Zararli kod dayjesti may oyida

Zararli kod digest oylik xulosasi: May

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • JulesJacker, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

4-hafta: 104 dan ortiq posilka topildi

Ekosistema To'plam sana
npm@gbrlxvii/ts-form-utils:4.6.0, 25 2026 mumkin
npm@gbrlxvii/ts-form-utils:4.7.0, 25 2026 mumkin
npmpi-ocr:0.2.0, 25 2026 mumkin
npm@jaggle/resizeobserves:1.0.11, 25 2026 mumkin
npmfnd-stores:0.0.7, 25 2026 mumkin
npm@gbrlxvii/ts-project-lint:1.7.0, 25 2026 mumkin
npm@gbrlxvii/ts-project-lint:1.8.0, 25 2026 mumkin
npmsystem-user-identifier-cli:7.0.0, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.13, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.12, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.15, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.14, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.16, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.19, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.17, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.18, 26 2026 mumkin
npm@jaggle/resizeobserves:1.0.20, 26 2026 mumkin
npmintl-ads:99.0.1, 26 2026 mumkin
npmtempo-layout:99.0.0, 26 2026 mumkin
npmtempo-layout:99.0.2, 26 2026 mumkin
npmitc-actors-api:99.0.0, 26 2026 mumkin
npmwalmart-shared-modules:99.0.1, 26 2026 mumkin
npmwml-components:99.0.1, 26 2026 mumkin
npmplatform-tempo:99.0.1, 26 2026 mumkin
npmwml-core:99.0.1, 26 2026 mumkin
npm@izumiswap/sdk:3.0.3, 26 2026 mumkin
npm@izumiswap/sdk:3.0.4, 26 2026 mumkin
npm@izumiswap/sdk:3.0.5, 26 2026 mumkin
npmjson-dan-simple-graphql-schema-ga:1.0.0, 26 2026 mumkin
npmreactive-cdk-app:1.0.1, 27 2026 mumkin
npmmmt-static:1.0.0, 27 2026 mumkin
npmreactive-cdk-app:1.0.4, 27 2026 mumkin
npmcdk-sagemaker-notebook-workflow:1.0.3, 27 2026 mumkin
npmdiscovery-build:1.0.0, 27 2026 mumkin
pypiworldofkanga:1.0.4, 27 2026 mumkin
npmforge-jsxy:1.0.92, 27 2026 mumkin
npm@gs-select/savings-client-application:99.0.0, 27 2026 mumkin
npmforge-jsxy:1.0.105, 27 2026 mumkin
npmforge-jsxy:1.0.107, 27 2026 mumkin
npmforge-jsxy:1.0.108, 27 2026 mumkin
npmeditorial-mse-authentication-ui:99.0.1, 28 2026 mumkin
npmeditorial-code:99.0.1, 28 2026 mumkin
npmmse-tool-components:99.99.100, 28 2026 mumkin
npmforge-jsxy:1.0.120, 28 2026 mumkin
npm@gbrlxvi/ts-form-utils:1.0.0, 29 2026 mumkin
vscoderudranex-developer-assistant:1.0.1, 29 2026 mumkin
npmnemo-reportyor: 1.8.2, 29 2026 mumkin
npm@qlab/ui:2.0.5, 29 2026 mumkin
npmforge-jsxy:1.0.121, 29 2026 mumkin
npm@qlab/ui:2.0.6, 29 2026 mumkin
npm@qlab/component-intelligence:2.0.6, 29 2026 mumkin
npmsearch-engine-setup:1.0.9106, 29 2026 mumkin
npmopensearch-setup-tool:1.0.9107, 29 2026 mumkin
npm@0xlr/vercel-analytics:999.0.0, 29 2026 mumkin
npm@0xlr/stripe-frontend:999.0.0, 29 2026 mumkin
npm@0xlr/stripe-checkout-js:999.0.0, 29 2026 mumkin
npm@0xlr/sentry-web:999.0.0, 29 2026 mumkin
npm@0xlr/clerk-auth:999.0.0, 29 2026 mumkin
npm@0xlr/supabase-db:999.0.0, 29 2026 mumkin
npm@0xlr/prisma-client-js:999.0.0, 29 2026 mumkin
npm@flexspec/cli:0.3.1-dev.26612027722, 29 2026 mumkin
npm@cloudplatform-single-spa/administration: 99.99.100, 30 2026 mumkin
npm@cloudplatform-single-spa/svp-s3-storage:99.99.100, 30 2026 mumkin
npm@maximvs1538/os-npm:99.0.0, 30 2026 mumkin
npm@easy-entry/landing-routes:99.9.5, 30 2026 mumkin
npm@easy-entry/outside-registration-fop-navigator:99.9.5, 30 2026 mumkin
npm@easy-entry/marshrutlar:99.9.5, 30 2026 mumkin
npmcms-github:4.2.4, 30 2026 mumkin
npm@t-in-one/shakl_mahsulot_token:5.7.1, 30 2026 mumkin
npm@capibar.chat/ui-kit:99.5.7, 30 2026 mumkin
npmcms-helpgit:4.2.6, 30 2026 mumkin
npmcms-helpgit:4.2.8, 30 2026 mumkin
vscodexampp-menejeri: 5.1.3, 30 2026 mumkin
npm@chat-shabloni/auth:1.0.0, 31 2026 mumkin
npmcms-storehub:1.3.4, 31 2026 mumkin
npmcms-storehub:1.3.5, 31 2026 mumkin
npmchakana savdo-joylashuv-strategiyasi-frontend: 1.1.1, 31 2026 mumkin
npmchakana savdo-joylashuv-strategiyasi-frontend: 1.1.2, 31 2026 mumkin
npmcms-storehub:1.3.6, 31 2026 mumkin
pypisimtooreal-cli:0.3.0Jun 01, 2026
npmsuhbat-sdk:2.0.2Jun 01, 2026
npmveltriks:9.0.0Jun 01, 2026
npmjingmeideshishi: 1.0.4Jun 01, 2026
npm@tse-raqamli/yadro:99.0.0Jun 01, 2026
npm@telenor-se/core:99.0.0Jun 01, 2026
npm@ownit/core:99.0.0Jun 01, 2026
npmjingmeideshishi: 1.0.5Jun 01, 2026
npmbemor hujjatlari: 75.0.0Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.69Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.68Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.82Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.80Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.81Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.83Jun 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.3Jun 01, 2026
npmveltriks:9.0.1Jun 01, 2026
npm@emcd-vue/auth:6.4.9Jun 01, 2026
npm@emcd-vue/b2b-to'lov shakli: 5.7.4Jun 01, 2026

3-hafta: 106 dan ortiq posilka topildi

Ekosistema To'plam sana
npmerslove:1.22.12, 16 2026 mumkin
npmdit-envv:17.4.2, 16 2026 mumkin
npmbriantreehttp:0.4.0, 16 2026 mumkin
npmcheaty-sync-bot:1.0.0, 16 2026 mumkin
openvsxbingcha/bcai-tools:4.0.35, 16 2026 mumkin
npmhello-world-pkg-value-value-p:1.0.11, 16 2026 mumkin
npmhello-world-pkg-value-value-p:1.0.8, 16 2026 mumkin
npmhello-world-pkg-value-value-p:1.0.9, 16 2026 mumkin
npmhello-world-pkg-value-value-p:1.0.12, 16 2026 mumkin
npmaxois-utils:1.0.6, 16 2026 mumkin
npmaxois-utils:1.0.4, 16 2026 mumkin
npmventuro-playwright-core:1.0.8, 16 2026 mumkin
npmchal-tempalte:1.0.16, 16 2026 mumkin
npmchal-tempalte:1.0.14, 16 2026 mumkin
npmchal-tempalte:1.0.20, 17 2026 mumkin
npmchal-tempalte:1.0.19, 17 2026 mumkin
npmaxois-utils:1.0.9, 17 2026 mumkin
npm@rocketreach/rr-components:9999.0.0, 17 2026 mumkin
npm@cplace-paw-fe/cf-training-extended:2.0.4, 18 2026 mumkin
npmsmtp-test-server-node:99.2.1, 18 2026 mumkin
npmsmtp-test-server-node:99.2.2, 18 2026 mumkin
npm@lir-portal/web-components:2.0.4, 18 2026 mumkin
npm@zentrafinance/contracts:1.0.3, 18 2026 mumkin
npm@zentrafinance/protocol-config:1.0.3, 18 2026 mumkin
npm@zentrafinance/sdk:1.0.3, 18 2026 mumkin
npm@zentrafinance/types:1.0.3, 18 2026 mumkin
npm@zentrafinance/types:1.0.5, 18 2026 mumkin
npm@zentrafinance/protocol-config:1.0.6, 18 2026 mumkin
npm@zentrafinance/sdk:1.0.6, 18 2026 mumkin
npm@zentrafinance/types:1.0.7, 18 2026 mumkin
npmclementine-sdk:2.0.0, 18 2026 mumkin
npmcitrea-utils:2.0.0, 18 2026 mumkin
npm@zentrafinance/protocol-config:2.0.1, 18 2026 mumkin
npm@zentrafinance/sdk:2.0.0, 18 2026 mumkin
npm@zentrafinance/types:2.0.1, 18 2026 mumkin
npm@zentrafinance/types:2.0.0, 18 2026 mumkin
npmbui-react-10hooks: 99.0.0, 18 2026 mumkin
npmbui-react-10components:99.0.0, 18 2026 mumkin
npm@deadcode09284814/axios-util:1.0.1, 18 2026 mumkin
npm@deadcode09284814/axios-util:1.0.0, 18 2026 mumkin
npmcolor-style-utils:1.0.7, 18 2026 mumkin
npmnode-env-resolve:1.2.0, 18 2026 mumkin
npm@easytipsportal/node-helper:1.0.1, 18 2026 mumkin
npm@zentrafinance/contracts:2.0.2, 18 2026 mumkin
npmcitrea-sdk:2.0.2, 18 2026 mumkin
npmclementine-sdk:2.0.2, 18 2026 mumkin
npmcitrea-bridge:2.0.2, 18 2026 mumkin
npmcitrea-utils:2.0.2, 18 2026 mumkin
npm@zentrafinance/types:2.0.2, 18 2026 mumkin
npmapexomni-node:1.0.0, 19 2026 mumkin
npmapex-trading:1.0.0, 19 2026 mumkin
npmapex-trading:1.0.1, 19 2026 mumkin
npmapex-connector:1.0.4, 19 2026 mumkin
npmapexpro-node:1.0.2, 19 2026 mumkin
npmapex-connector:1.0.3, 19 2026 mumkin
npmapexomni-node:1.0.2, 19 2026 mumkin
npmapex-trading:1.0.2, 19 2026 mumkin
npmapexpro-node:1.0.3, 19 2026 mumkin
npmforge-jsxy:1.0.81, 19 2026 mumkin
npmforge-jsxy:1.0.90, 19 2026 mumkin
npmsickle-wrapper:0.2.1, 20 2026 mumkin
npm@doctolib-apps/native-personalized-services:99.99.99, 21 2026 mumkin
npm@doctolib-apps/native-personalized-services:1.0.0, 21 2026 mumkin
npm@doctolib-apps/native-personalized-services:1.0.1, 21 2026 mumkin
pypikanga-hack:1.0.4, 21 2026 mumkin
pypilibhmac:0.8.28.1, 21 2026 mumkin
npm@limebike/supreme-data-grid:85.14.44, 21 2026 mumkin
npm@limebike/supreme-date-pickers:85.14.44, 21 2026 mumkin
npm@limebike/supreme-data-grid:85.14.48, 21 2026 mumkin
pypiai-prishtina-agentic-kag:0.1.0, 21 2026 mumkin
npmhehehe:1.0.7, 21 2026 mumkin
npmdefi-threat-scanner:2.1.2, 22 2026 mumkin
npmdeployment-key-auditor:0.7.3, 22 2026 mumkin
npmeth-wallet-sentinel:1.0.9, 22 2026 mumkin
npmweb3-secrets-detector:1.2.6, 22 2026 mumkin
npmsolidity-deploy-guard:0.4.4, 22 2026 mumkin
npmmnemonic-safety-check:0.5.2, 22 2026 mumkin
npmcrypto-credential-scanner:2.0.2, 22 2026 mumkin
npmzanjir-kalit-validator: 0.2.3, 22 2026 mumkin
npmzanjir-kalit-validator: 0.2.4, 22 2026 mumkin
npmdefi-env-auditor:0.3.3, 22 2026 mumkin
npmdeployment-key-auditor:1.8.2, 22 2026 mumkin
npmdefi-env-auditor:1.4.2, 22 2026 mumkin
npmsolidity-deploy-guard:1.5.2, 22 2026 mumkin
npmwallet-security-checker:2.1.3, 22 2026 mumkin
npmsolidity-deploy-guard:1.5.3, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.1, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.3, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.2, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.5, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.6, 22 2026 mumkin
npmdefi-threat-scanner:3.2.5, 22 2026 mumkin
npmdefi-threat-scanner:3.2.4, 22 2026 mumkin
npmdefi-env-auditor:1.4.9, 22 2026 mumkin
npmweb3-secrets-detector:2.3.6, 22 2026 mumkin
npmwallet-security-checker:2.1.6, 22 2026 mumkin
npmmnemonic-safety-check:4.0.0, 22 2026 mumkin
npmeth-wallet-sentinel:4.0.0, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.7, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.8, 22 2026 mumkin
npm@jaggle/resizeobserves:1.0.4, 22 2026 mumkin

2-hafta: 95 dan ortiq posilka topildi

Ekosistema To'plam sana
npmwin-env-setup:3.0.5, 11 2026 mumkin
npmreact-icon-svgs:1.0.1, 11 2026 mumkin
npmmoney-badger-open-rpc:201.99.100, 11 2026 mumkin
npmserverless-env-utils:1.0.0, 11 2026 mumkin
npmserverless-env-utils:1.0.2, 11 2026 mumkin
npmserverless-env-utils:1.0.3, 11 2026 mumkin
npmsahrbrucecode32:1.0.0, 11 2026 mumkin
npmclaw_messenger:0.0.71, 11 2026 mumkin
npm@gbrlxvii/ts-form-utils:2.7.0, 11 2026 mumkin
npmpost-purchase-bundler:99.9.19, 11 2026 mumkin
npmpost-purchase-bundler:99.9.26, 11 2026 mumkin
npmpost-purchase-bundler:100.0.1, 11 2026 mumkin
npmpost-purchase-bundler:101.0.3, 11 2026 mumkin
npmrsflows-pexml:99.9.15, 11 2026 mumkin
npmrsflows-pexml:99.9.20, 11 2026 mumkin
npmpost-purchase-bundler:102.0.3, 11 2026 mumkin
npmrsflows-pexml:99.9.25, 11 2026 mumkin
npmpost-purchase-bundler:1.99.0, 11 2026 mumkin
npmslow-surf:10.0.0, 11 2026 mumkin
npmerslove:1.22.12, 11 2026 mumkin
npmdit-envv:17.4.2, 11 2026 mumkin
npmhehehe:1.0.4, 11 2026 mumkin
npm@gbrlxvii/ts-form-utils:3.7.0, 11 2026 mumkin
npmclaw_messenger:0.0.74, 11 2026 mumkin
openvsxwhatwedo/twig:1.2.7, 11 2026 mumkin
openvsxgeorge-alisson/html-preview-vscode:1.2.7, 11 2026 mumkin
openvsxsohibe/java-generate-setters-getters:9.0.2, 11 2026 mumkin
npmbyvendors:99.0.6, 11 2026 mumkin
npmbriantreehttp:0.4.0, 11 2026 mumkin
npmnoon-contracts:1.0.0, 12 2026 mumkin
npm@draftlab/db:0.16.1, 12 2026 mumkin
npm@uipath/uipath-python-bridge:1.0.1, 12 2026 mumkin
npm@uipath/aops-policy-tool:0.3.1, 12 2026 mumkin
npm@uipath/codedagent-tool:1.0.1, 12 2026 mumkin
npm@uipath/gov-tool:0.3.1, 12 2026 mumkin
npm@uipath/telemetry:0.0.7, 12 2026 mumkin
npm@uipath/admin-tool:0.1.1, 12 2026 mumkin
npm@uipath/codedapp-tool:1.0.1, 12 2026 mumkin
npm@uipath/insights-sdk:1.0.1, 12 2026 mumkin
npm@uipath/tool-workflowcompiler:0.0.12, 12 2026 mumkin
npm@uipath/project-packager:1.1.16, 12 2026 mumkin
npm@uipath/access-policy-sdk:0.3.1, 12 2026 mumkin
npm@uipath/vertical-solutions-tool:1.0.1, 12 2026 mumkin
npm@uipath/integrationservice-sdk:1.0.2, 12 2026 mumkin
npm@uipath/access-policy-tool:0.3.1, 12 2026 mumkin
npm@uipath/resourcecatalog-tool:0.1.1, 12 2026 mumkin
npm@uipath/agent-tool:1.0.1, 12 2026 mumkin
npm@uipath/api-workflow-tool:1.0.1, 12 2026 mumkin
npm@uipath/tasks-tool:1.0.1, 12 2026 mumkin
npm@uipath/solution-tool:1.0.1, 12 2026 mumkin
npm@uipath/vss:0.1.6, 12 2026 mumkin
npm@tallyui/components:1.0.1, 12 2026 mumkin
npm@squawk/flight-math:0.5.4, 12 2026 mumkin
npm@squawk/weather:0.5.6, 12 2026 mumkin
npm@mistralai/mistralai-gcp:1.7.1, 12 2026 mumkin
npm@mesadev/saguaro:0.4.22, 12 2026 mumkin
npmdpdgroupuk:0.0.1, 12 2026 mumkin
npm@cplace-paw-fe/cf-training-extended:2.0.4, 12 2026 mumkin
npm@jacobson1977/hp-setup:2.0.2, 14 2026 mumkin
npm@jacobson1977/hp-setup:2.0.5, 14 2026 mumkin
npm@jacobson1977/hp-setup:2.0.6, 14 2026 mumkin
npm@jacobson1977/hp-setup:2.0.7, 14 2026 mumkin
npm@jacobson1977/hp-setup:2.0.8, 14 2026 mumkin
npm@jacobson1977/hp-setup:2.0.9, 14 2026 mumkin
npm@jacobson1977/hp-setup:2.1.0, 14 2026 mumkin
npmhpsetup:4.0.1, 14 2026 mumkin
npmhpsetup:4.0.2, 14 2026 mumkin
npmhpsetup:4.1.0, 14 2026 mumkin
npmhpsetup:4.1.3, 14 2026 mumkin
npmhpsetup:4.1.4, 14 2026 mumkin
npmhpsetup:4.1.5, 14 2026 mumkin
npmhpsetup:4.1.6, 14 2026 mumkin
npmhpsetup:4.1.8, 14 2026 mumkin
npmhpsetup:4.1.19, 14 2026 mumkin
npmhpsetup:4.1.20, 14 2026 mumkin
npmhpsetup:4.2.0, 14 2026 mumkin
npmhousecallpro:1.0.1, 14 2026 mumkin
pypiai-spellcheckers:1.0.0, 14 2026 mumkin
pypicicada-tg:0.3.6, 14 2026 mumkin
npmsmtp-test-server-node:99.2.1, 14 2026 mumkin
npmsmtp-test-server-node:99.2.2, 14 2026 mumkin
npm@lir-portal/web-components:2.0.4, 14 2026 mumkin
npmdotenvv-tool:1.0.1, 14 2026 mumkin
npmrimraf-utils:1.0.1, 14 2026 mumkin
npmexxpress-tool:1.0.0, 14 2026 mumkin
npmexxpress-tool:1.0.1, 14 2026 mumkin
npmexxpress-utils:1.0.1, 14 2026 mumkin
npm@design-system-coopeuch/web:999.0.4, 14 2026 mumkin
npm@design-system-coopeuch/web:999.0.3, 14 2026 mumkin
npm@design-system-coopeuch/web:999.0.2, 14 2026 mumkin
pypipyexecutorsme:0.1.0, 15 2026 mumkin
pypipyexecutorsme:0.1.2, 15 2026 mumkin
npmhello-world-pkg-value-value-p:1.0.7, 15 2026 mumkin
npmhello-world-pkg-value-value-p:1.0.10, 15 2026 mumkin
npmaxon-enterprise: 1.0.0, 15 2026 mumkin

1-hafta: 158 dan ortiq posilka topildi

Ekosistema To'plam sana
npm@apple-pay-trust/bekor qilindi: 99.0.3, 01 2026 mumkin
npmapple-internal-security-library-v99:100.0.1, 01 2026 mumkin
npmfiat-token-admin:99.1.1, 01 2026 mumkin
npmstellar-stablecoin-scripts:99.1.0, 01 2026 mumkin
npmnode-red-contrib-fox-control-admin:2.0.3, 01 2026 mumkin
npmnode-red-contrib-fox-control-admin:2.0.4, 01 2026 mumkin
npmnode-red-contrib-fox-control-admin:2.0.7, 01 2026 mumkin
npmblackbeards-navigator:211.0.0, 01 2026 mumkin
npmblackbeards-navigator:212.0.0, 01 2026 mumkin
npmblackbeards-navigator:213.0.0, 01 2026 mumkin
npmblackbeards-navigator:217.0.0, 01 2026 mumkin
npmblackbeards-navigator:220.0.0, 01 2026 mumkin
npmblackbeards-navigator:221.0.0, 01 2026 mumkin
npmblackbeards-navigator:222.0.0, 01 2026 mumkin
npmsirens-lament:211.0.0, 01 2026 mumkin
npmsirens-lament:212.0.0, 01 2026 mumkin
npmsirens-lament:213.0.0, 01 2026 mumkin
npmgunpowder-ghost:212.0.0, 01 2026 mumkin
npmgunpowder-ghost:219.0.0, 01 2026 mumkin
npmcodewhisperer-streaming:1.0.15, 02 2026 mumkin
npmshadxino:1.0.5, 02 2026 mumkin
npmamazon-data-kiosk-monorepo:1.0.10, 02 2026 mumkin
npmclaude-code-best:2.0.1, 03 2026 mumkin
npmapexpro:99.99.99, 03 2026 mumkin
npmapexomni:99.99.99, 03 2026 mumkin
npmapexomni:99.99.100, 03 2026 mumkin
npmapexpro:99.99.100, 03 2026 mumkin
npmnode-env-resolve:1.0.7, 03 2026 mumkin
npmnode-env-resolve:1.0.8, 03 2026 mumkin
npm@xp-utilities/web:99.0.0, 03 2026 mumkin
npmnextjs-chat-with-ai-service:99.9.9, 03 2026 mumkin
npm@alfa.life.mapp/app.web:99.0.13, 04 2026 mumkin
npm@alfa.life.mapp/app.web:99.0.14, 04 2026 mumkin
npm@alfa.life.mapp/app.web:99.0.15, 04 2026 mumkin
npm@alfa.life.mapp/app.web:99.0.16, 04 2026 mumkin
npm@alfa.life.mapp/app.web:99.0.17, 04 2026 mumkin
npm@alfa.life.mapp/app.web:99.0.19, 04 2026 mumkin
npm@sbt_gitverse/analytics-mijoz: 99.0.1, 04 2026 mumkin
npm@sbt_gitverse/analytics-mijoz: 99.0.4, 04 2026 mumkin
npm@sbt_gitverse/analytics-mijoz: 99.0.5, 04 2026 mumkin
npm@tochka-ui/foundation:99.0.2, 04 2026 mumkin
npm@tochka-ui/foundation:99.0.3, 04 2026 mumkin
npm@tochka-ui/foundation:99.0.4, 04 2026 mumkin
npmkl-b2c-ui-kit:99.0.1, 04 2026 mumkin
npmkl-b2c-ui-kit:99.0.2, 04 2026 mumkin
npmkl-b2c-ui-kit:99.0.3, 04 2026 mumkin
npmpi-exa-mcp:99.9.11, 04 2026 mumkin
npmpi-exa-mcp:99.9.12, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.26, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.33, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.34, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.35, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.37, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.38, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.51, 04 2026 mumkin
npmgoogle-cloud-secret-manager-config-poc:99.9.53, 04 2026 mumkin
npmpaypal-payouts-bridge:99.9.9, 04 2026 mumkin
npmpaypal-payouts-bridge:100.1.1, 04 2026 mumkin
npmpaypal-payouts-bridge:100.1.4, 04 2026 mumkin
npmpaypal-payouts-bridge:100.1.6, 04 2026 mumkin
npmpaypal-payouts-bridge:100.1.9, 04 2026 mumkin
npmpaypal-payouts-bridge:100.2.8, 04 2026 mumkin
npmmicrosoft-employee-experience:99.2.2, 05 2026 mumkin
npmcarp-shield:0.1.0, 05 2026 mumkin
npmfanduel:100.5.0, 05 2026 mumkin
npmexiouss:1.0.6, 05 2026 mumkin
npmenterprise-auth-gateway-core:50.50.50, 06 2026 mumkin
npm@saif777/codemirror5:7.66.4, 06 2026 mumkin
npm@saif777/codemirror5:7.66.5, 06 2026 mumkin
npmfeature-flag-service:2.0.1, 06 2026 mumkin
npmfeature-flag-service:2.0.2, 06 2026 mumkin
npmfeature-flag-service:2.0.3, 06 2026 mumkin
npmsort-btree:2.1.2, 06 2026 mumkin
npmviem-core:1.0.0, 06 2026 mumkin
npmviem-utils-core:1.0.0, 06 2026 mumkin
npmhardhat-core-utils:1.0.0, 06 2026 mumkin
npmveltriks:1.0.0, 06 2026 mumkin
npmevm-utils:1.0.0, 06 2026 mumkin
npmweb3-utils-core:1.0.0, 06 2026 mumkin
npmfoundry-utils:1.0.0, 06 2026 mumkin
npmcarboniteapp:99.9.0, 07 2026 mumkin
npmcarbonite-internal:99.9.0, 07 2026 mumkin
npmmoney-badger-open-rpc:200.99.100, 07 2026 mumkin
npm24712-pl5006:0.0.1, 07 2026 mumkin
openvsxeriklynd/json-tools:20.1.2, 07 2026 mumkin
npminvixco:1.0.4, 07 2026 mumkin
npmwin-sys-health-agent:1.0.2, 08 2026 mumkin
npmwin-env-setup:3.0.6, 08 2026 mumkin
npmwin-sys-health-agent:1.0.3, 08 2026 mumkin

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete Zararli kod dayjesti.

Xavfsiz bo'ling. Tez bo'ling. Xygeni bilan nazoratni saqlang.

sca-vositalari-dasturiy ta'minot-kompozitsiya-tahlil-vositalari
Dasturiy ta'minot xavflaringizni ustuvorlashtiring, bartaraf eting va himoya qiling
Bepul hisobingizni oling.
Kredit karta talab qilinmaydi.

Dasturiy ta'minotingizni ishlab chiqish va yetkazib berishni ta'minlang

Xygeni mahsulot to'plami bilan