šŸš€ Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
Socket
Sign inDemoInstall
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery

timmywil published 3.7.1

•

left-pad

stevemao published 1.3.0

•

react

react-bot published 19.1.0

•

We protect you from vulnerable and malicious packages

brave-core

1.71.18

Live on npm

Blocked by Socket

Malicious code in brave-core (npm) Source: ghsa-malware (64124298f67bb4effd7c57f151d40e754666278b542f85d9f4f78b80309c5201) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

test494

1.0.13

by npm

Removed from npm

Blocked by Socket

Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 2 hours and 14 minutes before removal. Socket users were protected even while the package was live.

azure-graphrbac

1.20.1000

Removed from npm

Blocked by Socket

The source code exhibits clear signs of malicious behavior by sending sensitive system information and 'package.json' content to external servers. This poses a high security risk.

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

ctsscript

1.0.6

Live on PyPI

Blocked by Socket

This file contains malicious code that attempts to gain elevated system privileges using a hardcoded password ('logo#123') with sudo commands. It checks system disk space and, if sufficient, installs the httpimport package with root privileges, then configures it with insecure settings (INSECURE=True, NON_SOURCE=True). It then attempts to import potentially malicious code from the remote domain 'dramon[.]synology[.]me'. The file contains multiple dummy functions that raise errors to hide its true functionality, which is contained in the get_init() function.

underscoer

0.0.1-security.8

by npm

Live on npm

Blocked by Socket

Malicious code in underscoer (npm) Source: ghsa-malware (e2f4d85189d50ff681d5261ce1e6cbbd5ee174ff70cad7b6cd47ccbf22e4b41c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

nodebb-theme-opera

999.9.9

by opera-responsible-disclosure

Removed from npm

Blocked by Socket

Malicious code in nodebb-theme-opera (npm) Source: ghsa-malware (0a769de2deb47651c7854cd9d1559f3a907a707f3cb60dcfd5aefb5af9d36a6f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 8 hours and 4 minutes before removal. Socket users were protected even while the package was live.

wolfhece

1.8.12

Removed from PyPI

Blocked by Socket

The code contains potential security risks due to hard-coded credentials, file write operations without proper input validation, and exception handling that could potentially expose sensitive information. The attempt to import a module from a relative path and the hard-coded credentials increase the security risk of this code.

Live on PyPI for 88 days, 8 hours and 30 minutes before removal. Socket users were protected even while the package was live.

axios-proxy

1.9.9

by cfall

Removed from npm

Blocked by Socket

Malicious code in axios-proxy (npm) Source: ghsa-malware (dfa011a32b794f2ee2f8c15b4e213a3034ba5c4e87e82b4df13d9e1b82cc4d10) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 7 hours and 15 minutes before removal. Socket users were protected even while the package was live.

findupsnc

0.0.1-security.1

by npm

Removed from npm

Blocked by Socket

Malicious code in findupsnc (npm) Source: ghsa-malware (334ac730e6d4ec561aaf960bd3b0ca4ba4dc99096f7127f35eac77ef04799a9e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 28 minutes before removal. Socket users were protected even while the package was live.

jscs-server

0.0.1

Live on npm

Blocked by Socket

Malicious code in jscs-server (npm) Source: ghsa-malware (0f1fafff070579f71de746714f55c018c929cedcca06dff1fc775a936623d2bd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

kera-preprocess

94.6

by harry76711

Removed from PyPI

Blocked by Socket

Malicious code in kera-preprocess (PyPI) Source: ossf-package-analysis (8c72f5f048faf23a8210a1871a3c79c2aacc65500be8d59654ff34662fadb8c6) The OpenSSF Package Analysis project identified 'kera-preprocess' @ 94.6 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Live on PyPI for 33 minutes before removal. Socket users were protected even while the package was live.

noblox.js-addons

1.0.1

by npm

Removed from npm

Blocked by Socket

Malicious code in noblox.js-addons (npm) Source: ghsa-malware (38370edb6fbce6929600fff8136e219887d82baaa900c76803da5b82622a8b78) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

cyson

103.99.99

by ypvpctpbamdhxtkzdu

Removed from npm

Blocked by Socket

Malicious code in cyson (npm) Source: ghsa-malware (9135731397c4add9bfb9b734264e5f8c6b5590900d7b3d5066d8aaa1fc54a094) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. Source: ossf-package-analysis (0f8cee224df529175e48fc03d58c4829d26f1b8ba633e9f18ed56bbbbd0e5b75) The OpenSSF Package Analysis project identified 'cyson' @ 103.99.99 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.

