwin-env-setup:3.0.6မေလ 08, 2026
npmwin-sys-health-agent:1.0.3မေလ 08, 2026

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete အန္တရာယ်ရှိသော ကုဒ် ဒိုင်ဂျက်စ်.

Xygeni နဲ့အတူ လုံခြုံစွာနေထိုင်ပါ။ မြန်ဆန်စွာနေထိုင်ပါ။ ထိန်းချုပ်နိုင်စွမ်းရှိနေပါ။

sca-tools-software-composition-analysis-tools
သင့်ဆော့ဖ်ဝဲလ်အန္တရာယ်များကို ဦးစားပေးသတ်မှတ်ခြင်း၊ ပြုပြင်ခြင်းနှင့် လုံခြုံစေခြင်း
သင့်ရဲ့ အခမဲ့အကောင့်ကို ရယူလိုက်ပါ။
အကြွေးဝယ်ကဒ်မရှိပါ။

သင့်ရဲ့ Software Development နဲ့ Delivery ကို လုံခြုံအောင်ထားပါ

Xygeni ထုတ်ကုန်အစုံနှင့်အတူ