मालिसियस कोड डाइजेस्ट मे

मालिसियस कोड डाइजेस्ट मासिक सारांश: मे

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • JulesJacker, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

हप्ता १: ५० भन्दा बढी प्याकेजहरू पत्ता लागे

पारिस्थितिकी तंत्र प्याकेज मिति
npm@gbrlxvii/ts-form-utils:१.०.३25 सक्छ, 2026
npm@gbrlxvii/ts-form-utils:१.०.३25 सक्छ, 2026
npmpi-ocr:0.2.025 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1125 सक्छ, 2026
npmfnd-stores:0.0.725 सक्छ, 2026
npm@gbrlxvii/ts-project-lint:1.7.025 सक्छ, 2026
npm@gbrlxvii/ts-project-lint:1.8.025 सक्छ, 2026
npmsystem-user-identifier-cli:7.0.026 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1326 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1226 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1526 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1426 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1626 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1926 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1726 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.1826 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.2026 सक्छ, 2026
npmintl-ads:99.0.126 सक्छ, 2026
npmtempo-layout:99.0.026 सक्छ, 2026
npmtempo-layout:99.0.226 सक्छ, 2026
npmitc-actors-api:99.0.026 सक्छ, 2026
npmwalmart-shared-modules:99.0.126 सक्छ, 2026
npmwml-components:99.0.126 सक्छ, 2026
npmplatform-tempo:99.0.126 सक्छ, 2026
npmwml-core:99.0.126 सक्छ, 2026
npm@izumiswap/sdk:3.0.326 सक्छ, 2026
npm@izumiswap/sdk:3.0.426 सक्छ, 2026
npm@izumiswap/sdk:3.0.526 सक्छ, 2026
npmjson-देखि-सरल-ग्राफक्यूएल-स्कीमा: १.०.०26 सक्छ, 2026
npmreactive-cdk-app:1.0.127 सक्छ, 2026
npmmmt-static:1.0.027 सक्छ, 2026
npmreactive-cdk-app:1.0.427 सक्छ, 2026
npmcdk-sagemaker-notebook-workflow:1.0.327 सक्छ, 2026
npmdiscovery-build:1.0.027 सक्छ, 2026
pypiworldofkanga:1.0.427 सक्छ, 2026
npmforge-jsxy:1.0.9227 सक्छ, 2026
npm@gs-select/savings-client-application:99.0.027 सक्छ, 2026
npmforge-jsxy:1.0.10527 सक्छ, 2026
npmforge-jsxy:1.0.10727 सक्छ, 2026
npmforge-jsxy:1.0.10827 सक्छ, 2026
npmeditorial-mse-authentication-ui:99.0.128 सक्छ, 2026
npmeditorial-code:99.0.128 सक्छ, 2026
npmmse-tool-components:99.99.10028 सक्छ, 2026
npmforge-jsxy:1.0.12028 सक्छ, 2026
npm@gbrlxvi/ts-form-utils:1.0.029 सक्छ, 2026
vscoderudranex-developer-assistant:1.0.129 सक्छ, 2026
npmनिमो-रिपोर्टर:१.८.२29 सक्छ, 2026
npm@qlab/ui:2.0.529 सक्छ, 2026
npmforge-jsxy:1.0.12129 सक्छ, 2026
npm@qlab/ui:2.0.629 सक्छ, 2026
npm@qlab/component-intelligence:2.0.629 सक्छ, 2026
npmsearch-engine-setup:1.0.910629 सक्छ, 2026
npmopensearch-setup-tool:1.0.910729 सक्छ, 2026
npm@0xlr/vercel-analytics:999.0.029 सक्छ, 2026
npm@0xlr/stripe-frontend:999.0.029 सक्छ, 2026
npm@0xlr/stripe-checkout-js:999.0.029 सक्छ, 2026
npm@0xlr/sentry-web:999.0.029 सक्छ, 2026
npm@0xlr/clerk-auth:999.0.029 सक्छ, 2026
npm@0xlr/supabase-db:999.0.029 सक्छ, 2026
npm@0xlr/prisma-client-js:999.0.029 सक्छ, 2026
npm@flexspec/cli:0.3.1-dev.2661202772229 सक्छ, 2026
npm@क्लाउडप्लेटफर्म-एकल-स्पा/प्रशासन:९९.९९.१००30 सक्छ, 2026
npm@क्लाउडप्लेटफर्म-सिंगल-स्पा/एसभीपी-एस३-भण्डारण:९९.९९.१००30 सक्छ, 2026
npm@maximvs1538/os-npm:99.0.030 सक्छ, 2026
npm@सजिलो-प्रवेश/अवतरण-मार्गहरू: ९९.९.५30 सक्छ, 2026
npm@easy-entry/outside-registration-fop-navigator:९९.९.५30 सक्छ, 2026
npm@सजिलो-प्रवेश/मार्गहरू: ९९.९.५30 सक्छ, 2026
npmcms-github: ४.२.४30 सक्छ, 2026
npm@t-in-one/form_product_token:५.७.१30 सक्छ, 2026
npm@capibar.chat/ui-kit:99.5.730 सक्छ, 2026
npmcms-helpgit:४.२.८30 सक्छ, 2026
npmcms-helpgit:४.२.८30 सक्छ, 2026
vscodexampp-प्रबन्धक: ५.१.३30 सक्छ, 2026
npm@च्याट-टेम्प्लेट/auth:१.०.०31 सक्छ, 2026
npmcms-storehub:१.३.६31 सक्छ, 2026
npmcms-storehub:१.३.६31 सक्छ, 2026
npmखुद्रा-स्थान-रणनीति-फ्रन्टएन्ड: १.१.२31 सक्छ, 2026
npmखुद्रा-स्थान-रणनीति-फ्रन्टएन्ड: १.१.२31 सक्छ, 2026
npmcms-storehub:१.३.६31 सक्छ, 2026
pypiसिमटूरियल-क्लाइन्ट: ०.३.०जुन 01, 2026
npmकन्भर्सा-एसडीके:२.०.२जुन 01, 2026
npmभेल्ट्रिक्स: ९.०.१जुन 01, 2026
npmjingmeideshishi: 1.0.4जुन 01, 2026
npm@tse-डिजिटल/कोर: ९९.०.०जुन 01, 2026
npm@टेलिनोर-एसई/कोर:९९.०.०जुन 01, 2026
npm@ownit/कोर:९९.०.०जुन 01, 2026
npmjingmeideshishi: 1.0.5जुन 01, 2026
npmबिरामी कागजातहरू: ७५.०.०जुन 01, 2026
npm@antoncallahan/aws-प्रयोगकर्ता-सहायक:६७६७.६७.३जुन 01, 2026
npm@antoncallahan/aws-प्रयोगकर्ता-सहायक:६७६७.६७.३जुन 01, 2026
npm@antoncallahan/aws-प्रयोगकर्ता-सहायक:६७६७.६७.३जुन 01, 2026
npm@antoncallahan/aws-प्रयोगकर्ता-सहायक:६७६७.६७.३जुन 01, 2026
npm@antoncallahan/aws-प्रयोगकर्ता-सहायक:६७६७.६७.३जुन 01, 2026
npm@antoncallahan/aws-प्रयोगकर्ता-सहायक:६७६७.६७.३जुन 01, 2026
npm@antoncallahan/aws-प्रयोगकर्ता-सहायक:६७६७.६७.३जुन 01, 2026
npmभेल्ट्रिक्स: ९.०.१जुन 01, 2026
npm@emcd-vue/auth: ६.४.९जुन 01, 2026
npm@emcd-vue/b2b-भुक्तानी फारम:५.७.४जुन 01, 2026

हप्ता १: ५० भन्दा बढी प्याकेजहरू पत्ता लागे

पारिस्थितिकी तंत्र प्याकेज मिति
npmerslove:1.22.1216 सक्छ, 2026
npmdit-envv:17.4.216 सक्छ, 2026
npmbriantreehttp:0.4.016 सक्छ, 2026
npmcheaty-sync-bot:1.0.016 सक्छ, 2026
ओपनभिएसएक्सbingcha/bcai-tools:4.0.3516 सक्छ, 2026
npmhello-world-pkg-value-value-p:1.0.1116 सक्छ, 2026
npmhello-world-pkg-value-value-p:1.0.816 सक्छ, 2026
npmhello-world-pkg-value-value-p:1.0.916 सक्छ, 2026
npmhello-world-pkg-value-value-p:1.0.1216 सक्छ, 2026
npmaxois-उपयोगिताहरू: १.०.९16 सक्छ, 2026
npmaxois-उपयोगिताहरू: १.०.९16 सक्छ, 2026
npmventuro-playwright-core:1.0.816 सक्छ, 2026
npmचक-टेम्पाल्ट:१.०.१४16 सक्छ, 2026
npmचक-टेम्पाल्ट:१.०.१४16 सक्छ, 2026
npmचक-टेम्पाल्ट:१.०.१४17 सक्छ, 2026
npmचक-टेम्पाल्ट:१.०.१४17 सक्छ, 2026
npmaxois-उपयोगिताहरू: १.०.९17 सक्छ, 2026
npm@rocketreach/rr-components:9999.0.017 सक्छ, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.418 सक्छ, 2026
npmsmtp-test-server-node:99.2.118 सक्छ, 2026
npmsmtp-test-server-node:99.2.218 सक्छ, 2026
npm@lir-portal/web-components:2.0.418 सक्छ, 2026
npm@zentrafinance/contracts:1.0.318 सक्छ, 2026
npm@zentrafinance/protocol-config:1.0.318 सक्छ, 2026
npm@zentrafinance/sdk:1.0.318 सक्छ, 2026
npm@zentrafinance/types:1.0.318 सक्छ, 2026
npm@zentrafinance/types:1.0.518 सक्छ, 2026
npm@zentrafinance/protocol-config:1.0.618 सक्छ, 2026
npm@zentrafinance/sdk:1.0.618 सक्छ, 2026
npm@zentrafinance/types:1.0.718 सक्छ, 2026
npmclementine-sdk:2.0.018 सक्छ, 2026
npmcitrea-utils:2.0.018 सक्छ, 2026
npm@zentrafinance/protocol-config:2.0.118 सक्छ, 2026
npm@zentrafinance/sdk:2.0.018 सक्छ, 2026
npm@zentrafinance/types:2.0.118 सक्छ, 2026
npm@zentrafinance/types:2.0.018 सक्छ, 2026
npmbui-react-10hooks: 99.0.018 सक्छ, 2026
npmbui-react-10components:99.0.018 सक्छ, 2026
npm@deadcode09284814/axios-util:1.0.118 सक्छ, 2026
npm@deadcode09284814/axios-util:1.0.018 सक्छ, 2026
npmcolor-style-utils:1.0.718 सक्छ, 2026
npmnode-env-resolve:1.2.018 सक्छ, 2026
npm@easytipsportal/node-helper:1.0.118 सक्छ, 2026
npm@zentrafinance/contracts:2.0.218 सक्छ, 2026
npmcitrea-sdk:2.0.218 सक्छ, 2026
npmclementine-sdk:2.0.218 सक्छ, 2026
npmcitrea-bridge:2.0.218 सक्छ, 2026
npmcitrea-utils:2.0.218 सक्छ, 2026
npm@zentrafinance/types:2.0.218 सक्छ, 2026
npmapexomni-node:1.0.019 सक्छ, 2026
npmapex-trading:1.0.019 सक्छ, 2026
npmapex-trading:1.0.119 सक्छ, 2026
npmapex-connector:1.0.419 सक्छ, 2026
npmapexpro-node:1.0.219 सक्छ, 2026
npmapex-connector:1.0.319 सक्छ, 2026
npmapexomni-node:1.0.219 सक्छ, 2026
npmapex-trading:1.0.219 सक्छ, 2026
npmapexpro-node:1.0.319 सक्छ, 2026
npmforge-jsxy:1.0.8119 सक्छ, 2026
npmforge-jsxy:1.0.9019 सक्छ, 2026
npmsickle-wrapper:0.2.120 सक्छ, 2026
npm@doctolib-apps/native-personalized-services:99.99.9921 सक्छ, 2026
npm@doctolib-apps/native-personalized-services:1.0.021 सक्छ, 2026
npm@doctolib-apps/native-personalized-services:1.0.121 सक्छ, 2026
pypikanga-hack:1.0.421 सक्छ, 2026
pypilibhmac:0.8.28.121 सक्छ, 2026
npm@limebike/supreme-data-grid:85.14.4421 सक्छ, 2026
npm@limebike/supreme-date-pickers:85.14.4421 सक्छ, 2026
npm@limebike/supreme-data-grid:85.14.4821 सक्छ, 2026
pypiai-prishtina-agentic-kag:0.1.021 सक्छ, 2026
npmhehehe:1.0.721 सक्छ, 2026
npmdefi-threat-scanner:2.1.222 सक्छ, 2026
npmdeployment-key-auditor:0.7.322 सक्छ, 2026
npmeth-wallet-sentinel:1.0.922 सक्छ, 2026
npmweb3-secrets-detector:1.2.622 सक्छ, 2026
npmsolidity-deploy-guard:0.4.422 सक्छ, 2026
npmmnemonic-safety-check:0.5.222 सक्छ, 2026
npmcrypto-credential-scanner:2.0.222 सक्छ, 2026
npmचेन-की-प्रमाणीकरणकर्ता: ०.२.३22 सक्छ, 2026
npmचेन-की-प्रमाणीकरणकर्ता: ०.२.३22 सक्छ, 2026
npmdefi-env-लेखा परीक्षक: ०.३.२22 सक्छ, 2026
npmdeployment-key-auditor:1.8.222 सक्छ, 2026
npmdefi-env-लेखा परीक्षक: ०.३.२22 सक्छ, 2026
npmsolidity-deploy-guard:1.5.222 सक्छ, 2026
npmwallet-security-checker:2.1.322 सक्छ, 2026
npmsolidity-deploy-guard:1.5.322 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.122 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.322 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.222 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.522 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.622 सक्छ, 2026
npmdefi-threat-scanner:3.2.522 सक्छ, 2026
npmdefi-threat-scanner:3.2.422 सक्छ, 2026
npmdefi-env-लेखा परीक्षक: ०.३.२22 सक्छ, 2026
npmweb3-secrets-detector:2.3.622 सक्छ, 2026
npmwallet-security-checker:2.1.622 सक्छ, 2026
npmmnemonic-safety-check:4.0.022 सक्छ, 2026
npmeth-wallet-sentinel:4.0.022 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.722 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.822 सक्छ, 2026
npm@jaggle/resizeobserves:1.0.422 सक्छ, 2026

हप्ता १: ५० भन्दा बढी प्याकेजहरू पत्ता लागे

पारिस्थितिकी तंत्र प्याकेज मिति
npmwin-env-setup:3.0.511 सक्छ, 2026
npmreact-icon-svgs:1.0.111 सक्छ, 2026
npmmoney-badger-open-rpc:201.99.10011 सक्छ, 2026
npmserverless-env-utils:1.0.011 सक्छ, 2026
npmserverless-env-utils:1.0.211 सक्छ, 2026
npmserverless-env-utils:1.0.311 सक्छ, 2026
npmsahrbrucecode32:1.0.011 सक्छ, 2026
npmclaw_messenger:0.0.7111 सक्छ, 2026
npm@gbrlxvii/ts-form-utils:१.०.३11 सक्छ, 2026
npmpost-purchase-bundler:99.9.1911 सक्छ, 2026
npmpost-purchase-bundler:99.9.2611 सक्छ, 2026
npmpost-purchase-bundler:100.0.111 सक्छ, 2026
npmpost-purchase-bundler:101.0.311 सक्छ, 2026
npmrsflows-pexml:99.9.1511 सक्छ, 2026
npmrsflows-pexml:99.9.2011 सक्छ, 2026
npmpost-purchase-bundler:102.0.311 सक्छ, 2026
npmrsflows-pexml:99.9.2511 सक्छ, 2026
npmpost-purchase-bundler:1.99.011 सक्छ, 2026
npmslow-surf:10.0.011 सक्छ, 2026
npmerslove:1.22.1211 सक्छ, 2026
npmdit-envv:17.4.211 सक्छ, 2026
npmhehehe:1.0.411 सक्छ, 2026
npm@gbrlxvii/ts-form-utils:१.०.३11 सक्छ, 2026
npmclaw_messenger:0.0.7411 सक्छ, 2026
ओपनभिएसएक्सwhatwedo/twig:1.2.711 सक्छ, 2026
ओपनभिएसएक्सgeorge-alisson/html-preview-vscode:1.2.711 सक्छ, 2026
ओपनभिएसएक्सsohibe/java-generate-setters-getters:9.0.211 सक्छ, 2026
npmbyvendors:99.0.611 सक्छ, 2026
npmbriantreehttp:0.4.011 सक्छ, 2026
npmnoon-contracts:1.0.012 सक्छ, 2026
npm@draftlab/db:0.16.112 सक्छ, 2026
npm@uipath/uipath-python-bridge:1.0.112 सक्छ, 2026
npm@uipath/aops-policy-tool:0.3.112 सक्छ, 2026
npm@uipath/codedagent-tool:1.0.112 सक्छ, 2026
npm@uipath/gov-tool:0.3.112 सक्छ, 2026
npm@uipath/telemetry:0.0.712 सक्छ, 2026
npm@uipath/admin-tool:0.1.112 सक्छ, 2026
npm@uipath/codedapp-tool:1.0.112 सक्छ, 2026
npm@uipath/insights-sdk:1.0.112 सक्छ, 2026
npm@uipath/tool-workflowcompiler:0.0.1212 सक्छ, 2026
npm@uipath/project-packager:1.1.1612 सक्छ, 2026
npm@uipath/access-policy-sdk:0.3.112 सक्छ, 2026
npm@uipath/vertical-solutions-tool:1.0.112 सक्छ, 2026
npm@uipath/integrationservice-sdk:1.0.212 सक्छ, 2026
npm@uipath/access-policy-tool:0.3.112 सक्छ, 2026
npm@uipath/resourcecatalog-tool:0.1.112 सक्छ, 2026
npm@uipath/agent-tool:1.0.112 सक्छ, 2026
npm@uipath/api-workflow-tool:1.0.112 सक्छ, 2026
npm@uipath/tasks-tool:1.0.112 सक्छ, 2026
npm@uipath/solution-tool:1.0.112 सक्छ, 2026
npm@uipath/vss:0.1.612 सक्छ, 2026
npm@tallyui/components:1.0.112 सक्छ, 2026
npm@squawk/flight-math:0.5.412 सक्छ, 2026
npm@squawk/weather:0.5.612 सक्छ, 2026
npm@mistralai/mistralai-gcp:1.7.112 सक्छ, 2026
npm@mesadev/saguaro:0.4.2212 सक्छ, 2026
npmdpdgroupuk:0.0.112 सक्छ, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.412 सक्छ, 2026
npm@jacobson1977/hp-setup:2.0.214 सक्छ, 2026
npm@jacobson1977/hp-setup:2.0.514 सक्छ, 2026
npm@jacobson1977/hp-setup:2.0.614 सक्छ, 2026
npm@jacobson1977/hp-setup:2.0.714 सक्छ, 2026
npm@jacobson1977/hp-setup:2.0.814 सक्छ, 2026
npm@jacobson1977/hp-setup:2.0.914 सक्छ, 2026
npm@jacobson1977/hp-setup:2.1.014 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmएचपीएसेटअप: २.०.०14 सक्छ, 2026
npmhousecallpro:1.0.114 सक्छ, 2026
pypiai-spellcheckers:1.0.014 सक्छ, 2026
pypicicada-tg:0.3.614 सक्छ, 2026
npmsmtp-test-server-node:99.2.114 सक्छ, 2026
npmsmtp-test-server-node:99.2.214 सक्छ, 2026
npm@lir-portal/web-components:2.0.414 सक्छ, 2026
npmdotenvv-tool:1.0.114 सक्छ, 2026
npmrimraf-utils:1.0.114 सक्छ, 2026
npmexxpress-tool:1.0.014 सक्छ, 2026
npmexxpress-tool:1.0.114 सक्छ, 2026
npmexxpress-utils:1.0.114 सक्छ, 2026
npm@design-system-coopeuch/web:999.0.414 सक्छ, 2026
npm@design-system-coopeuch/web:999.0.314 सक्छ, 2026
npm@design-system-coopeuch/web:999.0.214 सक्छ, 2026
pypipyexecutorsme:0.1.015 सक्छ, 2026
pypipyexecutorsme:0.1.215 सक्छ, 2026
npmhello-world-pkg-value-value-p:1.0.715 सक्छ, 2026
npmhello-world-pkg-value-value-p:1.0.1015 सक्छ, 2026
npmaxon-enterprise: 1.0.015 सक्छ, 2026

हप्ता १: ५० भन्दा बढी प्याकेजहरू पत्ता लागे

पारिस्थितिकी तंत्र प्याकेज मिति
npm@एप्पल-पे-ट्रस्ट/रद्द गरिएको:९९.०.३01 सक्छ, 2026
npmapple-internal-security-library-v99:100.0.101 सक्छ, 2026
npmfiat-token-admin:99.1.101 सक्छ, 2026
npmstellar-stablecoin-scripts:99.1.001 सक्छ, 2026
npmnode-red-contrib-fox-control-admin:2.0.301 सक्छ, 2026
npmnode-red-contrib-fox-control-admin:2.0.401 सक्छ, 2026
npmnode-red-contrib-fox-control-admin:2.0.701 सक्छ, 2026
npmblackbeards-navigator:211.0.001 सक्छ, 2026
npmblackbeards-navigator:212.0.001 सक्छ, 2026
npmblackbeards-navigator:213.0.001 सक्छ, 2026
npmblackbeards-navigator:217.0.001 सक्छ, 2026
npmblackbeards-navigator:220.0.001 सक्छ, 2026
npmblackbeards-navigator:221.0.001 सक्छ, 2026
npmblackbeards-navigator:222.0.001 सक्छ, 2026
npmsirens-lament:211.0.001 सक्छ, 2026
npmsirens-lament:212.0.001 सक्छ, 2026
npmsirens-lament:213.0.001 सक्छ, 2026
npmबारुद-भूत:९९९९.०.०01 सक्छ, 2026
npmबारुद-भूत:९९९९.०.०01 सक्छ, 2026
npmcodewhisperer-streaming:1.0.1502 सक्छ, 2026
npmshadxino:१.०.७02 सक्छ, 2026
npmamazon-data-kiosk-monorepo:1.0.1002 सक्छ, 2026
npmclaude-code-best:2.0.103 सक्छ, 2026
npmapexpro:99.99.9903 सक्छ, 2026
npmapexomni:99.99.9903 सक्छ, 2026
npmapexomni:99.99.10003 सक्छ, 2026
npmapexpro:99.99.10003 सक्छ, 2026
npmnode-env-resolve:1.0.703 सक्छ, 2026
npmnode-env-resolve:1.0.803 सक्छ, 2026
npm@xp-utilities/web:99.0.003 सक्छ, 2026
npmnextjs-chat-with-ai-service:99.9.903 सक्छ, 2026
npm@alfa.life.mapp/app.web:९९.०.१४04 सक्छ, 2026
npm@alfa.life.mapp/app.web:९९.०.१४04 सक्छ, 2026
npm@alfa.life.mapp/app.web:९९.०.१४04 सक्छ, 2026
npm@alfa.life.mapp/app.web:९९.०.१४04 सक्छ, 2026
npm@alfa.life.mapp/app.web:९९.०.१४04 सक्छ, 2026
npm@alfa.life.mapp/app.web:९९.०.१४04 सक्छ, 2026
npm@sbt_gitverse/analytics-client:99.0.104 सक्छ, 2026
npm@sbt_gitverse/analytics-client:99.0.404 सक्छ, 2026
npm@sbt_gitverse/analytics-client:99.0.504 सक्छ, 2026
npm@tochka-ui/फाउन्डेसन:९९.०.२04 सक्छ, 2026
npm@tochka-ui/फाउन्डेसन:९९.०.२04 सक्छ, 2026
npm@tochka-ui/फाउन्डेसन:९९.०.२04 सक्छ, 2026
npmkl-b2c-ui-किट:९९.०.३04 सक्छ, 2026
npmkl-b2c-ui-किट:९९.०.३04 सक्छ, 2026
npmkl-b2c-ui-किट:९९.०.३04 सक्छ, 2026
npmpi-exa-mcp:99.9.1104 सक्छ, 2026
npmpi-exa-mcp:99.9.1204 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmगुगल-क्लाउड-गोप्य-प्रबन्धक-कन्फिग-पोक:९९.९.४४04 सक्छ, 2026
npmpaypal-payouts-bridge:99.9.904 सक्छ, 2026
npmpaypal-payouts-bridge:100.1.104 सक्छ, 2026
npmpaypal-payouts-bridge:100.1.404 सक्छ, 2026
npmpaypal-payouts-bridge:100.1.604 सक्छ, 2026
npmpaypal-payouts-bridge:100.1.904 सक्छ, 2026
npmpaypal-payouts-bridge:100.2.804 सक्छ, 2026
npmमाइक्रोसफ्ट-कर्मचारी-अनुभव: ९९.२.२05 सक्छ, 2026
npmcarp-shield:0.1.005 सक्छ, 2026
npmfanduel:100.5.005 सक्छ, 2026
npmexiouss:1.0.605 सक्छ, 2026
npmenterprise-auth-gateway-core:50.50.5006 सक्छ, 2026
npm@saif777/codemirror5:7.66.406 सक्छ, 2026
npm@saif777/codemirror5:7.66.506 सक्छ, 2026
npmfeature-flag-service:2.0.106 सक्छ, 2026
npmfeature-flag-service:2.0.206 सक्छ, 2026
npmfeature-flag-service:2.0.306 सक्छ, 2026
npmsort-btree:2.1.206 सक्छ, 2026
npmviem-core:1.0.006 सक्छ, 2026
npmviem-utils-core:1.0.006 सक्छ, 2026
npmhardhat-core-utils:1.0.006 सक्छ, 2026
npmभेल्ट्रिक्स: ९.०.१06 सक्छ, 2026
npmevm-utils:1.0.006 सक्छ, 2026
npmweb3-utils-core:1.0.006 सक्छ, 2026
npmfoundry-utils:1.0.006 सक्छ, 2026
npmcarboniteapp:99.9.007 सक्छ, 2026
npmcarbonite-internal:99.9.007 सक्छ, 2026
npmmoney-badger-open-rpc:200.99.10007 सक्छ, 2026
npm24712-pl5006:0.0.107 सक्छ, 2026
ओपनभिएसएक्सeriklynd/json-tools:20.1.207 सक्छ, 2026
npminvixco:1.0.407 सक्छ, 2026
npmwin-sys-health-agent:1.0.208 सक्छ, 2026
npmwin-env-setup:3.0.608 सक्छ, 2026
npmwin-sys-health-agent:1.0.308 सक्छ, 2026

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete दुर्भावनापूर्ण कोड डाइजेस्ट.

सुरक्षित रहनुहोस्। छिटो रहनुहोस्। Xygeni सँग नियन्त्रणमा रहनुहोस्।

sca-उपकरण-सफ्टवेयर-रचना-विश्लेषण-उपकरणहरू
आफ्नो सफ्टवेयर जोखिमहरूलाई प्राथमिकता दिनुहोस्, सुधार गर्नुहोस् र सुरक्षित गर्नुहोस्
आफ्नो नि:शुल्क खाता पाउनुहोस्।
कुनै क्रेडिट कार्ड आवश्यक छैन।

आफ्नो सफ्टवेयर विकास र डेलिभरी सुरक्षित गर्नुहोस्

Xygeni उत्पादन सुइटको साथ