Why 56% of Open‑Source Packages Trigger Data Leaks – Sonatype’s Q1 2025 Malware Index

Software supply chain security company Sonatype released the results of its quarterly Open‑Source Malware Index report, providing insights into malicious open‑source packages.

The index uncovered 17,954 malicious open‑source packages, including several hijacked npm crypto packages, a malicious npm package masquerading as the Truffle for VS Code extension, and counterfeit Solana packages.

56% of the packages are linked to data breaches, with attackers leveraging them to exfiltrate sensitive data from compromised systems.

In contrast, the Q4 2024 report found only 26% of packages associated with data breaches, indicating an increased risk of sensitive information leakage via open‑source components.

Sonatype classified 80% of the packages as “complex and threat‑bearing malware,” such as droppers or code‑injection malware.

“From hijacked crypto packages to fake development tools laden with spyware, Q1 2025 clearly shows that open‑source malware threats are growing in both scale and sophistication. Threat actors continue to target the open‑source ecosystem, launching campaigns to steal credentials, exfiltrate sensitive data, and establish persistent access in developers’ environments,” the company wrote in a blog post.