Phantse qho ngeveki, iinkqubo zethu zokufumanisa ii-malware ziskena amawaka eepakeji ezintsha nezihlaziyiweyo kuzo zonke iirejista zikarhulumente ezifana ne-npm kunye ne-PyPI. Le veki ibisebenza kakhulu.
Siqinisekisile Iiphakheji ezili-198 ezinobungozi, ikakhulu kwi-npm, kunye nezinye iimeko kwi-PyPI, i-OpenVSX, i-Composer, kunye ne-VS Code extensions. Ezininzi zivele kwii-clusters ezidibeneyo, kunye nokukhutshwa okuphindaphindiweyo kwe-malicious phantsi kwamagama afanayo okanye kwiintsapho zeepakeji ezinxulumeneyo. Ityala elibalaseleyo yayiyi sensivity iphakheji, eyazalisa i-npm ngeenguqulelo ezingaphezu kwama-60 ezikhutshiweyo kuluhlu lwe-2.5.x. Amanye amaqela abalulekileyo aqukiwe ai-sdk-helpers (Iinguqulelo ezi-8 ezijolise kubaphuhlisi be-AI), @antoncallahan/aws-user-helper (Iinguqulelo ezi-7 ezizenza isixhobo se-AWS), @apple-pay-trust kwaye @google-pay-trust iintsapho (zilinganisa iimodyuli zokuhlawula), @frengki0707/google-cloud-clone (iinguqulelo ezi-5 ezikhohlisa iGoogle Cloud), kunye cms-storehub, cms-helpgit, yaye cms-github (kujoliswe kwi-CMS pipelines). Iipakeji ezininzi zilinganisa iimodyuli zokuhlawula kunye nokuphuma, enterprise kunye neepakeji zewebhu zangaphakathi, abathengi be-analytics, iziseko ze-UI, izixhobo zomphuhlisi, abahloli beenxalenye, iipakeji ezineethematika zelifu kunye neGoogle, kunye nezinye iimodyuli ezithembeke kakhulu kwimisebenzi yophuhliso yanamhlanje.
Ezi yayingezizo izinto ezingaqhelekanga ezingaqhelekanga. Okuphawulekayo kule veki yayikukuba kupapashwe ngokuphindaphindiweyo kwiintsapho ezifanayo zeepakeji, ukusetyenziswa kwakhona kweepateni zokubiza amagama, kunye nendlela iipakeji ezinobuthi ezazifihlwe ngayo ukuze zibonakale ngathi zixhomekeke ngokusemthethweni ekunikezelweni kwesoftware yokwenyani. pipelines.
Le vidiyo yeveki iyinxalenye yeMalicious Code Digest yethu eqhubekayo, apho siqinisekisa khona izisongelo ezintsha kwaye sinike ulwazi olusebenzayo ukunceda amaqela eDevSecOps akhusele pipelinengaphambi kokuba kwenzeke umonakalo.
Masichaze oko sikufumeneyo kule veki kunye nesizathu sokuba kubalulekile.
| Ecosystems | ipakethe | umhla |
|---|---|---|
| npm | @cloudplatform-single-spa/ulawulo:99.99.100 | Ngamana 30, 2026 |
| npm | @cloudplatform-single-spa/svp-s3-storage:99.99.100 | Ngamana 30, 2026 |
| npm | @maximvs1538/os-npm:99.0.0 | Ngamana 30, 2026 |
| npm | @ukungena okulula/iindlela zokufika:99.9.5 | Ngamana 30, 2026 |
| npm | @ukungena-okulula/ukubhalisa-ngaphandle-kwe-fop-navigator:99.9.5 | Ngamana 30, 2026 |
| npm | @ukungena okulula/iindlela:99.9.5 | Ngamana 30, 2026 |
| npm | @t-in-one/form_product_token:5.7.1 | Ngamana 30, 2026 |
| npm | @capibar.chat/ui-kit:99.5.7 | Ngamana 30, 2026 |
| vscode | umphathi we-xampp: 5.1.3 | Ngamana 30, 2026 |
| npm | @template-yencoko/ugunyaziso:1.0.0 | Ngamana 31, 2026 |
| npm | i-json-ukuya-kwi-simple-graphql-schema:1.0.0 | Juni 1, 2026 |
| npm | @gs-select/savings-client-application:99.0.0 | Juni 1, 2026 |
| npm | intatheli ye-nemo: 1.8.2 | Juni 1, 2026 |
| npm | cms-github:4.2.4 | Juni 1, 2026 |
| npm | uncedo lwe-cms:4.2.6 | Juni 1, 2026 |
| npm | uncedo lwe-cms:4.2.8 | Juni 1, 2026 |
| npm | i-cms-storehub:1.3.4 | Juni 1, 2026 |
| npm | i-cms-storehub:1.3.5 | Juni 1, 2026 |
| npm | i-cms-storehub:1.3.6 | Juni 1, 2026 |
| pypi | i-simtooreal-cli:0.3.0 | Juni 1, 2026 |
| npm | icebo-lendawo-yokuthengisa-ngaphambili: 1.1.1 | Juni 1, 2026 |
| npm | icebo-lendawo-yokuthengisa-ngaphambili: 1.1.2 | Juni 1, 2026 |
| npm | incoko-sdk:2.0.2 | Juni 1, 2026 |
| npm | i-veltrix:9.0.0 | Juni 1, 2026 |
| npm | i-veltrix:9.0.1 | Juni 1, 2026 |
| npm | jingmeideshishi:1.0.4 | Juni 1, 2026 |
| npm | jingmeideshishi:1.0.5 | Juni 1, 2026 |
| npm | @tse-digital/core:99.0.0 | Juni 1, 2026 |
| npm | @telenor-se/core:99.0.0 | Juni 1, 2026 |
| npm | @ownit/core:99.0.0 | Juni 1, 2026 |
| npm | amaxwebhu ezigulane: 75.0.0 | Juni 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.69 | Juni 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.68 | Juni 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.82 | Juni 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.80 | Juni 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.81 | Juni 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.83 | Juni 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.3 | Juni 1, 2026 |
| npm | @emcd-vue/auth:6.4.9 | Juni 1, 2026 |
| npm | @emcd-vue/b2b-pay-form:5.7.4 | Juni 1, 2026 |
| npm | @ccrm/user-storage-api-axios:5.0.1 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.8 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.12 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.16 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.17 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.18 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.19 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.20 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.21 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.22 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.23 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.24 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.25 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.26 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.27 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.28 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.29 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.30 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.31 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.32 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.41 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.42 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.43 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.44 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.45 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.46 | Juni 2, 2026 |
| npm | abancedisi be-meoo-ui:1.0.1 | Juni 2, 2026 |
| npm | @langgraphjs/izixhobo zokusebenza:1.2.10 | Juni 2, 2026 |
| npm | i-eyevox:9.0.1 | Juni 2, 2026 |
| npm | uvakalelo: 2.5.53 | Juni 3, 2026 |
| npm | uvakalelo: 2.5.54 | Juni 3, 2026 |
| npm | uvakalelo: 2.5.55 | Juni 3, 2026 |
| npm | uvakalelo: 2.5.56 | Juni 3, 2026 |
| npm | uvakalelo: 2.5.57 | Juni 3, 2026 |
| npm | uvakalelo: 2.5.61 | Juni 3, 2026 |
| npm | @sentry-browser-sdk/profiling-node:1.0.1 | Juni 4, 2026 |
| npm | @sentry-browser-sdk/profiling-node:1.0.2 | Juni 4, 2026 |
| npm | @sentry-browser-sdk/profiling-node:1.0.5 | Juni 4, 2026 |
| npm | inkonzo yokuqokelela imali:1.0.0 | Juni 4, 2026 |
| npm | uvakalelo: 2.5.67 | Juni 4, 2026 |
| npm | uvakalelo: 2.5.68 | Juni 4, 2026 |
| npm | imodeli-yokusebenzisana kwe-vg:40.0.5 | Juni 4, 2026 |
| npm | i-internallib_v346:1.0.3 | Juni 4, 2026 |
| npm | i-internallib_v346:1.0.5 | Juni 4, 2026 |
| npm | i-internallib_v346:1.0.9 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:0.2.1 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:0.3.0 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:0.3.1 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:1.1.0 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:1.1.1 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:1.3.0 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:1.4.0 | Juni 4, 2026 |
| npm | abancedisi be-ai-sdk:1.4.2 | Juni 4, 2026 |
| npm | @achuthvp/postinstall-poc:1.0.3 | Juni 4, 2026 |
| npm | uvakalelo: 2.5.0 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.1 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.2 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.3 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.4 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.5 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.13 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.14 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.15 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.33 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.34 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.35 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.36 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.37 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.38 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.58 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.59 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.60 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.62 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.63 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.64 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.65 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.66 | Juni 5, 2026 |
| npm | uvakalelo: 2.5.69 | Juni 5, 2026 |
Khusela ukuxhomekeka kwakho kwi-Open Source kwi-Vulnerability kunye ne-Malicious Code
Musa ukuvumela iipakethe ezinobungozi zifikelele kuwe pipelines. Ukufunyanwa kweMalware yeXygeni kwangethuba Inika iqela lakho umbono wangempela kwizisongelo ezibalulekileyo, ibamba abantu abaxhomekeke kwizixhobo zabo ngaphambi kokuba bachukumise isoftware yakho.
Njengoko intetho yale veki icacisa, ubungakanani kunye nobunzima beephulo zeepakeji ezinobungozi abunciphisi isantya. Ukugcwala kwenguqulelo edibeneyo, ukulingisa iimodyuli zentlawulo, kunye namagama eepakeji ezivakala ngaphakathi zezinye zeendlela abahlaseli abazisebenzisayo ukuze badlule. standard ukuzikhusela. Ukuhlala uphambili kwezi zisongelo kufuna okungaphezulu kokuhlolwa rhoqo, kufuna ukujongwa rhoqo kuyo yonke irejista amaqela akho axhomekeke kuyo.
IXygeni's Open Source Security Isisombululo siskena kwaye sivala iipakeji eziyingozi kwindawo yokupapashwa, kuyo yonke i-npm, i-PyPI, nangaphezulu. Ngokubeka phambili imeko yobuthathaka obubeka umngcipheko omkhulu kwihlabathi lokwenyani (kunye nokulungelelanisa indlela yokulungisa amaqela akho e-DevSecOps) i-Xygeni ikunceda ugcine ukuhanjiswa kwesoftware ekhuselekileyo nethembekileyo ngaphandle kokucothisa uphuhliso.




