Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.
But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.
Among the most notable investigations published by the Xygeni Security Team this month:
- جولس جیکر, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged
google-labs-jules[bot]commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself. - PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
- A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
- Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
- The discovery of cross-platform malware campaigns such as the
@jaggle/resizeobservesclipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.
Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.
These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.
This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.
For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.
لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې
| اکسيستم | هګ | نېټه |
|---|---|---|
| npm | @gbrlxvii/ts-form-utils: ۱.۰.۳ | ښايي 25، 2026 |
| npm | @gbrlxvii/ts-form-utils: ۱.۰.۳ | ښايي 25، 2026 |
| npm | pi-ocr:0.2.0 | ښايي 25، 2026 |
| npm | @jaggle/resizeobserves:1.0.11 | ښايي 25، 2026 |
| npm | fnd-stores:0.0.7 | ښايي 25، 2026 |
| npm | @gbrlxvii/ts-project-lint:1.7.0 | ښايي 25، 2026 |
| npm | @gbrlxvii/ts-project-lint:1.8.0 | ښايي 25، 2026 |
| npm | system-user-identifier-cli:7.0.0 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.13 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.12 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.15 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.14 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.16 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.19 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.17 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.18 | ښايي 26، 2026 |
| npm | @jaggle/resizeobserves:1.0.20 | ښايي 26، 2026 |
| npm | intl-ads:99.0.1 | ښايي 26، 2026 |
| npm | tempo-layout:99.0.0 | ښايي 26، 2026 |
| npm | tempo-layout:99.0.2 | ښايي 26، 2026 |
| npm | itc-actors-api:99.0.0 | ښايي 26، 2026 |
| npm | walmart-shared-modules:99.0.1 | ښايي 26، 2026 |
| npm | wml-components:99.0.1 | ښايي 26، 2026 |
| npm | platform-tempo:99.0.1 | ښايي 26، 2026 |
| npm | wml-core:99.0.1 | ښايي 26، 2026 |
| npm | @izumiswap/sdk:3.0.3 | ښايي 26، 2026 |
| npm | @izumiswap/sdk:3.0.4 | ښايي 26، 2026 |
| npm | @izumiswap/sdk:3.0.5 | ښايي 26، 2026 |
| npm | json-to-simple-graphql-سکیما: 1.0.0 | ښايي 26، 2026 |
| npm | reactive-cdk-app:1.0.1 | ښايي 27، 2026 |
| npm | mmt-static:1.0.0 | ښايي 27، 2026 |
| npm | reactive-cdk-app:1.0.4 | ښايي 27، 2026 |
| npm | cdk-sagemaker-notebook-workflow:1.0.3 | ښايي 27، 2026 |
| npm | discovery-build:1.0.0 | ښايي 27، 2026 |
| pypi | worldofkanga:1.0.4 | ښايي 27، 2026 |
