Security researchers have uncovered 151 malicious packages across GitHub and other code repositories - and the attack vector is genuinely clever. These packages use invisible Unicode characters to hide executable code from code review tools, editors, and even human inspections.
The technique exploits a fundamental assumption in software development: that what you see in your editor is what gets executed. Turns out, that's not always true.
How the Attack Works
The malicious packages use zero-width Unicode characters - invisible glyphs that don't render in most text editors or terminal windows. By embedding these characters strategically, attackers can hide entire blocks of executable code that traditional code review processes simply don't catch.
Think of it like writing a secret message in invisible ink. The code looks clean in your editor, passes visual inspection, and might even pass automated scanning tools - but when it executes, the hidden instructions run alongside the visible code.
What makes this particularly concerning is how it bypasses the human element. Developers reviewing pull requests or inspecting dependencies won't spot the malicious code because it's literally invisible in their tools. The attack doesn't rely on exploiting a software vulnerability - it exploits how we display and review code.
What This Means for Developers
For anyone maintaining software dependencies, this is a wake-up call. The supply-chain trust model assumes you can see what you're importing. This attack proves that assumption wrong.
Practically speaking: if you're pulling in packages from public repositories, you can't rely on visual inspection alone. Your editor might be lying to you - not because it's compromised, but because it's faithfully rendering (or not rendering) exactly what the Unicode specification tells it to.
The real-world impact? Any organisation using affected packages could be running malicious code without knowing it. The invisible characters make traditional security audits less effective, and automated tools that rely on text parsing might miss the attack entirely.
The Bigger Pattern
This isn't the first supply-chain attack we've covered, and it won't be the last. What's shifting is the sophistication of the techniques. Attackers are moving beyond simple typosquatting (registering packages with similar names) to exploit deeper assumptions about how code works.
The researchers behind this discovery haven't named the specific packages yet - likely to give affected organisations time to patch - but the technique itself is now public knowledge. That means defenders need to update their tooling, and fast.
For developers and security teams, the takeaway is clear: trust, but verify. And make sure your verification tools can actually see what they're verifying. Tools that normalise Unicode before analysis, or flag non-standard characters, become essential rather than optional.
Read the full research on Ars Technica
The invisible code attack is a reminder that security isn't just about what you can see - it's about understanding the layers between what you see and what actually runs. And right now, that gap is wider than many developers realise.