Socket
Socket
Sign inDemoInstall

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Protecting the best engineering teams in the world

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

react


react-bot published 18.3.1 •
jquery


timmywil published 3.7.1 •
left-pad


stevemao published 1.3.0 •

We protect you from vulnerable and malicious packages

jupiter-opensdk

8.999.0

by officeathand

Removed from npm

Blocked by Socket

This code contains highly malicious behavior, it collects sensitive system information and sends it to a remote server. It's strongly recommended not to use this code.

Live on npm for 21 days, 2 hours and 24 minutes before removal. Socket users were protected even while the package was live.

poptoken-builder-node

9.9.9

by sherlockshat

Removed from npm

Blocked by Socket

This script is attempting to exfiltrate sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

aliyundrive

6.0.4

by hktalent

Removed from npm

Blocked by Socket

This script runs a Node.js script called 'init.js' in the background. While this behavior is not inherently malicious, it could potentially be used for malicious purposes such as running unauthorized processes or performing unauthorized actions in the background.

Live on npm for 4 days, 21 hours and 59 minutes before removal. Socket users were protected even while the package was live.

convo-latest

2.0

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

moonpig

90.0.0

by nightbloodz

Removed from npm

Blocked by Socket

The provided code is likely attempting to contact a suspicious domain, which could be indicative of data exfiltration, a common tactic used in malicious operations. The use of such a domain raises the risk that the code is part of a supply chain attack, intended to exfiltrate data from the environment in which it runs.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

googlechecktcp12

17.2.2

by asiinn_js_dev

Removed from npm

Blocked by Socket

The script collects 'lscpu' output, which contains information about the user's CPU, and sends it to a remote server using a POST request.

Live on npm for 18 hours and 49 minutes before removal. Socket users were protected even while the package was live.

j5-test

1.0.0

by j4m13d

Removed from npm

Blocked by Socket

The script is attempting to make a network request to a potentially malicious domain. This behavior is highly suspicious and indicates a security risk.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

rdkit

2022.9.2

Live on pypi

Blocked by Socket

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

abdo-obfuscate

4.5.1

by AbdelrahmanAhmed

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

http-wrror

2.11.3

by xwlazssz

Removed from npm

Blocked by Socket

The code contains both legitimate HTTP error handling functions and highly suspicious, likely malicious code that encrypts files and communicates with external servers, indicative of ransomware. Immediate action should be taken to remove or isolate this code to prevent harm to systems.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

abdo-obfuscate

4.5.1

by AbdelrahmanAhmed

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

azure-graphrbac

8.4.1

Removed from npm

Blocked by Socket

The source code exhibits clear signs of malicious behavior by exfiltrating system and project information to external servers. This includes sending directory name, hostname, username, home directory, and the content of 'package.json' to suspicious domains. The code is not obfuscated but contains a busy-wait loop, which could be an attempt to delay detection.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

wixstore-client-worker

8.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

makeskill

7.0.0

Removed from npm

Blocked by Socket

The code performs a potentially malicious action by sending system data to an external server without user consent. This poses a significant security risk due to data exfiltration.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

skills-strategy-client

1.11.4

by unknownzerobit

Removed from npm

Blocked by Socket

The code exhibits clear malicious behavior by collecting and sending system information to a remote server and connecting to a suspicious domain. This poses a high security risk.

Live on npm for 1 hour and 24 minutes before removal. Socket users were protected even while the package was live.

randombullshitgo-js

105.0.1

by fallenskill

Removed from npm

Blocked by Socket

The code is highly malicious as it attempts to execute a reverse shell command and exfiltrate sensitive system information to a remote server. This behavior is indicative of a severe security threat.

Live on npm for 5 days, 15 hours and 6 minutes before removal. Socket users were protected even while the package was live.

jijzept

1.7.0

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

azure-graphrbac

8.14.1000

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by exfiltrating system and user data to external servers without user consent. The actions performed are consistent with data theft and unauthorized data transmission.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

jijmodeling-transpiler

0.3.1

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

myonlife

2.0.9

by bugcrowdtester2233

Removed from npm

Blocked by Socket

The code is highly suspicious and indicative of a supply chain attack, designed to exfiltrate sensitive data to a remote server without user consent. The unusual hostname and the nature of the data being sent suggest a high probability of malicious intent, making the package extremely dangerous.