| npm | forge-jsxy:1.0.92 | ښايي 27، 2026 |
| npm | @gs-select/savings-client-application:99.0.0 | ښايي 27، 2026 |
| npm | forge-jsxy:1.0.105 | ښايي 27، 2026 |
| npm | forge-jsxy:1.0.107 | ښايي 27، 2026 |
| npm | forge-jsxy:1.0.108 | ښايي 27، 2026 |
| npm | editorial-mse-authentication-ui:99.0.1 | ښايي 28، 2026 |
| npm | editorial-code:99.0.1 | ښايي 28، 2026 |
| npm | mse-tool-components:99.99.100 | ښايي 28، 2026 |
| npm | forge-jsxy:1.0.120 | ښايي 28، 2026 |
| npm | @gbrlxvi/ts-form-utils:1.0.0 | ښايي 29، 2026 |
| vscode | rudranex-developer-assistant:1.0.1 | ښايي 29، 2026 |
| npm | نیمو-خبریال: ۱.۸.۲ | ښايي 29، 2026 |
| npm | @qlab/ui:2.0.5 | ښايي 29، 2026 |
| npm | forge-jsxy:1.0.121 | ښايي 29، 2026 |
| npm | @qlab/ui:2.0.6 | ښايي 29، 2026 |
| npm | @qlab/component-intelligence:2.0.6 | ښايي 29، 2026 |
| npm | search-engine-setup:1.0.9106 | ښايي 29، 2026 |
| npm | opensearch-setup-tool:1.0.9107 | ښايي 29، 2026 |
| npm | @0xlr/vercel-analytics:999.0.0 | ښايي 29، 2026 |
| npm | @0xlr/stripe-frontend:999.0.0 | ښايي 29، 2026 |
| npm | @0xlr/stripe-checkout-js:999.0.0 | ښايي 29، 2026 |
| npm | @0xlr/sentry-web:999.0.0 | ښايي 29، 2026 |
| npm | @0xlr/clerk-auth:999.0.0 | ښايي 29، 2026 |
| npm | @0xlr/supabase-db:999.0.0 | ښايي 29، 2026 |
| npm | @0xlr/prisma-client-js:999.0.0 | ښايي 29، 2026 |
| npm | @flexspec/cli:0.3.1-dev.26612027722 | ښايي 29، 2026 |
| npm | @کلاؤډ پلیټ فارم-واحد-سپا/اداره: 99.99.100 | ښايي 30، 2026 |
| npm | @کلاؤډ پلیټ فارم-واحد-سپا/svp-s3-ذخیره: 99.99.100 | ښايي 30، 2026 |
| npm | @maximvs1538/os-npm:99.0.0 | ښايي 30، 2026 |
| npm | @اسانه ننوتل/د کښته کېدو لارې: ۹۹.۹.۵ | ښايي 30، 2026 |
| npm | @اسانه-داخله/بهر-رجسټریشن-fop-نیویګیټر: 99.9.5 | ښايي 30، 2026 |
| npm | @اسانه ننوتل/روټونه: ۹۹.۹.۵ | ښايي 30، 2026 |
| npm | سي ايم ايس-ګيټ هب: ۴.۲.۴ | ښايي 30، 2026 |
| npm | @t-in-one/form_product_token: 5.7.1 | ښايي 30، 2026 |
| npm | @capibar.chat/ui-kit:99.5.7 | ښايي 30، 2026 |
| npm | د cms-مرستې ګیټ: 4.2.6 | ښايي 30، 2026 |
| npm | د cms-مرستې ګیټ: 4.2.8 | ښايي 30، 2026 |
| vscode | د xampp مدیر: 5.1.3 | ښايي 30، 2026 |
| npm | @چیټ-ټیمپلیټ/لیکوال: ۱.۰.۰ | ښايي 31، 2026 |
| npm | د سي ایم ایس-سټور هب: ۱.۳.۶ | ښايي 31، 2026 |
| npm | د سي ایم ایس-سټور هب: ۱.۳.۶ | ښايي 31، 2026 |
| npm | د پرچون-ځای-ستراتیژي-مخکینی پای: ۱.۱.۲ | ښايي 31، 2026 |
| npm | د پرچون-ځای-ستراتیژي-مخکینی پای: ۱.۱.۲ | ښايي 31، 2026 |
| npm | د سي ایم ایس-سټور هب: ۱.۳.۶ | ښايي 31، 2026 |
| pypi | سمټو ریال-کلی: 0.3.0 | Jun 01، 2026 |
| npm | د خبرو اترو-sdk:2.0.2 | Jun 01، 2026 |
| npm | ویلټریکس: 9.0.0 | Jun 01، 2026 |
| npm | jingmeideshishi: 1.0.4 | Jun 01، 2026 |
| npm | @tse-ډیجیټل/کور: 99.0.0 | Jun 01، 2026 |
| npm | @telenor-se/core: 99.0.0 | Jun 01، 2026 |
| npm | @ownit/core: 99.0.0 | Jun 01، 2026 |
| npm | jingmeideshishi: 1.0.5 | Jun 01، 2026 |
| npm | د ناروغ اسناد: ۷۵.۰.۰ | Jun 01، 2026 |
| npm | @antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.69 | Jun 01، 2026 |
| npm | @antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.68 | Jun 01، 2026 |
| npm | @antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.82 | Jun 01، 2026 |
| npm | @antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.80 | Jun 01، 2026 |
| npm | @antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.81 | Jun 01، 2026 |
| npm | @antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.83 | Jun 01، 2026 |
| npm | @antoncallahan/aws-کاروونکی-مرسته کوونکی:6767.67.3 | Jun 01، 2026 |
| npm | ویلټریکس: 9.0.1 | Jun 01، 2026 |
| npm | @emcd-vue/auth: ۶.۴.۹ | Jun 01، 2026 |
| npm | @emcd-vue/b2b-د معاش فورمه: 5.7.4 | Jun 01، 2026 |
لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې
| اکسيستم | هګ | نېټه |
|---|---|---|
| npm | erslove:1.22.12 | ښايي 16، 2026 |
| npm | dit-envv:17.4.2 | ښايي 16، 2026 |
| npm | briantreehttp:0.4.0 | ښايي 16، 2026 |
| npm | cheaty-sync-bot:1.0.0 | ښايي 16، 2026 |
| اوپن وی ایس ایکس | bingcha/bcai-tools:4.0.35 | ښايي 16، 2026 |
| npm | hello-world-pkg-value-value-p:1.0.11 | ښايي 16، 2026 |
| npm | hello-world-pkg-value-value-p:1.0.8 | ښايي 16، 2026 |
| npm | hello-world-pkg-value-value-p:1.0.9 | ښايي 16، 2026 |
| npm | hello-world-pkg-value-value-p:1.0.12 | ښايي 16، 2026 |
| npm | د اکسوایس-کارونې: ۱.۰.۹ | ښايي 16، 2026 |
| npm | د اکسوایس-کارونې: ۱.۰.۹ | ښايي 16، 2026 |
| npm | venturo-playwright-core:1.0.8 | ښايي 16، 2026 |
| npm | چاک-ټیمپلټ: 1.0.16 | ښايي 16، 2026 |
| npm | چاک-ټیمپلټ: 1.0.14 | ښايي 16، 2026 |
| npm | چاک-ټیمپلټ: 1.0.20 | ښايي 17، 2026 |
| npm | چاک-ټیمپلټ: 1.0.19 | ښايي 17، 2026 |
| npm | د اکسوایس-کارونې: ۱.۰.۹ | ښايي 17، 2026 |
| npm | @rocketreach/rr-components:9999.0.0 | ښايي 17، 2026 |
| npm | @cplace-paw-fe/cf-training-extended:2.0.4 | ښايي 18، 2026 |
| npm | smtp-test-server-node:99.2.1 | ښايي 18، 2026 |
| npm | smtp-test-server-node:99.2.2 | ښايي 18، 2026 |
| npm | @lir-portal/web-components:2.0.4 | ښايي 18، 2026 |
| npm | @zentrafinance/contracts:1.0.3 | ښايي 18، 2026 |
| npm | @zentrafinance/protocol-config:1.0.3 | ښايي 18، 2026 |
| npm | @zentrafinance/sdk:1.0.3 | ښايي 18، 2026 |
| npm | @zentrafinance/types:1.0.3 | ښايي 18، 2026 |
| npm | @zentrafinance/types:1.0.5 | ښايي 18، 2026 |
| npm | @zentrafinance/protocol-config:1.0.6 | ښايي 18، 2026 |
| npm | @zentrafinance/sdk:1.0.6 | ښايي 18، 2026 |
| npm | @zentrafinance/types:1.0.7 | ښايي 18، 2026 |
| npm | clementine-sdk:2.0.0 | ښايي 18، 2026 |
| npm | citrea-utils:2.0.0 | ښايي 18، 2026 |
| npm | @zentrafinance/protocol-config:2.0.1 | ښايي 18، 2026 |
| npm | @zentrafinance/sdk:2.0.0 | ښايي 18، 2026 |
| npm | @zentrafinance/types:2.0.1 | ښايي 18، 2026 |
