Sonatype says it has identified more than 454,000 malicious open source packages so far in 2025, a surge the company describes as evidence that open source malware has become industrialized rather than opportunistic. The packages were found across major ecosystems used by developers and enterprises, including npm, PyPI, Maven Central, and NuGet.
According to Sonatype, attackers are increasingly using automation to publish lookalike packages, poison dependency chains, and push malicious updates at scale. Common tactics include typosquatting, dependency confusion, and abuse of install-time scripts to steal credentials, exfiltrate secrets, or fetch second-stage malware. The report does not point to a single CVE; instead, it tracks a broad supply-chain threat trend across public package registries.
The scale matters because these repositories sit directly in software build pipelines. A malicious package can reach developer workstations, CI/CD systems, and production applications through routine dependency installs. If tokens or cloud credentials are exposed, the damage can extend well beyond a single machine to source code theft, account takeover, and downstream compromise of customers.
Sonatype argues that public registries should now be treated as hostile-by-default sources, with organizations enforcing tighter controls over what dependencies can be pulled into builds. Recommended defenses include allowlisting approved packages, pinning versions, using private mirrors or proxy registries, scanning dependencies for malware, and limiting automatic script execution during installs. For remote developers working across public networks, basic protections such as a VPN may help reduce exposure, but they do not address the core software supply-chain risk.
The findings add to a multi-year rise in open source package abuse, but the 2025 figure suggests attackers are now operating with assembly-line efficiency. For defenders, the message is straightforward: package trust can no longer be assumed, even when software comes from widely used public registries.