Live on npm for 5 hours and 23 minutes before removal. Socket users were protected even while the package was live.

rchive-type

4.5.22

by 17b4a931

Removed from npm

Blocked by Socket

Malicious code in rchive-type (npm) Source: ghsa-malware (46bcff2ccf671339cf65674ae082d163bd033ef8b52b3c605c74834fb6d5f441) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 24 minutes before removal. Socket users were protected even while the package was live.

constantparam

0.0.1-security.309

by npm

Removed from npm

Blocked by Socket

Malicious code in constantparam (npm) Source: ghsa-malware (d70c96d26cc546890595df8beea2035e8d6a30089ede37bc41acbaa37f2a9186) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 52 minutes before removal. Socket users were protected even while the package was live.

walletdecoderss

1.5.2

by JeanClaude89

Live on PyPI

Blocked by Socket

Masquerades as a cryptocurrency wallet recovery service to steal sensitive data.

code-snippet-frontend

0.0.1-security.516

by npm

Removed from npm

Blocked by Socket

Malicious code in code-snippet-frontend (npm) Source: ghsa-malware (f680de2cbe3d658c28bad18e894dd3fd430e14419dc1cf04f15a54e89f19501d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 33 minutes before removal. Socket users were protected even while the package was live.

awsglueml

6.1.4

Removed from PyPI

Blocked by Socket

This setup script imports the requests library and issues HTTP GET requests to pov[.]sh on port 45111 (pov[.]sh:45111/api/v3/awsglueml) immediately when loaded and again in a custom PostInstallCommand during installation. The unsolicited communication to a suspicious domain on a non-standard port, combined with a name mimicking an AWS service, indicates a supply-chain attack for tracking, data exfiltration, or command-and-control.

Live on PyPI for 8 hours and 40 minutes before removal. Socket users were protected even while the package was live.

moonpig

1.0.1

by nightbloodz

Removed from npm

Blocked by Socket

The script executes a local program and then sends potentially sensitive information to a remote server. This behavior is highly suspicious and could indicate malicious intent.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

@btu-tools/mfe-feature-toggles

0.0.1-security

by npm

Live on npm

Blocked by Socket

Malicious code in @btu-tools/mfe-feature-toggles (npm) Source: ghsa-malware (e1c049f661074e61263051b6fa7e69a238c8ec979f8c180855cadc60ac3f59dc) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

@bi-crm/services

0.1.99

by flx1101

Live on npm

Blocked by Socket

The code collects sensitive system information and sends it to an external server without user consent, which is indicative of data exfiltration.

gd-i18n-lib

5.998.1

by npm

Removed from npm

Blocked by Socket

Malicious code in gd-i18n-lib (npm) Source: ghsa-malware (504ccf96933eca659d92d14f5a80c03f40880aff40391102d6edc1b6895fe722) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 4 hours and 17 minutes before removal. Socket users were protected even while the package was live.

httpinfrastructure

0.0.1-security.111

by npm

Removed from npm

Blocked by Socket

Malicious code in httpinfrastructure (npm) Source: ghsa-malware (34c25bae800f5d8e992b1fbda3daf30b45b483169d38d39cd5f87d0d3be3953c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 5 hours before removal. Socket users were protected even while the package was live.

react-bootcamp

99.10.10

Removed from npm

Blocked by Socket

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 56 minutes before removal. Socket users were protected even while the package was live.

brock-date-time

0.0.1

by coverallsjab

Removed from npm

Blocked by Socket

Malicious code in brock-date-time (npm) Source: ghsa-malware (6cb5ef56360279ec48e0e02774975ab7fbe6deba8c597aad5d4a2d781ca76d0d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 day, 13 hours and 6 minutes before removal. Socket users were protected even while the package was live.

brave-core

1.71.18

Live on npm

Blocked by Socket

Malicious code in brave-core (npm) Source: ghsa-malware (64124298f67bb4effd7c57f151d40e754666278b542f85d9f4f78b80309c5201) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

test494

1.0.13

by npm

Removed from npm

Blocked by Socket

Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 2 hours and 14 minutes before removal. Socket users were protected even while the package was live.

azure-graphrbac

1.20.1000

Removed from npm

Blocked by Socket

The source code exhibits clear signs of malicious behavior by sending sensitive system information and 'package.json' content to external servers. This poses a high security risk.