| npm | @zentrafinance/types:2.0.0 | ښايي 18، 2026 |
| npm | bui-react-10hooks: 99.0.0 | ښايي 18، 2026 |
| npm | bui-react-10components:99.0.0 | ښايي 18، 2026 |
| npm | @deadcode09284814/axios-util:1.0.1 | ښايي 18، 2026 |
| npm | @deadcode09284814/axios-util:1.0.0 | ښايي 18، 2026 |
| npm | color-style-utils:1.0.7 | ښايي 18، 2026 |
| npm | node-env-resolve:1.2.0 | ښايي 18، 2026 |
| npm | @easytipsportal/node-helper:1.0.1 | ښايي 18، 2026 |
| npm | @zentrafinance/contracts:2.0.2 | ښايي 18، 2026 |
| npm | citrea-sdk:2.0.2 | ښايي 18، 2026 |
| npm | clementine-sdk:2.0.2 | ښايي 18، 2026 |
| npm | citrea-bridge:2.0.2 | ښايي 18، 2026 |
| npm | citrea-utils:2.0.2 | ښايي 18، 2026 |
| npm | @zentrafinance/types:2.0.2 | ښايي 18، 2026 |
| npm | apexomni-node:1.0.0 | ښايي 19، 2026 |
| npm | apex-trading:1.0.0 | ښايي 19، 2026 |
| npm | apex-trading:1.0.1 | ښايي 19، 2026 |
| npm | apex-connector:1.0.4 | ښايي 19، 2026 |
| npm | apexpro-node:1.0.2 | ښايي 19، 2026 |
| npm | apex-connector:1.0.3 | ښايي 19، 2026 |
| npm | apexomni-node:1.0.2 | ښايي 19، 2026 |
| npm | apex-trading:1.0.2 | ښايي 19، 2026 |
| npm | apexpro-node:1.0.3 | ښايي 19، 2026 |
| npm | forge-jsxy:1.0.81 | ښايي 19، 2026 |
| npm | forge-jsxy:1.0.90 | ښايي 19، 2026 |
| npm | sickle-wrapper:0.2.1 | ښايي 20، 2026 |
| npm | @doctolib-apps/native-personalized-services:99.99.99 | ښايي 21، 2026 |
| npm | @doctolib-apps/native-personalized-services:1.0.0 | ښايي 21، 2026 |
| npm | @doctolib-apps/native-personalized-services:1.0.1 | ښايي 21، 2026 |
| pypi | kanga-hack:1.0.4 | ښايي 21، 2026 |
| pypi | libhmac:0.8.28.1 | ښايي 21، 2026 |
| npm | @limebike/supreme-data-grid:85.14.44 | ښايي 21، 2026 |
| npm | @limebike/supreme-date-pickers:85.14.44 | ښايي 21، 2026 |
| npm | @limebike/supreme-data-grid:85.14.48 | ښايي 21، 2026 |
| pypi | ai-prishtina-agentic-kag:0.1.0 | ښايي 21، 2026 |
| npm | hehehe:1.0.7 | ښايي 21، 2026 |
| npm | defi-threat-scanner:2.1.2 | ښايي 22، 2026 |
| npm | deployment-key-auditor:0.7.3 | ښايي 22، 2026 |
| npm | eth-wallet-sentinel:1.0.9 | ښايي 22، 2026 |
| npm | web3-secrets-detector:1.2.6 | ښايي 22، 2026 |
| npm | solidity-deploy-guard:0.4.4 | ښايي 22، 2026 |
| npm | mnemonic-safety-check:0.5.2 | ښايي 22، 2026 |
| npm | crypto-credential-scanner:2.0.2 | ښايي 22، 2026 |
| npm | د زنځیر کیلي تایید کوونکی: 0.2.3 | ښايي 22، 2026 |
| npm | د زنځیر کیلي تایید کوونکی: 0.2.4 | ښايي 22، 2026 |
| npm | د defi-env-auditor: 0.3.3 | ښايي 22، 2026 |
| npm | deployment-key-auditor:1.8.2 | ښايي 22، 2026 |
| npm | د defi-env-auditor: 1.4.2 | ښايي 22، 2026 |
| npm | solidity-deploy-guard:1.5.2 | ښايي 22، 2026 |
| npm | wallet-security-checker:2.1.3 | ښايي 22، 2026 |
| npm | solidity-deploy-guard:1.5.3 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.1 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.3 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.2 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.5 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.6 | ښايي 22، 2026 |
| npm | defi-threat-scanner:3.2.5 | ښايي 22، 2026 |
| npm | defi-threat-scanner:3.2.4 | ښايي 22، 2026 |
| npm | د defi-env-auditor: 1.4.9 | ښايي 22، 2026 |
| npm | web3-secrets-detector:2.3.6 | ښايي 22، 2026 |
| npm | wallet-security-checker:2.1.6 | ښايي 22، 2026 |
| npm | mnemonic-safety-check:4.0.0 | ښايي 22، 2026 |
| npm | eth-wallet-sentinel:4.0.0 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.7 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.8 | ښايي 22، 2026 |
| npm | @jaggle/resizeobserves:1.0.4 | ښايي 22، 2026 |
لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې
| اکسيستم | هګ | نېټه |
|---|---|---|
| npm | win-env-setup:3.0.5 | ښايي 11، 2026 |
| npm | react-icon-svgs:1.0.1 | ښايي 11، 2026 |
| npm | money-badger-open-rpc:201.99.100 | ښايي 11، 2026 |
| npm | serverless-env-utils:1.0.0 | ښايي 11، 2026 |
| npm | serverless-env-utils:1.0.2 | ښايي 11، 2026 |
| npm | serverless-env-utils:1.0.3 | ښايي 11، 2026 |
| npm | sahrbrucecode32:1.0.0 | ښايي 11، 2026 |
| npm | claw_messenger:0.0.71 | ښايي 11، 2026 |
| npm | @gbrlxvii/ts-form-utils: ۱.۰.۳ | ښايي 11، 2026 |
| npm | post-purchase-bundler:99.9.19 | ښايي 11، 2026 |
| npm | post-purchase-bundler:99.9.26 | ښايي 11، 2026 |
| npm | post-purchase-bundler:100.0.1 | ښايي 11، 2026 |
| npm | post-purchase-bundler:101.0.3 | ښايي 11، 2026 |
| npm | rsflows-pexml:99.9.15 | ښايي 11، 2026 |
| npm | rsflows-pexml:99.9.20 | ښايي 11، 2026 |
| npm | post-purchase-bundler:102.0.3 | ښايي 11، 2026 |
| npm | rsflows-pexml:99.9.25 | ښايي 11، 2026 |
| npm | post-purchase-bundler:1.99.0 | ښايي 11، 2026 |
| npm | slow-surf:10.0.0 | ښايي 11، 2026 |
| npm | erslove:1.22.12 | ښايي 11، 2026 |
| npm | dit-envv:17.4.2 | ښايي 11، 2026 |
| npm | hehehe:1.0.4 | ښايي 11، 2026 |
| npm | @gbrlxvii/ts-form-utils: ۱.۰.۳ | ښايي 11، 2026 |
| npm | claw_messenger:0.0.74 | ښايي 11، 2026 |
| اوپن وی ایس ایکس | whatwedo/twig:1.2.7 | ښايي 11، 2026 |
| اوپن وی ایس ایکس | george-alisson/html-preview-vscode:1.2.7 | ښايي 11، 2026 |
| اوپن وی ایس ایکس | sohibe/java-generate-setters-getters:9.0.2 | ښايي 11، 2026 |
| npm | byvendors:99.0.6 | ښايي 11، 2026 |
| npm | briantreehttp:0.4.0 | ښايي 11، 2026 |
| npm | noon-contracts:1.0.0 | ښايي 12، 2026 |
| npm | @draftlab/db:0.16.1 | ښايي 12، 2026 |
| npm | @uipath/uipath-python-bridge:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/aops-policy-tool:0.3.1 | ښايي 12، 2026 |
| npm | @uipath/codedagent-tool:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/gov-tool:0.3.1 | ښايي 12، 2026 |
| npm | @uipath/telemetry:0.0.7 | ښايي 12، 2026 |
| npm | @uipath/admin-tool:0.1.1 | ښايي 12، 2026 |
| npm | @uipath/codedapp-tool:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/insights-sdk:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/tool-workflowcompiler:0.0.12 | ښايي 12، 2026 |
| npm | @uipath/project-packager:1.1.16 | ښايي 12، 2026 |
| npm | @uipath/access-policy-sdk:0.3.1 | ښايي 12، 2026 |
| npm | @uipath/vertical-solutions-tool:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/integrationservice-sdk:1.0.2 | ښايي 12، 2026 |
| npm | @uipath/access-policy-tool:0.3.1 | ښايي 12، 2026 |
| npm | @uipath/resourcecatalog-tool:0.1.1 | ښايي 12، 2026 |
| npm | @uipath/agent-tool:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/api-workflow-tool:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/tasks-tool:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/solution-tool:1.0.1 | ښايي 12، 2026 |
| npm | @uipath/vss:0.1.6 | ښايي 12، 2026 |
| npm | @tallyui/components:1.0.1 | ښايي 12، 2026 |
| npm | @squawk/flight-math:0.5.4 | ښايي 12، 2026 |
| npm | @squawk/weather:0.5.6 | ښايي 12، 2026 |
| npm | @mistralai/mistralai-gcp:1.7.1 | ښايي 12، 2026 |
| npm | @mesadev/saguaro:0.4.22 | ښايي 12، 2026 |
| npm | dpdgroupuk:0.0.1 | ښايي 12، 2026 |
| npm | @cplace-paw-fe/cf-training-extended:2.0.4 | ښايي 12، 2026 |
| npm | @jacobson1977/hp-setup:2.0.2 | ښايي 14، 2026 |
| npm | @jacobson1977/hp-setup:2.0.5 | ښايي 14، 2026 |
| npm | @jacobson1977/hp-setup:2.0.6 | ښايي 14، 2026 |
| npm | @jacobson1977/hp-setup:2.0.7 | ښايي 14، 2026 |
| npm | @jacobson1977/hp-setup:2.0.8 | ښايي 14، 2026 |
| npm | @jacobson1977/hp-setup:2.0.9 | ښايي 14، 2026 |
| npm | @jacobson1977/hp-setup:2.1.0 | ښايي 14، 2026 |
| npm | د hpsetup: 4.0.1 | ښايي 14، 2026 |
| npm | د hpsetup: 4.0.2 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.0 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.3 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.4 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.5 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.6 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.8 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.19 | ښايي 14، 2026 |
| npm | د hpsetup: 4.1.20 | ښايي 14، 2026 |
| npm | د hpsetup: 4.2.0 | ښايي 14، 2026 |
| npm | housecallpro:1.0.1 | ښايي 14، 2026 |
| pypi | ai-spellcheckers:1.0.0 | ښايي 14، 2026 |
| pypi | cicada-tg:0.3.6 | ښايي 14، 2026 |
| npm | smtp-test-server-node:99.2.1 | ښايي 14، 2026 |
| npm | smtp-test-server-node:99.2.2 | ښايي 14، 2026 |
| npm | @lir-portal/web-components:2.0.4 | ښايي 14، 2026 |
| npm | dotenvv-tool:1.0.1 | ښايي 14، 2026 |
| npm | rimraf-utils:1.0.1 | ښايي 14، 2026 |
| npm | exxpress-tool:1.0.0 | ښايي 14، 2026 |
| npm | exxpress-tool:1.0.1 | ښايي 14، 2026 |
| npm | exxpress-utils:1.0.1 | ښايي 14، 2026 |
| npm | @design-system-coopeuch/web:999.0.4 | ښايي 14، 2026 |
| npm | @design-system-coopeuch/web:999.0.3 | ښايي 14، 2026 |
