Comprehensive Analysis of Malicious Open-Source Software Packages in the Wild

Malicious open-source software packages play a central role in software supply chain attacks, and this study provides a comprehensive analysis of a large-scale dataset of 23,425 malicious packages from various online sources to understand their diversity, attack campaigns, and evolution.