What’s in the report?

Learn how the most popular JavaScript package managers – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto.

Why should you care about malicious npm activity?

JavaScript is the most commonly used programming language globally, and 68 percent of developers depend upon it to create rich online functionality. With an average of 32,000 new npm packages published per month in 2021, attackers are using the popularity of npm to hide their nefarious behavior and launch attacks. In just six months, more than 1,300 malicious npm packages have been identified and reported by Mend Supply Chain Defender, making it vital for developers to understand what attackers are doing and how they can remediate issues without slowing down the development process.