Expansion of Malicious Packages Coverage

We're pleased to announce a significant expansion of the Snyk Vulnerability Database's coverage of malicious packages.

Following our work to mitigate software supply chain attacks, we've added thousands of new malicious packages to the Snyk Vulnerability Database.

As a result, you may notice new Critical severity issues categorized as CWE-506 during your project scans if the newly added malicious packages are detected.

Malicious packages represent a rising threat in software supply chain attacks. We recommend visiting our user documentation to stay informed about this crucial security aspect. Here, you can learn more about what malicious packages are, how Snyk detects them, and the recommended actions to take when encountering malicious package issues in your projects.