| npm | @design-system-coopeuch/web:999.0.2 | ښايي 14، 2026 |
| pypi | pyexecutorsme:0.1.0 | ښايي 15، 2026 |
| pypi | pyexecutorsme:0.1.2 | ښايي 15، 2026 |
| npm | hello-world-pkg-value-value-p:1.0.7 | ښايي 15، 2026 |
| npm | hello-world-pkg-value-value-p:1.0.10 | ښايي 15، 2026 |
| npm | axon-enterprise: 1.0.0 | ښايي 15، 2026 |
لومړۍ اونۍ: له ۶۳ څخه زیات کڅوړې کشف شوې
| اکسيستم | هګ | نېټه |
|---|---|---|
| npm | @ایپل-پی-ټرسټ/لغوه شوی: 99.0.3 | ښايي 01، 2026 |
| npm | apple-internal-security-library-v99:100.0.1 | ښايي 01، 2026 |
| npm | fiat-token-admin:99.1.1 | ښايي 01، 2026 |
| npm | stellar-stablecoin-scripts:99.1.0 | ښايي 01، 2026 |
| npm | node-red-contrib-fox-control-admin:2.0.3 | ښايي 01، 2026 |
| npm | node-red-contrib-fox-control-admin:2.0.4 | ښايي 01، 2026 |
| npm | node-red-contrib-fox-control-admin:2.0.7 | ښايي 01، 2026 |
| npm | blackbeards-navigator:211.0.0 | ښايي 01، 2026 |
| npm | blackbeards-navigator:212.0.0 | ښايي 01، 2026 |
| npm | blackbeards-navigator:213.0.0 | ښايي 01، 2026 |
| npm | blackbeards-navigator:217.0.0 | ښايي 01، 2026 |
| npm | blackbeards-navigator:220.0.0 | ښايي 01، 2026 |
| npm | blackbeards-navigator:221.0.0 | ښايي 01، 2026 |
| npm | blackbeards-navigator:222.0.0 | ښايي 01، 2026 |
| npm | sirens-lament:211.0.0 | ښايي 01، 2026 |
| npm | sirens-lament:212.0.0 | ښايي 01، 2026 |
| npm | sirens-lament:213.0.0 | ښايي 01، 2026 |
| npm | د بارودي موادو روح: 212.0.0 | ښايي 01، 2026 |
| npm | د بارودي موادو روح: 219.0.0 | ښايي 01، 2026 |
| npm | codewhisperer-streaming:1.0.15 | ښايي 02، 2026 |
| npm | شیډزینو: ۱.۰.۷ | ښايي 02، 2026 |
| npm | amazon-data-kiosk-monorepo:1.0.10 | ښايي 02، 2026 |
| npm | claude-code-best:2.0.1 | ښايي 03، 2026 |
| npm | apexpro:99.99.99 | ښايي 03، 2026 |
| npm | apexomni:99.99.99 | ښايي 03، 2026 |
| npm | apexomni:99.99.100 | ښايي 03، 2026 |
| npm | apexpro:99.99.100 | ښايي 03، 2026 |
| npm | node-env-resolve:1.0.7 | ښايي 03، 2026 |
| npm | node-env-resolve:1.0.8 | ښايي 03، 2026 |
| npm | @xp-utilities/web:99.0.0 | ښايي 03، 2026 |
| npm | nextjs-chat-with-ai-service:99.9.9 | ښايي 03، 2026 |
| npm | @alfa.life.mapp/app.web:99.0.13 | ښايي 04، 2026 |
| npm | @alfa.life.mapp/app.web:99.0.14 | ښايي 04، 2026 |
| npm | @alfa.life.mapp/app.web:99.0.15 | ښايي 04، 2026 |
| npm | @alfa.life.mapp/app.web:99.0.16 | ښايي 04، 2026 |
| npm | @alfa.life.mapp/app.web:99.0.17 | ښايي 04، 2026 |
| npm | @alfa.life.mapp/app.web:99.0.19 | ښايي 04، 2026 |
| npm | @sbt_gitverse/analytics-client:99.0.1 | ښايي 04، 2026 |
| npm | @sbt_gitverse/analytics-client:99.0.4 | ښايي 04، 2026 |
| npm | @sbt_gitverse/analytics-client:99.0.5 | ښايي 04، 2026 |
| npm | @tochka-ui/بنسټ:99.0.2 | ښايي 04، 2026 |
| npm | @tochka-ui/بنسټ:99.0.3 | ښايي 04، 2026 |
| npm | @tochka-ui/بنسټ:99.0.4 | ښايي 04، 2026 |
| npm | د kl-b2c-ui-کټ: 99.0.1 | ښايي 04، 2026 |
| npm | د kl-b2c-ui-کټ: 99.0.2 | ښايي 04، 2026 |
| npm | د kl-b2c-ui-کټ: 99.0.3 | ښايي 04، 2026 |
| npm | pi-exa-mcp:99.9.11 | ښايي 04، 2026 |
| npm | pi-exa-mcp:99.9.12 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.26 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.33 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.34 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.35 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.37 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.38 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.51 | ښايي 04، 2026 |
| npm | د ګوګل-کلاؤډ-پټ-منیجر-کنفیګ-پوک: 99.9.53 | ښايي 04، 2026 |
| npm | paypal-payouts-bridge:99.9.9 | ښايي 04، 2026 |
| npm | paypal-payouts-bridge:100.1.1 | ښايي 04، 2026 |
| npm | paypal-payouts-bridge:100.1.4 | ښايي 04، 2026 |
| npm | paypal-payouts-bridge:100.1.6 | ښايي 04، 2026 |
| npm | paypal-payouts-bridge:100.1.9 | ښايي 04، 2026 |
| npm | paypal-payouts-bridge:100.2.8 | ښايي 04، 2026 |
| npm | د مایکروسافټ کارمند تجربه: 99.2.2 | ښايي 05، 2026 |
| npm | carp-shield:0.1.0 | ښايي 05، 2026 |
| npm | fanduel:100.5.0 | ښايي 05، 2026 |
| npm | exiouss:1.0.6 | ښايي 05، 2026 |
| npm | enterprise-auth-gateway-core:50.50.50 | ښايي 06، 2026 |
| npm | @saif777/codemirror5:7.66.4 | ښايي 06، 2026 |
| npm | @saif777/codemirror5:7.66.5 | ښايي 06، 2026 |
| npm | feature-flag-service:2.0.1 | ښايي 06، 2026 |
| npm | feature-flag-service:2.0.2 | ښايي 06، 2026 |
| npm | feature-flag-service:2.0.3 | ښايي 06، 2026 |
| npm | sort-btree:2.1.2 | ښايي 06، 2026 |
| npm | viem-core:1.0.0 | ښايي 06، 2026 |
| npm | viem-utils-core:1.0.0 | ښايي 06، 2026 |
| npm | hardhat-core-utils:1.0.0 | ښايي 06، 2026 |
| npm | ویلټریکس: 1.0.0 | ښايي 06، 2026 |
| npm | evm-utils:1.0.0 | ښايي 06، 2026 |
| npm | web3-utils-core:1.0.0 | ښايي 06، 2026 |
| npm | foundry-utils:1.0.0 | ښايي 06، 2026 |
| npm | carboniteapp:99.9.0 | ښايي 07، 2026 |
| npm | carbonite-internal:99.9.0 | ښايي 07، 2026 |
| npm | money-badger-open-rpc:200.99.100 | ښايي 07، 2026 |
| npm | 24712-pl5006:0.0.1 | ښايي 07، 2026 |
| اوپن وی ایس ایکس | eriklynd/json-tools:20.1.2 | ښايي 07، 2026 |
| npm | invixco:1.0.4 | ښايي 07، 2026 |
| npm | win-sys-health-agent:1.0.2 | ښايي 08، 2026 |
| npm | win-env-setup:3.0.6 | ښايي 08، 2026 |
| npm | win-sys-health-agent:1.0.3 | ښايي 08، 2026 |
Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code
Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.
With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.
Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.
From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.
To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete د ناوړه کوډ ډایجسټ.
خوندي اوسئ. چټک اوسئ. د زیګیني سره په کنټرول کې اوسئ.




