A sharp rise in malicious open-source software has shown how far-reaching a threat software supply chain attacks have become.
According to a new report by ReversingLabs (RL), detections of malicious open-source packages increased by 73% in 2025 compared with the prior year, with the majority concentrated in the npm JavaScript ecosystem.
The findings show how previously established trust in software development processes is now being exploited.
Malicious packages by package manager: 2024-2025. Credit: RL.
The cybersecurity firm reported more than 10,000 malicious packages identified on npm in 2025, accounting for nearly 90% of all open-source malware the company observed.
Attackers increasingly targeted widely used packages and trusted maintainers, turning routine dependency updates into large-scale malware distribution events. In many cases, attackers were able to circumvent traditional security mechanisms by hiding their activities in the midst of normal development actions, including continuous integration and continuous delivery pipelines.
The report also noted that adversaries are moving beyond simple typosquatting, using more sophisticated methods to create malicious packages, such as taking control of the accounts of package maintainers and using automated toolkits to distribute their malware.
An example of this type of campaign was the Shai-Hulud worm, labeled by Reversing Labs as the “first registry native” malware observed on npm, which utilized stolen credentials to distribute malicious code across hundreds of different packages.
Security Controls Help, But Only in Parts of the Ecosystem
Not all ecosystems saw the same trajectory. Malware detections on the Python Package Index (PyPI) declined substantially. According to Reversing Labs, this decrease is directly related to stronger controls placed upon the platform, specifically mandatory multi-factor authentication (MFA) and trusted publishing.
Malicious Python packages by type: 2024-2025. Credit: RL.
Decreases were also seen on Microsoft’s NuGet repository, which further supports the notion that security investments can result in meaningful increases in the difficulty of conducting successful attacks.
However, the report stated that even though attackers may be thwarted in one area, they are likely to move to other areas of the ecosystem where the security controls may not be as robust.
npm exposed secrets by application: 2024-2025. Credit: RL.
“If you don’t know which packages you’re building software with—the content of your build pipeline—someone else will figure it out and use that knowledge against you,” wrote Tomislav Peričin, Chief Software Architect and Co-Founder at ReversingLabs in the report.
For CISOs and security leaders, the takeaway is clear: software supply chains exist in an adversarial environment. Defending them requires continuous validation, a greater level of transparency regarding dependencies, and closer collaboration between development and security teams.
