Socket
Socket
Sign inDemoInstall

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Protecting the best engineering teams in the world

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

react


react-bot published 18.3.1 •
jquery


timmywil published 3.7.1 •
left-pad


stevemao published 1.3.0 •

We protect you from vulnerable and malicious packages

alles-apin

0.0.1

Live on pypi

Blocked by Socket

The code is collecting data from HTTP requests and responses and sending it to a hardcoded external IP address. This behavior can be considered malicious if the data includes sensitive information and the endpoint is controlled by a threat actor. The hardcoded IP address and lack of configuration or encryption for the data in transit increase the risk. While the code doesn't show explicit signs of common malware such as reverse shells, it does perform data exfiltration to a suspicious endpoint.

gratient

0.5

Live on pypi

Blocked by Socket

The code is highly suspicious and likely intended for malicious behavior. It contains obfuscated data and attempts to write a startup file that executes a decoded payload, which poses a significant security risk.

curri-slack

2.22.1000

Removed from npm

Blocked by Socket

The source code is clearly malicious, as it exfiltrates sensitive system information and project configuration data to external servers without user consent. The behavior is indicative of data theft and poses a significant security risk.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

whistle.maotai_dmall

0.0.1

by yanghepeng

Removed from npm

Blocked by Socket

The code is likely malicious as it sends potentially sensitive user information to an external server with a hardcoded IP address, lacks validation for incoming JSON, and does not encrypt the data being sent. The hardcoded IP address, lack of encryption, and absence of input validation indicate a high security risk and potential malicious intent.

Live on npm for 1 day and 21 minutes before removal. Socket users were protected even while the package was live.

pyarmor

8.0.26

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

project-fennel-violet-ngu

1.0.0

by maliiing

Removed from npm

Blocked by Socket

The code is suspicious as it attempts to call non-existent 'functionName()' on multiple imported libraries, suggesting potential obfuscation or malicious behavior. Confidence in this assessment is high.

Live on npm for 45 days, 23 hours and 39 minutes before removal. Socket users were protected even while the package was live.

requesting

0.0.1

Removed from pypi

Blocked by Socket

The code contains a high probability of malicious behavior. It attempts to download and execute a file from an external source in the background without the user's knowledge. The use of subprocess with shell=True and the writing of an executable to a system-like path are indicative of a supply chain attack.

Live on pypi for 16 days, 6 hours and 57 minutes before removal. Socket users were protected even while the package was live.

new-npm-packages

999.9.9

by mega707

Removed from npm

Blocked by Socket

The script collects information like package details, directories, hostnames, DNS servers and user information, and sends it to a remote server.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

jijmodeling

0.9.8

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

avocado-framework-plugin-vt

76.0

Live on pypi

Blocked by Socket

The script performs various system-level operations including process killing, network checking, logging, and extensive registry modifications, some of which disable crash reporting and configure system reboots. It also includes an external script for automatic execution. These operations indicate a high potential for misuse or malicious intent, particularly in disabling error reporting and forcing system reboots. Without more context, these actions pose significant security risks.

gae-scaffold

3.0.0

Removed from npm

Blocked by Socket

The provided code is highly malicious as it exfiltrates sensitive system data to an external server. This poses a significant security risk and should be addressed immediately.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

jijmodeling

0.9.32

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

jessa-vue-components

3.9.1563

Removed from npm

Blocked by Socket

The code is likely malicious, as it collects and transmits system information to an external domain using obfuscation techniques. This behavior indicates potential data exfiltration.

Live on npm for 53 minutes before removal. Socket users were protected even while the package was live.

sap-abstract

0.3.1

by abdallaeg2

Removed from npm

Blocked by Socket

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

@satreg/carousel

1.10.3

by bountyplzh1

Live on npm

Blocked by Socket

The script is downloading a file from an external source, which can be potentially risky. The safety of this script depends on the content of the downloaded file and the intentions of the source.

xenith-xylophone-fpk449

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The provided code does not itself perform any clearly malicious actions but heavily relies on external modules with suspiciously named functions. Without reviewing the source of these external modules, it is difficult to determine the actual behavior and potential risks. The unusual naming convention suggests that further scrutiny is warranted.

Live on npm for 56 days, 17 hours and 23 minutes before removal. Socket users were protected even while the package was live.

ee-cloud-functions

99.20.20

by bate5a511

Removed from npm

Blocked by Socket

The code collects and sends system information to an obfuscated remote server without user consent, posing a potential privacy violation and security risk. It is recommended to investigate the purpose and intent of this code and to remove it if it is found to be collecting and sending user information without consent.

Live on npm for 1 hour and 38 minutes before removal. Socket users were protected even while the package was live.

mai-pro

7.0.9

by maiones

Removed from npm

Blocked by Socket

The code reads environment variables from 'process.env' and constructs an HTTP request with potentially sensitive data. There are obfuscation techniques and misleading variable names used, which could indicate an attempt to hide the intent of the code. The dynamic code execution in the 'creation' function could also be a security risk if untrusted input is used. Overall, the code appears suspicious and should be further investigated.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

azure-graphrbac

6.8.1000

Removed from npm

Blocked by Socket

The code exhibits behavior consistent with data exfiltration, sending system and project data to external servers without user consent. This indicates a high security risk and potential malicious intent.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

maleficent-bot

5.1.6

by rulihenderson

Removed from npm

Blocked by Socket

The code is heavily obfuscated and performs several potentially risky operations, including executing shell commands and fetching remote data. These activities could be considered malicious if not properly controlled and verified. The obfuscation makes it difficult to fully understand the intent and behavior of the code.

Live on npm for 53 minutes before removal. Socket users were protected even while the package was live.

federalist-uswds-jekyll

1.3.999

Removed from npm

Blocked by Socket

The source code is designed to exfiltrate sensitive system information to a remote server without user consent. This is a clear indication of malicious behavior. The code is not heavily obfuscated but uses base64 encoding to mask the data being sent.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

fe-commons

2.0.0

by fe-commons

Removed from npm

Blocked by Socket

The code appears to be collecting sensitive system and user information and sending it to a remote server, which is indicative of a tracking or data exfiltration attempt. The use of a non-standard field in the package.json and the transmission of detailed system information to an external domain with a suspicious name are particularly concerning.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

deep-integrations

9998.998.1

Removed from npm

Blocked by Socket

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

marvelmaniac-devvit-rce

1.0.3

Removed from npm

Blocked by Socket

The script is downloading a file from a remote server. This behavior can be potentially risky as the content of the file is unknown and could be malicious.

Live on npm for 2 days, 17 hours and 18 minutes before removal. Socket users were protected even while the package was live.

linesheetapps

2.0.0

by poojaroonwit

Removed from npm

Blocked by Socket

The script contains a hardcoded GitHub access token which should be stored securely, e.g. in an environment variable or a secrets management system. The script also has contextIsolation set to false, which can expose the Electron API to potential remote code execution attacks. Consider setting contextIsolation to true and using contextBridge to securely expose needed functionality.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

alles-apin

0.0.1

Live on pypi

Blocked by Socket

The code is collecting data from HTTP requests and responses and sending it to a hardcoded external IP address. This behavior can be considered malicious if the data includes sensitive information and the endpoint is controlled by a threat actor. The hardcoded IP address and lack of configuration or encryption for the data in transit increase the risk. While the code doesn't show explicit signs of common malware such as reverse shells, it does perform data exfiltration to a suspicious endpoint.

gratient

0.5

Live on pypi

Blocked by Socket

The code is highly suspicious and likely intended for malicious behavior. It contains obfuscated data and attempts to write a startup file that executes a decoded payload, which poses a significant security risk.

curri-slack

2.22.1000

Removed from npm

Blocked by Socket

The source code is clearly malicious, as it exfiltrates sensitive system information and project configuration data to external servers without user consent. The behavior is indicative of data theft and poses a significant security risk.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

whistle.maotai_dmall

0.0.1

by yanghepeng

Removed from npm

Blocked by Socket

The code is likely malicious as it sends potentially sensitive user information to an external server with a hardcoded IP address, lacks validation for incoming JSON, and does not encrypt the data being sent. The hardcoded IP address, lack of encryption, and absence of input validation indicate a high security risk and potential malicious intent.

Live on npm for 1 day and 21 minutes before removal. Socket users were protected even while the package was live.

pyarmor

8.0.26

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

project-fennel-violet-ngu

1.0.0

by maliiing

Removed from npm

Blocked by Socket

The code is suspicious as it attempts to call non-existent 'functionName()' on multiple imported libraries, suggesting potential obfuscation or malicious behavior. Confidence in this assessment is high.

Live on npm for 45 days, 23 hours and 39 minutes before removal. Socket users were protected even while the package was live.

requesting

0.0.1

Removed from pypi

Blocked by Socket

The code contains a high probability of malicious behavior. It attempts to download and execute a file from an external source in the background without the user's knowledge. The use of subprocess with shell=True and the writing of an executable to a system-like path are indicative of a supply chain attack.

Live on pypi for 16 days, 6 hours and 57 minutes before removal. Socket users were protected even while the package was live.

new-npm-packages

999.9.9

by mega707

Removed from npm

Blocked by Socket

The script collects information like package details, directories, hostnames, DNS servers and user information, and sends it to a remote server.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

jijmodeling

0.9.8

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

avocado-framework-plugin-vt

76.0

Live on pypi

Blocked by Socket

The script performs various system-level operations including process killing, network checking, logging, and extensive registry modifications, some of which disable crash reporting and configure system reboots. It also includes an external script for automatic execution. These operations indicate a high potential for misuse or malicious intent, particularly in disabling error reporting and forcing system reboots. Without more context, these actions pose significant security risks.

gae-scaffold

3.0.0

Removed from npm

Blocked by Socket

The provided code is highly malicious as it exfiltrates sensitive system data to an external server. This poses a significant security risk and should be addressed immediately.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

jijmodeling

0.9.32

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

jessa-vue-components

3.9.1563

Removed from npm

Blocked by Socket

The code is likely malicious, as it collects and transmits system information to an external domain using obfuscation techniques. This behavior indicates potential data exfiltration.

Live on npm for 53 minutes before removal. Socket users were protected even while the package was live.

sap-abstract

0.3.1

by abdallaeg2

Removed from npm

Blocked by Socket

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

@satreg/carousel

1.10.3

by bountyplzh1

Live on npm

Blocked by Socket

The script is downloading a file from an external source, which can be potentially risky. The safety of this script depends on the content of the downloaded file and the intentions of the source.

xenith-xylophone-fpk449

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The provided code does not itself perform any clearly malicious actions but heavily relies on external modules with suspiciously named functions. Without reviewing the source of these external modules, it is difficult to determine the actual behavior and potential risks. The unusual naming convention suggests that further scrutiny is warranted.

Live on npm for 56 days, 17 hours and 23 minutes before removal. Socket users were protected even while the package was live.

ee-cloud-functions

99.20.20

by bate5a511

Removed from npm

Blocked by Socket

The code collects and sends system information to an obfuscated remote server without user consent, posing a potential privacy violation and security risk. It is recommended to investigate the purpose and intent of this code and to remove it if it is found to be collecting and sending user information without consent.

Live on npm for 1 hour and 38 minutes before removal. Socket users were protected even while the package was live.

mai-pro

7.0.9

by maiones

Removed from npm

Blocked by Socket

The code reads environment variables from 'process.env' and constructs an HTTP request with potentially sensitive data. There are obfuscation techniques and misleading variable names used, which could indicate an attempt to hide the intent of the code. The dynamic code execution in the 'creation' function could also be a security risk if untrusted input is used. Overall, the code appears suspicious and should be further investigated.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

azure-graphrbac

6.8.1000

Removed from npm

Blocked by Socket

The code exhibits behavior consistent with data exfiltration, sending system and project data to external servers without user consent. This indicates a high security risk and potential malicious intent.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

maleficent-bot

5.1.6

by rulihenderson

Removed from npm

Blocked by Socket

The code is heavily obfuscated and performs several potentially risky operations, including executing shell commands and fetching remote data. These activities could be considered malicious if not properly controlled and verified. The obfuscation makes it difficult to fully understand the intent and behavior of the code.

Live on npm for 53 minutes before removal. Socket users were protected even while the package was live.

federalist-uswds-jekyll

1.3.999

Removed from npm

Blocked by Socket

The source code is designed to exfiltrate sensitive system information to a remote server without user consent. This is a clear indication of malicious behavior. The code is not heavily obfuscated but uses base64 encoding to mask the data being sent.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

fe-commons

2.0.0

by fe-commons

Removed from npm

Blocked by Socket

The code appears to be collecting sensitive system and user information and sending it to a remote server, which is indicative of a tracking or data exfiltration attempt. The use of a non-standard field in the package.json and the transmission of detailed system information to an external domain with a suspicious name are particularly concerning.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

deep-integrations

9998.998.1

Removed from npm

Blocked by Socket

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

marvelmaniac-devvit-rce

1.0.3

Removed from npm

Blocked by Socket

The script is downloading a file from a remote server. This behavior can be potentially risky as the content of the file is unknown and could be malicious.

Live on npm for 2 days, 17 hours and 18 minutes before removal. Socket users were protected even while the package was live.

linesheetapps

2.0.0

by poojaroonwit

Removed from npm

Blocked by Socket

The script contains a hardcoded GitHub access token which should be stored securely, e.g. in an environment variable or a secrets management system. The script also has contextIsolation set to false, which can expose the Electron API to potential remote code execution attacks. Consider setting contextIsolation to true and using contextBridge to securely expose needed functionality.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

NPM Shrinkwrap

Suspicious Stars on GitHub

Telemetry

19 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoLearn more

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Dec 14, 2023

Hijacked cryptocurrency library adds malware

Widely-used library in cryptocurrency frontend was compromised to include wallet-draining code, following the hijacking of NPM account credentials via phishing.

Jan 06, 2022

Maintainer intentionally adds malware

Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.

Nov 15, 2021

npm discovers a platform vulnerability allowing unauthorized publishing of any package

Attackers could publish new versions of any npm package without authorization for multiple years.

Oct 22, 2021

Hijacked package adds cryptominers and password-stealing malware

Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.

Nov 26, 2018

Package hijacked adding organization specific backdoors

Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc