
Research
/Security News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
cylab-be/webshell-detector
dev-include_wowa_training
Live on composer
Blocked by Socket
This file is a web shell/backdoor providing unauthenticated remote command execution and arbitrary file upload with no sanitization. It is malicious and should be removed; systems where this was deployed should be assumed compromised and investigated. Immediate action: remove the file, rotate credentials, inspect for additional persistence, and restore from a trusted backup if necessary.
prior-cli
1.3.3
by prior.network
Live on npm
Blocked by Socket
This dependency/module exposes multiple high-impact host-control primitives: arbitrary command execution (unvalidated interpolation), clipboard read/write (including direct clipboard exfiltration to the caller), and writing attacker-influenced base64 content to a filesystem path influenced by remote filename plus cwd. It also forwards bearer tokens to external services. While the code is not visibly obfuscated, the capability set is sufficiently dangerous that the module should be treated as security-critical and requires strict access control, input validation, and path hardening around tool invocation and remote filename handling.
@claudeink/mcp-server
2.2.11
by weekdmond
Live on npm
Blocked by Socket
High-risk behavior exists in this dependency bundle: gray-matter includes a `javascript` engine that directly executes attacker-controlled input using `eval`, and js-yaml full schema supports constructing executable functions via `new Function` from YAML tags. This combination enables RCE/prototype-pollution-style impacts if untrusted content reaches these parsing paths and the consumer uses the unsafe/full options.
bluelamp-ai
0.45.2
Live on pypi
Blocked by Socket
This file is a minimal loader that decodes and executes an opaque payload embedded as a base64/zlib blob. That design is strongly suspicious and constitutes a high supply-chain and runtime risk because the actual behavior is hidden and executes automatically on import. Treat as untrusted until the decoded payload is inspected in an isolated environment. Do not include in production systems without a full audit and provenance verification.
react-native-webview-aadhaar-integration
0.0.2
by akashnigam47
Live on npm
Blocked by Socket
This module contains a DOM-injection script intended to capture extremely sensitive identity and 2FA values (Aadhaar, securityCode, OTP) via dynamically created dialogs, then automatically populate targeted form fields and trigger authentication submission clicks. Even without visible network exfiltration in the snippet, the credential/2FA capture and forced submission pattern is strongly malicious or at minimum represents a serious authentication-abuse risk. The surrounding React code appears benign, but the embedded myScript content is high-risk if executed in a WebView/DOM context.
foundry-toolkit
1.0.2
by motremfc
Removed from npm
Blocked by Socket
This file is malicious. It intentionally harvests sensitive wallet data (seed phrases, private keys, passwords/passphrases) and user context, sending them to an attacker-controlled Telegram bot. It then proxies execution to the legitimate 'cast' binary to remain stealthy. Treat this as a credential-stealing backdoor: remove it, assume any exposed secrets are compromised, rotate keys/seeds/passwords, and inspect the system for other persistence mechanisms.
Live on npm for 1 day, 21 hours and 32 minutes before removal. Socket users were protected even while the package was live.
@fizzxydev/baileys-pro
8.6.2
by fizzxydev
Removed from npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.
@blocklet/pages-kit
0.2.374
by wangshijun
Live on npm
Blocked by Socket
This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.
@softeria/ms-365-mcp-server
0.17.0
by eirikb
Live on npm
Blocked by Socket
There is a clear anomalous pattern: the code forcibly redirects the generated client’s import from a legitimate core library to a local module hack.js. This constitutes a backdoor/vector for malicious behavior if hack.js is untrusted. Without integrity checks or vetting of hack.js, this practice introduces high security risk in a supply-chain context and should be halted or strictly audited.
ce-audit
1.0.21
by palsandip
Removed from npm
Blocked by Socket
No clear signs of intentional malware (no backdoors, no cryptomining, no remote shell). However the code contains serious security issues: hardcoded secrets (Cosmos DB key and IP API key), use of a client-side library to connect directly to a database with those secrets (likely exposing DB access), and exfiltration of client IP/geo to a third-party API. These make the package dangerous to publish or use in client-distributed bundles. Recommendation: remove hardcoded keys, move DB access to a trusted server-side component, avoid shipping primary DB keys to clients, and validate/sanitize reqbody before persisting. Also remove or protect third-party API keys and avoid logging PII to console in production.
Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.
sbcli-dev
3.2.1
Live on pypi
Blocked by Socket
This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.
discord-misc
0.2.44
Removed from pypi
Blocked by Socket
The code demonstrates multiple signs of malicious behavior, including downloading and executing remote scripts, collecting sensitive system information, and sending this information to an external server. It uses techniques to avoid detection, such as running in a background thread and executing scripts in a hidden window.
