Socket
Socket
Sign inDemoInstall

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Protecting the best engineering teams in the world

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

react


react-bot published 18.3.1 •
jquery


timmywil published 3.7.1 •
left-pad


stevemao published 1.3.0 •

We protect you from vulnerable and malicious packages

cors-typescript-client

99.10.9

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

socpalz

0.0.1

by yousuf_discord

Live on npm

Blocked by Socket

The code is downloading data from https://members-hub.store/linkbyauth?pass=[PASSWORD]. It then uses the response to make another request to download more code. The downloaded code is stored in this._files. The load_FromPath method uses eval() to execute the downloaded code.

@urbandictionary/aws

377.2.23

by neversummer.69

Live on npm

Blocked by Socket

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

demo-store

2.99.99

by justtest0

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious intent, as it collects sensitive information and sends it to an external server without user consent, which is a typical behavior of malware designed for data exfiltration. The hardcoded server domain and the lack of any legitimate purpose for this data collection further support the conclusion that this code is part of a supply chain attack.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

nexon-js

4.6.6

Live on npm

Blocked by Socket

The code contains obfuscated portions that could potentially conceal a malicious payload. While the majority of the code seems to provide legitimate utility functions, the obfuscation and potential for hidden malicious code cannot be ignored. Careful deobfuscation and further analysis would be needed to conclusively determine the safety of the package.

lit-3

3.1.4

by erhan_bounty

Removed from npm

Blocked by Socket

The source code is performing malicious activities by collecting system information and sending it to a remote server via DNS queries. This behavior indicates data exfiltration and poses a significant security risk.

Live on npm for 3 hours and 27 minutes before removal. Socket users were protected even while the package was live.

telegraf-node

4.0.8

by jordie.burdie

Live on npm

Blocked by Socket

The code is using telegram bot to run arbitary command using eval().

jijmodeling

0.8.12

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

diuser

0.0.1

by True_Hell

Live on pypi

Blocked by Socket

The code is potentially dangerous as it downloads and executes an arbitrary file without proper verification. It also suppresses SSL certificate verification, which is a security risk. The code lacks proper error handling as well.

material-ui-plugin-styles-provider-cache

2.99.0

by caweve5902

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

visitor-ui-component-library-icons

16.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

nexon-js

4.6.5

by nexonnjs

Live on npm

Blocked by Socket

The code contains obfuscated portions that could potentially conceal a malicious payload. While the majority of the code seems to provide legitimate utility functions, the obfuscation and potential for hidden malicious code cannot be ignored. Careful deobfuscation and further analysis would be needed to conclusively determine the safety of the package.

@smule/server

890.1.17

by neversummer.69

Live on npm

Blocked by Socket

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

@testdha0101/react-v1

1.0.3

Removed from npm

Blocked by Socket

The script is pinging three different domains which may indicate that the package is attempting to communicate with a remote server or perform some sort of network-related operation. The domains themselves appear to be suspicious and could potentially be associated with malicious activity. This is a high risk and should be investigated further.

Live on npm for 18 hours and 46 minutes before removal. Socket users were protected even while the package was live.

@hrsites/fb-with-city-suggests

4.766.0

Live on npm

Blocked by Socket

The code exhibits suspicious behavior by collecting environment variables and sending them to an obfuscated remote server. This poses a significant security risk as it may lead to data theft. The obfuscation of the host address further indicates potential malicious intent.

jijmodeling

0.9.27

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

unieap-spring

6.0.4

by hktalent

Removed from npm

Blocked by Socket

The script is potentially harmful as it collects detailed system information and executes an obfuscated script with eval(). This could lead to various types of attacks depending on the content of the obfuscated string. Therefore, using this script without understanding the decompressed content of the obfuscated string is risky and should be avoided.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

nintendo-eshop-qr-codes-for-free-games489

1.0.2

by muhammadharunmiya44

Removed from npm

Blocked by Socket

The script shows clear signs of malicious intent or could be used in harmful ways, primarily through automated spamming or potential unauthorized content manipulation. The hard-coded credentials and the automated, hidden nature of operations (like file deletion and infinite loops) suggest a high security risk.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

unilin

9999.10.9

by obernstein1337

Removed from npm

Blocked by Socket

This script performs potentially malicious actions by performing DNS lookup and downloading a file from a remote server. It is highly suspicious and poses a significant security risk.

