Malicious Packages Identification API
(MPIAPI)

Most AppSec focuses on potential risk — vulnerabilities that threat actors might later exploit. But malicious open-source packages are different; they contain harmful code from the outset, often attacking the moment they are installed. Unlike vulnerabilities that represent potential threats, malicious packages immediately endanger developer workstations, CI/CD environments, and production systems. Therefore, malicious package defense must commence before installation and at other relevant stages of the SDLC.

The threat level to organizations of malicious packages has been rapidly rising over the past few years. The numbers tell a disturbing story: Checkmarx’ AppSec research team has discovered more than 420,000 publicly available malicious packages. A recent Checkmarx survey revealed that 76% of CISOs are concerned about the dangers of malicious packages. The average cost of a software supply chain compromise was $4.63 million, which is 8.3% higher than the average cost of a data breach due to other causes (IBM research). It is imperative that CISOs and AppSec teams place more focus on this critical threat vector.

Traditional security measures fall short when dealing with malicious packages for three primary reasons: Timing (by the time SAST or SCA tools run, malicious packages may have already executed their payloads), scope (developer machines often have more permissive configurations and/or are subject to fewer enterprise security protections), and speed (the rapid pace of package adoption means threats can spread quickly before detection). For these reasons, effective malicious package defense requires a shift from reactive to proactive security: pre-installation checking (verifying packages before they enter any environment), continuous monitoring (regularly scanning existing packages as new threats are discovered), and comprehensive coverage (protection at every stage of the SDLC).

Checkmarx combines proprietary technology with a team of expert security researchers to effectively identify malicious packages. This threat intelligence system performs automated tests to identify suspicious package behaviors, risky OSS code changes, author reputation issues, and additional factors (secrets, code scanning, static analysis, etc.). When a package is flagged as potentially malicious, Checkmarx’s security research team conducts a thorough manual review to confirm its malicious nature (to avoid false positives), before adding it to the malicious package database (and reporting it externally, when appropriate). On average, Checkmarx scans around 2 million OSS packages every month.

A few examples include data exfiltration (stealing sensitive information), harmful file download, network connection to domain address known to be used by attackers, crypto-mining software, repojacking (takes control of the repository of a legitimate package), typosquatting (mimics the name of a popular package, inducing users to inadvertently use this package), chainjacking (stores a package in a renamed GitHub repository), and protestware (software that includes undesirable functionality that aims to protest an issue).

Here is one malicious attack example per year, for each of the past few years (you can Google them for details):

SolarWinds Supply Chain Attack (2020, Enterprise Infrastructure Compromise)
ua-parser-js (2021, Critical Infrastructure Targeting)
PyTorch (2022, Dependency Confusion Attack)
116 Malicious PyPI Packages Campaign (2023, Widespread Windows/Linux Targeting)
MUT-8694 Campaign (2024, Cross-Platform npm/PyPI Attack)
NPM Attack Against qix (2025, Cryptocurrency Stealer)

The most effective way to prevent harm to your organization from malicious packages is to validate third-party packages at every relevant step of the SDLC, starting with the moment developers try to install them on their workstations. Beyond this, it is important to frequently scan all the OSS packages present in your private artifact registries, applications, and container images, and then to remove/update any package versions that may have been flagged as containing malicious or suspicious code.