A new report from Sonatype identifies 21,764 malicious open source packages in the first quarter of the year, up 21 percent from the same period last year and bringing the total logged since 2017 to 1,346,867.
The npm registry continues to be the target of most new malicious attacks, at 75 percent, seeing the equivalent of 46 malicious packages per day, with the quarter defined by credential theft, host reconnaissance, and staged payload delivery aimed at developer and CI/CD environments.
Python package index PyPI saw 18 percent of total malware in Q1, with other registries significantly lower, suggesting that attackers are concentrating on the ecosystems that offer the greatest scale, speed, and downstream reach. For defenders, that means the most widely used registries remain some of the most attractive channels for malware delivery.
“The biggest open source attacks in Q1 didn’t win because they were novel. They won because they abused trust already built into the software lifecycle — trusted package names, trusted tools, and trusted release workflows,” says Brian Fox, co-founder and CTO of Sonatype. “That’s what makes modern supply chain attacks more dangerous: the problem is no longer just spotting something suspicious, it’s knowing when something familiar has been turned against you.”
Rather than relying on obvious deception, attackers have increasingly used plausible packages, compromised release paths, and trusted software to gain access. Incidents such as the axios compromise and the Trivy/LiteLLM campaign show how small changes inside trusted packages and release workflows can create outsized downstream risk.
The report finds that 22 percent of Q1 malware exfiltrated host information, 19 percent stole secrets, and 16 percent set the stage for secondary payloads — clear signals that attackers are targeting developer machines and software delivery infrastructure to gain reusable access.
You can find out more on the Sonatype blog.
Image credit: solarseven/depositphotos.com
