21,764 Malware Packages in 90 Days: What npm's Supply Chain Crisis Teaches Us

The Crisis Unfolds

In Q1 2026, Sonatype identified 21,764 malicious packages in open source repositories, with npm accounting for 75% of these. That's 16,323 malicious packages targeting JavaScript developers in a single quarter. These incidents were not random; attackers exploited trust through compromised maintainer accounts, typosquatting, and injecting malicious code into legitimate dependency chains. Notable incidents included SANDWORM_MODE's adaptive evasion, the LiteLLM compromise affecting downstream users, and attacks on the axios package, showing that even well-known packages are vulnerable.

The Continuous Attack

Attackers published malicious packages consistently throughout the quarter. With 21,764 total over 90 days, this equates to approximately 242 new malicious packages per day. The npm ecosystem was most affected, with the rest distributed across PyPI, Maven, and other registries.

Identifying Control Failures

Lack of Dependency Verification: Most organizations lacked automated integrity checks beyond default package manager settings. npm's signature verification doesn't protect against compromised accounts or malicious packages that pass automated checks.

Ineffective Security Scanning: The presence of 16,323 malicious npm packages indicates:

• Maintainers didn't scan dependencies before publication.
• Organizations didn't scan packages before use.
• CI/CD pipelines lacked security gates.

Weak Maintainer Authentication: Compromised maintainer accounts highlight missing or weak multi-factor authentication and lack of behavioral monitoring for unusual updates.

Absence of Dependency Pinning and Review: Automatic minor version updates without review created vulnerabilities. When a trusted package's new version contains malware, auto-update mechanisms distribute it.

Standards and Requirements

PCI DSS v4.0.1 Requirement 6.3.2 requires reviewing custom software for vulnerabilities before release. This extends to dependencies: you're responsible for third-party code you ship. Including a credential-stealing package violates this requirement.

OWASP Top 10 2021: A06:2021 – Vulnerable and Outdated Components advises knowing your components, monitoring for vulnerabilities, and obtaining them from secure sources. Consuming 16,323 malicious packages indicates failures in inventory and verification.

NIST 800-53 Rev 5 Control SA-12 (Supply Chain Protection) mandates security safeguards against supply chain threats, including risk assessments and monitoring for compromise indicators. The npm surge shows the consequences of treating SA-12 as mere paperwork.

ISO/IEC 27001:2022 Control 5.19 requires identifying and addressing supplier-related security risks. When you npm install, you're granting code execution rights to strangers.

SOC 2 Type II CC6.8 (Logical and Physical Access Controls) demands restricting access to systems and data. Installing unvetted packages violates this control, risking unauthorized access to customer data.

Actionable Steps for Your Team

Generate a Software Bill of Materials (SBOM): Use tools like Syft, CycloneDX, or SPDX in every build. This helps you quickly assess your exposure in incidents like LiteLLM.

Deploy Dependency Scanning with Blocking: Integrate tools like Snyk, Socket, or Sonatype Nexus Lifecycle into your CI/CD pipeline. Configure them to block builds when:

• New dependencies lack approval.
• Known malware signatures appear.
• Packages show suspicious behaviors.

Enforce Dependency Pinning and Explicit Updates: Avoid semantic version ranges in production. Pin exact versions and treat updates as code changes requiring review.

Establish a Package Approval Workflow: Before adding new dependencies:

1. Check package age and maintenance history.
2. Review maintainer reputation.
3. Examine version history for anomalies.
4. Scan with multiple tools.
5. Review code for suspicious patterns.

Continuously Monitor Dependencies: Use tools to alert you to:

• Maintainer changes.
• New versions of packages in your SBOM.
• Security flags on your packages.

Implement Network Egress Controls: Restrict internet access in build environments. Block unauthorized data exfiltration attempts during npm install.

Develop a Supply Chain Incident Response Plan: Prepare a playbook for when you find a malicious package:

• Identify affected systems.
• Execute rollback procedures.
• Notify stakeholders.
• Verify the scope of compromise.

The 21,764 malicious packages in Q1 2026 set a baseline for threats. Treat your package manager as a potential risk to your infrastructure and act accordingly.