This week, Sonatype, a provider of AI-driven DevSecOps, unveiled the Q1 2026 Open Source Malware Index, identifying 21,764 malicious open source packages in the first quarter of the year, bringing the total logged since 2017 to 1,346,867.
The npm registry continues to be the target of most new malicious attacks, at 75%, with the quarter defined by credential theft, host reconnaissance, and staged payload delivery aimed at developer and CI/CD environments.
In the first three months of 2026, Sonatype observed the equivalent of one malicious package every six minutes. But the bigger story was how those attacks succeeded. Rather than relying on obvious deception, attackers increasingly used plausible packages, compromised release paths, and trusted software to gain access. Incidents such as the axios compromise and the Trivy/LiteLLM campaign showed how small changes inside trusted packages and release workflows can create outsized downstream risk.
The report found that 22% (~4,900) of Q1 malware exfiltrated host information, 19% (~4,200) stole secrets, and 16% (~3,500) set the stage for secondary payloads — clear signals that attackers are targeting developer machines and software delivery infrastructure for reusable access. These campaigns were built to capture tokens, keys, cloud credentials, and other secrets that can be reused across repositories, build systems, and production environments. SANDWORM_MODE, in particular, highlighted how open source malware is becoming more adaptive and better suited to spreading through developer and CI environments.
With npm seeing the equivalent of 46 malicious packages per day, the JavaScript ecosystem remained the leading distribution channel for open source malware in Q1. PyPI saw 18% of total malware in Q1, with other registries significantly lower, signalling that attackers are concentrating on the ecosystems that offer the greatest scale, speed, and downstream reach. For defenders, that means the most widely used registries remain some of the most attractive channels for malware delivery.
Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 2026 Open Source Malware Index and access additional software supply chain guidance, visit Sonatype Guide.