The Weekly Dependency Threat Report: 2026-07-11
This weekly list covers the ten most significant malicious or compromised packages recently observed in public registries. 1. @andrewstory18/is-real-odd (npm) * Package: https://www.npmjs.com/package/@andrewstory18/is-real-odd * Severity: high * Affected versions: all * Downloads: 1463379 * First seen: 10 July 2026 at 08:52 UTC Malicious package detected. Behaviors: install-time execution. 2. @injectivelabs/sdk-ts (npm) * Package: https://www.npmjs.com/package/@injectivelabs/sdk-ts
Read more
13 July 2026
4 min read