The Numbers Are Accelerating
ReversingLabs published its 2026 Software Supply Chain Security Report with a headline finding: malicious packages across open-source registries increased 73% year-over-year. The growth is not evenly distributed. npm and PyPI account for the majority of the increase, driven by the low cost of publishing packages, the high value of developer credentials, and the scale of the ecosystems. npm alone hosts over 2.5 million packages. The percentage that are malicious is growing faster than the registry's own growth rate.
This is not a new trend, but the acceleration is new. The 2024 report documented a 28% increase. The 2025 report documented 49%. The 2026 number — 73% — reflects an attacker ecosystem that has industrialized. Malicious package campaigns now use automation, AI-generated naming variations, and multi-registry targeting. The TanStack attack, the Atomic Arch attack, and the Shai-Hulud worm family are the high-profile cases. Underneath them, thousands of low-profile malicious packages are published and downloaded daily.
The Dependency Tree Multiplier
A framework's exposure to supply chain attacks is a function of its dependency count. Every direct dependency pulls in transitive dependencies, each of which is a trust relationship with an external maintainer and publishing pipeline. A React application with 50 direct dependencies typically resolves to 800-1,200 transitive dependencies in node_modules. A Next.js project starts above 1,000 before any application code is written.
When malicious packages increase 73% in one year, the probability that at least one package in a large dependency tree is compromised increases correspondingly. This is not linear risk — it is combinatorial. An application with 100 dependencies faces a fundamentally different risk profile than one with 1,000 dependencies. The ReversingLabs data makes this concrete: the more packages you depend on, the more likely you are to depend on a malicious one.
WebPulse tracks dependency counts as a component of framework security scoring. The data is unambiguous. WordPress with its plugin ecosystem pulls in an average of 847 npm packages per site for frontend tooling alone. A Hugo site has zero npm dependencies. The attack surface difference is not incremental — it is categorical.
What the Attackers Are After
ReversingLabs categorized the malicious packages by payload type. Credential harvesting remains the dominant objective, accounting for 41% of malicious packages. Environment variable exfiltration — targeting AWS keys, API tokens, and database credentials — accounts for 28%. Cryptomining payloads dropped to 12%, reflecting attackers' recognition that developer machines contain more valuable assets than CPU cycles. Backdoor installation, enabling persistent access for future exploitation, accounts for 19%.
The credential harvesting focus is particularly relevant for web development teams. Modern web deployment pipelines store cloud provider credentials, database connection strings, API keys, and deployment tokens in environment variables accessible during the build process. A single malicious package in the dependency tree can harvest every credential available to the build environment. The blast radius extends from the compromised package to every service those credentials can access.
Minimal-Dependency Stacks: Structural Immunity
Not every web framework inherits the npm supply chain risk at the same scale. Hugo is a single Go binary with zero npm, PyPI, or other package registry dependencies. A Hugo site is structurally immune to npm supply chain attacks because it does not participate in the npm ecosystem. Astro, while Node.js-based, has invested in reducing its dependency footprint and ships minimal JavaScript to production. Static site generators that complete their work at build time and produce plain HTML eliminate the runtime supply chain surface entirely.
On the other end of the spectrum, frameworks that encourage extensive plugin ecosystems amplify the supply chain risk. WordPress's 60,000+ plugins are not npm packages, but the WordPress frontend tooling ecosystem — Webpack, Babel, PostCSS, and their transitive dependencies — pulls hundreds of npm packages into every development and build environment. Drupal's JavaScript modernization similarly expanded its npm dependency surface. The framework's architectural decisions determine how much of the 73% growth in malicious packages translates into organizational risk.
Registry Defenses Are Not Keeping Pace
npm has invested in package provenance, mandatory 2FA for high-impact packages, and automated malware scanning. PyPI has implemented trusted publishers and attestation frameworks. These measures are real and meaningful. They are also insufficient against the scale of the problem. The 73% growth rate means attackers are publishing malicious packages faster than registries can detect and remove them. The median time-to-detection for a malicious npm package is still measured in days, not minutes. In the TanStack attack, the malicious packages were live for long enough to reach 160+ organizations.
SLSA provenance, the most advanced supply chain integrity framework available, was defeated in the TanStack attack. Sigstore attestations verify that a package came from a specific build pipeline but cannot verify that the build pipeline itself is uncompromised. The registry-level defenses are necessary, but they create a false sense of security for organizations that treat them as sufficient. The 73% number is the growth rate despite these defenses.
The Framework Selection Imperative
For executives evaluating web technology decisions, the ReversingLabs data reframes framework selection as a supply chain risk management exercise. Dependency count is not a developer convenience metric — it is an attack surface measurement. Every dependency is a trust relationship with an external entity whose security posture you do not control. At a 73% annual growth rate in malicious packages, the probability of encountering a compromised dependency is no longer theoretical. It is actuarial.
Organizations that choose minimal-dependency frameworks are not just reducing build complexity. They are reducing the number of external trust relationships their security depends on. In a supply chain threat landscape growing at 73% annually, fewer dependencies is not a preference. It is a defense strategy.
