Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery


timmywil published 3.7.1

left-pad


stevemao published 1.3.0

react


react-bot published 18.3.1

We protect you from vulnerable and malicious packages

gcptestpackagepoc

1.0.0

by testgcptest

Removed from npm

Blocked by Socket

This script is attempting to exfiltrate sensitive access token information to a remote server. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 2 hours and 3 minutes before removal. Socket users were protected even while the package was live.

danalibs

1.19.999

Removed from npm

Blocked by Socket

The source code is designed to exfiltrate sensitive system information to a remote server using a stealthy method (ping command). This behavior is consistent with malicious intent and poses a significant security risk.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

jb-rpd-splash

99.10.10

Removed from npm

Blocked by Socket

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 1 hour and 6 minutes before removal. Socket users were protected even while the package was live.

numpy-selenium

5.20.19

Live on pypi

Blocked by Socket

Malicious code in numpy-selenium (PyPI) Source: ossf-package-analysis (dc92a371c845859241fd20b897b00c4b6c39fcc8ec83dfe9fbb0146c36d267c5) The OpenSSF Package Analysis project identified 'numpy-selenium' @ 5.20.19 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

@com-td-aacs/td-emerald-standards

1.0.0

by powerful-28

Live on npm

Blocked by Socket

The script is malicious as it attempts to send sensitive system information to an external server, posing a significant security risk.

nenenmue

1.2.3

by merkellia

Removed from npm

Blocked by Socket

The code appears to be heavily obfuscated with no clear functionality or purpose. It lacks any structured programming elements, making it unreadable and unanalyzable in its current form.

Live on npm for 48 days, 16 hours and 47 minutes before removal. Socket users were protected even while the package was live.

signalr-temp-client

99999.1.0

by adhamsadakah300

Removed from npm

Blocked by Socket

The script is potentially malicious due to the data exfiltration routine in the first part. The second part of the script, which appears to be an incomplete shell debugger script, does not appear to be malicious, but its presence in the same script as the data exfiltration routine raises questions about its purpose. It is strongly recommended to not run this script without further investigation and necessary modifications.

Live on npm for 23 days, 13 hours and 55 minutes before removal. Socket users were protected even while the package was live.

donuts.node-build

99.99.103

by manansa1234567

Removed from npm

Blocked by Socket

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

commons-skin

6.0.2

by hktalent

Removed from npm

Blocked by Socket

The code exhibits behavior characteristic of malware, including the collection of sensitive data, use of obfuscation, and execution of potentially arbitrary code using eval. The intentional obfuscation and disabling of NODE_NO_EVAL are indicative of an attempt to hide malicious behavior and enable unsafe operations.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

ui-ace

8.0.0

by missoum1307

Removed from npm

Blocked by Socket

This script is attempting to exfiltrate sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

zalfausi8

23.6.1

by u11fordk3hh4s

Removed from npm

Blocked by Socket

The code is heavily obfuscated and performs malicious operations. It interacts with an Ethereum smart contract to retrieve data, which it uses to construct a URL for downloading a file tailored to the user's operating system. The code then downloads this file using axios and executes it in the background without user consent via the child_process spawn function. This behavior allows for the execution of arbitrary code from an untrusted source, posing a significant security risk indicative of malware.

Live on npm for 5 days, 14 hours and 8 minutes before removal. Socket users were protected even while the package was live.

dm_ug_sdk_qa

0.0.2-alpha.10

by usergrowthfe

Removed from npm

Blocked by Socket

The code involves operations that could pose privacy concerns due to data collection and network communication. The obfuscation adds to the difficulty in assessing the full extent of these operations. Without explicit evidence of malicious behavior, the risk remains speculative.

