{"id":106997,"date":"2026-02-19T15:00:00","date_gmt":"2026-02-19T13:00:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=zero-post&#038;p=106997"},"modified":"2026-02-27T20:37:35","modified_gmt":"2026-02-27T18:37:35","slug":"protecting-yourself-against-malicious-open-source-packages","status":"publish","type":"zero-post","link":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/","title":{"rendered":"Protecting yourself against malicious open-source packages"},"content":{"rendered":"<style type=\"text\/css\">@import url(\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/styles\/vs2015.min.css\");@font-face{font-family:'Hack';src:url('https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/hack-font\/3.3.0\/web\/fonts\/hack-regular-subset.woff2') format('woff2')}:root{--code-font:'Hack','Menlo','Consolas',monospace !important;--code-bg:#1e1e1e;--code-color:#0c1;--code-dim:#071;--text-color:#121185;--highlight-color:#f8ff91;--highlight-color-alt:#736ca0}article.content{max-width:100% !important;min-width:80% !important;width:99% !important}.wp-block-code code{text-wrap:nowrap !important}figure{margin-top:1.5rem;margin-bottom:1.5rem}p.caption,figcaption{font-size:1rem !important;font-style:italic !important;color:var(--code-dim) !important}p.caption *,figcaption *{font-size:inherit !important}div.callout{max-width:80% !important;padding-top:.5rem;padding-bottom:.5rem;margin-top:1rem;margin-bottom:1rem;display:block;margin-left:10%;border-top:.3rem solid #121185;border-bottom:.3rem solid #121185}div.callout p{font-size:x-large;text-align:left;font-weight:bold}.cxzero-video-include{display:block;max-width:1920px;width:100%;padding-top:1rem;padding-bottom:1rem}.cxzero-video-include video{display:block;padding:.5rem;background-color:var(--code-bg);width:98%;object-fit:cover}pre.wp-block-code,pre.highlighted-code,pre.sourceCode,pre{border:1px solid var(--code-color);width:90%;background-color:var(--code-bg);color:var(--code-color);margin:1em;padding:2em;overflow-x:scroll;font-family:var(--code-font);font-size:10.5pt;line-height:1.1em;text-wrap:nowrap !important;box-shadow:5px 5px 13px 0 var(--code-bg)}* kbd,* code,* tt{font-family:var(--code-font);padding-inline:.5em;color:var(--code-dim);font-size:85%}pre code{color:var(--code-color);font-size:90%}pre.highlighted-code span{font-family:var(--code-font);font-size:10.5pt;color:var(--code-color)}pre.highlighted-code span.comment{font-style:italic;color:var(--code-dim)}pre.highlighted-code span.keyword,pre.highlighted-code span.preproc{font-weight:bold;font-style:oblique}blockquote,blockquote *{font-size:1.375rem !important;font-style:italic !important}blockquote{border-left:.1rem solid;padding-left:1rem}mark,mark *{background-color:var(--highlight-color) !important}mark.ai-content,mark.ai-content *{background-color:var(--highlight-color-alt) !important;color:#fff !important}.cxzero-cve-block{border:1px solid var(--code-color,#0c1);padding:.5rem;p{padding:0;margin:0}span.vulndesc{display:block;font-size:.9rem;font-weight:400;font-style:italic}span.cvss::before{content:\"  \"}span.cvss{background:#fe0}span.cvss.critical{background:#c00;color:#eee}span.cvss.high{background:#ffac1c;color:#0015ff}span.vector::before{content:\"\u25b8\"}span.vector,span.vector *{overflow-wrap:break-word;font-family:var(--code-font);font-size:10pt}.kev{display:block;font-weight:bold}.kev::before{content:\"\u203c\ufe0f\"}}.print-source-info{display:none}@media print{.header,.header *,.article-nav,.article-nav *,.aticle-nav,.aticle-nav *,.section_latest,.section-latest *,footer,footer *,.section-menu-page,.section-menu-page *,.top-menu,.top-menu *,.top-menu__container,.top-menu__container *,.section-zero-article,.section-zero-article *{display:none}@page{margin:13mm !important}.section-aticle-header__image-or-video{max-width:125mm}.print-source-info{display:block;border-left:.2rem solid #000;font-style:italic !important;font-size:85%;padding-left:1rem}}<\/style> <script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/highlight.min.js\" integrity=\"sha512-EBLzUL8XLl+va\/zAsmXwS7Z2B1F9HUHkZwyS\/VKwh3S7T\/U0nF4BaU29EP\/ZSf6zgiIxYAnKLu6bJ8dqpmX5uw==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\"><\/script> <script>hljs.highlightAll();<\/script> \n\n\n\n<p class=\"print-source-info\"><script>document.write(\"Copyright Checkmarx, all rights reserved. Retrieved \"+new Date().toLocaleDateString()+\" from<br\/>\"+window.location.href);<\/script><noscript>This document copyright Checkmarx, all rights reserved.<\/noscript><\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">An infectious surprise<\/h2>\n\n\n\n<p>In a cozy apartment an hour outside of San Francisco, a developer grabs her second cup of tea, opens VSCode, pulls updates from GitHub for her current project, and runs <code>npm install.<\/code> As she works, malware is infecting her machine; it finds her GitHub credentials and begins to infect every one of the repos she has commit rights to: which is almost everything. As her colleagues come online and begin to work, infected GitHub Actions begin to steal credentials to cloud providers, sending them who knows where. She pushes her changes and starts a PR, triggering those Actions workflows to run, infecting one of the CI runners long enough to steal deploy keys and AWS credentials.<\/p>\n\n\n\n<p>She didn\u2019t know that one of the dependencies her app relies on had been infected by <em>Shai-Hulud<\/em>. Not the Great Worm from the universe of <em>Dune<\/em>, but <a href=\"https:\/\/checkmarx.com\/zero-post\/npm-hit-by-shai-hulud-the-self-replicating-supply-chain-attack\/\">a particularly clever and nasty bit of malware<\/a> that steals credentials and self-replicates. And the maintainer of that package didn\u2019t know that. But she found out when her company\u2019s SCA (one of the few on the market that will report malicious open-source packages) warned her and blocked the merge of her PR. By then, though, a lot of damage was done.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">\n<a><\/a>Why didn\u2019t security tools stop the harm?<\/h2>\n\n\n\n<p>Application Security tools exist that designed to understand what open-source components your software relies on. These are typically offered under the category of Software Composition Analysis (SCA). Your typical SCA tool enumerates open-source components and reports when those components have vulnerabilities that could leave your applications open to potential attack.<\/p>\n\n\n\n<p>The key there is <em>potential<\/em>. A software vulnerability is a <em>potential risk<\/em>. If you allow it into production, someone <em>might<\/em> find it, they <em>might<\/em> know how to attack it, and your operational controls <em>might<\/em> be inadequate to the task. Because of this, responding to SCA findings is typically an exercise in risk management. The tool finds&nbsp; a risk, gives information about its severity and general likelihood, and the security team applies that information to their environment, threat model and existing controls. Someone takes a decision whether to ask developers to fix the issue, and what priority the repair should receive.<\/p>\n\n\n\n<p>But malicious packages are different. A great many deliver their harmful payloads the moment they\u2019re installed. That\u2019s not a thing that <em>might<\/em> happen: at that point, it\u2019s a thing that <em>has happened<\/em>. <strong>An installed malicious package is not a mere vulnerability, but rather an attack in progress!<\/strong><\/p>\n\n\n\n<p>SCA wasn\u2019t built to defend against this threat. Sure, <a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\">good SCA tools<\/a> can detect malicious packages whenever the application is scanned, and <a href=\"https:\/\/checkmarx.com\/product\/malicious-packages\/\">that\u2019s a valuable layer of defense<\/a>. But it occurs far too late to prevent malicious packages from being installed. Which means developer workstations and even CI\/CD systems can be infected for hours or days before an SCA scan even has a chance to detect the problem. Something else is needed. Something more proactive.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">\n<a><\/a>Three core controls for protecting yourself against malicious packages<\/h2>\n\n\n\n<p>Since SCA tends to happen too late, and take too long, what can development teams do to protect themselves against being compromised by malicious open-source packages, and how can security help? A comprehensive posture requires a lot of nuance and careful planning, but it hinges on three main things:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Central management of dependencies using a package manager proxy<\/li>\n\n\n\n<li>Proactive defense of environments where packages get installed, including developer workstations, CI\/CD and other build environments, and (depending on your deployment approach) sometimes even production systems.<\/li>\n\n\n\n<li>Continuous monitoring of production and pre-production environments, including the package manager proxy<\/li>\n<\/ol>\n\n\n\n<p>These three core capabilities all require one common piece of technology stack: a system that lets you rapidly check whether packages you\u2019re about to install are known to contain malicious content. If you can\u2019t make this check before the package is actually installed, then you cannot defend your organization against the threat of malicious open-source packages.<\/p>\n\n\n\n<p>Checkmarx Zero maintains the largest human-curated database of known-malicious and suspicious open-source packages. And we expose an API (the <a href=\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\">Malicious Package Identification API, or MPIAPI<\/a>) that lets you accomplish this goal in a technology-agnostic manner, plugging into whatever systems you use to install dependencies and build and deploy your software. This same database also backs our <a href=\"https:\/\/checkmarx.com\/product\/malicious-packages\/\">Malicious Package Protection (MPP) add-on<\/a> for the Checkmarx SCA product, meaning you can use the same database for both proactive defense and continuous monitoring.<\/p>\n\n\n\n<p>Even if you don\u2019t use Checkmarx, though, your approach remains the same. Let\u2019s take a look at what adding defenses against malicious open-source packages to your application security or product security program looks like.<\/p>\n\n\n\n<div class=\"callout\"><p>After you read this article, familiarize yourself in depth with the threat of malicious open-source packages (the Checkmarx field teams have helpfully created <a href=\"https:\/\/checkmarx.com\/resources\/the-hidden-threat-of-malicious-open-source-packages-exec-summary\/\">an executive summary<\/a> and <a href=\"https:\/\/checkmarx.com\/the-hidden-threat-of-malicious-open-source-packages\/\">a free eBook<\/a> discussing the issue in depth). This understanding will help you as you decide how to configure the following\u00a0 controls effectively for your organization.<\/p><\/div>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">Centrally-manage your dependencies with a package manager proxy<\/h2>\n\n\n\n<p>The single most important change you can make, if you haven\u2019t already done so, is to create a \u201cchoke point\u201d that allows you to centrally control which packages are available to install within your organization. Fortunately, there\u2019s an entire product category that serves this need as well as providing private package registries; it includes well-known products like JFrog\u2019s Artifactory, Sonatype Nexus Repository, and Azure Artifacts.<\/p>\n\n\n\n<p>These products\u2019 primary purpose is to house first-party artifacts: that is, deployable components your organization produces, enabling them to be installed by common package managers (like npm or pip) without requiring you to publish them in the public repositories. But they also can serve as a proxy to upstream package registries; and most products in this class allow you to set policies that serve as a filter for installing public packages. That means that when a developer or a build system runs a command like <code>npm install &lt;package_name><\/code>, instead of the npm command downloading from the public NPM registry, it will download from your cache system instead.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"743\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-before-after.drawio-1024x743.png\" alt=\"\" class=\"wp-image-107000\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-before-after.drawio-1024x743.png 1024w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-before-after.drawio-300x218.png 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-before-after.drawio-768x557.png 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-before-after.drawio-807x585.png 807w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-before-after.drawio-400x290.png 400w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-before-after.drawio.png 1310w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Inserting a private registry as a proxy between developers and public registries like npm allows for protective policy enforcement<\/figcaption><\/figure>\n\n\n\n<p>At minimum, this package manager proxy feature will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>dramatically speed up your response time to supply-chain incidents<\/strong>: moving to a safe version can be as simple as re-building without code changes; and where it isn\u2019t, use of the affected item is automatically brought to developers\u2019 attention on next build, preventing the incident from spreading and driving remediation<\/li>\n\n\n\n<li>\n<strong>prevent supply-chain regressions<\/strong>: once a dangerous package or version is blocked, no one can make a new installation of it<\/li>\n\n\n\n<li>\n<strong>enable proactive control centrally<\/strong>: with identification systems (such as the Checkmarx MPIAPI) in place that can check package safety before fulfilling a request, you can defend your entire organization against malicious open-source packages in once place, reducing the risk that something malicious will slip through the cracks<\/li>\n<\/ul>\n\n\n\n<p>Remember our developer from the introduction? Her project installed <code>ngx-color@10.0.2<\/code>, one of the packages infected with the <em>Shai-Hulud<\/em> malware; she actually requested \u201cany version of <code>ngx-color<\/code> that\u2019s at least version <code>10.0.0<\/code>\u201d, and npm figured out that <code>10.0.2<\/code> was the newest version that matched.<\/p>\n\n\n\n<p>After cleaning up the infection, she had to go through her project and change any reference to that package. Easy enough if her application was the one asking for <code>ngx-color<\/code>; but if it was a <em>transitive<\/em> dependency \u2014 a package requested by another package our developer asked for \u2014 then that can be a significant effort.<\/p>\n\n\n\n<p>But what if her laptop had been set up to use, say, the organization\u2019s Artifactory server instead of the public npm? Unless there was a proactive defense plugin in place, she\u2019d still have gotten infected. But her post-cleanup task is much easier and much more reliable. She can ask the security team to block the malicious version <em>and just re-run the installation<\/em>. Now Artifactory will reject any request for <code>ngx-color@10.0.2<\/code> and provide the newest <em>safe<\/em> version instead. Even if something in her dependencies requests that version explicitly, the proxy will block the download and she\u2019ll be able to quickly determine where she needs to make a fix.<\/p>\n\n\n\n<p>And now that it has been blocked within Artifactory, no one else in the organization will be able to install it, meaning that the spread is stopped and regressions have been prevented. All it takes to make this the experience across the organization is setting up the proxy features, pushing a configuration to build systems to make sure they use it, and blocking direct access to the public repositories. Then simply block any package or package version that poses too much risk to be permitted.<\/p>\n\n\n\n<p>Of course, <strong>we can make this better with proactive control<\/strong>. Remember that malicious packages can infect systems upon installation, so even though a proxy like this speeds the response and prevents regression, you still have an infection to clean up after. If Artifactory had <a href=\"https:\/\/checkmarx.com\/malicious-packages-identification-api\/\">our MPIAPI<\/a> plugin installed and configured, then when our developer tried to run npm install, the plugin would have noted that <code>ngx-color@10.0.2<\/code> was known to be malicious and refused to let the proxy deliver it to her machine in the first place.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\">\n<a><\/a>Proactively defend the SDLC everywhere you install packages<\/h2>\n\n\n\n<p>Developer workstations, CI\/CD systems, and any other system that builds and packages your applications for deployment or distribution are potential targets for malicious open-source packages. In some environments, where production systems install open-source dependencies directly, production servers and containers may also be at risk.<\/p>\n\n\n\n<p>Detecting the infection after it happens is an expensive way to operate; proactive defense is essential. This means using \u201cdry run\u201d or \u201csimulation\u201d features of package managers to determine what <em>would be <\/em>installed, checking to see if those packages or specific versions are malicious or suspicious, and blocking the installation in response. If the target system or container is prevented from installing packages without using your central package manager proxy, then proactive defenses in your proxy may be enough. Otherwise, individual systems become responsible for their own safety.<\/p>\n\n\n\n<p>Most major package managers have a way to generate a list of packages that would be installed; for a couple of examples:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<code>mvn<\/code> has the <code>-DdryRun=true<\/code> option<\/li>\n\n\n\n<li>\n<code>pip<\/code> has <code>--dry-run<\/code> as of pip 22.2; before that, <code>--no-install<\/code> may be available<\/li>\n\n\n\n<li>npm\u00a0 and yarn (which also accesses the NPM registry) both have <code>--dry-run<\/code> and <code>--package-lock-only<\/code>\n<\/li>\n<\/ul>\n\n\n\n<p>A build process that performs a dry run to get a list of packages that would be installed, then checks that against a database of malicious packages, can block the installation process before any malicious open-source packages are installed. And this works even if using the public registries, which makes it an excellent safety measure even when using a package manager proxy.<\/p>\n\n\n\n<div class=\"callout\"><p>I have an open-source project <tt>cx-mpicheck<\/tt> (<a href=\"https:\/\/github.com\/darrenpmeyer\/cx-mpicheck\">check it out on GitHub<\/a>) that serves as an example of how to do this efficiently with pip, poetry, npm, pnpm, and go-mod projects.<\/p><\/div>\n\n\n\n<p>Beyond that, a policy that delays the availability of new package versions a bit can be a valuable control. When using a package proxy, you can configure it so that new packages and new versions of existing packages don\u2019t become available to your organization for, say, 48 hours. This gives the security research community time to identify malicious content, package maintainers time to notice that they\u2019ve been compromised, etc.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"395\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-policy-block.drawio-1024x395.png\" alt=\"\" class=\"wp-image-107001\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-policy-block.drawio-1024x395.png 1024w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-policy-block.drawio-300x116.png 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-policy-block.drawio-768x296.png 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-policy-block.drawio-1536x592.png 1536w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-policy-block.drawio-400x154.png 400w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/proxy-policy-block.drawio.png 1635w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">A policy plugin can check the malicious package database via API call, blocking malicious packages; and enforce other policies, before deciding which packages to fetch and cache from the public registry<\/figcaption><\/figure>\n\n\n\n<p>None of this can ever be perfect, but it provides a valuable layer of defense. The delay increases the chance that malicious code will be identified and added to databases of malicious packages, and the proactive blocking of things on that database lowers the chance malicious code will appear on developer desktops or in your applications.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\">\n<a><\/a>Continuously monitor production and pre-production applications<\/h2>\n\n\n\n<p>Of course, no proactive defense is perfect. And defenses against malicious open-source packages are no different. Proactive defenses we\u2019ve talked about can fail in a few ways:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Malicious packages are installed before they are known to be malicious or suspicious<\/li>\n\n\n\n<li>A change to a build configuration or build system configuration may accidentally or intentionally bypass defenses<\/li>\n\n\n\n<li>Malicious packages may be installed in on an unmanaged system that still has access to sensitive data; this is most likely to happen in a containerized environment where use of approved, managed images is not adequately enforced<\/li>\n<\/ul>\n\n\n\n<p>Because of this, you still need a reactive layer of defense. And the most sensible place to put this layer is within or alongside your SCA scans. The Checkmarx SCA scanner handles this at an enterprise level by enabling the Malicious Package Protection feature across your organization; other SCA systems may require adjustments to scan configurations or the addition of a separate malicious package scanner.<\/p>\n\n\n\n<p>Instrumenting SCA scans where they\u2019re sensible within your SDLC, which is most often on merges to deployable code branches and on a scheduled basis for those same branches, is already an important vulnerability management step. Including malicious package checks at the same time allows you to react to malicious packages that may have slipped through your preventive controls.<\/p>\n\n\n\n<p>If you have successfully deployed a package manager proxy as a sort of centralized \u201cchoke point\u201d for open-source dependencies, then you can also create a powerful layer of rapidly-reactive defenses by routinely checking your list of cached package versions to see if any represent malicious open-source packages. This can be done in two basic ways, depending on your selected tools:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Generate an SBOM file containing all your open-source dependencies, and run your malicious package detection tools against this file. Not all proxy products make this easy, unfortunately, but it is generally at least <em>possible<\/em>; though in some cases it may require some 3rd-party open-source tools to fully complete. The Checkmarx SCA tool with MPP can be used for this: just set up an SCA scan with MPP enabled and select the SBOM file as the source. The resulting report will include known vulnerabilities and malicious packages that are cached by your proxy.<\/li>\n\n\n\n<li>Generate a CSV or similar file containing the package repo name (like \u2018pypi\u2019 or \u2018npm\u2019), package name, and package version for each package version in your proxy\u2019s cache. Feed this to an API like the Checkmarx MPIAPI to identify any malicious open-source packages in the list.<\/li>\n<\/ol>\n\n\n\n<p>By routinely checking your projects and your centralized package manager proxy, you can quickly find out where you have a risk of infection in your organization and engage your response process.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-7\">\n<a><\/a>Putting it all together<\/h2>\n\n\n\n<p>To adequately defend your organization against open-source risks, establish proactive detection systems like the Checkmarx MPIAPI, reactive detection systems like Checkmarx SCA with MPP, and set up a package manager proxy like Artifactory (ideally with both proactive and reactive controls monitoring it) to speed up response times and centralize control. Delay the availability of newly-published packages and versions to your organization to provide a \u201cbuffer\u201d for security researchers to do their jobs. And familiarize yourself in depth with the threat of malicious open-source packages (start by reading <a href=\"https:\/\/checkmarx.com\/resources\/the-hidden-threat-of-malicious-open-source-packages-exec-summary\/\">an executive summary<\/a> and <a href=\"https:\/\/checkmarx.com\/the-hidden-threat-of-malicious-open-source-packages\/\">a free eBook<\/a> discussing the issue in depth, prepared by the experienced Checkmarx field teams).<\/p>\n\n\n\n<p>Let\u2019s look back at our developer story with this all in place. In a cozy apartment an hour outside of San Francisco, a developer grabs her second cup of tea, opens VSCode, pulls updates from GitHub for her current project, and runs <code>npm install<\/code>.  She receives an error from npm letting her know that <code>ngx-color@10.0.2<\/code> was requested but isn\u2019t found or was blocked by policy. The <em>Shai-Hulud<\/em> infection never happens. <\/p>\n\n\n\n<p>She runs something like  <code>npm remove ngx-color ; npm install ngx-color@~10.0.0 --save<\/code> and npm reaches back out to the proxy and gets the newest <em>safe<\/em> version of ngx-color in the 10.0.x tree (which happens to be <code>10.0.0<\/code> at that moment).<\/p>\n\n\n\n<p>She runs her tests and takes a moment to make a pull request to update the project with the new version of <code>ngx-color,<\/code> so her colleagues won\u2019t run into the same issue. <\/p>\n\n\n\n<p>She doesn\u2019t know that she was just protected from <em>Shai-Hulud<\/em>. She doesn\u2019t know that her whole team was saved too. She just fixed a small problem in her project and got on with her day. And that is a real win for the security team that set up the controls that protected against malicious open-source packages.<\/p>\n\n\n\n<style type=\"text\/css\">.cxzero-social{margin-top:1em;padding-top:1em;border-top:1px solid #121086;border-bottom:1px solid #121086;padding-bottom:1em}.cxzero-social p{padding-top:.8em}.cxzero-social .cxzero-social-links{margin-left:.8em}.cxzero-social .social-link{margin-left:.6em}.cxzero-social .social-button{padding:.6em;margin:.2em .2em .2em .2em;white-space:nowrap}.cxzero-social .social-button svg,.cxzero-social .social-link svg{vertical-align:middle;height:1.3em}.cxzero-social .social-button a,.cxzero-social .social-link a{text-decoration:none !important}<\/style> <div class=\"cxzero-social\">\n<p> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url={url}\" onload=\"\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"LinkedIn Icon\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> Share on LinkedIn<\/a><\/span> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/bsky.app\/intent\/compose?text=I%20just%20read%20%22{title}%22%20from%20Checkmarx%20Zero%20{url}\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Bluesky Icon\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> Share on Bluesky<\/a><\/span> <\/p>\n<p class=\"cxzero-social-links\">Follow <a href=\"\/zero\/\">Checkmarx Zero<\/a>: <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/www.linkedin.com\/showcase\/checkmarx-zero\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"Checkmarx Zero on LinkedIn\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-icon\" href=\"https:\/\/bsky.app\/profile\/checkmarxzero.bsky.social\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Checkmarx Zero on Bluesky\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/x.com\/CheckmarxZero\"><svg alt=\"Checkmarx Zero on X\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" viewbox=\"0 0 512 462.799\"><path fill-rule=\"nonzero\" d=\"M403.229 0h78.506L310.219 196.04 512 462.799H354.002L230.261 301.007 88.669 462.799h-78.56l183.455-209.683L0 0h161.999l111.856 147.88L403.229 0zm-27.556 415.805h43.505L138.363 44.527h-46.68l283.99 371.278z\"><\/path><\/svg> <\/a><\/span> <\/p> <script>function social_action_template(a){const b=encodeURIComponent(window.location.href);const c=document.querySelector(\"h1\");let headContent=(c==null?\"\":c.textContent);let processed=a.replace(\/\\{title\\}\/g,encodeURIComponent(headContent));processed=processed.replace(\/\\{url\\}\/g,b);return processed}var socialAction=document.getElementsByClassName(\"social-action\");console.log(socialAction);for(e=0;e<socialAction.length;e++){element=socialAction.item(e);console.log(element);element.href=social_action_template(element.href)};<\/script> <\/div>","protected":false},"excerpt":{"rendered":"<p>Malicious open-source packages like Shai-Hulud attack developers and infrastructure. But centralized package controls and API access to a malicious packages database can help protect you.<\/p>\n","protected":false},"author":137,"featured_media":107002,"template":"","zero-category":[1067,1176],"zero-tag":[1277,1113,1088,1071],"class_list":["post-106997","zero-post","type-zero-post","status-publish","has-post-thumbnail","hentry","zero-category-blog","zero-category-security-blogs","zero-tag-malicious-packages","zero-tag-open-source-supply-chain","zero-tag-software-supply-chain-security","zero-tag-supply-chain-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Protecting yourself against malicious open-source packages - Checkmarx<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Protecting yourself against malicious open-source packages - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"Malicious open-source packages like Shai-Hulud attack developers and infrastructure. But centralized package controls and API access to a malicious packages database can help protect you.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-27T18:37:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/\",\"url\":\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/\",\"name\":\"Protecting yourself against malicious open-source packages - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp\",\"datePublished\":\"2026-02-19T13:00:00+00:00\",\"dateModified\":\"2026-02-27T18:37:35+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp\",\"width\":2560,\"height\":1280,\"caption\":\"Digital illustration showing a hooded figure on a laptop with the Checkmarx logo. Arrows depict a security process: code scanning (checklist), private package registry, and a proxy shield blocking a skull and crossbones (malicious package) with a fiery burst. Checkmarx ZERO logo is visible.\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Protecting yourself against malicious open-source packages - Checkmarx","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/","og_locale":"en_US","og_type":"article","og_title":"Protecting yourself against malicious open-source packages - Checkmarx","og_description":"Malicious open-source packages like Shai-Hulud attack developers and infrastructure. But centralized package controls and API access to a malicious packages database can help protect you.","og_url":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-02-27T18:37:35+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/","url":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/","name":"Protecting yourself against malicious open-source packages - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp","datePublished":"2026-02-19T13:00:00+00:00","dateModified":"2026-02-27T18:37:35+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/zero-post\/protecting-yourself-against-malicious-open-source-packages\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_protect-malicious-packages.webp","width":2560,"height":1280,"caption":"Digital illustration showing a hooded figure on a laptop with the Checkmarx logo. Arrows depict a security process: code scanning (checklist), private package registry, and a proxy shield blocking a skull and crossbones (malicious package) with a fiery burst. Checkmarx ZERO logo is visible."},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post\/106997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/zero-post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/107002"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=106997"}],"wp:term":[{"taxonomy":"zero-category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-category?post=106997"},{"taxonomy":"zero-tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-tag?post=106997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}