The malicious npm package named crypto-encrypt-ts, which masqueraded as a legitimate revival of the widely used CryptoJS library, accumulated nearly 1,928 downloads before analysis revealed its stealthy, data-harvesting nature.
The malicious npm package named crypto-encrypt-ts, which masqueraded as a legitimate revival of the widely used CryptoJS library, accumulated nearly 1,928 downloads before analysis revealed its stealthy, data-harvesting nature. — This cybersecurity statistic was published by Sonatype in July 2025. It covers topics including Open source, Malicious packages. The original data appears in Open Source Malware Index Q2 2025. For the full methodology and detailed findings, refer to the original report.
Share or Copy this stat
Frequently Asked Questions
What does this statistic say?
The malicious npm package named crypto-encrypt-ts, which masqueraded as a legitimate revival of the widely used CryptoJS library, accumulated nearly 1,928 downloads before analysis revealed its stealthy, data-harvesting nature. This data was published by Sonatype and covers Open source, Malicious packages.
Where does this data come from?
This statistic comes from Open Source Malware Index Q2 2025, published by Sonatype on July 8, 2025. You can view the original report at https://www.sonatype.com/blog/open-source-malware-index-q2-2025.
What cybersecurity topics does this cover?
This statistic relates to Open source, Malicious packages. Browse more statistics on Open source or from Sonatype.