AI Has Taken Over Open Source
AI-generated packages surge exponentially on npm, reshaping open source production and consumption.
Summary
Socket's analysis reveals AI coding tools have fundamentally transformed npm's ecosystem, driving a 10x increase in package creation since January 2026, identifiable by linguistic markers like em dashes. Simultaneously, AI-generated pull requests are overwhelming maintainers, while AI-driven dependency selection has made the software supply chain largely automated and opaque, creating significant supply-chain security risks that require automated scanning rather than manual review.
Full text
Security Newsnpm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registrynpm invalidated all granular access tokens that bypass 2FA after a fresh Mini Shai-Hulud wave compromised 323 npm packages. Staged publishing also entered public preview.By Sarah Gooding - May 21, 2026