Back to Markets
OTHERLIVEnpmPyPIOpen SourcePackage RegistryDependency
Will a malicious npm or PyPI package with 500k+ monthly downloads be publicly discovered in 2026?
42%
YES
58%
NO
0 predictions
YES
NO
75%60%45%30%
30d25d20d15d10d5dnow
Market Overview
Supply chain attacks through open-source package registries have escalated significantly. The XZ Utils backdoor (2024) and numerous typosquatting campaigns have targeted npm and PyPI. This market forecasts whether a malicious package that achieved significant adoption (500k+ monthly downloads) will be discovered and publicly disclosed in 2026.
Resolution Criteria
Resolves YES if: A security researcher, registry security team, or vendor publicly discloses a malicious package on npm or PyPI that had achieved 500,000 or more monthly downloads at the time of discovery before 2026-12-01.
Market Info
ClosesNovember 30, 2026
CreatedJun 9, 2026
CategoryOther
Created by@admin
Creator accuracy100%
ResolutionCommunity vote + moderator
StatusLIVE
MARKET STATS
Total Predictions0
ClosesNovember 30, 2026
ResolutionCommunity + Moderator
CategoryOther
CREATED BY
A
@admin
Platform Admin · 100% acc