Live on npm for 5 hours and 35 minutes before removal. Socket users were protected even while the package was live.

new-stumble-guys-gems-generator-how-to-get-free263

1.0.2

by muhammadharunmiya44

Removed from npm

Blocked by Socket

The script exhibits potentially malicious behavior, such as creating and publishing a large number of npm packages and posting links to WordPress sites. The hardcoded credentials and use of subprocess for npm publish are significant security risks. While the intent may be to automate content creation and posting, the scale and method raise concerns of abuse and potential harm.

Live on npm for 1 hour and 6 minutes before removal. Socket users were protected even while the package was live.

@productiv/compass

12.0.5

by productiv

Removed from npm

Blocked by Socket

The code collects system information and sends it over HTTPS to a specific hostname. It also disables TLS certificate validation. The purpose and intentions behind collecting and sending this information are not clear from the provided code fragment.

Live on npm for 1 day, 4 hours and 45 minutes before removal. Socket users were protected even while the package was live.

priv-pack

1.0.0

by natalyam455

Removed from npm

Blocked by Socket

The code is highly suspicious due to its obfuscation and behavior of gathering system information and performing a DNS lookup on a constructed domain. This can be considered a form of data exfiltration and poses a security risk.

Live on npm for 1 day, 21 hours and 14 minutes before removal. Socket users were protected even while the package was live.

kasms

1.0.15

by psych0124

Removed from npm

Blocked by Socket

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

sendtelegram

1.0.0

by oeildefaucon

Removed from npm

Blocked by Socket

The script downloads an executable file (app.exe) from a remote server and then launches it. This behavior can introduce potential security risks if the downloaded file is malicious.

Live on npm for 6 days, 8 hours and 30 minutes before removal. Socket users were protected even while the package was live.

xbox-steam-card-today450

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

cors-typescript-client

99.10.9

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

socpalz

0.0.1

by yousuf_discord

Live on npm

Blocked by Socket

The code is downloading data from https://members-hub.store/linkbyauth?pass=[PASSWORD]. It then uses the response to make another request to download more code. The downloaded code is stored in this._files. The load_FromPath method uses eval() to execute the downloaded code.

@urbandictionary/aws

377.2.23

by neversummer.69

Live on npm

Blocked by Socket

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

demo-store

2.99.99

by justtest0

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious intent, as it collects sensitive information and sends it to an external server without user consent, which is a typical behavior of malware designed for data exfiltration. The hardcoded server domain and the lack of any legitimate purpose for this data collection further support the conclusion that this code is part of a supply chain attack.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

nexon-js

4.6.6

Live on npm

Blocked by Socket

The code contains obfuscated portions that could potentially conceal a malicious payload. While the majority of the code seems to provide legitimate utility functions, the obfuscation and potential for hidden malicious code cannot be ignored. Careful deobfuscation and further analysis would be needed to conclusively determine the safety of the package.

lit-3

3.1.4

by erhan_bounty

Removed from npm

Blocked by Socket

The source code is performing malicious activities by collecting system information and sending it to a remote server via DNS queries. This behavior indicates data exfiltration and poses a significant security risk.

Live on npm for 3 hours and 27 minutes before removal. Socket users were protected even while the package was live.

telegraf-node

4.0.8

by jordie.burdie

Live on npm

Blocked by Socket

The code is using telegram bot to run arbitary command using eval().

jijmodeling

0.8.12

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

diuser

0.0.1

by True_Hell

Live on pypi

Blocked by Socket

The code is potentially dangerous as it downloads and executes an arbitrary file without proper verification. It also suppresses SSL certificate verification, which is a security risk. The code lacks proper error handling as well.

material-ui-plugin-styles-provider-cache

2.99.0

by caweve5902

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

visitor-ui-component-library-icons

16.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

nexon-js

4.6.5

by nexonnjs

Live on npm

Blocked by Socket

The code contains obfuscated portions that could potentially conceal a malicious payload. While the majority of the code seems to provide legitimate utility functions, the obfuscation and potential for hidden malicious code cannot be ignored. Careful deobfuscation and further analysis would be needed to conclusively determine the safety of the package.

@smule/server

890.1.17

by neversummer.69

Live on npm

Blocked by Socket

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

@testdha0101/react-v1

1.0.3

Removed from npm

Blocked by Socket

The script is pinging three different domains which may indicate that the package is attempting to communicate with a remote server or perform some sort of network-related operation. The domains themselves appear to be suspicious and could potentially be associated with malicious activity. This is a high risk and should be investigated further.

Live on npm for 18 hours and 46 minutes before removal. Socket users were protected even while the package was live.

@hrsites/fb-with-city-suggests

4.766.0

Live on npm

Blocked by Socket

The code exhibits suspicious behavior by collecting environment variables and sending them to an obfuscated remote server. This poses a significant security risk as it may lead to data theft. The obfuscation of the host address further indicates potential malicious intent.

jijmodeling

0.9.27

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

unieap-spring

6.0.4

by hktalent

Removed from npm

Blocked by Socket

The script is potentially harmful as it collects detailed system information and executes an obfuscated script with eval(). This could lead to various types of attacks depending on the content of the obfuscated string. Therefore, using this script without understanding the decompressed content of the obfuscated string is risky and should be avoided.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

nintendo-eshop-qr-codes-for-free-games489

1.0.2

by muhammadharunmiya44

Removed from npm

Blocked by Socket

The script shows clear signs of malicious intent or could be used in harmful ways, primarily through automated spamming or potential unauthorized content manipulation. The hard-coded credentials and the automated, hidden nature of operations (like file deletion and infinite loops) suggest a high security risk.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

unilin

9999.10.9

by obernstein1337

Removed from npm

Blocked by Socket

This script performs potentially malicious actions by performing DNS lookup and downloading a file from a remote server. It is highly suspicious and poses a significant security risk.

Live on npm for 5 hours and 35 minutes before removal. Socket users were protected even while the package was live.

new-stumble-guys-gems-generator-how-to-get-free263

1.0.2

by muhammadharunmiya44

Removed from npm

Blocked by Socket

The script exhibits potentially malicious behavior, such as creating and publishing a large number of npm packages and posting links to WordPress sites. The hardcoded credentials and use of subprocess for npm publish are significant security risks. While the intent may be to automate content creation and posting, the scale and method raise concerns of abuse and potential harm.

Live on npm for 1 hour and 6 minutes before removal. Socket users were protected even while the package was live.

@productiv/compass

12.0.5

by productiv

Removed from npm

Blocked by Socket

The code collects system information and sends it over HTTPS to a specific hostname. It also disables TLS certificate validation. The purpose and intentions behind collecting and sending this information are not clear from the provided code fragment.

Live on npm for 1 day, 4 hours and 45 minutes before removal. Socket users were protected even while the package was live.

priv-pack

1.0.0

by natalyam455

Removed from npm

Blocked by Socket

The code is highly suspicious due to its obfuscation and behavior of gathering system information and performing a DNS lookup on a constructed domain. This can be considered a form of data exfiltration and poses a security risk.

Live on npm for 1 day, 21 hours and 14 minutes before removal. Socket users were protected even while the package was live.

kasms

1.0.15

by psych0124

Removed from npm

Blocked by Socket

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

sendtelegram

1.0.0

by oeildefaucon

Removed from npm

Blocked by Socket

The script downloads an executable file (app.exe) from a remote server and then launches it. This behavior can introduce potential security risks if the downloaded file is malicious.

Live on npm for 6 days, 8 hours and 30 minutes before removal. Socket users were protected even while the package was live.

xbox-steam-card-today450

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

NPM Shrinkwrap

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

19 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoLearn more

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Dec 14, 2023

Hijacked cryptocurrency library adds malware

Widely-used library in cryptocurrency frontend was compromised to include wallet-draining code, following the hijacking of NPM account credentials via phishing.

Jan 06, 2022

Maintainer intentionally adds malware

Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.

Nov 15, 2021

npm discovers a platform vulnerability allowing unauthorized publishing of any package

Attackers could publish new versions of any npm package without authorization for multiple years.

Oct 22, 2021

Hijacked package adds cryptominers and password-stealing malware

Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.

Nov 26, 2018

Package hijacked adding organization specific backdoors

Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc