د ناوړه کوډ ډایجسټ می

د ناوړه کوډ ډایجسټ میاشتنۍ لنډیز: می

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • جولس جیکر, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې

اکسيستم هګ نېټه
npm@gbrlxvii/ts-form-utils: ۱.۰.۳ښايي 25، 2026
npm@gbrlxvii/ts-form-utils: ۱.۰.۳ښايي 25، 2026
npmpi-ocr:0.2.0ښايي 25، 2026
npm@jaggle/resizeobserves:1.0.11ښايي 25، 2026
npmfnd-stores:0.0.7ښايي 25، 2026
npm@gbrlxvii/ts-project-lint:1.7.0ښايي 25، 2026
npm@gbrlxvii/ts-project-lint:1.8.0ښايي 25، 2026
npmsystem-user-identifier-cli:7.0.0ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.13ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.12ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.15ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.14ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.16ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.19ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.17ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.18ښايي 26، 2026
npm@jaggle/resizeobserves:1.0.20ښايي 26، 2026
npmintl-ads:99.0.1ښايي 26، 2026
npmtempo-layout:99.0.0ښايي 26، 2026
npmtempo-layout:99.0.2ښايي 26، 2026
npmitc-actors-api:99.0.0ښايي 26، 2026
npmwalmart-shared-modules:99.0.1ښايي 26، 2026
npmwml-components:99.0.1ښايي 26، 2026
npmplatform-tempo:99.0.1ښايي 26، 2026
npmwml-core:99.0.1ښايي 26، 2026
npm@izumiswap/sdk:3.0.3ښايي 26، 2026
npm@izumiswap/sdk:3.0.4ښايي 26، 2026
npm@izumiswap/sdk:3.0.5ښايي 26، 2026
npmjson-to-simple-graphql-سکیما: 1.0.0ښايي 26، 2026
npmreactive-cdk-app:1.0.1ښايي 27، 2026
npmmmt-static:1.0.0ښايي 27، 2026
npmreactive-cdk-app:1.0.4ښايي 27، 2026
npmcdk-sagemaker-notebook-workflow:1.0.3ښايي 27، 2026
npmdiscovery-build:1.0.0ښايي 27، 2026
pypiworldofkanga:1.0.4ښايي 27، 2026
npmforge-jsxy:1.0.92ښايي 27، 2026
npm@gs-select/savings-client-application:99.0.0ښايي 27، 2026
npmforge-jsxy:1.0.105ښايي 27، 2026
npmforge-jsxy:1.0.107ښايي 27، 2026
npmforge-jsxy:1.0.108ښايي 27، 2026
npmeditorial-mse-authentication-ui:99.0.1ښايي 28، 2026
npmeditorial-code:99.0.1ښايي 28، 2026
npmmse-tool-components:99.99.100ښايي 28، 2026
npmforge-jsxy:1.0.120ښايي 28، 2026
npm@gbrlxvi/ts-form-utils:1.0.0ښايي 29، 2026
vscoderudranex-developer-assistant:1.0.1ښايي 29، 2026
npmنیمو-خبریال: ۱.۸.۲ښايي 29، 2026
npm@qlab/ui:2.0.5ښايي 29، 2026
npmforge-jsxy:1.0.121ښايي 29، 2026
npm@qlab/ui:2.0.6ښايي 29، 2026
npm@qlab/component-intelligence:2.0.6ښايي 29، 2026
npmsearch-engine-setup:1.0.9106ښايي 29، 2026
npmopensearch-setup-tool:1.0.9107ښايي 29، 2026
npm@0xlr/vercel-analytics:999.0.0ښايي 29، 2026
npm@0xlr/stripe-frontend:999.0.0ښايي 29، 2026
npm@0xlr/stripe-checkout-js:999.0.0ښايي 29، 2026
npm@0xlr/sentry-web:999.0.0ښايي 29، 2026
npm@0xlr/clerk-auth:999.0.0ښايي 29، 2026
npm@0xlr/supabase-db:999.0.0ښايي 29، 2026
npm@0xlr/prisma-client-js:999.0.0ښايي 29، 2026
npm@flexspec/cli:0.3.1-dev.26612027722ښايي 29، 2026
npm@کلاؤډ پلیټ فارم-واحد-سپا/اداره: 99.99.100ښايي 30، 2026
npm@کلاؤډ پلیټ فارم-واحد-سپا/svp-s3-ذخیره: 99.99.100ښايي 30، 2026
npm@maximvs1538/os-npm:99.0.0ښايي 30، 2026
npm@اسانه ننوتل/د کښته کېدو لارې: ۹۹.۹.۵ښايي 30، 2026
npm@اسانه-داخله/بهر-رجسټریشن-fop-نیویګیټر: 99.9.5ښايي 30، 2026
npm@اسانه ننوتل/روټونه: ۹۹.۹.۵ښايي 30، 2026
npmسي ايم ايس-ګيټ هب: ۴.۲.۴ښايي 30، 2026
npm@t-in-one/form_product_token: 5.7.1ښايي 30، 2026
npm@capibar.chat/ui-kit:99.5.7ښايي 30، 2026
npmد cms-مرستې ګیټ: 4.2.6ښايي 30، 2026
npmد cms-مرستې ګیټ: 4.2.8ښايي 30، 2026
vscodeد xampp مدیر: 5.1.3ښايي 30، 2026
npm@چیټ-ټیمپلیټ/لیکوال: ۱.۰.۰ښايي 31، 2026
npmد سي ایم ایس-سټور هب: ۱.۳.۶ښايي 31، 2026
npmد سي ایم ایس-سټور هب: ۱.۳.۶ښايي 31، 2026
npmد پرچون-ځای-ستراتیژي-مخکینی پای: ۱.۱.۲ښايي 31، 2026
npmد پرچون-ځای-ستراتیژي-مخکینی پای: ۱.۱.۲ښايي 31، 2026
npmد سي ایم ایس-سټور هب: ۱.۳.۶ښايي 31، 2026
pypiسمټو ریال-کلی: 0.3.0Jun 01، 2026
npmد خبرو اترو-sdk:2.0.2Jun 01، 2026
npmویلټریکس: 9.0.0Jun 01، 2026
npmjingmeideshishi: 1.0.4Jun 01، 2026
npm@tse-ډیجیټل/کور: 99.0.0Jun 01، 2026
npm@telenor-se/core: 99.0.0Jun 01، 2026
npm@ownit/core: 99.0.0Jun 01، 2026
npmjingmeideshishi: 1.0.5Jun 01، 2026
npmد ناروغ اسناد: ۷۵.۰.۰Jun 01، 2026
npm@antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.69Jun 01، 2026
npm@antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.68Jun 01، 2026
npm@antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.82Jun 01، 2026
npm@antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.80Jun 01، 2026
npm@antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.81Jun 01، 2026
npm@antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.83Jun 01، 2026
npm@antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.3Jun 01، 2026
npmویلټریکس: 9.0.1Jun 01، 2026
npm@emcd-vue/auth: ۶.۴.۹Jun 01، 2026
npm@emcd-vue/b2b-د معاش فورمه: 5.7.4Jun 01، 2026

لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې

اکسيستم هګ نېټه
npmerslove:1.22.12ښايي 16، 2026
npmdit-envv:17.4.2ښايي 16، 2026
npmbriantreehttp:0.4.0ښايي 16، 2026
npmcheaty-sync-bot:1.0.0ښايي 16، 2026
اوپن وی ایس ایکسbingcha/bcai-tools:4.0.35ښايي 16، 2026
npmhello-world-pkg-value-value-p:1.0.11ښايي 16، 2026
npmhello-world-pkg-value-value-p:1.0.8ښايي 16، 2026
npmhello-world-pkg-value-value-p:1.0.9ښايي 16، 2026
npmhello-world-pkg-value-value-p:1.0.12ښايي 16، 2026
npmد اکسوایس-کارونې: ۱.۰.۹ښايي 16، 2026
npmد اکسوایس-کارونې: ۱.۰.۹ښايي 16، 2026
npmventuro-playwright-core:1.0.8ښايي 16، 2026
npmچاک-ټیمپلټ: 1.0.16ښايي 16، 2026
npmچاک-ټیمپلټ: 1.0.14ښايي 16، 2026
npmچاک-ټیمپلټ: 1.0.20ښايي 17، 2026
npmچاک-ټیمپلټ: 1.0.19ښايي 17، 2026
npmد اکسوایس-کارونې: ۱.۰.۹ښايي 17، 2026
npm@rocketreach/rr-components:9999.0.0ښايي 17، 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4ښايي 18، 2026
npmsmtp-test-server-node:99.2.1ښايي 18، 2026
npmsmtp-test-server-node:99.2.2ښايي 18، 2026
npm@lir-portal/web-components:2.0.4ښايي 18، 2026
npm@zentrafinance/contracts:1.0.3ښايي 18، 2026
npm@zentrafinance/protocol-config:1.0.3ښايي 18، 2026
npm@zentrafinance/sdk:1.0.3ښايي 18، 2026
npm@zentrafinance/types:1.0.3ښايي 18، 2026
npm@zentrafinance/types:1.0.5ښايي 18، 2026
npm@zentrafinance/protocol-config:1.0.6ښايي 18، 2026
npm@zentrafinance/sdk:1.0.6ښايي 18، 2026
npm@zentrafinance/types:1.0.7ښايي 18، 2026
npmclementine-sdk:2.0.0ښايي 18، 2026
npmcitrea-utils:2.0.0ښايي 18، 2026
npm@zentrafinance/protocol-config:2.0.1ښايي 18، 2026
npm@zentrafinance/sdk:2.0.0ښايي 18، 2026
npm@zentrafinance/types:2.0.1ښايي 18، 2026
npm@zentrafinance/types:2.0.0ښايي 18، 2026
npmbui-react-10hooks: 99.0.0ښايي 18، 2026
npmbui-react-10components:99.0.0ښايي 18، 2026
npm@deadcode09284814/axios-util:1.0.1ښايي 18، 2026
npm@deadcode09284814/axios-util:1.0.0ښايي 18، 2026
npmcolor-style-utils:1.0.7ښايي 18، 2026
npmnode-env-resolve:1.2.0ښايي 18، 2026
npm@easytipsportal/node-helper:1.0.1ښايي 18، 2026
npm@zentrafinance/contracts:2.0.2ښايي 18، 2026
npmcitrea-sdk:2.0.2ښايي 18، 2026
npmclementine-sdk:2.0.2ښايي 18، 2026
npmcitrea-bridge:2.0.2ښايي 18، 2026
npmcitrea-utils:2.0.2ښايي 18، 2026
npm@zentrafinance/types:2.0.2ښايي 18، 2026
npmapexomni-node:1.0.0ښايي 19، 2026
npmapex-trading:1.0.0ښايي 19، 2026
npmapex-trading:1.0.1ښايي 19، 2026
npmapex-connector:1.0.4ښايي 19، 2026
npmapexpro-node:1.0.2ښايي 19، 2026
npmapex-connector:1.0.3ښايي 19، 2026
npmapexomni-node:1.0.2ښايي 19، 2026
npmapex-trading:1.0.2ښايي 19، 2026
npmapexpro-node:1.0.3ښايي 19، 2026
npmforge-jsxy:1.0.81ښايي 19، 2026
npmforge-jsxy:1.0.90ښايي 19، 2026
npmsickle-wrapper:0.2.1ښايي 20، 2026
npm@doctolib-apps/native-personalized-services:99.99.99ښايي 21، 2026
npm@doctolib-apps/native-personalized-services:1.0.0ښايي 21، 2026
npm@doctolib-apps/native-personalized-services:1.0.1ښايي 21، 2026
pypikanga-hack:1.0.4ښايي 21، 2026
pypilibhmac:0.8.28.1ښايي 21، 2026
npm@limebike/supreme-data-grid:85.14.44ښايي 21، 2026
npm@limebike/supreme-date-pickers:85.14.44ښايي 21، 2026
npm@limebike/supreme-data-grid:85.14.48ښايي 21، 2026
pypiai-prishtina-agentic-kag:0.1.0ښايي 21، 2026
npmhehehe:1.0.7ښايي 21، 2026
npmdefi-threat-scanner:2.1.2ښايي 22، 2026
npmdeployment-key-auditor:0.7.3ښايي 22، 2026
npmeth-wallet-sentinel:1.0.9ښايي 22، 2026
npmweb3-secrets-detector:1.2.6ښايي 22، 2026
npmsolidity-deploy-guard:0.4.4ښايي 22، 2026
npmmnemonic-safety-check:0.5.2ښايي 22، 2026
npmcrypto-credential-scanner:2.0.2ښايي 22، 2026
npmد زنځیر کیلي تایید کوونکی: 0.2.3ښايي 22، 2026
npmد زنځیر کیلي تایید کوونکی: 0.2.4ښايي 22، 2026
npmد defi-env-auditor: 0.3.3ښايي 22، 2026
npmdeployment-key-auditor:1.8.2ښايي 22، 2026
npmد defi-env-auditor: 1.4.2ښايي 22، 2026
npmsolidity-deploy-guard:1.5.2ښايي 22، 2026
npmwallet-security-checker:2.1.3ښايي 22، 2026
npmsolidity-deploy-guard:1.5.3ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.1ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.3ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.2ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.5ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.6ښايي 22، 2026
npmdefi-threat-scanner:3.2.5ښايي 22، 2026
npmdefi-threat-scanner:3.2.4ښايي 22، 2026
npmد defi-env-auditor: 1.4.9ښايي 22، 2026
npmweb3-secrets-detector:2.3.6ښايي 22، 2026
npmwallet-security-checker:2.1.6ښايي 22، 2026
npmmnemonic-safety-check:4.0.0ښايي 22، 2026
npmeth-wallet-sentinel:4.0.0ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.7ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.8ښايي 22، 2026
npm@jaggle/resizeobserves:1.0.4ښايي 22، 2026

لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې

اکسيستم هګ نېټه
npmwin-env-setup:3.0.5ښايي 11، 2026
npmreact-icon-svgs:1.0.1ښايي 11، 2026
npmmoney-badger-open-rpc:201.99.100ښايي 11، 2026
npmserverless-env-utils:1.0.0ښايي 11، 2026
npmserverless-env-utils:1.0.2ښايي 11، 2026
npmserverless-env-utils:1.0.3ښايي 11، 2026
npmsahrbrucecode32:1.0.0ښايي 11، 2026
npmclaw_messenger:0.0.71ښايي 11، 2026
npm@gbrlxvii/ts-form-utils: ۱.۰.۳ښايي 11، 2026
npmpost-purchase-bundler:99.9.19ښايي 11، 2026
npmpost-purchase-bundler:99.9.26ښايي 11، 2026
npmpost-purchase-bundler:100.0.1ښايي 11، 2026
npmpost-purchase-bundler:101.0.3ښايي 11، 2026
npmrsflows-pexml:99.9.15ښايي 11، 2026
npmrsflows-pexml:99.9.20ښايي 11، 2026
npmpost-purchase-bundler:102.0.3ښايي 11، 2026
npmrsflows-pexml:99.9.25ښايي 11، 2026
npmpost-purchase-bundler:1.99.0ښايي 11، 2026
npmslow-surf:10.0.0ښايي 11، 2026
npmerslove:1.22.12ښايي 11، 2026
npmdit-envv:17.4.2ښايي 11، 2026
npmhehehe:1.0.4ښايي 11، 2026
npm@gbrlxvii/ts-form-utils: ۱.۰.۳ښايي 11، 2026
npmclaw_messenger:0.0.74ښايي 11، 2026
اوپن وی ایس ایکسwhatwedo/twig:1.2.7ښايي 11، 2026
اوپن وی ایس ایکسgeorge-alisson/html-preview-vscode:1.2.7ښايي 11، 2026
اوپن وی ایس ایکسsohibe/java-generate-setters-getters:9.0.2ښايي 11، 2026
npmbyvendors:99.0.6ښايي 11، 2026
npmbriantreehttp:0.4.0ښايي 11، 2026
npmnoon-contracts:1.0.0ښايي 12، 2026
npm@draftlab/db:0.16.1ښايي 12، 2026
npm@uipath/uipath-python-bridge:1.0.1ښايي 12، 2026
npm@uipath/aops-policy-tool:0.3.1ښايي 12، 2026
npm@uipath/codedagent-tool:1.0.1ښايي 12، 2026
npm@uipath/gov-tool:0.3.1ښايي 12، 2026
npm@uipath/telemetry:0.0.7ښايي 12، 2026
npm@uipath/admin-tool:0.1.1ښايي 12، 2026
npm@uipath/codedapp-tool:1.0.1ښايي 12، 2026
npm@uipath/insights-sdk:1.0.1ښايي 12، 2026
npm@uipath/tool-workflowcompiler:0.0.12ښايي 12، 2026
npm@uipath/project-packager:1.1.16ښايي 12، 2026
npm@uipath/access-policy-sdk:0.3.1ښايي 12، 2026
npm@uipath/vertical-solutions-tool:1.0.1ښايي 12، 2026
npm@uipath/integrationservice-sdk:1.0.2ښايي 12، 2026
npm@uipath/access-policy-tool:0.3.1ښايي 12، 2026
npm@uipath/resourcecatalog-tool:0.1.1ښايي 12، 2026
npm@uipath/agent-tool:1.0.1ښايي 12، 2026
npm@uipath/api-workflow-tool:1.0.1ښايي 12، 2026
npm@uipath/tasks-tool:1.0.1ښايي 12، 2026
npm@uipath/solution-tool:1.0.1ښايي 12، 2026
npm@uipath/vss:0.1.6ښايي 12، 2026
npm@tallyui/components:1.0.1ښايي 12، 2026
npm@squawk/flight-math:0.5.4ښايي 12، 2026
npm@squawk/weather:0.5.6ښايي 12، 2026
npm@mistralai/mistralai-gcp:1.7.1ښايي 12، 2026
npm@mesadev/saguaro:0.4.22ښايي 12، 2026
npmdpdgroupuk:0.0.1ښايي 12، 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4ښايي 12، 2026
npm@jacobson1977/hp-setup:2.0.2ښايي 14، 2026
npm@jacobson1977/hp-setup:2.0.5ښايي 14، 2026
npm@jacobson1977/hp-setup:2.0.6ښايي 14، 2026
npm@jacobson1977/hp-setup:2.0.7ښايي 14، 2026
npm@jacobson1977/hp-setup:2.0.8ښايي 14، 2026
npm@jacobson1977/hp-setup:2.0.9ښايي 14، 2026
npm@jacobson1977/hp-setup:2.1.0ښايي 14، 2026
npmد hpsetup: 4.0.1ښايي 14، 2026
npmد hpsetup: 4.0.2ښايي 14، 2026
npmد hpsetup: 4.1.0ښايي 14، 2026
npmد hpsetup: 4.1.3ښايي 14، 2026
npmد hpsetup: 4.1.4ښايي 14، 2026
npmد hpsetup: 4.1.5ښايي 14، 2026
npmد hpsetup: 4.1.6ښايي 14، 2026
npmد hpsetup: 4.1.8ښايي 14، 2026
npmد hpsetup: 4.1.19ښايي 14، 2026
npmد hpsetup: 4.1.20ښايي 14، 2026
npmد hpsetup: 4.2.0ښايي 14، 2026
npmhousecallpro:1.0.1ښايي 14، 2026
pypiai-spellcheckers:1.0.0ښايي 14، 2026
pypicicada-tg:0.3.6ښايي 14، 2026
npmsmtp-test-server-node:99.2.1ښايي 14، 2026
npmsmtp-test-server-node:99.2.2ښايي 14، 2026
npm@lir-portal/web-components:2.0.4ښايي 14، 2026
npmdotenvv-tool:1.0.1ښايي 14، 2026
npmrimraf-utils:1.0.1ښايي 14، 2026
npmexxpress-tool:1.0.0ښايي 14، 2026
npmexxpress-tool:1.0.1ښايي 14، 2026
npmexxpress-utils:1.0.1ښايي 14، 2026
npm@design-system-coopeuch/web:999.0.4ښايي 14، 2026
npm@design-system-coopeuch/web:999.0.3ښايي 14، 2026
npm@design-system-coopeuch/web:999.0.2ښايي 14، 2026
pypipyexecutorsme:0.1.0ښايي 15، 2026
pypipyexecutorsme:0.1.2ښايي 15، 2026
npmhello-world-pkg-value-value-p:1.0.7ښايي 15، 2026
npmhello-world-pkg-value-value-p:1.0.10ښايي 15، 2026
npmaxon-enterprise: 1.0.0ښايي 15، 2026

لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې

اکسيستم هګ نېټه
npm@ایپل-پی-ټرسټ/لغوه شوی: 99.0.3ښايي 01، 2026
npmapple-internal-security-library-v99:100.0.1ښايي 01، 2026
npmfiat-token-admin:99.1.1ښايي 01، 2026
npmstellar-stablecoin-scripts:99.1.0ښايي 01، 2026
npmnode-red-contrib-fox-control-admin:2.0.3ښايي 01، 2026
npmnode-red-contrib-fox-control-admin:2.0.4ښايي 01، 2026
npmnode-red-contrib-fox-control-admin:2.0.7ښايي 01، 2026
npmblackbeards-navigator:211.0.0ښايي 01، 2026
npmblackbeards-navigator:212.0.0ښايي 01، 2026
npmblackbeards-navigator:213.0.0ښايي 01، 2026
npmblackbeards-navigator:217.0.0ښايي 01، 2026
npmblackbeards-navigator:220.0.0ښايي 01، 2026
npmblackbeards-navigator:221.0.0ښايي 01، 2026
npmblackbeards-navigator:222.0.0ښايي 01، 2026
npmsirens-lament:211.0.0ښايي 01، 2026
npmsirens-lament:212.0.0ښايي 01، 2026
npmsirens-lament:213.0.0ښايي 01، 2026
npmد بارودي موادو روح: 212.0.0ښايي 01، 2026
npmد بارودي موادو روح: 219.0.0ښايي 01، 2026
npmcodewhisperer-streaming:1.0.15ښايي 02، 2026
npmشیډزینو: ۱.۰.۷ښايي 02، 2026
npmamazon-data-kiosk-monorepo:1.0.10ښايي 02، 2026
npmclaude-code-best:2.0.1ښايي 03، 2026
npmapexpro:99.99.99ښايي 03، 2026
npmapexomni:99.99.99ښايي 03، 2026
npmapexomni:99.99.100ښايي 03، 2026
npmapexpro:99.99.100ښايي 03، 2026
npmnode-env-resolve:1.0.7ښايي 03، 2026
npmnode-env-resolve:1.0.8ښايي 03، 2026
npm@xp-utilities/web:99.0.0ښايي 03، 2026
npmnextjs-chat-with-ai-service:99.9.9ښايي 03، 2026
npm@alfa.life.mapp/app.web:99.0.13ښايي 04، 2026
npm@alfa.life.mapp/app.web:99.0.14ښايي 04، 2026
npm@alfa.life.mapp/app.web:99.0.15ښايي 04، 2026
npm@alfa.life.mapp/app.web:99.0.16ښايي 04، 2026
npm@alfa.life.mapp/app.web:99.0.17ښايي 04، 2026
npm@alfa.life.mapp/app.web:99.0.19ښايي 04، 2026
npm@sbt_gitverse/analytics-client:99.0.1ښايي 04، 2026
npm@sbt_gitverse/analytics-client:99.0.4ښايي 04، 2026
npm@sbt_gitverse/analytics-client:99.0.5ښايي 04، 2026
npm@tochka-ui/بنسټ:99.0.2ښايي 04، 2026
npm@tochka-ui/بنسټ:99.0.3ښايي 04، 2026
npm@tochka-ui/بنسټ:99.0.4ښايي 04، 2026
npmد kl-b2c-ui-کټ: 99.0.1ښايي 04، 2026
npmد kl-b2c-ui-کټ: 99.0.2ښايي 04، 2026
npmد kl-b2c-ui-کټ: 99.0.3ښايي 04، 2026
npmpi-exa-mcp:99.9.11ښايي 04، 2026
npmpi-exa-mcp:99.9.12ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.26ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.33ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.34ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.35ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.37ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.38ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.51ښايي 04، 2026
npmد ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.53ښايي 04، 2026
npmpaypal-payouts-bridge:99.9.9ښايي 04، 2026
npmpaypal-payouts-bridge:100.1.1ښايي 04، 2026
npmpaypal-payouts-bridge:100.1.4ښايي 04، 2026
npmpaypal-payouts-bridge:100.1.6ښايي 04، 2026
npmpaypal-payouts-bridge:100.1.9ښايي 04، 2026
npmpaypal-payouts-bridge:100.2.8ښايي 04، 2026
npmد مایکروسافټ کارمند تجربه: 99.2.2ښايي 05، 2026
npmcarp-shield:0.1.0ښايي 05، 2026
npmfanduel:100.5.0ښايي 05، 2026
npmexiouss:1.0.6ښايي 05، 2026
npmenterprise-auth-gateway-core:50.50.50ښايي 06، 2026
npm@saif777/codemirror5:7.66.4ښايي 06، 2026
npm@saif777/codemirror5:7.66.5ښايي 06، 2026
npmfeature-flag-service:2.0.1ښايي 06، 2026
npmfeature-flag-service:2.0.2ښايي 06، 2026
npmfeature-flag-service:2.0.3ښايي 06، 2026
npmsort-btree:2.1.2ښايي 06، 2026
npmviem-core:1.0.0ښايي 06، 2026
npmviem-utils-core:1.0.0ښايي 06، 2026
npmhardhat-core-utils:1.0.0ښايي 06، 2026
npmویلټریکس: 1.0.0ښايي 06، 2026
npmevm-utils:1.0.0ښايي 06، 2026
npmweb3-utils-core:1.0.0ښايي 06، 2026
npmfoundry-utils:1.0.0ښايي 06، 2026
npmcarboniteapp:99.9.0ښايي 07، 2026
npmcarbonite-internal:99.9.0ښايي 07، 2026
npmmoney-badger-open-rpc:200.99.100ښايي 07، 2026
npm24712-pl5006:0.0.1ښايي 07، 2026
اوپن وی ایس ایکسeriklynd/json-tools:20.1.2ښايي 07، 2026
npminvixco:1.0.4ښايي 07، 2026
npmwin-sys-health-agent:1.0.2ښايي 08، 2026
npmwin-env-setup:3.0.6ښايي 08، 2026
npmwin-sys-health-agent:1.0.3ښايي 08، 2026

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete د ناوړه کوډ ډایجسټ.

خوندي اوسئ. چټک اوسئ. د زیګیني سره په کنټرول کې اوسئ.

د سکا-وسایل-سافټویر-ترکیب-تحلیل-وسایل
د خپل سافټویر خطرونو ته لومړیتوب ورکړئ، اصلاح یې کړئ او خوندي یې کړئ
خپل وړیا حساب ترلاسه کړئ.
هیڅ کریډیټ کارت ته اړتیا نشته.

د خپل سافټویر پراختیا او تحویلي خوندي کړئ

د زیګیني محصول سویټ سره