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

ctsscript

1.0.6

Live on PyPI

Blocked by Socket

This file contains malicious code that attempts to gain elevated system privileges using a hardcoded password ('logo#123') with sudo commands. It checks system disk space and, if sufficient, installs the httpimport package with root privileges, then configures it with insecure settings (INSECURE=True, NON_SOURCE=True). It then attempts to import potentially malicious code from the remote domain 'dramon[.]synology[.]me'. The file contains multiple dummy functions that raise errors to hide its true functionality, which is contained in the get_init() function.

underscoer

0.0.1-security.8

by npm

Live on npm

Blocked by Socket

Malicious code in underscoer (npm) Source: ghsa-malware (e2f4d85189d50ff681d5261ce1e6cbbd5ee174ff70cad7b6cd47ccbf22e4b41c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

nodebb-theme-opera

999.9.9

by opera-responsible-disclosure

Removed from npm

Blocked by Socket

Malicious code in nodebb-theme-opera (npm) Source: ghsa-malware (0a769de2deb47651c7854cd9d1559f3a907a707f3cb60dcfd5aefb5af9d36a6f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 8 hours and 4 minutes before removal. Socket users were protected even while the package was live.

wolfhece

1.8.12

Removed from PyPI

Blocked by Socket

The code contains potential security risks due to hard-coded credentials, file write operations without proper input validation, and exception handling that could potentially expose sensitive information. The attempt to import a module from a relative path and the hard-coded credentials increase the security risk of this code.

Live on PyPI for 88 days, 8 hours and 30 minutes before removal. Socket users were protected even while the package was live.

axios-proxy

1.9.9

by cfall

Removed from npm

Blocked by Socket

Malicious code in axios-proxy (npm) Source: ghsa-malware (dfa011a32b794f2ee2f8c15b4e213a3034ba5c4e87e82b4df13d9e1b82cc4d10) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 7 hours and 15 minutes before removal. Socket users were protected even while the package was live.

findupsnc

0.0.1-security.1

by npm

Removed from npm

Blocked by Socket

Malicious code in findupsnc (npm) Source: ghsa-malware (334ac730e6d4ec561aaf960bd3b0ca4ba4dc99096f7127f35eac77ef04799a9e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 28 minutes before removal. Socket users were protected even while the package was live.

jscs-server

0.0.1

Live on npm

Blocked by Socket

Malicious code in jscs-server (npm) Source: ghsa-malware (0f1fafff070579f71de746714f55c018c929cedcca06dff1fc775a936623d2bd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

kera-preprocess

94.6

by harry76711

Removed from PyPI

Blocked by Socket

Malicious code in kera-preprocess (PyPI) Source: ossf-package-analysis (8c72f5f048faf23a8210a1871a3c79c2aacc65500be8d59654ff34662fadb8c6) The OpenSSF Package Analysis project identified 'kera-preprocess' @ 94.6 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Live on PyPI for 33 minutes before removal. Socket users were protected even while the package was live.

noblox.js-addons

1.0.1

by npm

Removed from npm

Blocked by Socket

Malicious code in noblox.js-addons (npm) Source: ghsa-malware (38370edb6fbce6929600fff8136e219887d82baaa900c76803da5b82622a8b78) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

cyson

103.99.99

by ypvpctpbamdhxtkzdu

Removed from npm

Blocked by Socket

Malicious code in cyson (npm) Source: ghsa-malware (9135731397c4add9bfb9b734264e5f8c6b5590900d7b3d5066d8aaa1fc54a094) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. Source: ossf-package-analysis (0f8cee224df529175e48fc03d58c4829d26f1b8ba633e9f18ed56bbbbd0e5b75) The OpenSSF Package Analysis project identified 'cyson' @ 103.99.99 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.

