Q1: 21,764 malicious OSS packages

Open-source code often arrives as prebuilt parts that developers pull from public registries; in the first quarter of 2026, Sonatype said attackers slipped 21,764 malicious packages into those channels. (sonatype.com) Sonatype published the count on April 14 and said its running total since 2017 has reached 1,346,867 malicious packages across major ecosystems. The company also said customers using its Repository Firewall blocked 136,107 open-source malware attacks in the quarter. (sonatype.com) A package is a reusable chunk of code, and a registry is the warehouse where developers fetch it. npm, the JavaScript registry, says it hosts more than two million packages and serves more than 17 million developers, which helps explain why Sonatype said npm made up 75% of the malicious packages it tracked in the quarter. (npmjs.com; sonatype.com) The main payloads were not flashy ransomware or destructive worms. Sonatype said trojans led the quarter, with most samples built to steal credentials, map the victim machine, and pull down additional code later. (sonatype.com) That pattern fits a software supply-chain attack: the attacker poisons a dependency so the victim installs the malware for them. The Cybersecurity and Infrastructure Security Agency and National Security Agency have warned that open-source components and software bills of materials need tighter controls because software supply chains have been exploited in incidents such as SolarWinds and Log4j. (cisa.gov; nsa.gov) Sonatype said the defining theme in early 2026 was “trust abuse,” not technical novelty. Its researchers highlighted three cases — SANDWORM_MODE, the LiteLLM compromise, and the axios compromise — as examples of attackers hiding behind trusted package names, trusted release paths, or trusted developer workflows. (sonatype.com) The company said the pace worked out to roughly one malicious package every six minutes over the quarter. That volume turns package registries into a steady stream of credential-theft and reconnaissance attempts aimed at developer laptops and continuous integration and continuous delivery systems. (sonatype.com) Government guidance now treats those dependencies as inventory that has to be tracked, reviewed, and updated like any other critical asset. CISA’s software supply-chain guidance tells organizations to identify open-source components before adoption and manage software bills of materials so they know what code is actually running in their environments. (cisa.gov) The quarter’s tally does not mean 21,764 separate breaches occurred, and Sonatype’s figures reflect what its researchers detected rather than every malicious package published anywhere. But the report’s basic picture is straightforward: attackers keep using ordinary package installs to hunt for secrets, and the busiest registry remains the easiest place to hide in plain sight. (sonatype.com; npmjs.com)