Code Insight Expands to Uncover Risks Across the Software Supply Chain

This report describes Code Insight's new capability to analyze a broad set of software supply-chain formats (CRX, XPI, VSIX, WHL, NPM, PyPI) and documents multiple real-world malicious samples and insecure packages that enable credential/cookie theft, man-in-the-browser attacks, remote code execution, backdoors/RATs, and insecure install/telemetry patterns, providing file hashes and technical behavior for detection and mitigation.