Live on npm for 5 hours and 23 minutes before removal. Socket users were protected even while the package was live.

rchive-type

4.5.22

by 17b4a931

Removed from npm

Blocked by Socket

Malicious code in rchive-type (npm) Source: ghsa-malware (46bcff2ccf671339cf65674ae082d163bd033ef8b52b3c605c74834fb6d5f441) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 24 minutes before removal. Socket users were protected even while the package was live.

constantparam

0.0.1-security.309

by npm

Removed from npm

Blocked by Socket

Malicious code in constantparam (npm) Source: ghsa-malware (d70c96d26cc546890595df8beea2035e8d6a30089ede37bc41acbaa37f2a9186) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 52 minutes before removal. Socket users were protected even while the package was live.

walletdecoderss

1.5.2

by JeanClaude89

Live on PyPI

Blocked by Socket

Masquerades as a cryptocurrency wallet recovery service to steal sensitive data.

code-snippet-frontend

0.0.1-security.516

by npm

Removed from npm

Blocked by Socket

Malicious code in code-snippet-frontend (npm) Source: ghsa-malware (f680de2cbe3d658c28bad18e894dd3fd430e14419dc1cf04f15a54e89f19501d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 3 hours and 33 minutes before removal. Socket users were protected even while the package was live.

awsglueml

6.1.4

Removed from PyPI

Blocked by Socket

This setup script imports the requests library and issues HTTP GET requests to pov[.]sh on port 45111 (pov[.]sh:45111/api/v3/awsglueml) immediately when loaded and again in a custom PostInstallCommand during installation. The unsolicited communication to a suspicious domain on a non-standard port, combined with a name mimicking an AWS service, indicates a supply-chain attack for tracking, data exfiltration, or command-and-control.

Live on PyPI for 8 hours and 40 minutes before removal. Socket users were protected even while the package was live.

moonpig

1.0.1

by nightbloodz

Removed from npm

Blocked by Socket

The script executes a local program and then sends potentially sensitive information to a remote server. This behavior is highly suspicious and could indicate malicious intent.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

@btu-tools/mfe-feature-toggles

0.0.1-security

by npm

Live on npm

Blocked by Socket

Malicious code in @btu-tools/mfe-feature-toggles (npm) Source: ghsa-malware (e1c049f661074e61263051b6fa7e69a238c8ec979f8c180855cadc60ac3f59dc) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

@bi-crm/services

0.1.99

by flx1101

Live on npm

Blocked by Socket

The code collects sensitive system information and sends it to an external server without user consent, which is indicative of data exfiltration.

gd-i18n-lib

5.998.1

by npm

Removed from npm

Blocked by Socket

Malicious code in gd-i18n-lib (npm) Source: ghsa-malware (504ccf96933eca659d92d14f5a80c03f40880aff40391102d6edc1b6895fe722) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 4 hours and 17 minutes before removal. Socket users were protected even while the package was live.

httpinfrastructure

0.0.1-security.111

by npm

Removed from npm

Blocked by Socket

Malicious code in httpinfrastructure (npm) Source: ghsa-malware (34c25bae800f5d8e992b1fbda3daf30b45b483169d38d39cd5f87d0d3be3953c) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 5 hours before removal. Socket users were protected even while the package was live.

react-bootcamp

99.10.10

Removed from npm

Blocked by Socket

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 56 minutes before removal. Socket users were protected even while the package was live.

brock-date-time

0.0.1

by coverallsjab

Removed from npm

Blocked by Socket

Malicious code in brock-date-time (npm) Source: ghsa-malware (6cb5ef56360279ec48e0e02774975ab7fbe6deba8c597aad5d4a2d781ca76d0d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 day, 13 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Known malware

Possible typosquat attack

NPM Shrinkwrap

Git dependency

HTTP dependency

Suspicious Stars on GitHub

Protestware or potentially unwanted behavior

Unstable ownership

Obfuscated code

AI-detected potential malware

20 more alerts →

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love →
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love →
Book a DemoRead the blog

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Dec 14, 2023

Hijacked cryptocurrency library adds malware

Widely-used library in cryptocurrency frontend was compromised to include wallet-draining code, following the hijacking of NPM account credentials via phishing.

Jan 06, 2022

Maintainer intentionally adds malware

Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.

Nov 15, 2021

npm discovers a platform vulnerability allowing unauthorized publishing of any package

Attackers could publish new versions of any npm package without authorization for multiple years.

Oct 22, 2021

Hijacked package adds cryptominers and password-stealing malware

Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.

Nov 26, 2018

Package hijacked adding organization specific backdoors

Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles →