JFrog report recaps a tumultuous year in supply chain security
JFrog's 2025 report, covered by The New Stack, details a year of record-breaking code package growth and fundamental changes in software supply chain architecture. The report notes that the number of packages in public repositories surged, with npm alone seeing a 40% increase. This proliferation has made dependency management more complex, exposing organizations to higher vulnerability risks. A concrete example: the report found that 1 in 10 packages had known vulnerabilities, up from 1 in 15 the previous year. The shift in architecture includes increased use of AI-generated code, which introduces new security challenges. JFrog recommends automated security scanning and policy enforcement to mitigate risks.
Developers face increased vulnerability exposure due to record package growth and AI-generated code.