Supply Chain Incidents

Malicious packages, backdoors, typosquats, and dependency confusion attacks

225,187
Total Incidents
npmPyPIRubyGemsGocrates.ioNuGetPackagist

transform-proto-to-assign

npm

MAL-0000-phantomraven-transform-proto-to-assign

Malicious npm package: transform-proto-to-assign (PhantomRaven campaign, Wave 3)

Malware
Mar 2026

add-react-displayname

npm

MAL-0000-phantomraven-add-react-displayname

Malicious npm package: add-react-displayname (PhantomRaven campaign, Wave 3)

Malware
Mar 2026

yoshi-base

npm

MAL-0000-phantomraven-yoshi-base

Malicious npm package: yoshi-base (PhantomRaven campaign, Wave 2)

Malware
Mar 2026

typescript-rtk-query

npm

MAL-0000-phantomraven-typescript-rtk-query

Malicious npm package: typescript-rtk-query (PhantomRaven campaign, Wave 2)

Malware
Mar 2026

import-zod

npm

MAL-0000-phantomraven-import-zod

Malicious npm package: import-zod (PhantomRaven campaign, Wave 4)

Malware
Mar 2026

transform-es2015-duplicate-keys

npm

MAL-0000-phantomraven-transform-es2015-duplicate-keys

Malicious npm package: transform-es2015-duplicate-keys (PhantomRaven campaign, Wave 3)

Malware
Mar 2026

syntax-function-bind

npm

MAL-0000-phantomraven-syntax-function-bind

Malicious npm package: syntax-function-bind (PhantomRaven campaign, Wave 3)

Malware
Mar 2026

syntax-do-expressions

npm

MAL-0000-phantomraven-syntax-do-expressions

Malicious npm package: syntax-do-expressions (PhantomRaven campaign, Wave 3)

Malware
Mar 2026

transform-inline-consecutive-adds

npm

MAL-0000-phantomraven-transform-inline-consecutive-adds

Malicious npm package: transform-inline-consecutive-adds (PhantomRaven campaign, Wave 3)

Malware
Mar 2026

react-you-might-not-need-an-effect

npm

MAL-0000-phantomraven-react-you-might-not-need-an-effect

Malicious npm package: react-you-might-not-need-an-effect (PhantomRaven campaign, Wave 2)

Malware
Mar 2026

import-newlines

npm

MAL-0000-phantomraven-import-newlines

Malicious npm package: import-newlines (PhantomRaven campaign, Wave 2)

Malware
Mar 2026

es6-recommended

npm

MAL-0000-phantomraven-es6-recommended

Malicious npm package: es6-recommended (PhantomRaven campaign, Wave 2)

Malware
Mar 2026

syntax-decorators

npm

MAL-0000-phantomraven-syntax-decorators

Malicious npm package: syntax-decorators (PhantomRaven campaign, Wave 2)

Malware
Mar 2026

pymnemonic

PyPI

MAL-2026-1438

Malicious code in pymnemonic (PyPI)

Malware
Mar 2026

do-not-install-this-package-004

PyPI

MAL-2026-1436

Malicious code in do-not-install-this-package-004 (PyPI)

Malware
Mar 2026

flowpeek

PyPI

MAL-2026-1437

Malicious code in flowpeek (PyPI)

Malware
Mar 2026

kvstore-pb2-grpc

PyPI

MAL-2026-1433

Malicious code in kvstore-pb2-grpc (PyPI)

Typosquat
Mar 2026

dgl-cu117

PyPI

MAL-2026-1432

Malicious code in dgl-cu117 (PyPI)

Typosquat
Mar 2026

python-anchor

PyPI

MAL-2026-1435

Malicious code in python-anchor (PyPI)

Typosquat
Mar 2026

my-super-lib

PyPI

MAL-2026-1434

Malicious code in my-super-lib (PyPI)

Typosquat
Mar 2026

ariadne-federation

PyPI

MAL-2026-1431

Malicious code in ariadne-federation (PyPI)

Typosquat
Mar 2026

@3stripes/common

npm

MAL-2026-1426

Malicious code in @3stripes/common (npm)

Malware
Mar 2026

@3stripes/auth

npm

MAL-2026-1425

Malicious code in @3stripes/auth (npm)

Malware
Mar 2026

@3stripes/helpers

npm

MAL-2026-1427

Malicious code in @3stripes/helpers (npm)

Malware
Mar 2026
Showing 1753 - 1776 of 225,187
PreviousNext
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001