Ringkesan Kodeu Jahat Méi

Ringkesan Bulanan Intisari Kodeu Jahat: Méi

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • JulesJacker, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

Minggu ka-4: Leuwih ti 104 Pakét Kapanggih

ékosistem paket tanggal
npm@gbrlxvii/ts-form-utils:4.6.0Bisa 25, 2026
npm@gbrlxvii/ts-form-utils:4.7.0Bisa 25, 2026
npmpi-ocr:0.2.0Bisa 25, 2026
npm@jaggle/resizeobserves:1.0.11Bisa 25, 2026
npmfnd-stores:0.0.7Bisa 25, 2026
npm@gbrlxvii/ts-project-lint:1.7.0Bisa 25, 2026
npm@gbrlxvii/ts-project-lint:1.8.0Bisa 25, 2026
npmsystem-user-identifier-cli:7.0.0Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.13Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.12Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.15Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.14Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.16Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.19Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.17Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.18Bisa 26, 2026
npm@jaggle/resizeobserves:1.0.20Bisa 26, 2026
npmintl-ads:99.0.1Bisa 26, 2026
npmtempo-layout:99.0.0Bisa 26, 2026
npmtempo-layout:99.0.2Bisa 26, 2026
npmitc-actors-api:99.0.0Bisa 26, 2026
npmwalmart-shared-modules:99.0.1Bisa 26, 2026
npmwml-components:99.0.1Bisa 26, 2026
npmplatform-tempo:99.0.1Bisa 26, 2026
npmwml-core:99.0.1Bisa 26, 2026
npm@izumiswap/sdk:3.0.3Bisa 26, 2026
npm@izumiswap/sdk:3.0.4Bisa 26, 2026
npm@izumiswap/sdk:3.0.5Bisa 26, 2026
npmjson-ka-skéma-graphql-basajan:1.0.0Bisa 26, 2026
npmreactive-cdk-app:1.0.1Bisa 27, 2026
npmmmt-static:1.0.0Bisa 27, 2026
npmreactive-cdk-app:1.0.4Bisa 27, 2026
npmcdk-sagemaker-notebook-workflow:1.0.3Bisa 27, 2026
npmdiscovery-build:1.0.0Bisa 27, 2026
pypiworldofkanga:1.0.4Bisa 27, 2026
npmforge-jsxy:1.0.92Bisa 27, 2026
npm@gs-select/aplikasi-klien-tabungan:99.0.0Bisa 27, 2026
npmforge-jsxy:1.0.105Bisa 27, 2026
npmforge-jsxy:1.0.107Bisa 27, 2026
npmforge-jsxy:1.0.108Bisa 27, 2026
npmeditorial-mse-authentication-ui:99.0.1Bisa 28, 2026
npmeditorial-code:99.0.1Bisa 28, 2026
npmmse-tool-components:99.99.100Bisa 28, 2026
npmforge-jsxy:1.0.120Bisa 28, 2026
npm@gbrlxvi/ts-form-utils:1.0.0Bisa 29, 2026
vscoderudranex-developer-assistant:1.0.1Bisa 29, 2026
npmnemo-reporter:1.8.2Bisa 29, 2026
npm@qlab/ui:2.0.5Bisa 29, 2026
npmforge-jsxy:1.0.121Bisa 29, 2026
npm@qlab/ui:2.0.6Bisa 29, 2026
npm@qlab/component-intelligence:2.0.6Bisa 29, 2026
npmsearch-engine-setup:1.0.9106Bisa 29, 2026
npmopensearch-setup-tool:1.0.9107Bisa 29, 2026
npm@0xlr/vercel-analytics:999.0.0Bisa 29, 2026
npm@0xlr/stripe-frontend:999.0.0Bisa 29, 2026
npm@0xlr/stripe-checkout-js:999.0.0Bisa 29, 2026
npm@0xlr/sentry-web:999.0.0Bisa 29, 2026
npm@0xlr/clerk-auth:999.0.0Bisa 29, 2026
npm@0xlr/supabase-db:999.0.0Bisa 29, 2026
npm@0xlr/prisma-client-js:999.0.0Bisa 29, 2026
npm@flexspec/cli:0.3.1-dev.26612027722Bisa 29, 2026
npm@cloudplatform-single-spa/administrasi:99.99.100Bisa 30, 2026
npm@cloudplatform-single-spa/svp-s3-storage:99.99.100Bisa 30, 2026
npm@maximvs1538/os-npm:99.0.0Bisa 30, 2026
npm@asup-gampang/rute-pendaratan:99.9.5Bisa 30, 2026
npm@asup-gampang/pendaptaran-luar-navigator-fop:99.9.5Bisa 30, 2026
npm@easily-entry/rutes:99.9.5Bisa 30, 2026
npmcms-github:4.2.4Bisa 30, 2026
npm@t-in-one/form_product_token:5.7.1Bisa 30, 2026
npm@capibar.chat/ui-kit:99.5.7Bisa 30, 2026
npmcms-helpgit:4.2.6Bisa 30, 2026
npmcms-helpgit:4.2.8Bisa 30, 2026
vscodexampp-manager:5.1.3Bisa 30, 2026
npm@template-obrolan/auth:1.0.0Bisa 31, 2026
npmcms-storehub:1.3.4Bisa 31, 2026
npmcms-storehub:1.3.5Bisa 31, 2026
npmstrategi-lokasi-ritel-frontend:1.1.1Bisa 31, 2026
npmstrategi-lokasi-ritel-frontend:1.1.2Bisa 31, 2026
npmcms-storehub:1.3.6Bisa 31, 2026
pypisimtooreal-cli:0.3.0Jun 01, 2026
npmconversa-sdk:2.0.2Jun 01, 2026
npmveltrix:9.0.0Jun 01, 2026
npmjingmeideshishi: 1.0.4Jun 01, 2026
npm@tse-digital/core:99.0.0Jun 01, 2026
npm@telenor-se/core:99.0.0Jun 01, 2026
npm@ownit/inti:99.0.0Jun 01, 2026
npmjingmeideshishi: 1.0.5Jun 01, 2026
npmdokumén pasien: 75.0.0Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.69Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.68Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.82Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.80Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.81Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.83Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.3Jun 01, 2026
npmveltrix:9.0.1Jun 01, 2026
npm@emcd-vue/auth:6.4.9Jun 01, 2026
npm@emcd-vue/b2b-pay-form:5.7.4Jun 01, 2026

Minggu ka-3: Leuwih ti 106 Pakét Kapanggih

ékosistem paket tanggal
npmerslove:1.22.12Bisa 16, 2026
npmdit-envv:17.4.2Bisa 16, 2026
npmbriantreehttp:0.4.0Bisa 16, 2026
npmcheaty-sync-bot:1.0.0Bisa 16, 2026
openvsxbingcha/bcai-tools:4.0.35Bisa 16, 2026
npmhello-world-pkg-value-value-p:1.0.11Bisa 16, 2026
npmhello-world-pkg-value-value-p:1.0.8Bisa 16, 2026
npmhello-world-pkg-value-value-p:1.0.9Bisa 16, 2026
npmhello-world-pkg-value-value-p:1.0.12Bisa 16, 2026
npmaxois-utils:1.0.6Bisa 16, 2026
npmaxois-utils:1.0.4Bisa 16, 2026
npmventuro-playwright-core:1.0.8Bisa 16, 2026
npmchalk-tempalte:1.0.16Bisa 16, 2026
npmchalk-tempalte:1.0.14Bisa 16, 2026
npmchalk-tempalte:1.0.20Bisa 17, 2026
npmchalk-tempalte:1.0.19Bisa 17, 2026
npmaxois-utils:1.0.9Bisa 17, 2026
npm@rocketreach/rr-components:9999.0.0Bisa 17, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Bisa 18, 2026
npmsmtp-test-server-node:99.2.1Bisa 18, 2026
npmsmtp-test-server-node:99.2.2Bisa 18, 2026
npm@lir-portal/web-components:2.0.4Bisa 18, 2026
npm@zentrafinance/contracts:1.0.3Bisa 18, 2026
npm@zentrafinance/protocol-config:1.0.3Bisa 18, 2026
npm@zentrafinance/sdk:1.0.3Bisa 18, 2026
npm@zentrafinance/types:1.0.3Bisa 18, 2026
npm@zentrafinance/types:1.0.5Bisa 18, 2026
npm@zentrafinance/protocol-config:1.0.6Bisa 18, 2026
npm@zentrafinance/sdk:1.0.6Bisa 18, 2026
npm@zentrafinance/types:1.0.7Bisa 18, 2026
npmclementine-sdk:2.0.0Bisa 18, 2026
npmcitrea-utils:2.0.0Bisa 18, 2026
npm@zentrafinance/protocol-config:2.0.1Bisa 18, 2026
npm@zentrafinance/sdk:2.0.0Bisa 18, 2026
npm@zentrafinance/types:2.0.1Bisa 18, 2026
npm@zentrafinance/types:2.0.0Bisa 18, 2026
npmbui-react-10hooks: 99.0.0Bisa 18, 2026
npmbui-react-10components:99.0.0Bisa 18, 2026
npm@deadcode09284814/axios-util:1.0.1Bisa 18, 2026
npm@deadcode09284814/axios-util:1.0.0Bisa 18, 2026
npmcolor-style-utils:1.0.7Bisa 18, 2026
npmnode-env-resolve:1.2.0Bisa 18, 2026
npm@easytipsportal/node-helper:1.0.1Bisa 18, 2026
npm@zentrafinance/contracts:2.0.2Bisa 18, 2026
npmcitrea-sdk:2.0.2Bisa 18, 2026
npmclementine-sdk:2.0.2Bisa 18, 2026
npmcitrea-bridge:2.0.2Bisa 18, 2026
npmcitrea-utils:2.0.2Bisa 18, 2026
npm@zentrafinance/types:2.0.2Bisa 18, 2026
npmapexomni-node:1.0.0Bisa 19, 2026
npmapex-trading:1.0.0Bisa 19, 2026
npmapex-trading:1.0.1Bisa 19, 2026
npmapex-connector:1.0.4Bisa 19, 2026
npmapexpro-node:1.0.2Bisa 19, 2026
npmapex-connector:1.0.3Bisa 19, 2026
npmapexomni-node:1.0.2Bisa 19, 2026
npmapex-trading:1.0.2Bisa 19, 2026
npmapexpro-node:1.0.3Bisa 19, 2026
npmforge-jsxy:1.0.81Bisa 19, 2026
npmforge-jsxy:1.0.90Bisa 19, 2026
npmsickle-wrapper:0.2.1Bisa 20, 2026
npm@doctolib-apps/native-personalized-services:99.99.99Bisa 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.0Bisa 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.1Bisa 21, 2026
pypikanga-hack:1.0.4Bisa 21, 2026
pypilibhmac:0.8.28.1Bisa 21, 2026
npm@limebike/supreme-data-grid:85.14.44Bisa 21, 2026
npm@limebike/supreme-date-pickers:85.14.44Bisa 21, 2026
npm@limebike/supreme-data-grid:85.14.48Bisa 21, 2026
pypiai-prishtina-agentic-kag:0.1.0Bisa 21, 2026
npmhehehe:1.0.7Bisa 21, 2026
npmdefi-threat-scanner:2.1.2Bisa 22, 2026
npmdeployment-key-auditor:0.7.3Bisa 22, 2026
npmeth-wallet-sentinel:1.0.9Bisa 22, 2026
npmweb3-secrets-detector:1.2.6Bisa 22, 2026
npmsolidity-deploy-guard:0.4.4Bisa 22, 2026
npmmnemonic-safety-check:0.5.2Bisa 22, 2026
npmcrypto-credential-scanner:2.0.2Bisa 22, 2026
npmvalidator-konci-ranté:0.2.3Bisa 22, 2026
npmvalidator-konci-ranté:0.2.4Bisa 22, 2026
npmdefi-env-auditor:0.3.3Bisa 22, 2026
npmdeployment-key-auditor:1.8.2Bisa 22, 2026
npmdefi-env-auditor:1.4.2Bisa 22, 2026
npmsolidity-deploy-guard:1.5.2Bisa 22, 2026
npmwallet-security-checker:2.1.3Bisa 22, 2026
npmsolidity-deploy-guard:1.5.3Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.1Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.3Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.2Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.5Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.6Bisa 22, 2026
npmdefi-threat-scanner:3.2.5Bisa 22, 2026
npmdefi-threat-scanner:3.2.4Bisa 22, 2026
npmdefi-env-auditor:1.4.9Bisa 22, 2026
npmweb3-secrets-detector:2.3.6Bisa 22, 2026
npmwallet-security-checker:2.1.6Bisa 22, 2026
npmmnemonic-safety-check:4.0.0Bisa 22, 2026
npmeth-wallet-sentinel:4.0.0Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.7Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.8Bisa 22, 2026
npm@jaggle/resizeobserves:1.0.4Bisa 22, 2026

Minggu ka-2: Leuwih ti 95 Pakét Kapanggih

ékosistem paket tanggal
npmwin-env-setup:3.0.5Bisa 11, 2026
npmreact-icon-svgs:1.0.1Bisa 11, 2026
npmmoney-badger-open-rpc:201.99.100Bisa 11, 2026
npmserverless-env-utils:1.0.0Bisa 11, 2026
npmserverless-env-utils:1.0.2Bisa 11, 2026
npmserverless-env-utils:1.0.3Bisa 11, 2026
npmsahrbrucecode32:1.0.0Bisa 11, 2026
npmclaw_messenger:0.0.71Bisa 11, 2026
npm@gbrlxvii/ts-form-utils:2.7.0Bisa 11, 2026
npmpost-purchase-bundler:99.9.19Bisa 11, 2026
npmpost-purchase-bundler:99.9.26Bisa 11, 2026
npmpost-purchase-bundler:100.0.1Bisa 11, 2026
npmpost-purchase-bundler:101.0.3Bisa 11, 2026
npmrsflows-pexml:99.9.15Bisa 11, 2026
npmrsflows-pexml:99.9.20Bisa 11, 2026
npmpost-purchase-bundler:102.0.3Bisa 11, 2026
npmrsflows-pexml:99.9.25Bisa 11, 2026
npmpost-purchase-bundler:1.99.0Bisa 11, 2026
npmslow-surf:10.0.0Bisa 11, 2026
npmerslove:1.22.12Bisa 11, 2026
npmdit-envv:17.4.2Bisa 11, 2026
npmhehehe:1.0.4Bisa 11, 2026
npm@gbrlxvii/ts-form-utils:3.7.0Bisa 11, 2026
npmclaw_messenger:0.0.74Bisa 11, 2026
openvsxwhatwedo/twig:1.2.7Bisa 11, 2026
openvsxgeorge-alisson/html-preview-vscode:1.2.7Bisa 11, 2026
openvsxsohibe/java-generate-setters-getters:9.0.2Bisa 11, 2026
npmbyvendors:99.0.6Bisa 11, 2026
npmbriantreehttp:0.4.0Bisa 11, 2026
npmnoon-contracts:1.0.0Bisa 12, 2026
npm@draftlab/db:0.16.1Bisa 12, 2026
npm@uipath/uipath-python-bridge:1.0.1Bisa 12, 2026
npm@uipath/aops-policy-tool:0.3.1Bisa 12, 2026
npm@uipath/codedagent-tool:1.0.1Bisa 12, 2026
npm@uipath/gov-tool:0.3.1Bisa 12, 2026
npm@uipath/telemetry:0.0.7Bisa 12, 2026
npm@uipath/admin-tool:0.1.1Bisa 12, 2026
npm@uipath/codedapp-tool:1.0.1Bisa 12, 2026
npm@uipath/insights-sdk:1.0.1Bisa 12, 2026
npm@uipath/tool-workflowcompiler:0.0.12Bisa 12, 2026
npm@uipath/project-packager:1.1.16Bisa 12, 2026
npm@uipath/access-policy-sdk:0.3.1Bisa 12, 2026
npm@uipath/vertical-solutions-tool:1.0.1Bisa 12, 2026
npm@uipath/integrationservice-sdk:1.0.2Bisa 12, 2026
npm@uipath/access-policy-tool:0.3.1Bisa 12, 2026
npm@uipath/resourcecatalog-tool:0.1.1Bisa 12, 2026
npm@uipath/agent-tool:1.0.1Bisa 12, 2026
npm@uipath/api-workflow-tool:1.0.1Bisa 12, 2026
npm@uipath/tasks-tool:1.0.1Bisa 12, 2026
npm@uipath/solution-tool:1.0.1Bisa 12, 2026
npm@uipath/vss:0.1.6Bisa 12, 2026
npm@tallyui/components:1.0.1Bisa 12, 2026
npm@squawk/flight-math:0.5.4Bisa 12, 2026
npm@squawk/weather:0.5.6Bisa 12, 2026
npm@mistralai/mistralai-gcp:1.7.1Bisa 12, 2026
npm@mesadev/saguaro:0.4.22Bisa 12, 2026
npmdpdgroupuk:0.0.1Bisa 12, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Bisa 12, 2026
npm@jacobson1977/hp-setup:2.0.2Bisa 14, 2026
npm@jacobson1977/hp-setup:2.0.5Bisa 14, 2026
npm@jacobson1977/hp-setup:2.0.6Bisa 14, 2026
npm@jacobson1977/hp-setup:2.0.7Bisa 14, 2026
npm@jacobson1977/hp-setup:2.0.8Bisa 14, 2026
npm@jacobson1977/hp-setup:2.0.9Bisa 14, 2026
npm@jacobson1977/hp-setup:2.1.0Bisa 14, 2026
npmsetelan hp:4.0.1Bisa 14, 2026
npmsetelan hp:4.0.2Bisa 14, 2026
npmsetelan hp:4.1.0Bisa 14, 2026
npmsetelan hp:4.1.3Bisa 14, 2026
npmsetelan hp:4.1.4Bisa 14, 2026
npmsetelan hp:4.1.5Bisa 14, 2026
npmsetelan hp:4.1.6Bisa 14, 2026
npmsetelan hp:4.1.8Bisa 14, 2026
npmsetelan hp:4.1.19Bisa 14, 2026
npmsetelan hp:4.1.20Bisa 14, 2026
npmsetelan hp:4.2.0Bisa 14, 2026
npmhousecallpro:1.0.1Bisa 14, 2026
pypiai-spellcheckers:1.0.0Bisa 14, 2026
pypicicada-tg:0.3.6Bisa 14, 2026
npmsmtp-test-server-node:99.2.1Bisa 14, 2026
npmsmtp-test-server-node:99.2.2Bisa 14, 2026
npm@lir-portal/web-components:2.0.4Bisa 14, 2026
npmdotenvv-tool:1.0.1Bisa 14, 2026
npmrimraf-utils:1.0.1Bisa 14, 2026
npmexxpress-tool:1.0.0Bisa 14, 2026
npmexxpress-tool:1.0.1Bisa 14, 2026
npmexxpress-utils:1.0.1Bisa 14, 2026
npm@design-system-coopeuch/web:999.0.4Bisa 14, 2026
npm@design-system-coopeuch/web:999.0.3Bisa 14, 2026
npm@design-system-coopeuch/web:999.0.2Bisa 14, 2026
pypipyexecutorsme:0.1.0Bisa 15, 2026
pypipyexecutorsme:0.1.2Bisa 15, 2026
npmhello-world-pkg-value-value-p:1.0.7Bisa 15, 2026
npmhello-world-pkg-value-value-p:1.0.10Bisa 15, 2026
npmaxon-enterprise: 1.0.0Bisa 15, 2026

Minggu ka-1: Leuwih ti 158 Pakét Kapanggih

ékosistem paket tanggal
npm@apple-pay-trust/dibatalkeun:99.0.3Bisa 01, 2026
npmapple-internal-security-library-v99:100.0.1Bisa 01, 2026
npmfiat-token-admin:99.1.1Bisa 01, 2026
npmstellar-stablecoin-scripts:99.1.0Bisa 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.3Bisa 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.4Bisa 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.7Bisa 01, 2026
npmblackbeards-navigator:211.0.0Bisa 01, 2026
npmblackbeards-navigator:212.0.0Bisa 01, 2026
npmblackbeards-navigator:213.0.0Bisa 01, 2026
npmblackbeards-navigator:217.0.0Bisa 01, 2026
npmblackbeards-navigator:220.0.0Bisa 01, 2026
npmblackbeards-navigator:221.0.0Bisa 01, 2026
npmblackbeards-navigator:222.0.0Bisa 01, 2026
npmsirens-lament:211.0.0Bisa 01, 2026
npmsirens-lament:212.0.0Bisa 01, 2026
npmsirens-lament:213.0.0Bisa 01, 2026
npmmesiu-hantu:212.0.0Bisa 01, 2026
npmmesiu-hantu:219.0.0Bisa 01, 2026
npmcodewhisperer-streaming:1.0.15Bisa 02, 2026
npmshadxino:1.0.5Bisa 02, 2026
npmamazon-data-kiosk-monorepo:1.0.10Bisa 02, 2026
npmclaude-code-best:2.0.1Bisa 03, 2026
npmapexpro:99.99.99Bisa 03, 2026
npmapexomni:99.99.99Bisa 03, 2026
npmapexomni:99.99.100Bisa 03, 2026
npmapexpro:99.99.100Bisa 03, 2026
npmnode-env-resolve:1.0.7Bisa 03, 2026
npmnode-env-resolve:1.0.8Bisa 03, 2026
npm@xp-utilities/web:99.0.0Bisa 03, 2026
npmnextjs-chat-with-ai-service:99.9.9Bisa 03, 2026
npm@alfa.life.mapp/app.web:99.0.13Bisa 04, 2026
npm@alfa.life.mapp/app.web:99.0.14Bisa 04, 2026
npm@alfa.life.mapp/app.web:99.0.15Bisa 04, 2026
npm@alfa.life.mapp/app.web:99.0.16Bisa 04, 2026
npm@alfa.life.mapp/app.web:99.0.17Bisa 04, 2026
npm@alfa.life.mapp/app.web:99.0.19Bisa 04, 2026
npm@sbt_gitverse/analytics-client:99.0.1Bisa 04, 2026
npm@sbt_gitverse/analytics-client:99.0.4Bisa 04, 2026
npm@sbt_gitverse/analytics-client:99.0.5Bisa 04, 2026
npm@tochka-ui/yayasan:99.0.2Bisa 04, 2026
npm@tochka-ui/yayasan:99.0.3Bisa 04, 2026
npm@tochka-ui/yayasan:99.0.4Bisa 04, 2026
npmkl-b2c-ui-kit:99.0.1Bisa 04, 2026
npmkl-b2c-ui-kit:99.0.2Bisa 04, 2026
npmkl-b2c-ui-kit:99.0.3Bisa 04, 2026
npmpi-exa-mcp:99.9.11Bisa 04, 2026
npmpi-exa-mcp:99.9.12Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.26Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.33Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.34Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.35Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.37Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.38Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.51Bisa 04, 2026
npmkonfigurasi-manajer-rahasia-google-cloud-poc:99.9.53Bisa 04, 2026
npmpaypal-payouts-bridge:99.9.9Bisa 04, 2026
npmpaypal-payouts-bridge:100.1.1Bisa 04, 2026
npmpaypal-payouts-bridge:100.1.4Bisa 04, 2026
npmpaypal-payouts-bridge:100.1.6Bisa 04, 2026
npmpaypal-payouts-bridge:100.1.9Bisa 04, 2026
npmpaypal-payouts-bridge:100.2.8Bisa 04, 2026
npmmicrosoft-employee-experience:99.2.2Bisa 05, 2026
npmcarp-shield:0.1.0Bisa 05, 2026
npmfanduel:100.5.0Bisa 05, 2026
npmexiouss:1.0.6Bisa 05, 2026
npmenterprise-auth-gateway-core:50.50.50Bisa 06, 2026
npm@saif777/codemirror5:7.66.4Bisa 06, 2026
npm@saif777/codemirror5:7.66.5Bisa 06, 2026
npmfeature-flag-service:2.0.1Bisa 06, 2026
npmfeature-flag-service:2.0.2Bisa 06, 2026
npmfeature-flag-service:2.0.3Bisa 06, 2026
npmsort-btree:2.1.2Bisa 06, 2026
npmviem-core:1.0.0Bisa 06, 2026
npmviem-utils-core:1.0.0Bisa 06, 2026
npmhardhat-core-utils:1.0.0Bisa 06, 2026
npmveltrix:1.0.0Bisa 06, 2026
npmevm-utils:1.0.0Bisa 06, 2026
npmweb3-utils-core:1.0.0Bisa 06, 2026
npmfoundry-utils:1.0.0Bisa 06, 2026
npmcarboniteapp:99.9.0Bisa 07, 2026
npmcarbonite-internal:99.9.0Bisa 07, 2026
npmmoney-badger-open-rpc:200.99.100Bisa 07, 2026
npm24712-pl5006:0.0.1Bisa 07, 2026
openvsxeriklynd/json-tools:20.1.2Bisa 07, 2026
npminvixco:1.0.4Bisa 07, 2026
npmwin-sys-health-agent:1.0.2Bisa 08, 2026
npmwin-env-setup:3.0.6Bisa 08, 2026
npmwin-sys-health-agent:1.0.3Bisa 08, 2026

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete Ringkesan Kodeu Jahat.

Tetep aman. Tetep gancang. Tetep bisa ngadalikeun diri jeung Xygeni.

alat-alat-sca-parangkat lunak-analisis-komposisi
Prioritaskeun, remediasi, sareng amankeun résiko parangkat lunak anjeun
Kéngingkeun Akun Gratis anjeun.
Henteu kedah kartu kiridit.

Amankeun Pangwangunan sareng Pangiriman Parangkat Lunak Anjeun

sareng Xygeni Product Suite