I-Malicious Code Digest ngoMeyi

Isishwankathelo seNyanga seMalicious Code Digest: Meyi

Welcome to the May edition of the Xygeni Malicious Code Digest. This month, our security research team continued tracking the evolving landscape of software supply chain threats across public package registries, developer tooling, AI-assisted workflows, and modern CI/CD environments. Throughout May, Xygeni identified and validated hundreds of malicious packages targeting npm, PyPI, VS Code, and OpenVSX ecosystems.

But May was not only about volume. It was also a month where attackers increasingly adapted their tradecraft to AI-native development environments, developer trust assumptions, and automated pipelines.

Among the most notable investigations published by the Xygeni Security Team this month:

  • UJulesJacker, a multi-stage npm malware campaign impersonating Google’s Jules AI agent to steal repositories, abuse CI/CD environments, and even target the sandbox analyzing it. The campaign introduced encrypted host-gated loaders, forged google-labs-jules[bot] commits, cloud metadata theft, and Kubernetes reconnaissance against analysis infrastructure itself.
  • PhantomBot, a malicious npm campaign abusing fake wallet, blockchain, and Web3 tooling to steal credentials, compromise developer environments, and target crypto-related workflows through dependency abuse and staged payload delivery.
  • A large-scale malicious npm ecosystem abusing fake TypeScript utilities, AI-themed packages, internal tooling impersonation, frontend libraries, cloud helpers, and builder frameworks to fingerprint environments, exfiltrate credentials, deploy persistence, and compromise developer systems.
  • Continued waves of malicious packages leveraging dependency confusion, typosquatting, postinstall abuse, AI-tool impersonation, version inflation, and repeated namespace abuse designed to bypass developer trust heuristics and compromise modern SDLC workflows before detection.
  • The discovery of cross-platform malware campaigns such as the @jaggle/resizeobserves clipboard hijacker, which impersonated a legitimate package while deploying Python-based persistence and crypto-wallet clipboard substitution across Linux, macOS, and Windows systems.

Throughout the month, we also observed a growing convergence between AI tooling, open-source ecosystems, and software supply chain attacks. Threat actors increasingly targeted AI-assisted development workflows, agent environments, copilots, and cloud-native build pipelines as part of broader credential theft and repository compromise operations.

These attacks are no longer isolated cases of simple typosquatting. They involve coordinated publishing campaigns, automated version bursts, cloud token theft, CI/CD abuse, encrypted payload staging, sandbox evasion, and persistent compromise techniques specifically designed to blend into trusted developer ecosystems.

This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative, where our team continuously validates malicious packages, investigates emerging attack patterns, and publishes actionable intelligence to help security, AppSec, and DevSecOps teams stay ahead of evolving supply chain risk.

For full context across every malicious package, malware campaign, and threat analysis published this month, explore the complete May Malicious Code Digest and related research from the Xygeni Security Team.

