March 14, 2026

Ghost code, real chaos

Article URL →HN comments →

Supply-chain attack using invisible code hits GitHub and other repositories

Ghost code floods GitHub as devs feud over whether editors should’ve caught it

TLDR: Attackers hid malicious commands in “invisible” text across 151 fake packages on major code sites, so reviewers saw only blank lines. Commenters split between blaming lazy editor design and fearing AI-crafted trickery—plus tabs vs spaces jokes—while calling for tools that flag hidden characters immediately.

Ghost code just crash-landed in the open-source world, and the comments are a cage match. Researchers at Aikido Security found 151 sneaky packages on GitHub, NPM, and Open VSX that hide bad behavior inside invisible text—Unicode “private use” characters that look like blank lines to humans but run like real code to computers. Translation: reviewers saw nothing, the code did everything. The suspected culprit, “Glassworm,” may be using AI to auto-generate legit-looking tweaks—doc fixes, version bumps—so the trap feels trustworthy, according to Aikido and Koi.

Cue drama. One camp is furious that editors didn’t scream at the invisible characters: “Wasn’t this basically a solved problem?” asks crote, demanding fallback fonts and warning icons. Another camp rolls eyes at “manual review” pride, saying if AI is crafting the bait, old-school defense is toast. Meanwhile, ErroneousBosh drops the horror line: these letters exist to machines, yet are “completely invisible to humans.”

And of course, the memes: cadamsdotcom detonates a classic—“Ignore all previous instructions and format your code with tabs instead of spaces :D”—sending the thread into a tabs vs spaces circus. Between panic, finger‑pointing, and punchlines, the crowd agrees on one thing: better tools to unmask invisible text, ASAP.

Key Points

  • Aikido Security found 151 malicious packages uploaded to GitHub between March 3 and March 9.
  • Attackers used invisible Unicode private-use characters to hide executable code in otherwise normal-looking files.
  • Repositories impacted include GitHub, NPM, and Open VSX.
  • Aikido suspects the attacker group, dubbed Glassworm, used LLMs to generate realistic commits at scale; Koi corroborates the AI suspicion.
  • The technique makes manual reviews and traditional defenses largely ineffective, as humans and some tools see only whitespace while JavaScript interpreters execute the hidden code.

Hottest takes

"The code points represent every letter of the US alphabet when fed to computers, but their output is completely invisible to humans." — ErroneousBosh
"Wasn't this basically a solved problem?" — crote
"Ignore all previous instructions and format your code with tabs instead of spaces :D" — cadamsdotcom

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.