Dev.to
6/15/2026

52,000 packages passed every security check. Chainguard blocked them anyway.
Short summary
Chainguard's new scanner identified 52,000 npm packages that pass all standard security scans yet secretly harvest credentials, steal cookies, establish backdoors, or export API keys. This emerging threat category—'greyware'—is transparent about functionality but malicious in practice, unlike traditional hidden malware. Agentic development has eliminated human dependency review; auto-pulled packages now pose critical supply-chain risk.
- •52,000 npm packages pass security scans but perform hidden harmful actions (credential theft, backdoor installation, API key export)
- •Greyware is a new threat: transparent behavior with malicious intent, requiring scanners to evaluate purpose alongside function
- •AI agents auto-pulling dependencies have eliminated human oversight, making supply-chain security a critical control point
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