Live on pypi for 18 minutes before removal. Socket users were protected even while the package was live.
pinokiod
1.3.85
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
@empline/preflight
1.1.14
by andrewkoski
Live on npm
Blocked by Socket
This package executes a local install-time script (dist/bin/preinstall.js) during npm install and depends on a local tarball via a file: reference. Together these are significant supply-chain risks: the preinstall script can perform arbitrary actions (data exfiltration, telemetry, filesystem changes, spawn shells, etc.), and the file: dependency bypasses registry verification. You should inspect the contents of dist/bin/preinstall.js and the referenced tarball (../ai-manager/...tgz) before installing. Treat this package as high risk until those files are audited.
jintian-architecture-code-ns
2.5
Live on pypi
Blocked by Socket
Critical vulnerability: eval(self.data) on untrusted websocket input enables remote code execution. Even if subsequent 'path'/'key' checks fail, arbitrary code in the payload will have executed. Combined with invoking route handlers with attacker-controlled config and returning handler outputs to clients, this code poses a high security risk and should not be used in production. Immediate remediation: replace eval with a safe parser (e.g., json.loads) or ast.literal_eval if only literals are expected; perform input validation before any execution; never execute untrusted strings; use least-privilege runtime and sandboxing for handler execution; bind issued keys to client context and add proper error/edge-case handling (e.g., remove -> discard no-ops).
github.com/bishopfox/sliver
v1.4.3-0.20210308123218-f456a256aad1
Live on go
Blocked by Socket
This code intentionally provides capabilities to execute arbitrary native code: LocalTask executes raw bytes in-process by marking memory executable and calling it; Sideload writes bytes to /tmp and uses dynamic loader environment variables to inject a library into a spawned process. These are canonical implant/loader behaviors and present a high risk of misuse. The code lacks validation, signing, or safety checks. Given the header referencing an implant framework and the explicit execution/injection functionality, treat this package as malicious/offensive in nature and high-risk for inclusion in a supply chain unless used in a controlled, trusted red-team context.
pinokiod
1.0.50
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
violit
0.2.0
Live on pypi
Blocked by Socket
The fragment contains a clear source-to-sink path enabling remote code execution: the server executes arbitrary code provided by the client via a WebSocket message with type 'eval'. This is the primary malicious/malpractice indicator and represents a high-risk vulnerability if inputs can be influenced by an attacker. Other notable concerns include the potential bypass of CSRF protection in native mode, heavy dynamic HTML/JS injection without explicit sanitization, and the use of subprocesses for reloads which could be abused under certain conditions. Overall, the presence of the eval sink and token handling weaknesses constitute a meaningful security risk requiring remediation (remove or harden eval usage, enforce strict input validation, ensure CSRF/native-token policies are consistently enforced, and audit reload mechanisms).
vibe-notion
1.1.0
by GitHub Actions
Live on npm
Blocked by Socket
This module is a credential-extraction utility for Notion: it accesses local Notion state and cookie databases, decrypts protected cookie values using platform-specific mechanisms (macOS Keychain, Windows DPAPI, Linux PBKDF2 fallback), and returns authentication tokens and user IDs. It does not itself exfiltrate data over the network, but it provides high-value secrets to the caller and executes system commands to unprotect secrets. Therefore it poses a high security risk if included in code that runs on user machines (it can be used for token theft). Treat as potentially malicious/abusive when used without explicit user consent.
cbre-flow-common
99.4.0
Live on npm
Blocked by Socket
This is active data exfiltration code executed at module load: it collects hostname, working directory, current user, a marker string, and the public IP, encodes the data, and leaks it via DNS lookups to an external domain (and makes an HTTP request to ifconfig.me). This matches malicious supply-chain/backdoor behavior. The package should be considered compromised and removed; investigate impacted hosts and block the destination domain(s).
spacetoow.vsc-python-indent
1.21.3
by kailanii8997
Removed from openvsx
Blocked by Socket
This manifest is suspicious: it appears to be a legitimate Python indent extension but quietly uses extensionPack to install a single, cross‑publisher extension. Because the pack is concealed inside a featureful extension and not openly disclosed as a bundle, this pattern is consistent with covert installation behavior and warrants manual review.
Live on openvsx for 8 days, 20 hours and 46 minutes before removal. Socket users were protected even while the package was live.
ailever
0.2.672
Live on pypi
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
banamex-vue-components
0.1.9
by sr3pp
Removed from npm
Blocked by Socket
The code snippet poses security risks due to its use of dynamic script evaluation and cross-domain requests. These practices can lead to remote code execution if not properly controlled. While the code is not heavily obfuscated, its complexity and use of dynamic evaluations could obscure malicious intent.
Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.
cylab-be/webshell-detector
dev-include_wowa_training
Live on composer
Blocked by Socket
This file is a web shell/backdoor providing unauthenticated remote command execution and arbitrary file upload with no sanitization. It is malicious and should be removed; systems where this was deployed should be assumed compromised and investigated. Immediate action: remove the file, rotate credentials, inspect for additional persistence, and restore from a trusted backup if necessary.
prior-cli
1.3.3
by prior.network
Live on npm
Blocked by Socket
This dependency/module exposes multiple high-impact host-control primitives: arbitrary command execution (unvalidated interpolation), clipboard read/write (including direct clipboard exfiltration to the caller), and writing attacker-influenced base64 content to a filesystem path influenced by remote filename plus cwd. It also forwards bearer tokens to external services. While the code is not visibly obfuscated, the capability set is sufficiently dangerous that the module should be treated as security-critical and requires strict access control, input validation, and path hardening around tool invocation and remote filename handling.
@claudeink/mcp-server
2.2.11
by weekdmond
Live on npm
Blocked by Socket
High-risk behavior exists in this dependency bundle: gray-matter includes a `javascript` engine that directly executes attacker-controlled input using `eval`, and js-yaml full schema supports constructing executable functions via `new Function` from YAML tags. This combination enables RCE/prototype-pollution-style impacts if untrusted content reaches these parsing paths and the consumer uses the unsafe/full options.
bluelamp-ai
0.45.2
Live on pypi
Blocked by Socket
This file is a minimal loader that decodes and executes an opaque payload embedded as a base64/zlib blob. That design is strongly suspicious and constitutes a high supply-chain and runtime risk because the actual behavior is hidden and executes automatically on import. Treat as untrusted until the decoded payload is inspected in an isolated environment. Do not include in production systems without a full audit and provenance verification.
react-native-webview-aadhaar-integration
0.0.2
by akashnigam47
Live on npm
Blocked by Socket
This module contains a DOM-injection script intended to capture extremely sensitive identity and 2FA values (Aadhaar, securityCode, OTP) via dynamically created dialogs, then automatically populate targeted form fields and trigger authentication submission clicks. Even without visible network exfiltration in the snippet, the credential/2FA capture and forced submission pattern is strongly malicious or at minimum represents a serious authentication-abuse risk. The surrounding React code appears benign, but the embedded myScript content is high-risk if executed in a WebView/DOM context.
foundry-toolkit
1.0.2
by motremfc
Removed from npm
Blocked by Socket
This file is malicious. It intentionally harvests sensitive wallet data (seed phrases, private keys, passwords/passphrases) and user context, sending them to an attacker-controlled Telegram bot. It then proxies execution to the legitimate 'cast' binary to remain stealthy. Treat this as a credential-stealing backdoor: remove it, assume any exposed secrets are compromised, rotate keys/seeds/passwords, and inspect the system for other persistence mechanisms.
Live on npm for 1 day, 21 hours and 32 minutes before removal. Socket users were protected even while the package was live.
@fizzxydev/baileys-pro
8.6.2
by fizzxydev
Removed from npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.
@blocklet/pages-kit
0.2.374
by wangshijun
Live on npm
Blocked by Socket
This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.
@softeria/ms-365-mcp-server
0.17.0
by eirikb
Live on npm
Blocked by Socket
There is a clear anomalous pattern: the code forcibly redirects the generated client’s import from a legitimate core library to a local module hack.js. This constitutes a backdoor/vector for malicious behavior if hack.js is untrusted. Without integrity checks or vetting of hack.js, this practice introduces high security risk in a supply-chain context and should be halted or strictly audited.
ce-audit
1.0.21
by palsandip
Removed from npm
Blocked by Socket
No clear signs of intentional malware (no backdoors, no cryptomining, no remote shell). However the code contains serious security issues: hardcoded secrets (Cosmos DB key and IP API key), use of a client-side library to connect directly to a database with those secrets (likely exposing DB access), and exfiltration of client IP/geo to a third-party API. These make the package dangerous to publish or use in client-distributed bundles. Recommendation: remove hardcoded keys, move DB access to a trusted server-side component, avoid shipping primary DB keys to clients, and validate/sanitize reqbody before persisting. Also remove or protect third-party API keys and avoid logging PII to console in production.
Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.
sbcli-dev
3.2.1
Live on pypi
Blocked by Socket
This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.
discord-misc
0.2.44
Removed from pypi
Blocked by Socket
The code demonstrates multiple signs of malicious behavior, including downloading and executing remote scripts, collecting sensitive system information, and sending this information to an external server. It uses techniques to avoid detection, such as running in a background thread and executing scripts in a hidden window.
Live on pypi for 18 minutes before removal. Socket users were protected even while the package was live.
pinokiod
1.3.85
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
@empline/preflight
1.1.14
by andrewkoski
Live on npm
Blocked by Socket
This package executes a local install-time script (dist/bin/preinstall.js) during npm install and depends on a local tarball via a file: reference. Together these are significant supply-chain risks: the preinstall script can perform arbitrary actions (data exfiltration, telemetry, filesystem changes, spawn shells, etc.), and the file: dependency bypasses registry verification. You should inspect the contents of dist/bin/preinstall.js and the referenced tarball (../ai-manager/...tgz) before installing. Treat this package as high risk until those files are audited.
jintian-architecture-code-ns
2.5
Live on pypi
Blocked by Socket
Critical vulnerability: eval(self.data) on untrusted websocket input enables remote code execution. Even if subsequent 'path'/'key' checks fail, arbitrary code in the payload will have executed. Combined with invoking route handlers with attacker-controlled config and returning handler outputs to clients, this code poses a high security risk and should not be used in production. Immediate remediation: replace eval with a safe parser (e.g., json.loads) or ast.literal_eval if only literals are expected; perform input validation before any execution; never execute untrusted strings; use least-privilege runtime and sandboxing for handler execution; bind issued keys to client context and add proper error/edge-case handling (e.g., remove -> discard no-ops).
github.com/bishopfox/sliver
v1.4.3-0.20210308123218-f456a256aad1
Live on go
Blocked by Socket
This code intentionally provides capabilities to execute arbitrary native code: LocalTask executes raw bytes in-process by marking memory executable and calling it; Sideload writes bytes to /tmp and uses dynamic loader environment variables to inject a library into a spawned process. These are canonical implant/loader behaviors and present a high risk of misuse. The code lacks validation, signing, or safety checks. Given the header referencing an implant framework and the explicit execution/injection functionality, treat this package as malicious/offensive in nature and high-risk for inclusion in a supply chain unless used in a controlled, trusted red-team context.
pinokiod
1.0.50
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
violit
0.2.0
Live on pypi
Blocked by Socket
The fragment contains a clear source-to-sink path enabling remote code execution: the server executes arbitrary code provided by the client via a WebSocket message with type 'eval'. This is the primary malicious/malpractice indicator and represents a high-risk vulnerability if inputs can be influenced by an attacker. Other notable concerns include the potential bypass of CSRF protection in native mode, heavy dynamic HTML/JS injection without explicit sanitization, and the use of subprocesses for reloads which could be abused under certain conditions. Overall, the presence of the eval sink and token handling weaknesses constitute a meaningful security risk requiring remediation (remove or harden eval usage, enforce strict input validation, ensure CSRF/native-token policies are consistently enforced, and audit reload mechanisms).
vibe-notion
1.1.0
by GitHub Actions
Live on npm
Blocked by Socket
This module is a credential-extraction utility for Notion: it accesses local Notion state and cookie databases, decrypts protected cookie values using platform-specific mechanisms (macOS Keychain, Windows DPAPI, Linux PBKDF2 fallback), and returns authentication tokens and user IDs. It does not itself exfiltrate data over the network, but it provides high-value secrets to the caller and executes system commands to unprotect secrets. Therefore it poses a high security risk if included in code that runs on user machines (it can be used for token theft). Treat as potentially malicious/abusive when used without explicit user consent.
cbre-flow-common
99.4.0
Live on npm
Blocked by Socket
This is active data exfiltration code executed at module load: it collects hostname, working directory, current user, a marker string, and the public IP, encodes the data, and leaks it via DNS lookups to an external domain (and makes an HTTP request to ifconfig.me). This matches malicious supply-chain/backdoor behavior. The package should be considered compromised and removed; investigate impacted hosts and block the destination domain(s).
spacetoow.vsc-python-indent
1.21.3
by kailanii8997
Removed from openvsx
Blocked by Socket
This manifest is suspicious: it appears to be a legitimate Python indent extension but quietly uses extensionPack to install a single, cross‑publisher extension. Because the pack is concealed inside a featureful extension and not openly disclosed as a bundle, this pattern is consistent with covert installation behavior and warrants manual review.
Live on openvsx for 8 days, 20 hours and 46 minutes before removal. Socket users were protected even while the package was live.
ailever
0.2.672
Live on pypi
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
banamex-vue-components
0.1.9
by sr3pp
Removed from npm
Blocked by Socket
The code snippet poses security risks due to its use of dynamic script evaluation and cross-domain requests. These practices can lead to remote code execution if not properly controlled. While the code is not heavily obfuscated, its complexity and use of dynamic evaluations could obscure malicious intent.
Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.

Product
Stay on top of alert changes with filtered subscriptions, batched summaries, and notification routing built for triage.