Build automation, not developers, was the target. A coordinated npm campaign identified by Sonatype involved 176 malicious packages using inflated semantic versions — many set to 99.99.99 — engineered to win package resolution races against internal enterprise dependencies.
The version number is the tell. Most malicious package campaigns try to deceive developers; this one bypassed them entirely. By publishing packages with versions like 99.99.99, 10.10.10, and 11.11.11 and naming them to match plausible internal package names, the attackers exploited a structural property of package managers: when an unscoped resolution occurs, the higher semantic version wins.
The technique is called dependency confusion. If an enterprise package manager queries public registries before private ones, or lacks namespace protections, the attacker's package gets fetched and installed automatically — without any developer making a deliberate choice to run it.
Sonatype's researchers found 176 coordinated packages containing postinstall scripts that executed on installation, fingerprinted the host, then downloaded platform-specific payloads for Windows, macOS, and Linux. The second-stage binaries targeted CI/CD secrets, authentication tokens, environment variables, and cloud credentials. Russian-language comments appeared in portions of the code. Some Linux and macOS binaries had existing antivirus detections; the Windows payload did not, at time of publication.
This campaign shows how software supply chain attacks have evolved beyond tricking developers and into manipulating the automation developers rely on every day. The attackers are aiming to trick the developers system into automatically downloading a component with an extremely high version number like 99.99.99 named similarly to their internal components. What makes this dangerous is that modern build systems execute enormous amounts of third-party code automatically and without oversight, during installation. Once a malicious package reaches a developer workstation or CI pipeline, it is too late. The attacker is hunting for the most valuable assets in the environment: credentials, signing keys, cloud access, and deployment tokens. The bigger lesson is that software supply chain defence has to happen before components enter the build process. After a postinstall script starts beaconing credentials out of a CI environment, organisations are already operating in incident response mode.
The campaign, tracked as Sonatype-2026-003429, has not yet been formally attributed. The coordinated infrastructure and shared behavioural patterns across all 176 packages suggest automation and deliberate targeting rather than opportunistic experimentation.
For teams that installed any of the 176 packages, Sonatype recommends treating the affected host as potentially compromised, rotating all exposed credentials, auditing CI/CD secrets, and reviewing internal namespace protections. The full list of affected packages is available via Sonatype's advisory.
