KOI researchers have uncovered a set of vulnerabilities, collectively called “PackageGate,” in NPM, PNPM, VLT and Bun that could let attackers bypass supply chain protections and run malicious code hidden in dependencies. The flaws enabled six zero‑day bypasses of script blocking and lockfile integrity, with pnpm, vlt and Bun fixing the issues, while npm dismissed them as expected behaviour, according to Koi’s report.
The researchers note that disabling scripts and relying on lockfiles are not a complete defence, and that a package comprising a malicious git dependency can even bypass --ignore-scripts and spawn full remote code execution, as described in the evidence they collected. They also illustrate how PhantomRaven’s October campaign hid malware in invisible dependencies, gaining more than 86,000 downloads.
After informing the major package managers, npm reportedly refused to act while pnpm, vlt and Bun fixed the bugs within weeks, prompting public disclosure to help organisations reassess risk and consider safer options like pnpm or vlt, with recommendations to commit lockfiles and disable scripts, while keeping tools updated. January 28, 2026. according to Security Affairs’ Pierluigi Paganini.