Live on npm for 3 days, 4 hours and 51 minutes before removal. Socket users were protected even while the package was live.

@hishprorg/hic-eligendi

1.0.0

by hatrungvk94

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

yacht-rocket-drg344-project

1.0.0

by afifcapcut112

Removed from npm

Blocked by Socket

The code imports several external libraries with peculiar names and uses a .functame() method on each of them without explaining its purpose or output. The createSentence function seems benign, but the use of unexplained external libraries raises security concerns. The libraries might introduce malicious behavior, though there is no direct evidence of this in the provided code fragment.

Live on npm for 57 days and 3 minutes before removal. Socket users were protected even while the package was live.

uxpin-merge-ms-fabric

10.999.999

Removed from npm

Blocked by Socket

The source code is designed to collect various pieces of system information and send them to a remote server. The code is heavily obfuscated, which is a common tactic to hide malicious behavior. The behavior of collecting and transmitting system data without user consent indicates a high likelihood of malicious intent.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

node_cloud_core

1.0.1

by shihuojian

Removed from npm

Blocked by Socket

The code handles sensitive operations involving file and database management with potential security risks due to improper input validation and command execution methods. These issues need addressing to prevent security vulnerabilities such as command injection and directory traversal.

Live on npm for 22 hours and 51 minutes before removal. Socket users were protected even while the package was live.

18f-dashboard

0.9.999

Removed from npm

Blocked by Socket

The code is likely engaging in data exfiltration by sending system and network information over the network. While it does not contain any obvious malicious payloads, the act of sending system information without explicit user consent is a potential privacy violation. The hardcoded value for the `id` variable and the use of ICMP ping requests could be indicators of suspicious behavior. The code should be reviewed for its purpose and necessity.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.

jupiter-opensdk

8.999.0

by officeathand

Removed from npm

Blocked by Socket

This code contains highly malicious behavior, it collects sensitive system information and sends it to a remote server. It's strongly recommended not to use this code.

Live on npm for 21 days, 2 hours and 24 minutes before removal. Socket users were protected even while the package was live.

poptoken-builder-node

9.9.9

by sherlockshat

Removed from npm

Blocked by Socket

This script is attempting to exfiltrate sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

aliyundrive

6.0.4

by hktalent

Removed from npm

Blocked by Socket

This script runs a Node.js script called 'init.js' in the background. While this behavior is not inherently malicious, it could potentially be used for malicious purposes such as running unauthorized processes or performing unauthorized actions in the background.

Live on npm for 4 days, 21 hours and 59 minutes before removal. Socket users were protected even while the package was live.

convo-latest

2.0

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

moonpig

90.0.0

by nightbloodz

Removed from npm

Blocked by Socket

The provided code is likely attempting to contact a suspicious domain, which could be indicative of data exfiltration, a common tactic used in malicious operations. The use of such a domain raises the risk that the code is part of a supply chain attack, intended to exfiltrate data from the environment in which it runs.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

googlechecktcp12

17.2.2

by asiinn_js_dev

Removed from npm

Blocked by Socket

The script collects 'lscpu' output, which contains information about the user's CPU, and sends it to a remote server using a POST request.

Live on npm for 18 hours and 49 minutes before removal. Socket users were protected even while the package was live.

j5-test

1.0.0

by j4m13d

Removed from npm

Blocked by Socket

The script is attempting to make a network request to a potentially malicious domain. This behavior is highly suspicious and indicates a security risk.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

rdkit

2022.9.2

Live on pypi

Blocked by Socket

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

abdo-obfuscate

4.5.1

by AbdelrahmanAhmed

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

http-wrror

2.11.3

by xwlazssz

Removed from npm

Blocked by Socket

The code contains both legitimate HTTP error handling functions and highly suspicious, likely malicious code that encrypts files and communicates with external servers, indicative of ransomware. Immediate action should be taken to remove or isolate this code to prevent harm to systems.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

abdo-obfuscate

4.5.1

by AbdelrahmanAhmed

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

azure-graphrbac

8.4.1

Removed from npm

Blocked by Socket

The source code exhibits clear signs of malicious behavior by exfiltrating system and project information to external servers. This includes sending directory name, hostname, username, home directory, and the content of 'package.json' to suspicious domains. The code is not obfuscated but contains a busy-wait loop, which could be an attempt to delay detection.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

wixstore-client-worker

8.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

makeskill

7.0.0

Removed from npm

Blocked by Socket

The code performs a potentially malicious action by sending system data to an external server without user consent. This poses a significant security risk due to data exfiltration.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

skills-strategy-client

1.11.4

by unknownzerobit

Removed from npm

Blocked by Socket

The code exhibits clear malicious behavior by collecting and sending system information to a remote server and connecting to a suspicious domain. This poses a high security risk.

Live on npm for 1 hour and 24 minutes before removal. Socket users were protected even while the package was live.

randombullshitgo-js

105.0.1

by fallenskill

Removed from npm

Blocked by Socket

The code is highly malicious as it attempts to execute a reverse shell command and exfiltrate sensitive system information to a remote server. This behavior is indicative of a severe security threat.

Live on npm for 5 days, 15 hours and 6 minutes before removal. Socket users were protected even while the package was live.

jijzept

1.7.0

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

azure-graphrbac

8.14.1000

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by exfiltrating system and user data to external servers without user consent. The actions performed are consistent with data theft and unauthorized data transmission.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

jijmodeling-transpiler

0.3.1

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

myonlife

2.0.9

by bugcrowdtester2233

Removed from npm

Blocked by Socket

The code is highly suspicious and indicative of a supply chain attack, designed to exfiltrate sensitive data to a remote server without user consent. The unusual hostname and the nature of the data being sent suggest a high probability of malicious intent, making the package extremely dangerous.

Live on npm for 3 days, 4 hours and 51 minutes before removal. Socket users were protected even while the package was live.

@hishprorg/hic-eligendi

1.0.0

by hatrungvk94

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

yacht-rocket-drg344-project

1.0.0

by afifcapcut112

Removed from npm

Blocked by Socket

The code imports several external libraries with peculiar names and uses a .functame() method on each of them without explaining its purpose or output. The createSentence function seems benign, but the use of unexplained external libraries raises security concerns. The libraries might introduce malicious behavior, though there is no direct evidence of this in the provided code fragment.

Live on npm for 57 days and 3 minutes before removal. Socket users were protected even while the package was live.

uxpin-merge-ms-fabric

10.999.999

Removed from npm

Blocked by Socket

The source code is designed to collect various pieces of system information and send them to a remote server. The code is heavily obfuscated, which is a common tactic to hide malicious behavior. The behavior of collecting and transmitting system data without user consent indicates a high likelihood of malicious intent.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

node_cloud_core

1.0.1

by shihuojian

Removed from npm

Blocked by Socket

The code handles sensitive operations involving file and database management with potential security risks due to improper input validation and command execution methods. These issues need addressing to prevent security vulnerabilities such as command injection and directory traversal.

Live on npm for 22 hours and 51 minutes before removal. Socket users were protected even while the package was live.

18f-dashboard

0.9.999

Removed from npm

Blocked by Socket

The code is likely engaging in data exfiltration by sending system and network information over the network. While it does not contain any obvious malicious payloads, the act of sending system information without explicit user consent is a potential privacy violation. The hardcoded value for the `id` variable and the use of ICMP ping requests could be indicators of suspicious behavior. The code should be reviewed for its purpose and necessity.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

AI-detected potential malware

Suspicious Stars on GitHub

GitHub dependency

Git dependency

Obfuscated code

NPM Shrinkwrap

Telemetry

Protestware or potentially unwanted behavior

19 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoLearn more

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Dec 14, 2023

Hijacked cryptocurrency library adds malware

Widely-used library in cryptocurrency frontend was compromised to include wallet-draining code, following the hijacking of NPM account credentials via phishing.

Jan 06, 2022

Maintainer intentionally adds malware

Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.

Nov 15, 2021

npm discovers a platform vulnerability allowing unauthorized publishing of any package

Attackers could publish new versions of any npm package without authorization for multiple years.

Oct 22, 2021

Hijacked package adds cryptominers and password-stealing malware

Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.

Nov 26, 2018

Package hijacked adding organization specific backdoors

Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc