Back to Markets
OTHERLIVEnpmPyPIOpen SourcePackage RegistryDependency

Will a malicious npm or PyPI package with 500k+ monthly downloads be publicly discovered in 2026?

42%
YES
58%
NO
0 predictions
YES
NO
75%60%45%30%
30d25d20d15d10d5dnow

Market Overview

Supply chain attacks through open-source package registries have escalated significantly. The XZ Utils backdoor (2024) and numerous typosquatting campaigns have targeted npm and PyPI. This market forecasts whether a malicious package that achieved significant adoption (500k+ monthly downloads) will be discovered and publicly disclosed in 2026.

Resolution Criteria

Resolves YES if: A security researcher, registry security team, or vendor publicly discloses a malicious package on npm or PyPI that had achieved 500,000 or more monthly downloads at the time of discovery before 2026-12-01.

Market Info

ClosesNovember 30, 2026
CreatedJun 9, 2026
CategoryOther
Created by@admin
Creator accuracy100%
ResolutionCommunity vote + moderator
StatusLIVE

MARKET STATS

Total Predictions0
ClosesNovember 30, 2026
ResolutionCommunity + Moderator
CategoryOther
Beta Feedback