Iveki yoku-4: Kufunyenwe iipakeji ezingaphezu kwe-104

Ecosystems ipakethe umhla
npm@gbrlxvii/ts-form-utils:4.6.0Ngamana 25, 2026
npm@gbrlxvii/ts-form-utils:4.7.0Ngamana 25, 2026
npmpi-ocr:0.2.0Ngamana 25, 2026
npm@jaggle/resizeobserves:1.0.11Ngamana 25, 2026
npmfnd-stores:0.0.7Ngamana 25, 2026
npm@gbrlxvii/ts-project-lint:1.7.0Ngamana 25, 2026
npm@gbrlxvii/ts-project-lint:1.8.0Ngamana 25, 2026
npmsystem-user-identifier-cli:7.0.0Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.13Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.12Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.15Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.14Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.16Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.19Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.17Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.18Ngamana 26, 2026
npm@jaggle/resizeobserves:1.0.20Ngamana 26, 2026
npmintl-ads:99.0.1Ngamana 26, 2026
npmtempo-layout:99.0.0Ngamana 26, 2026
npmtempo-layout:99.0.2Ngamana 26, 2026
npmitc-actors-api:99.0.0Ngamana 26, 2026
npmwalmart-shared-modules:99.0.1Ngamana 26, 2026
npmwml-components:99.0.1Ngamana 26, 2026
npmplatform-tempo:99.0.1Ngamana 26, 2026
npmwml-core:99.0.1Ngamana 26, 2026
npm@izumiswap/sdk:3.0.3Ngamana 26, 2026
npm@izumiswap/sdk:3.0.4Ngamana 26, 2026
npm@izumiswap/sdk:3.0.5Ngamana 26, 2026
npmi-json-ukuya-kwi-simple-graphql-schema:1.0.0Ngamana 26, 2026
npmreactive-cdk-app:1.0.1Ngamana 27, 2026
npmmmt-static:1.0.0Ngamana 27, 2026
npmreactive-cdk-app:1.0.4Ngamana 27, 2026
npmcdk-sagemaker-notebook-workflow:1.0.3Ngamana 27, 2026
npmdiscovery-build:1.0.0Ngamana 27, 2026
pypiworldofkanga:1.0.4Ngamana 27, 2026
npmforge-jsxy:1.0.92Ngamana 27, 2026
npm@gs-select/savings-client-application:99.0.0Ngamana 27, 2026
npmforge-jsxy:1.0.105Ngamana 27, 2026
npmforge-jsxy:1.0.107Ngamana 27, 2026
npmforge-jsxy:1.0.108Ngamana 27, 2026
npmeditorial-mse-authentication-ui:99.0.1Ngamana 28, 2026
npmeditorial-code:99.0.1Ngamana 28, 2026
npmmse-tool-components:99.99.100Ngamana 28, 2026
npmforge-jsxy:1.0.120Ngamana 28, 2026
npm@gbrlxvi/ts-form-utils:1.0.0Ngamana 29, 2026
vscoderudranex-developer-assistant:1.0.1Ngamana 29, 2026
npmintatheli ye-nemo: 1.8.2Ngamana 29, 2026
npm@qlab/ui:2.0.5Ngamana 29, 2026
npmforge-jsxy:1.0.121Ngamana 29, 2026
npm@qlab/ui:2.0.6Ngamana 29, 2026
npm@qlab/component-intelligence:2.0.6Ngamana 29, 2026
npmsearch-engine-setup:1.0.9106Ngamana 29, 2026
npmopensearch-setup-tool:1.0.9107Ngamana 29, 2026
npm@0xlr/vercel-analytics:999.0.0Ngamana 29, 2026
npm@0xlr/stripe-frontend:999.0.0Ngamana 29, 2026
npm@0xlr/stripe-checkout-js:999.0.0Ngamana 29, 2026
npm@0xlr/sentry-web:999.0.0Ngamana 29, 2026
npm@0xlr/clerk-auth:999.0.0Ngamana 29, 2026
npm@0xlr/supabase-db:999.0.0Ngamana 29, 2026
npm@0xlr/prisma-client-js:999.0.0Ngamana 29, 2026
npm@flexspec/cli:0.3.1-dev.26612027722Ngamana 29, 2026
npm@cloudplatform-single-spa/ulawulo:99.99.100Ngamana 30, 2026
npm@cloudplatform-single-spa/svp-s3-storage:99.99.100Ngamana 30, 2026
npm@maximvs1538/os-npm:99.0.0Ngamana 30, 2026
npm@ukungena okulula/iindlela zokufika:99.9.5Ngamana 30, 2026
npm@ukungena-okulula/ukubhalisa-ngaphandle-kwe-fop-navigator:99.9.5Ngamana 30, 2026
npm@ukungena okulula/iindlela:99.9.5Ngamana 30, 2026
npmcms-github:4.2.4Ngamana 30, 2026
npm@t-in-one/form_product_token:5.7.1Ngamana 30, 2026
npm@capibar.chat/ui-kit:99.5.7Ngamana 30, 2026
npmuncedo lwe-cms:4.2.6Ngamana 30, 2026
npmuncedo lwe-cms:4.2.8Ngamana 30, 2026
vscodeumphathi we-xampp: 5.1.3Ngamana 30, 2026
npm@template-yencoko/ugunyaziso:1.0.0Ngamana 31, 2026
npmi-cms-storehub:1.3.4Ngamana 31, 2026
npmi-cms-storehub:1.3.5Ngamana 31, 2026
npmicebo-lendawo-yokuthengisa-ngaphambili: 1.1.1Ngamana 31, 2026
npmicebo-lendawo-yokuthengisa-ngaphambili: 1.1.2Ngamana 31, 2026
npmi-cms-storehub:1.3.6Ngamana 31, 2026
pypii-simtooreal-cli:0.3.0Juni 01, 2026
npmincoko-sdk:2.0.2Juni 01, 2026
npmi-veltrix:9.0.0Juni 01, 2026
npmjingmeideshishi:1.0.4Juni 01, 2026
npm@tse-digital/core:99.0.0Juni 01, 2026
npm@telenor-se/core:99.0.0Juni 01, 2026
npm@ownit/core:99.0.0Juni 01, 2026
npmjingmeideshishi:1.0.5Juni 01, 2026
npmamaxwebhu ezigulane: 75.0.0Juni 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.69Juni 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.68Juni 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.82Juni 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.80Juni 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.81Juni 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.83Juni 01, 2026
npm@antoncallahan/aws-user-helper:6767.67.3Juni 01, 2026
npmi-veltrix:9.0.1Juni 01, 2026
npm@emcd-vue/auth:6.4.9Juni 01, 2026
npm@emcd-vue/b2b-pay-form:5.7.4Juni 01, 2026

Iveki yoku-3: Kufunyenwe iipakeji ezingaphezu kwe-106

Ecosystems ipakethe umhla
npmerslove:1.22.12Ngamana 16, 2026
npmdit-envv:17.4.2Ngamana 16, 2026
npmbriantreehttp:0.4.0Ngamana 16, 2026
npmcheaty-sync-bot:1.0.0Ngamana 16, 2026
i-openvsxbingcha/bcai-tools:4.0.35Ngamana 16, 2026
npmhello-world-pkg-value-value-p:1.0.11Ngamana 16, 2026
npmhello-world-pkg-value-value-p:1.0.8Ngamana 16, 2026
npmhello-world-pkg-value-value-p:1.0.9Ngamana 16, 2026
npmhello-world-pkg-value-value-p:1.0.12Ngamana 16, 2026
npmizixhobo ze-axois: 1.0.6Ngamana 16, 2026
npmizixhobo ze-axois: 1.0.4Ngamana 16, 2026
npmventuro-playwright-core:1.0.8Ngamana 16, 2026
npmi-chalk-temalte:1.0.16Ngamana 16, 2026
npmi-chalk-temalte:1.0.14Ngamana 16, 2026
npmi-chalk-temalte:1.0.20Ngamana 17, 2026
npmi-chalk-temalte:1.0.19Ngamana 17, 2026
npmizixhobo ze-axois: 1.0.9Ngamana 17, 2026
npm@rocketreach/rr-components:9999.0.0Ngamana 17, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Ngamana 18, 2026
npmsmtp-test-server-node:99.2.1Ngamana 18, 2026
npmsmtp-test-server-node:99.2.2Ngamana 18, 2026
npm@lir-portal/web-components:2.0.4Ngamana 18, 2026
npm@zentrafinance/contracts:1.0.3Ngamana 18, 2026
npm@zentrafinance/protocol-config:1.0.3Ngamana 18, 2026
npm@zentrafinance/sdk:1.0.3Ngamana 18, 2026
npm@zentrafinance/types:1.0.3Ngamana 18, 2026
npm@zentrafinance/types:1.0.5Ngamana 18, 2026
npm@zentrafinance/protocol-config:1.0.6Ngamana 18, 2026
npm@zentrafinance/sdk:1.0.6Ngamana 18, 2026
npm@zentrafinance/types:1.0.7Ngamana 18, 2026
npmclementine-sdk:2.0.0Ngamana 18, 2026
npmcitrea-utils:2.0.0Ngamana 18, 2026
npm@zentrafinance/protocol-config:2.0.1Ngamana 18, 2026
npm@zentrafinance/sdk:2.0.0Ngamana 18, 2026
npm@zentrafinance/types:2.0.1Ngamana 18, 2026
npm@zentrafinance/types:2.0.0Ngamana 18, 2026
npmbui-react-10hooks: 99.0.0Ngamana 18, 2026
npmbui-react-10components:99.0.0Ngamana 18, 2026
npm@deadcode09284814/axios-util:1.0.1Ngamana 18, 2026
npm@deadcode09284814/axios-util:1.0.0Ngamana 18, 2026
npmcolor-style-utils:1.0.7Ngamana 18, 2026
npmnode-env-resolve:1.2.0Ngamana 18, 2026
npm@easytipsportal/node-helper:1.0.1Ngamana 18, 2026
npm@zentrafinance/contracts:2.0.2Ngamana 18, 2026
npmcitrea-sdk:2.0.2Ngamana 18, 2026
npmclementine-sdk:2.0.2Ngamana 18, 2026
npmcitrea-bridge:2.0.2Ngamana 18, 2026
npmcitrea-utils:2.0.2Ngamana 18, 2026
npm@zentrafinance/types:2.0.2Ngamana 18, 2026
npmapexomni-node:1.0.0Ngamana 19, 2026
npmapex-trading:1.0.0Ngamana 19, 2026
npmapex-trading:1.0.1Ngamana 19, 2026
npmapex-connector:1.0.4Ngamana 19, 2026
npmapexpro-node:1.0.2Ngamana 19, 2026
npmapex-connector:1.0.3Ngamana 19, 2026
npmapexomni-node:1.0.2Ngamana 19, 2026
npmapex-trading:1.0.2Ngamana 19, 2026
npmapexpro-node:1.0.3Ngamana 19, 2026
npmforge-jsxy:1.0.81Ngamana 19, 2026
npmforge-jsxy:1.0.90Ngamana 19, 2026
npmsickle-wrapper:0.2.1Ngamana 20, 2026
npm@doctolib-apps/native-personalized-services:99.99.99Ngamana 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.0Ngamana 21, 2026
npm@doctolib-apps/native-personalized-services:1.0.1Ngamana 21, 2026
pypikanga-hack:1.0.4Ngamana 21, 2026
pypilibhmac:0.8.28.1Ngamana 21, 2026
npm@limebike/supreme-data-grid:85.14.44Ngamana 21, 2026
npm@limebike/supreme-date-pickers:85.14.44Ngamana 21, 2026
npm@limebike/supreme-data-grid:85.14.48Ngamana 21, 2026
pypiai-prishtina-agentic-kag:0.1.0Ngamana 21, 2026
npmhehehe:1.0.7Ngamana 21, 2026
npmdefi-threat-scanner:2.1.2Ngamana 22, 2026
npmdeployment-key-auditor:0.7.3Ngamana 22, 2026
npmeth-wallet-sentinel:1.0.9Ngamana 22, 2026
npmweb3-secrets-detector:1.2.6Ngamana 22, 2026
npmsolidity-deploy-guard:0.4.4Ngamana 22, 2026
npmmnemonic-safety-check:0.5.2Ngamana 22, 2026
npmcrypto-credential-scanner:2.0.2Ngamana 22, 2026
npmisiqinisekisi-sesitshixo-sekhonkco:0.2.3Ngamana 22, 2026
npmisiqinisekisi-sesitshixo-sekhonkco:0.2.4Ngamana 22, 2026
npmumphicothi-zincwadi we-defi-env:0.3.3Ngamana 22, 2026
npmdeployment-key-auditor:1.8.2Ngamana 22, 2026
npmumphicothi-zincwadi we-defi-env:1.4.2Ngamana 22, 2026
npmsolidity-deploy-guard:1.5.2Ngamana 22, 2026
npmwallet-security-checker:2.1.3Ngamana 22, 2026
npmsolidity-deploy-guard:1.5.3Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.1Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.3Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.2Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.5Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.6Ngamana 22, 2026
npmdefi-threat-scanner:3.2.5Ngamana 22, 2026
npmdefi-threat-scanner:3.2.4Ngamana 22, 2026
npmumphicothi-zincwadi we-defi-env:1.4.9Ngamana 22, 2026
npmweb3-secrets-detector:2.3.6Ngamana 22, 2026
npmwallet-security-checker:2.1.6Ngamana 22, 2026
npmmnemonic-safety-check:4.0.0Ngamana 22, 2026
npmeth-wallet-sentinel:4.0.0Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.7Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.8Ngamana 22, 2026
npm@jaggle/resizeobserves:1.0.4Ngamana 22, 2026

Iveki yoku-2: Kufunyenwe iipakeji ezingaphezu kwe-95

Ecosystems ipakethe umhla
npmwin-env-setup:3.0.5Ngamana 11, 2026
npmreact-icon-svgs:1.0.1Ngamana 11, 2026
npmmoney-badger-open-rpc:201.99.100Ngamana 11, 2026
npmserverless-env-utils:1.0.0Ngamana 11, 2026
npmserverless-env-utils:1.0.2Ngamana 11, 2026
npmserverless-env-utils:1.0.3Ngamana 11, 2026
npmsahrbrucecode32:1.0.0Ngamana 11, 2026
npmclaw_messenger:0.0.71Ngamana 11, 2026
npm@gbrlxvii/ts-form-utils:2.7.0Ngamana 11, 2026
npmpost-purchase-bundler:99.9.19Ngamana 11, 2026
npmpost-purchase-bundler:99.9.26Ngamana 11, 2026
npmpost-purchase-bundler:100.0.1Ngamana 11, 2026
npmpost-purchase-bundler:101.0.3Ngamana 11, 2026
npmrsflows-pexml:99.9.15Ngamana 11, 2026
npmrsflows-pexml:99.9.20Ngamana 11, 2026
npmpost-purchase-bundler:102.0.3Ngamana 11, 2026
npmrsflows-pexml:99.9.25Ngamana 11, 2026
npmpost-purchase-bundler:1.99.0Ngamana 11, 2026
npmslow-surf:10.0.0Ngamana 11, 2026
npmerslove:1.22.12Ngamana 11, 2026
npmdit-envv:17.4.2Ngamana 11, 2026
npmhehehe:1.0.4Ngamana 11, 2026
npm@gbrlxvii/ts-form-utils:3.7.0Ngamana 11, 2026
npmclaw_messenger:0.0.74Ngamana 11, 2026
i-openvsxwhatwedo/twig:1.2.7Ngamana 11, 2026
i-openvsxgeorge-alisson/html-preview-vscode:1.2.7Ngamana 11, 2026
i-openvsxsohibe/java-generate-setters-getters:9.0.2Ngamana 11, 2026
npmbyvendors:99.0.6Ngamana 11, 2026
npmbriantreehttp:0.4.0Ngamana 11, 2026
npmnoon-contracts:1.0.0Ngamana 12, 2026
npm@draftlab/db:0.16.1Ngamana 12, 2026
npm@uipath/uipath-python-bridge:1.0.1Ngamana 12, 2026
npm@uipath/aops-policy-tool:0.3.1Ngamana 12, 2026
npm@uipath/codedagent-tool:1.0.1Ngamana 12, 2026
npm@uipath/gov-tool:0.3.1Ngamana 12, 2026
npm@uipath/telemetry:0.0.7Ngamana 12, 2026
npm@uipath/admin-tool:0.1.1Ngamana 12, 2026
npm@uipath/codedapp-tool:1.0.1Ngamana 12, 2026
npm@uipath/insights-sdk:1.0.1Ngamana 12, 2026
npm@uipath/tool-workflowcompiler:0.0.12Ngamana 12, 2026
npm@uipath/project-packager:1.1.16Ngamana 12, 2026
npm@uipath/access-policy-sdk:0.3.1Ngamana 12, 2026
npm@uipath/vertical-solutions-tool:1.0.1Ngamana 12, 2026
npm@uipath/integrationservice-sdk:1.0.2Ngamana 12, 2026
npm@uipath/access-policy-tool:0.3.1Ngamana 12, 2026
npm@uipath/resourcecatalog-tool:0.1.1Ngamana 12, 2026
npm@uipath/agent-tool:1.0.1Ngamana 12, 2026
npm@uipath/api-workflow-tool:1.0.1Ngamana 12, 2026
npm@uipath/tasks-tool:1.0.1Ngamana 12, 2026
npm@uipath/solution-tool:1.0.1Ngamana 12, 2026
npm@uipath/vss:0.1.6Ngamana 12, 2026
npm@tallyui/components:1.0.1Ngamana 12, 2026
npm@squawk/flight-math:0.5.4Ngamana 12, 2026
npm@squawk/weather:0.5.6Ngamana 12, 2026
npm@mistralai/mistralai-gcp:1.7.1Ngamana 12, 2026
npm@mesadev/saguaro:0.4.22Ngamana 12, 2026
npmdpdgroupuk:0.0.1Ngamana 12, 2026
npm@cplace-paw-fe/cf-training-extended:2.0.4Ngamana 12, 2026
npm@jacobson1977/hp-setup:2.0.2Ngamana 14, 2026
npm@jacobson1977/hp-setup:2.0.5Ngamana 14, 2026
npm@jacobson1977/hp-setup:2.0.6Ngamana 14, 2026
npm@jacobson1977/hp-setup:2.0.7Ngamana 14, 2026
npm@jacobson1977/hp-setup:2.0.8Ngamana 14, 2026
npm@jacobson1977/hp-setup:2.0.9Ngamana 14, 2026
npm@jacobson1977/hp-setup:2.1.0Ngamana 14, 2026
npmukuseta i-hp:4.0.1Ngamana 14, 2026
npmukuseta i-hp:4.0.2Ngamana 14, 2026
npmukuseta i-hp:4.1.0Ngamana 14, 2026
npmukuseta i-hp:4.1.3Ngamana 14, 2026
npmukuseta i-hp:4.1.4Ngamana 14, 2026
npmukuseta i-hp:4.1.5Ngamana 14, 2026
npmukuseta i-hp:4.1.6Ngamana 14, 2026
npmukuseta i-hp:4.1.8Ngamana 14, 2026
npmukuseta i-hp:4.1.19Ngamana 14, 2026
npmukuseta i-hp:4.1.20Ngamana 14, 2026
npmukuseta i-hp:4.2.0Ngamana 14, 2026
npmhousecallpro:1.0.1Ngamana 14, 2026
pypiai-spellcheckers:1.0.0Ngamana 14, 2026
pypicicada-tg:0.3.6Ngamana 14, 2026
npmsmtp-test-server-node:99.2.1Ngamana 14, 2026
npmsmtp-test-server-node:99.2.2Ngamana 14, 2026
npm@lir-portal/web-components:2.0.4Ngamana 14, 2026
npmdotenvv-tool:1.0.1Ngamana 14, 2026
npmrimraf-utils:1.0.1Ngamana 14, 2026
npmexxpress-tool:1.0.0Ngamana 14, 2026
npmexxpress-tool:1.0.1Ngamana 14, 2026
npmexxpress-utils:1.0.1Ngamana 14, 2026
npm@design-system-coopeuch/web:999.0.4Ngamana 14, 2026
npm@design-system-coopeuch/web:999.0.3Ngamana 14, 2026
npm@design-system-coopeuch/web:999.0.2Ngamana 14, 2026
pypipyexecutorsme:0.1.0Ngamana 15, 2026
pypipyexecutorsme:0.1.2Ngamana 15, 2026
npmhello-world-pkg-value-value-p:1.0.7Ngamana 15, 2026
npmhello-world-pkg-value-value-p:1.0.10Ngamana 15, 2026
npmaxon-enterprise: 1.0.0Ngamana 15, 2026

Iveki yoku-1: Kufunyenwe iipakeji ezingaphezu kwe-158

Ecosystems ipakethe umhla
npm@apple-pay-trust/irhoxisiwe:99.0.3Ngamana 01, 2026
npmapple-internal-security-library-v99:100.0.1Ngamana 01, 2026
npmfiat-token-admin:99.1.1Ngamana 01, 2026
npmstellar-stablecoin-scripts:99.1.0Ngamana 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.3Ngamana 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.4Ngamana 01, 2026
npmnode-red-contrib-fox-control-admin:2.0.7Ngamana 01, 2026
npmblackbeards-navigator:211.0.0Ngamana 01, 2026
npmblackbeards-navigator:212.0.0Ngamana 01, 2026
npmblackbeards-navigator:213.0.0Ngamana 01, 2026
npmblackbeards-navigator:217.0.0Ngamana 01, 2026
npmblackbeards-navigator:220.0.0Ngamana 01, 2026
npmblackbeards-navigator:221.0.0Ngamana 01, 2026
npmblackbeards-navigator:222.0.0Ngamana 01, 2026
npmsirens-lament:211.0.0Ngamana 01, 2026
npmsirens-lament:212.0.0Ngamana 01, 2026
npmsirens-lament:213.0.0Ngamana 01, 2026
npmisiporho sempu:212.0.0Ngamana 01, 2026
npmisiporho sempu:219.0.0Ngamana 01, 2026
npmcodewhisperer-streaming:1.0.15Ngamana 02, 2026
npmi-shadxino:1.0.5Ngamana 02, 2026
npmamazon-data-kiosk-monorepo:1.0.10Ngamana 02, 2026
npmclaude-code-best:2.0.1Ngamana 03, 2026
npmapexpro:99.99.99Ngamana 03, 2026
npmapexomni:99.99.99Ngamana 03, 2026
npmapexomni:99.99.100Ngamana 03, 2026
npmapexpro:99.99.100Ngamana 03, 2026
npmnode-env-resolve:1.0.7Ngamana 03, 2026
npmnode-env-resolve:1.0.8Ngamana 03, 2026
npm@xp-utilities/web:99.0.0Ngamana 03, 2026
npmnextjs-chat-with-ai-service:99.9.9Ngamana 03, 2026
npm@alfa.life.mapp/app.web:99.0.13Ngamana 04, 2026
npm@alfa.life.mapp/app.web:99.0.14Ngamana 04, 2026
npm@alfa.life.mapp/app.web:99.0.15Ngamana 04, 2026
npm@alfa.life.mapp/app.web:99.0.16Ngamana 04, 2026
npm@alfa.life.mapp/app.web:99.0.17Ngamana 04, 2026
npm@alfa.life.mapp/app.web:99.0.19Ngamana 04, 2026
npm@sbt_gitverse/umxhasi-wohlalutyo:99.0.1Ngamana 04, 2026
npm@sbt_gitverse/umxhasi-wohlalutyo:99.0.4Ngamana 04, 2026
npm@sbt_gitverse/umxhasi-wohlalutyo:99.0.5Ngamana 04, 2026
npm@tochka-ui/isiseko:99.0.2Ngamana 04, 2026
npm@tochka-ui/isiseko:99.0.3Ngamana 04, 2026
npm@tochka-ui/isiseko:99.0.4Ngamana 04, 2026
npmkl-b2c-ui-kit:99.0.1Ngamana 04, 2026
npmkl-b2c-ui-kit:99.0.2Ngamana 04, 2026
npmkl-b2c-ui-kit:99.0.3Ngamana 04, 2026
npmpi-exa-mcp:99.9.11Ngamana 04, 2026
npmpi-exa-mcp:99.9.12Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.26Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.33Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.34Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.35Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.37Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.38Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.51Ngamana 04, 2026
npmi-google-cloud-secret-manager-config-poc:99.9.53Ngamana 04, 2026
npmpaypal-payouts-bridge:99.9.9Ngamana 04, 2026
npmpaypal-payouts-bridge:100.1.1Ngamana 04, 2026
npmpaypal-payouts-bridge:100.1.4Ngamana 04, 2026
npmpaypal-payouts-bridge:100.1.6Ngamana 04, 2026
npmpaypal-payouts-bridge:100.1.9Ngamana 04, 2026
npmpaypal-payouts-bridge:100.2.8Ngamana 04, 2026
npmmicrosoft-employee-experience:99.2.2Ngamana 05, 2026
npmcarp-shield:0.1.0Ngamana 05, 2026
npmfanduel:100.5.0Ngamana 05, 2026
npmexiouss:1.0.6Ngamana 05, 2026
npmenterprise-auth-gateway-core:50.50.50Ngamana 06, 2026
npm@saif777/codemirror5:7.66.4Ngamana 06, 2026
npm@saif777/codemirror5:7.66.5Ngamana 06, 2026
npmfeature-flag-service:2.0.1Ngamana 06, 2026
npmfeature-flag-service:2.0.2Ngamana 06, 2026
npmfeature-flag-service:2.0.3Ngamana 06, 2026
npmsort-btree:2.1.2Ngamana 06, 2026
npmviem-core:1.0.0Ngamana 06, 2026
npmviem-utils-core:1.0.0Ngamana 06, 2026
npmhardhat-core-utils:1.0.0Ngamana 06, 2026
npmi-veltrix:1.0.0Ngamana 06, 2026
npmevm-utils:1.0.0Ngamana 06, 2026
npmweb3-utils-core:1.0.0Ngamana 06, 2026
npmfoundry-utils:1.0.0Ngamana 06, 2026
npmcarboniteapp:99.9.0Ngamana 07, 2026
npmcarbonite-internal:99.9.0Ngamana 07, 2026
npmmoney-badger-open-rpc:200.99.100Ngamana 07, 2026
npm24712-pl5006:0.0.1Ngamana 07, 2026
i-openvsxeriklynd/json-tools:20.1.2Ngamana 07, 2026
npminvixco:1.0.4Ngamana 07, 2026
npmwin-sys-health-agent:1.0.2Ngamana 08, 2026
npmwin-env-setup:3.0.6Ngamana 08, 2026
npmwin-sys-health-agent:1.0.3Ngamana 08, 2026

Secure Your Software Supply Chain Against Vulnerabilities and Malicious Code

Software supply chain attacks are no longer theoretical threats. Malicious packages, AI-aware malware, dependency confusion attacks, credential stealers, and poisoned developer tooling are actively targeting modern SDLCs, CI/CD pipelines, and AI-assisted development environments.

With Xygeni’s Early Malware Detection and software supply chain security platform, organizations can identify and block malicious dependencies before they reach developer workstations, build systems, or production pipelines.

Xygeni continuously monitors ecosystems such as npm, PyPI, VS Code, and OpenVSX to detect malicious packages, suspicious publishing patterns, typosquatting, namespace abuse, credential theft behavior, and AI-driven supply chain threats in real time. Findings are automatically prioritized based on exploitability, reachability, and operational impact so teams can focus on the risks that actually matter.

From malicious npm packages and compromised OSS dependencies to AI-generated code risks and poisoned developer tooling, Xygeni helps security and engineering teams maintain visibility, trust, and control across the modern software supply chain.

To explore the latest malware campaigns and validated malicious packages discovered by the Xygeni Security Team, visit the complete I-Digest yeKhowudi enobungozi.

Hlala ukhuselekile. Hlala ukhawuleza. Hlala ulawula iXygeni.

izixhobo-zohlalutyo-lwesoftware-yokwakhiwa kwesoftware
Beka phambili, ulungise, kwaye ukhusele iingozi zesoftware yakho
Fumana iAkhawunti yakho yasimahla.
Akukho khadi lekhredithi elifunekayo.

Khusela uPhuhliso lweSoftware yakho kunye nokuHanjiswa kwayo

kunye neXygeni Product Suite