Only 14% of previously compromised npm packages use modern security controls like Trusted Publishing.
Only 14% of previously compromised npm packages use modern security controls like Trusted Publishing. — This cybersecurity statistic was published by Endor Labs in May 2026. It covers topics including npm, Trusted Publishing, Package Security. The original data appears in Malware in Open Source Ecosystems. For the full methodology and detailed findings, refer to the original report.
Share or Copy this stat
Frequently Asked Questions
What does this statistic say?
Only 14% of previously compromised npm packages use modern security controls like Trusted Publishing. This data was published by Endor Labs and covers npm, Trusted Publishing, Package Security.
Where does this data come from?
This statistic comes from Malware in Open Source Ecosystems, published by Endor Labs on May 27, 2026. You can view the original report at https://www.endorlabs.com/research-report/2026-open-source-malware-research.
What cybersecurity topics does this cover?
This statistic relates to npm, Trusted Publishing, Package Security. Browse more statistics on npm or from Endor Labs.