ACCORDING to Aikido Security, researchers have identified a supply-chain attack that floods repositories with malicious packages containing invisible code, a technique designed to defeat conventional defences. They found 151 malicious packages uploaded to GitHub from 3 March to 9 March, with other affected platforms including npm and the VS Code marketplace.
The attackers use selective code that appears normally in editors, while the malicious functions are rendered in Unicode characters invisible to humans, making manual reviews less effective. The packages appear legitimate in their visible portions, with realistic documentation changes and version bumps masking the hidden payloads that are decoded at runtime and executed via eval.
The researchers, who call the attack group Glassworm, suggest the group may be using large‑language models to generate bespoke changes, and fellow firm Koi has been tracking the same activity. Since finding the new round of packages, similar instances have been detected across npm and Open VSX, emphasising the need for careful scrutiny of dependencies before incorporation. The article about the findings was published on 13 March 2026.