Popularity signals can be manipulated, and they do not prove package integrity or safe behaviour. A malicious dependency only needs to land in a CI/CD pipeline, base image, or reusable module to create wide blast radius. Security teams should verify provenance, inspect execution paths, and treat third-party trust as an ongoing control, not a one-time review.
Why This Matters for Security Teams
Package popularity is a weak trust signal because it measures adoption, not integrity, intent, or operational safety. A widely used dependency can still be malicious, compromised, or simply too powerful for its actual use case. The risk is not abstract: once a package enters CI/CD, a base image, or a shared build module, it can inherit execution authority that far exceeds what popularity was meant to imply. The OWASP Non-Human Identity Top 10 frames this as a trust and privilege problem, not a download-count problem.
NHIMG research shows how quickly this becomes real in supply-chain incidents such as the LiteLLM PyPI package breach and the Shai Hulud npm malware campaign, where trusted distribution paths amplified impact. Popularity also says nothing about whether a package is signed, reproducible, or behaving as expected at runtime. In practice, many security teams encounter compromise only after a dependency has already been promoted through pipelines and inherited by dozens of downstream services.
How It Works in Practice
Modern software supply chains need stronger evidence than “lots of people use it.” Security teams should verify package provenance, inspect what the dependency actually executes, and constrain where it can run. That means checking whether artifacts are signed, whether the build is reproducible, whether the maintainer identity is verified, and whether the dependency request matches an approved purpose. The relevant control question is not “Is it popular?” but “Can this package prove what it is and why it is here?”
Operationally, that typically means combining several controls:
- Require provenance and signature verification before promotion into production.
- Pin versions and lock transitive dependencies so new code cannot appear silently.
- Scan for unexpected install scripts, post-install hooks, and network calls.
- Limit build and runtime permissions so a package cannot reach secrets or internal tooling by default.
- Track SBOM data and compare it against approved package sources and maintainers.
For identity-centric governance, this aligns with the 52 NHI Breaches Analysis, which highlights how non-human trust fails when credentials, automation, and dependency chains are treated as static and benign. The same logic applies to package ecosystems: a benign-looking package can become an execution path into secrets, tokens, or privileged build agents. Current guidance suggests using policy-as-code and runtime checks rather than one-time approval gates, because package reputation changes over time. These controls tend to break down when organisations allow automatic dependency updates into privileged pipelines without re-validating provenance and execution behaviour.
Common Variations and Edge Cases
Tighter supply-chain controls often increase build friction and maintenance overhead, requiring organisations to balance delivery speed against the cost of false positives and manual reviews. That tradeoff is real, especially in fast-moving teams that rely on many small open-source libraries.
Best practice is evolving for cases where package popularity is not just irrelevant but actively misleading. For example, a package may be widely adopted but maintain a small, vulnerable core team; or it may be safe in one context and dangerous in another because its install scripts, plugins, or optional features are the real attack surface. Popularity also breaks down in private registries and internal package mirrors, where “trusted” may only mean “already mirrored,” not “continuously validated.”
For teams working with shared runners, reusable templates, or AI/automation pipelines, the risk multiplies because a single dependency can inherit broad non-human privilege. NHI governance should therefore focus on how the package is authenticated, how it is executed, and what it can reach, not on install counts alone. In that sense, popularity is at best a weak screening factor and at worst a false comfort signal. The Reviewdog GitHub Action supply chain attack is a good reminder that trusted automation is often the shortest path to widespread exposure.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Popular packages can still be untrusted NHI dependencies. |
| NIST CSF 2.0 | PR.DS-6 | Supply-chain integrity depends on verifying software and dependencies. |
| NIST AI RMF | Trust in autonomous software supply chains needs ongoing risk evaluation. |
Continuously assess dependency risk and document control effectiveness as conditions change.
Related resources from NHI Mgmt Group
- How do attackers turn a supply-chain incident into wider NHI compromise?
- How should teams reduce risk from malicious npm package installs?
- How should security teams reduce supply chain risk in GitHub-based development pipelines?
- What breaks when third-party access is not tightly governed in supply chain environments?
