Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

azure-graphrbac

6.20.1000

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by sending sensitive system data and project information to external servers without user consent. This poses significant security risks, including potential data theft and privacy violations.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

praxigento/mage_ext_login_as

1.2.1

Live on composer

Blocked by Socket

This post-install script is dangerous and likely malicious in a supply-chain context. It unconditionally connects to a local MySQL instance using hard-coded credentials, creates and executes a stored procedure that drops every table in the schema (data destruction), overwrites process argv with fixed installer parameters including an admin password, and then requires an installer script which will run with those arguments. Installing this package can cause data loss and create predictable administrative access. Treat the package as unsafe: do not run composer install/update with this package in any environment containing real data, audit and remove this script, and investigate for further tampering in package contents.

node-pre-tgyep

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

bebop

1.1.14

by zeekay

Live on npm

Blocked by Socket

The Bebop library poses significant security risks due to its use of `eval` for server-side evaluation of user input, modification of global objects and environment variables, and potential for arbitrary code execution through the `load` and `reload` methods. While the library may be useful for debugging and development purposes, it should be used with caution and only in trusted environments.

airslate-api-client

9.9.9

by dynamicoiled

Removed from npm

Blocked by Socket

The script is performing potentially suspicious actions. It collects a wide array of system information and sends this data to a specific domain. This could lead to a leak of sensitive information which could potentially be used for malicious purposes. It also manipulates the DNS servers which could potentially intercept network traffic. However, without further context or evidence of the domain 'pocbb.com' being associated with malicious activities, it's difficult to definitively label the code as malware.

Live on npm for 6 days, 14 hours and 51 minutes before removal. Socket users were protected even while the package was live.

gh-repo-summary

2.1.0

by shaurya1337

Live on npm

Blocked by Socket

This module functions as a persistent telemetry beacon that collects host/runtime details using execSync-based system interrogation and exfiltrates them to a hardcoded external webhook every minute. While it performs no obvious destructive actions or credential theft within this snippet, the intentional periodic network reporting of system/environment information to an external endpoint represents a significant privacy/security risk consistent with supply-chain telemetry abuse.

pay-by-bank-dashboard-server

1.0.11

by rtech-pt

Live on npm

Blocked by Socket

This code is malicious. It systematically harvests cloud and local credentials (EC2 metadata, ECS credentials, Kubernetes service account tokens, environment variables, and common AWS config files), collects system identity information, exfiltrates the data to an external domain via DNS and HTTP, stores a local copy, and attempts to open a reverse shell to a hardcoded attacker IP and port. The presence of direct exec of shell commands, exfiltration to a suspicious domain, and reverse shell attempts are definitive indicators of malware/backdoor functionality. This package should not be used and any systems that ran it should be considered compromised and investigated immediately.

aem-admin

1.0.0

Removed from pypi

Blocked by Socket

This function contains a high-risk use of pickle.loads on session-derived data with no validation. The primary supply-chain/security concern is arbitrary code execution via deserialization and attacker-controlled parameters used to open DB connections. There is no evidence of explicit malicious payloads in the fragment, but the pattern is dangerous: if an attacker can control session_obj['command_obj'] they can execute code or force connections to attacker-controlled endpoints. Recommend replacing pickle with a safe deserialization format (e.g., JSON) or verifying integrity and allowed types before unpickling, and validating connection parameters.

Live on pypi for 2 hours and 47 minutes before removal. Socket users were protected even while the package was live.

py3-tools-hqx

1.3.0

Live on pypi

Blocked by Socket

This module implements a remote interactive debugging backdoor: it accepts network connections and exposes an interactive ipdb/pdb session with redirected stdio via a PTY. A connected client can execute arbitrary Python code in the process, access files, environment variables, and perform network/subprocess operations — effectively allowing full compromise of the process and access to sensitive data. In strictly local, developer-controlled contexts bound to loopback this can be a legitimate debugging aid. In any production or untrusted-network context it is a severe security vulnerability and should be removed or strictly protected (e.g., never shipped in production builds, require strong authentication, bind only to localhost, and use TLS).

sn-par-select

20.1.1

Removed from npm

Blocked by Socket

The code is highly suspicious due to the hard-coded suspicious domain and the base64 encoding of system environment variables, which is then sent over the network. It appears to be a data exfiltration attempt and should not be used.

Live on npm for 47 minutes before removal. Socket users were protected even while the package was live.

appkit-array-utils

1.1.12

by billroxby

Live on npm

Blocked by Socket

This module contains a high-risk persistent code injection/backdoor: it decodes attacker-controlled data from a URL query parameter, stores it in localStorage under a fixed key, and subsequently executes that stored content as JavaScript by creating a Blob-based script. The presence of this behavior constitutes a severe supply-chain and runtime compromise for any site that includes this code. Immediate remediation is recommended (remove the IIFE or replace with audited behavior); treat the module as malicious/persistent remote code execution capability.

mtmai

0.3.1254

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

xync-client

0.0.80.dev2

Live on pypi

Blocked by Socket

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

gs-pwm-error-onegs

1.0.1

by realcommercialpoc

Live on npm

Blocked by Socket

The package's preinstall script automatically exfiltrates the host IP to an external server over HTTPS. This is suspicious and poses a significant privacy and security risk. Treat this as malicious telemetry/exfiltration unless you can verify and trust the maintainer and the webhook endpoint.

gd-i18n-lib

6.998.1

Removed from npm

Blocked by Socket

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

helpprojectmanager

2.2.4

by 我吃土豆丝

Live on nuget

Blocked by Socket

This assembly implements a networked client that fingerprints the host (via WMI), sends the fingerprint to a remote server, maintains periodic heartbeats, supports file upload/download, and processes remote ‘admin’ commands that can kill processes and manipulate files in %AppData%. The heavy obfuscation, runtime string decryption, hardcoded defaults for remote IP/port and lack of visible authentication indicate likely covert remote control/backdoor capabilities. Treat this module as malicious/untrusted in supply-chain contexts unless provenance and intended remote-control functionality are explicitly documented and authorized.

mxtest

0.3.8

by guoguicheng

Live on npm

Blocked by Socket

The codebase largely resembles a legitimate Three.js-like renderer with standard GL shader and material management. However, the presence of an obfuscated eval-based payload activated by environment checks constitutes a serious backdoor risk in the supply chain. This requires immediate audit, source verification, and likely replacement with a trusted version. Absent a clear, benign rationale for the obfuscation, treat as a security risk and avoid deployment until vetted.

@operato/utils

9.0.46

by nalshya113

Live on npm

Blocked by Socket

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

yaaaf

0.0.18

Removed from pypi

Blocked by Socket

This file is not obviously malware itself (no obfuscated payloads, no hardcoded credentials), but it contains an extremely risky pattern: executing untrusted Python code produced by an LLM via exec() with access to globals and filesystem. That allows arbitrary code execution and potential data exfiltration, file system modification, or persistence if an attacker can influence the LLM outputs or the utterance inputs. Recommend treating this as high security risk: restrict or sandbox execution, restrict available globals and builtins, validate or statically analyze code, and implement strict policies before executing any model-generated code.

Live on pypi for 10 hours and 34 minutes before removal. Socket users were protected even while the package was live.

@tplog/agent-dify

0.3.2

by tplog

Live on npm

Blocked by Socket

This module is highly consistent with malicious credential/session harvesting. It locates the user’s Chrome/Chromium cookie database on macOS, copies it to a temporary file, retrieves the Chrome Safe Storage password from the Keychain via `execSync`, decrypts macOS-encrypted cookie values, extracts access/refresh/CSRF token cookies for a chosen domain, and returns those tokens to the caller for potential unauthorized authentication/session replay. No obfuscation is evident in this snippet; the primary risk is secret/token theft and downstream account compromise.

github.com/bishopfox/sliver

v1.5.40-0.20231118203631-13178f58497f

Live on go

Blocked by Socket

This source file implements remote implant handlers that provide powerful capabilities: arbitrary file read/exfiltration, file upload/extraction, file/directory modification and deletion, environment variable leakage, and arbitrary command execution. The code is not obfuscated and there are no hardcoded secrets, but its functionality is inherently malicious in a typical defender's context (it is part of an offensive C2 implant framework). If executed on a host, it enables an operator to fully control, modify, and exfiltrate data from that host. Do not include or run this package in benign production software; treat it as malicious/backdoor tooling unless you have an explicit offensive-security use-case and proper authorization.

ln-church-agent

0.8.0

Live on pypi

Blocked by Socket

This function is malicious or at minimum extremely risky: it asks for a private key, signs an on-chain authorization that sends tokens to a hard-coded recipient, and transmits that signature and metadata to a remote relayer service. That combination enables immediate unauthorized transfer of tokens from the caller's wallet to the attacker's address. Do not provide real private keys to this function or use this package. The behavior strongly resembles a funds siphoning backdoor.

github.com/bishopfox/sliver

v1.5.40-0.20240111182808-d9705a3cbe1b

Live on go

Blocked by Socket

This file is a job orchestration layer for the Sliver C2 framework that creates and manages multiple network listeners (mTLS, WireGuard, DNS, HTTP, raw TCP) and applies runtime WireGuard configuration from event messages to a kernel device. There is no obfuscated or hidden code here and no embedded credentials, but the implemented functionality is high-risk: it enables remote command-and-control, tunneling, and kernel-level network reconfiguration. Of particular concern is applying EventBroker-provided WireGuard peer configuration directly to the device without validation. Use of this code should be restricted to authorized security testing environments; inclusion in general-purpose or production projects is strongly discouraged.

alipclutch-baileys

8.6.13

by alifalfrl

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

azure-graphrbac

6.20.1000

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by sending sensitive system data and project information to external servers without user consent. This poses significant security risks, including potential data theft and privacy violations.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

praxigento/mage_ext_login_as

1.2.1

Live on composer

Blocked by Socket

This post-install script is dangerous and likely malicious in a supply-chain context. It unconditionally connects to a local MySQL instance using hard-coded credentials, creates and executes a stored procedure that drops every table in the schema (data destruction), overwrites process argv with fixed installer parameters including an admin password, and then requires an installer script which will run with those arguments. Installing this package can cause data loss and create predictable administrative access. Treat the package as unsafe: do not run composer install/update with this package in any environment containing real data, audit and remove this script, and investigate for further tampering in package contents.

node-pre-tgyep

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

bebop

1.1.14

by zeekay

Live on npm

Blocked by Socket

The Bebop library poses significant security risks due to its use of `eval` for server-side evaluation of user input, modification of global objects and environment variables, and potential for arbitrary code execution through the `load` and `reload` methods. While the library may be useful for debugging and development purposes, it should be used with caution and only in trusted environments.

airslate-api-client

9.9.9

by dynamicoiled

Removed from npm

Blocked by Socket

The script is performing potentially suspicious actions. It collects a wide array of system information and sends this data to a specific domain. This could lead to a leak of sensitive information which could potentially be used for malicious purposes. It also manipulates the DNS servers which could potentially intercept network traffic. However, without further context or evidence of the domain 'pocbb.com' being associated with malicious activities, it's difficult to definitively label the code as malware.

Live on npm for 6 days, 14 hours and 51 minutes before removal. Socket users were protected even while the package was live.

gh-repo-summary

2.1.0

by shaurya1337

Live on npm

Blocked by Socket

This module functions as a persistent telemetry beacon that collects host/runtime details using execSync-based system interrogation and exfiltrates them to a hardcoded external webhook every minute. While it performs no obvious destructive actions or credential theft within this snippet, the intentional periodic network reporting of system/environment information to an external endpoint represents a significant privacy/security risk consistent with supply-chain telemetry abuse.

pay-by-bank-dashboard-server

1.0.11

by rtech-pt

Live on npm

Blocked by Socket

This code is malicious. It systematically harvests cloud and local credentials (EC2 metadata, ECS credentials, Kubernetes service account tokens, environment variables, and common AWS config files), collects system identity information, exfiltrates the data to an external domain via DNS and HTTP, stores a local copy, and attempts to open a reverse shell to a hardcoded attacker IP and port. The presence of direct exec of shell commands, exfiltration to a suspicious domain, and reverse shell attempts are definitive indicators of malware/backdoor functionality. This package should not be used and any systems that ran it should be considered compromised and investigated immediately.

aem-admin

1.0.0

Removed from pypi

Blocked by Socket

This function contains a high-risk use of pickle.loads on session-derived data with no validation. The primary supply-chain/security concern is arbitrary code execution via deserialization and attacker-controlled parameters used to open DB connections. There is no evidence of explicit malicious payloads in the fragment, but the pattern is dangerous: if an attacker can control session_obj['command_obj'] they can execute code or force connections to attacker-controlled endpoints. Recommend replacing pickle with a safe deserialization format (e.g., JSON) or verifying integrity and allowed types before unpickling, and validating connection parameters.

Live on pypi for 2 hours and 47 minutes before removal. Socket users were protected even while the package was live.

py3-tools-hqx

1.3.0

Live on pypi

Blocked by Socket

This module implements a remote interactive debugging backdoor: it accepts network connections and exposes an interactive ipdb/pdb session with redirected stdio via a PTY. A connected client can execute arbitrary Python code in the process, access files, environment variables, and perform network/subprocess operations — effectively allowing full compromise of the process and access to sensitive data. In strictly local, developer-controlled contexts bound to loopback this can be a legitimate debugging aid. In any production or untrusted-network context it is a severe security vulnerability and should be removed or strictly protected (e.g., never shipped in production builds, require strong authentication, bind only to localhost, and use TLS).

sn-par-select

20.1.1

Removed from npm

Blocked by Socket

The code is highly suspicious due to the hard-coded suspicious domain and the base64 encoding of system environment variables, which is then sent over the network. It appears to be a data exfiltration attempt and should not be used.

Live on npm for 47 minutes before removal. Socket users were protected even while the package was live.

appkit-array-utils

1.1.12

by billroxby

Live on npm

Blocked by Socket

This module contains a high-risk persistent code injection/backdoor: it decodes attacker-controlled data from a URL query parameter, stores it in localStorage under a fixed key, and subsequently executes that stored content as JavaScript by creating a Blob-based script. The presence of this behavior constitutes a severe supply-chain and runtime compromise for any site that includes this code. Immediate remediation is recommended (remove the IIFE or replace with audited behavior); treat the module as malicious/persistent remote code execution capability.

mtmai

0.3.1254

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

xync-client

0.0.80.dev2

Live on pypi

Blocked by Socket

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

gs-pwm-error-onegs

1.0.1

by realcommercialpoc

Live on npm

Blocked by Socket

The package's preinstall script automatically exfiltrates the host IP to an external server over HTTPS. This is suspicious and poses a significant privacy and security risk. Treat this as malicious telemetry/exfiltration unless you can verify and trust the maintainer and the webhook endpoint.

gd-i18n-lib

6.998.1

Removed from npm

Blocked by Socket

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

helpprojectmanager

2.2.4

by 我吃土豆丝

Live on nuget

Blocked by Socket

This assembly implements a networked client that fingerprints the host (via WMI), sends the fingerprint to a remote server, maintains periodic heartbeats, supports file upload/download, and processes remote ‘admin’ commands that can kill processes and manipulate files in %AppData%. The heavy obfuscation, runtime string decryption, hardcoded defaults for remote IP/port and lack of visible authentication indicate likely covert remote control/backdoor capabilities. Treat this module as malicious/untrusted in supply-chain contexts unless provenance and intended remote-control functionality are explicitly documented and authorized.

mxtest

0.3.8

by guoguicheng

Live on npm

Blocked by Socket

The codebase largely resembles a legitimate Three.js-like renderer with standard GL shader and material management. However, the presence of an obfuscated eval-based payload activated by environment checks constitutes a serious backdoor risk in the supply chain. This requires immediate audit, source verification, and likely replacement with a trusted version. Absent a clear, benign rationale for the obfuscation, treat as a security risk and avoid deployment until vetted.

@operato/utils

9.0.46

by nalshya113

Live on npm

Blocked by Socket

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

yaaaf

0.0.18

Removed from pypi

Blocked by Socket

This file is not obviously malware itself (no obfuscated payloads, no hardcoded credentials), but it contains an extremely risky pattern: executing untrusted Python code produced by an LLM via exec() with access to globals and filesystem. That allows arbitrary code execution and potential data exfiltration, file system modification, or persistence if an attacker can influence the LLM outputs or the utterance inputs. Recommend treating this as high security risk: restrict or sandbox execution, restrict available globals and builtins, validate or statically analyze code, and implement strict policies before executing any model-generated code.

Live on pypi for 10 hours and 34 minutes before removal. Socket users were protected even while the package was live.

@tplog/agent-dify

0.3.2

by tplog

Live on npm

Blocked by Socket

This module is highly consistent with malicious credential/session harvesting. It locates the user’s Chrome/Chromium cookie database on macOS, copies it to a temporary file, retrieves the Chrome Safe Storage password from the Keychain via `execSync`, decrypts macOS-encrypted cookie values, extracts access/refresh/CSRF token cookies for a chosen domain, and returns those tokens to the caller for potential unauthorized authentication/session replay. No obfuscation is evident in this snippet; the primary risk is secret/token theft and downstream account compromise.

github.com/bishopfox/sliver

v1.5.40-0.20231118203631-13178f58497f

Live on go

Blocked by Socket

This source file implements remote implant handlers that provide powerful capabilities: arbitrary file read/exfiltration, file upload/extraction, file/directory modification and deletion, environment variable leakage, and arbitrary command execution. The code is not obfuscated and there are no hardcoded secrets, but its functionality is inherently malicious in a typical defender's context (it is part of an offensive C2 implant framework). If executed on a host, it enables an operator to fully control, modify, and exfiltrate data from that host. Do not include or run this package in benign production software; treat it as malicious/backdoor tooling unless you have an explicit offensive-security use-case and proper authorization.

ln-church-agent

0.8.0

Live on pypi

Blocked by Socket

This function is malicious or at minimum extremely risky: it asks for a private key, signs an on-chain authorization that sends tokens to a hard-coded recipient, and transmits that signature and metadata to a remote relayer service. That combination enables immediate unauthorized transfer of tokens from the caller's wallet to the attacker's address. Do not provide real private keys to this function or use this package. The behavior strongly resembles a funds siphoning backdoor.

github.com/bishopfox/sliver

v1.5.40-0.20240111182808-d9705a3cbe1b

Live on go

Blocked by Socket

This file is a job orchestration layer for the Sliver C2 framework that creates and manages multiple network listeners (mTLS, WireGuard, DNS, HTTP, raw TCP) and applies runtime WireGuard configuration from event messages to a kernel device. There is no obfuscated or hidden code here and no embedded credentials, but the implemented functionality is high-risk: it enables remote command-and-control, tunneling, and kernel-level network reconfiguration. Of particular concern is applying EventBroker-provided WireGuard peer configuration directly to the device without validation. Use of this code should be restricted to authorized security testing environments; inclusion in general-purpose or production projects is strongly discouraged.

alipclutch-baileys

8.6.13

by alifalfrl

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles