ReversingLabs this week published a report that finds there was a 73% increase in the number of malicious open source packages discovered in 2025 compared with the previous year.
More than 10,000 malicious open source packages were discovered, most of which involved node package managers (npms) that cybercriminals were using to compromise software supply chains. In total, npms accounted for 90% of the malicious open source software activity discovered.
According to the ReversingLabs software supply chain security report, the Shai-hulud attack alone compromised more than 1,000 npm packages across two distinct waves of attacks that, as part of a larger campaign, exposed an estimated 25,000 GitHub repositories.
On the plus side, the report also noted that instances of malware detected on the Python Package Index (PyPI) repository were reduced substantially in 2025, from 1,575 detected in 2024 to just 891, a 43% decrease.
Last year also saw an increase in exposed secrets across four major open-source package managers: npm, PyPI, NuGet, and RubyGems. According to the report, incidents of exposed developer secrets rose 11%, with PyPI and npm accounting for roughly 95% of detected leaks.
The biggest sources of the secrets leaked are Google, Amazon Web Services (AWS), Slack, and Telegram, with the Google Cloud platform being the largest source for 23% of the more than 39,000 secrets detected on npm and 14% of the nearly 9,300 secrets detected on PyPI. AWS accounted for 145, while the majority of exposed developer secrets are traced back to less well-known applications that together accounted for around two-thirds of leaked secrets detected on both npm and PyPI. Conversely, applications such as Discord, GitHub, and Slack saw a roughly 50% drop in secrets detected year-over-year.
Tomislav Pericin, chief software architect for ReversingLabs, said the report makes it clear that instead of targeting little used open source projects supported by a handful of maintainers, cybercriminals are now focusing on widely used open source software projects through which malware can be injected into thousands of downstream applications.
The challenge is far too many DevOps and cybersecurity teams believe that malware in open source software is an intractable problem that can be solved instead of reviewing the code provided to them for vulnerabilities before deploying it and then insisting issues be fixed, he added.
Not enough organizations are following the lead of JP Morgan Chase by informing software providers that licenses will not be renewed if the software provided has too many vulnerabilities, he added.
Additionally, government agencies instead of relaxing requirements should continue to set an example by requiring providers of applications to attest for the security of their software, noted Pericin.
In general, organizations need to reset the baseline for what is considered an acceptable level of application security risks, he added
It’s not clear to what degree software engineering teams have the political will needed to require providers of software to provide higher quality applications. The one thing that is certain, however, is that as more code is developed and deployed faster in the age of artificial intelligence (AI) it’s now only a matter of time before that current lack of focus on quality and security becomes in hindsight something to deeply regret.
