What is invisible code in a supply chain attack?

Malicious code hidden using Unicode characters that don't display in editors or terminals but execute when interpreted by compilers or runtimes. It allows attackers to embed payloads in otherwise legitimate-looking packages.

Can I detect invisible code in my dependencies?

Manually? No. With tools? Maybe, but you'd need specialized Unicode obfuscation detection that most organizations don't currently run. Your standard code review won't catch it.

Is my project at risk from Glassworm?

If you're running packages from GitHub, NPM, or Open VSX, theoretically yes. Aikido found 151 malicious packages in a single week. Regular dependency audits and being cautious about new or obscure packages help, but there's no silver bullet.

🔒 Security & Privacy

Invisible Code Is Now Flooding GitHub. Your Code Review Won't Catch It.

A new supply-chain attack is hiding malicious code in plain sight using invisible Unicode characters. Traditional defenses? Completely useless.

Open Source Beat Apr 03, 2026 5 min read 18 views

Abstract visualization of hidden code layered beneath visible legitimate source code, with Unicode characters highlighted

⚡ Key Takeaways

151 malicious packages using invisible Unicode characters evaded detection across GitHub, NPM, and Open VSX in March 2024 𝕏
Traditional code reviews and static analysis tools fail against invisible code because the malicious payload doesn't appear on screen 𝕏
An LLM-powered attack group called Glassworm is likely behind the coordinated campaign, generating convincing legitimate-looking changes at scale 𝕏

Published by

Open Source Beat

Community-driven. Code-first.

#github-security #invisible-code #malicious-packages #open source security #supply-chain-attack #unicode-obfuscation

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by Ars Technica - Tech

⚡ Key Takeaways

The 60-Second TL;DR

Open Source Beat

Share this article

Worth sharing?

Related Stories

Trivy's Poisoned Release: One Malicious Version Hits Thousands of Pipelines

Anthropic's One-Line Fumble Leaks Billions in Code

The Trivy Supply Chain Ambush: How a Vulnerability Scanner Became the Attack Vector

How TeamPCP's Self-Propagating Worm Turned Open Source Into a Backdoor Factory

Stay in the loop