Most malicious open source packages have moved beyond misspelling popular project names, instead disguising themselves as plausible plugins, configs and helpers that fit naturally into a developer’s workflow.
That is the central finding of new analysis by Sonatype, which examined 4309 malicious packages and found that 91% used naming-variant tactics rather than classic typosquatting. Only 9% depended on the spelling slips that traditional defenses are built to catch.
The shift matters because these packages are not harmless lookalikes. The most common behaviors were host and secrets exfiltration, followed by droppers and backdoors, turning a routine install into a route for credential theft and follow-on compromise.
Borrowing the Language of Real Code
Rather than copying a trusted name letter-for-letter, attackers now increasingly build names that look adjacent to a legitimate project.
Sonatype recorded suffix addition as the single most common tactic, accounting for 43.6% of cases, alongside prefixes, embedded target terms, dependency-confusion patterns and version mimicry.
These names work because they feel routine. Developers expect popular frameworks to carry a long tail of plugins, software development kits (SDKs), wrappers and scoped modules, so terms like plugin, config and sdk rarely trigger suspicion, giving attackers room to hide multi-stage behavior in plain sight.
“Typosquatting is table stakes now,” said Brian Fox, CTO and co-founder of Sonatype. He added that attackers are copying the language, structure and habits of real software ecosystems, and that a malicious package may already sit on a developer machine by the time it has built a reputation.
Targeting Trusted Ecosystems
The activity clusters where adjacent packages are already common.
React was the most-targeted ecosystem with 540 malicious packages, ahead of the ESLint plugin and config ecosystem and Tailwind’s library of add-ons, with crypto and DeFi tooling also featuring heavily.
Read more on similar threats: Researchers Uncover 454,000+ Malicious Open Source Packages
Sonatype also pointed to evidence of industrialization, with the same naming tactics, infrastructure and identities reused across multiple package families rather than appearing as one-off attempts. Defenders, the cybersecurity vendor argued, should assess suspicious packages at the campaign and publisher levels, not one package at a time.
The takeaway for security teams is that typo detection and static reputation checks are no longer enough. Sonatype urged organizations to add friction for first-seen dependencies, scrutinize anything that looks framework-adjacent and weigh naming patterns and publisher behavior before a component enters the build.