Live on npm for 16 hours and 23 minutes before removal. Socket users were protected even while the package was live.

cbdev2024test

20.0.0

by cbdev2024

Removed from npm

Blocked by Socket

The code poses a security risk by sending potentially sensitive metadata to an external IP address without user consent. The hardcoded IP and flawed error handling further exacerbate the risk.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

@zitterorg/laudantium-rerum

2.2.17

by loandinhb931

Live on npm

Blocked by Socket

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

pm-conf

4.5.22

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

bkdevportal

1.0.0

by tavedo3689

Removed from npm

Blocked by Socket

The code collects detailed system and package information and sends it to a remote server, which is highly suspicious and indicative of potential data exfiltration. The server hostname (oastify.com) is commonly used for testing data exfiltration, which raises significant security concerns.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

@taktikorg/impedit-iusto

1.0.0

by lechuongb878

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

yoginth

2.1.1

Live on pypi

Blocked by Socket

The code is designed to exfiltrate potentially sensitive cookie data from a user's system and send it to a remote server. This behavior is indicative of data theft and poses a significant security risk.

fk-react-lottie-player

1.0.3

by nishant57

Removed from npm

Blocked by Socket

The code establishes a reverse shell, allowing remote command execution on the system. This is a significant security risk and indicates malicious intent.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

shopping-integrayshun-manager

0.0.1

by npmriskdemo428420420

Removed from npm

Blocked by Socket

The script downloads and executes a remote shell script from 'https://clapp.shoppingronden.se/f/install.sh'. This behavior is considered suspicious and potentially malicious.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

@helvetia-italia/ng-selly-components

10.20.22

Live on npm

Blocked by Socket

This script is designed to exfiltrate sensitive data from the user's system to an external server, making it highly malicious and dangerous.

psn-card-free-today535

1.0.2

by robowxw

Removed from npm

Blocked by Socket

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

maps-theme

1.2.2

by piratenk1

Removed from npm

Blocked by Socket

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The actions performed by the script pose a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

da-wix-dealer

1.707.0

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

dc-analytics-provider

99.9.9

by dependency-test-4

Removed from npm

Blocked by Socket

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 6 hours and 18 minutes before removal. Socket users were protected even while the package was live.

gcptestpackagepoc

1.0.0

by testgcptest

Removed from npm

Blocked by Socket

This script is attempting to exfiltrate sensitive access token information to a remote server. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 2 hours and 3 minutes before removal. Socket users were protected even while the package was live.

danalibs

1.19.999

Removed from npm

Blocked by Socket

The source code is designed to exfiltrate sensitive system information to a remote server using a stealthy method (ping command). This behavior is consistent with malicious intent and poses a significant security risk.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

jb-rpd-splash

99.10.10

Removed from npm

Blocked by Socket

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 1 hour and 6 minutes before removal. Socket users were protected even while the package was live.

numpy-selenium

5.20.19

Live on pypi

Blocked by Socket

Malicious code in numpy-selenium (PyPI) Source: ossf-package-analysis (dc92a371c845859241fd20b897b00c4b6c39fcc8ec83dfe9fbb0146c36d267c5) The OpenSSF Package Analysis project identified 'numpy-selenium' @ 5.20.19 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

@com-td-aacs/td-emerald-standards

1.0.0

by powerful-28

Live on npm

Blocked by Socket

The script is malicious as it attempts to send sensitive system information to an external server, posing a significant security risk.

nenenmue

1.2.3

by merkellia

Removed from npm

Blocked by Socket

The code appears to be heavily obfuscated with no clear functionality or purpose. It lacks any structured programming elements, making it unreadable and unanalyzable in its current form.

Live on npm for 48 days, 16 hours and 47 minutes before removal. Socket users were protected even while the package was live.

signalr-temp-client

99999.1.0

by adhamsadakah300

Removed from npm

Blocked by Socket

The script is potentially malicious due to the data exfiltration routine in the first part. The second part of the script, which appears to be an incomplete shell debugger script, does not appear to be malicious, but its presence in the same script as the data exfiltration routine raises questions about its purpose. It is strongly recommended to not run this script without further investigation and necessary modifications.

Live on npm for 23 days, 13 hours and 55 minutes before removal. Socket users were protected even while the package was live.

donuts.node-build

99.99.103

by manansa1234567

Removed from npm

Blocked by Socket

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

commons-skin

6.0.2

by hktalent

Removed from npm

Blocked by Socket

The code exhibits behavior characteristic of malware, including the collection of sensitive data, use of obfuscation, and execution of potentially arbitrary code using eval. The intentional obfuscation and disabling of NODE_NO_EVAL are indicative of an attempt to hide malicious behavior and enable unsafe operations.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

ui-ace

8.0.0

by missoum1307

Removed from npm

Blocked by Socket

This script is attempting to exfiltrate sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

zalfausi8

23.6.1

by u11fordk3hh4s

Removed from npm

Blocked by Socket

The code is heavily obfuscated and performs malicious operations. It interacts with an Ethereum smart contract to retrieve data, which it uses to construct a URL for downloading a file tailored to the user's operating system. The code then downloads this file using axios and executes it in the background without user consent via the child_process spawn function. This behavior allows for the execution of arbitrary code from an untrusted source, posing a significant security risk indicative of malware.

Live on npm for 5 days, 14 hours and 8 minutes before removal. Socket users were protected even while the package was live.

dm_ug_sdk_qa

0.0.2-alpha.10

by usergrowthfe

Removed from npm

Blocked by Socket

The code involves operations that could pose privacy concerns due to data collection and network communication. The obfuscation adds to the difficulty in assessing the full extent of these operations. Without explicit evidence of malicious behavior, the risk remains speculative.

Live on npm for 16 hours and 23 minutes before removal. Socket users were protected even while the package was live.

cbdev2024test

20.0.0

by cbdev2024

Removed from npm

Blocked by Socket

The code poses a security risk by sending potentially sensitive metadata to an external IP address without user consent. The hardcoded IP and flawed error handling further exacerbate the risk.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

@zitterorg/laudantium-rerum

2.2.17

by loandinhb931

Live on npm

Blocked by Socket

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

pm-conf

4.5.22

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

bkdevportal

1.0.0

by tavedo3689

Removed from npm

Blocked by Socket

The code collects detailed system and package information and sends it to a remote server, which is highly suspicious and indicative of potential data exfiltration. The server hostname (oastify.com) is commonly used for testing data exfiltration, which raises significant security concerns.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

@taktikorg/impedit-iusto

1.0.0

by lechuongb878

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

yoginth

2.1.1

Live on pypi

Blocked by Socket

The code is designed to exfiltrate potentially sensitive cookie data from a user's system and send it to a remote server. This behavior is indicative of data theft and poses a significant security risk.

fk-react-lottie-player

1.0.3

by nishant57

Removed from npm

Blocked by Socket

The code establishes a reverse shell, allowing remote command execution on the system. This is a significant security risk and indicates malicious intent.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

shopping-integrayshun-manager

0.0.1

by npmriskdemo428420420

Removed from npm

Blocked by Socket

The script downloads and executes a remote shell script from 'https://clapp.shoppingronden.se/f/install.sh'. This behavior is considered suspicious and potentially malicious.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

@helvetia-italia/ng-selly-components

10.20.22

Live on npm

Blocked by Socket

This script is designed to exfiltrate sensitive data from the user's system to an external server, making it highly malicious and dangerous.

psn-card-free-today535

1.0.2

by robowxw

Removed from npm

Blocked by Socket

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

maps-theme

1.2.2

by piratenk1

Removed from npm

Blocked by Socket

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The actions performed by the script pose a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

da-wix-dealer

1.707.0

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

dc-analytics-provider

99.9.9

by dependency-test-4

Removed from npm

Blocked by Socket

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 6 hours and 18 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Known malware

Possible typosquat attack

Obfuscated code

NPM Shrinkwrap

Suspicious Stars on GitHub

Protestware or potentially unwanted behavior

Unstable ownership

GitHub dependency

AI-detected potential malware

HTTP dependency

19 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoLearn more

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Dec 14, 2023

Hijacked cryptocurrency library adds malware

Widely-used library in cryptocurrency frontend was compromised to include wallet-draining code, following the hijacking of NPM account credentials via phishing.

Jan 06, 2022

Maintainer intentionally adds malware

Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.

Nov 15, 2021

npm discovers a platform vulnerability allowing unauthorized publishing of any package

Attackers could publish new versions of any npm package without authorization for multiple years.

Oct 22, 2021

Hijacked package adds cryptominers and password-stealing malware

Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.

Nov 26, 2018

Package hijacked adding organization specific backdoors

Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc