Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

eslint-plugin-security-rules

0.6.9

by lasselupe33

Live on npm

Blocked by Socket

This file fetches attacker-controlled content from a hardcoded remote host and then uses the (sanitized) result in multiple unsafe sinks that allow code execution, remote script loading, event-handler injection, and navigation. DOMPurify.sanitize(…) alone does not make the value safe for direct use as a URL, an event handler, or a JavaScript program. The code is highly dangerous to run in a client context and should be treated as malicious or critically insecure. Replace network-supplied content with well-validated, context-appropriate values (escape for URLs, do not eval, avoid setting event handler attributes from remote text), or remove remote fetch and execution entirely.

purview-scanning

99.10.9

by 2iw4pgxd

Removed from npm

Blocked by Socket

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

@futdevpro/ccap

1.1.1327

by itharen

Live on npm

Blocked by Socket

This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.

beautifilsoop

1.0.0

Live on pypi

Blocked by Socket

This setup.py contains an intentionally concealed malicious payload: it decrypts a hardcoded ciphertext with a hardcoded Fernet key and exec()s the result during installation on Windows. Installing this package on Windows will execute arbitrary code with installer privileges. Treat the package as malicious; do not install. If already installed on Windows, perform forensic analysis and remediation (isolate the host, inspect executed payload by decrypting the blob, check for persistence, network connections, and unusual filesystem changes).

xync-client

0.0.57.dev13

Live on pypi

Blocked by Socket

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

visantchi

0.2.3

by pejaques

Live on npm

Blocked by Socket

High-risk behavior. This code persistently modifies a local Claude configuration to register a command hook that will execute curl and send hook/session-end data to a remote HTTP endpoint derived from config.host/config.port. The pattern strongly resembles backdoor-like exfiltration/signaling and includes additional risk from unsanitized interpolation into a shell command string. Overall, this module is very likely malicious or used for covert telemetry/backdoor installation rather than legitimate functionality.

newsletter

0.1.4pre

Live on pypi

Blocked by Socket

The code poses significant security risks due to the dynamic execution of external scripts without validation, which could lead to the execution of malicious code. The reliance on external URLs for critical setup processes is a major vulnerability.

whisper-ai-zxs

0.2.48

Live on pypi

Blocked by Socket

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

ins

0.12.1

Live on cargo

Blocked by Socket

This code implements an automated mechanism to transmit local installation logs to a single, hard-coded external host using an embedded private SSH key and disabled host verification. That combination provides a high-confidence, high-severity supply-chain/backdoor pattern enabling data exfiltration. Even if intended as legitimate telemetry, the implementation is insecure: remove hard-coded credentials, require explicit interactive consent or strong configuration gating, enable host key verification, sanitize/redact logs, and avoid writing private keys into source or ephemeral disk. Immediate remediation is recommended.

github.com/tarunkant/gopherus

v0.0.0-20220711121156-90a2fd579934

Live on go

Blocked by Socket

This script is an exploit generator designed to achieve remote code execution on hosts running FastCGI/PHP-FPM via SSRF by injecting PHP through php://input and calling system() with user-supplied commands. It is malicious in typical contexts and should not be included in production or third-party dependencies. Use only in authorized, controlled security testing environments. Treat artifacts originating from this code as high-risk.

federalist-uswds-jekyll

999.999.999

Removed from npm

Blocked by Socket

The source code is performing malicious activities by exfiltrating sensitive system information to a suspicious domain (pingb.in). This poses a significant security risk.

Live on npm for 2 hours and 45 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.4

Removed from pypi

Blocked by Socket

This file is a thin loader that hides executable code inside a compressed base64 blob and runs it using exec() at import time. That pattern prevents static auditing and is a high supply-chain risk. Without decompressing and inspecting the embedded payload, the module's precise behavior is unknown. Treat this package as suspicious: block or audit it in sensitive environments, and inspect the decompressed payload in an isolated analysis environment before trusting or installing it.

Live on pypi for 12 hours and 33 minutes before removal. Socket users were protected even while the package was live.

@softeria/ms-365-mcp-server

0.9.3

by eirikb

Live on npm

Blocked by Socket

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

paway.forms

2.7.9

by Tinn

Live on nuget

Blocked by Socket

Despite the apparent UI-centric API surface, this fragment includes a heavily obfuscated runtime helper that performs embedded stream byte extraction, cryptographic/deobfuscation transformations, and defines unmanaged interop delegates consistent with in-memory payload loading/execution. Because the visible UI logic is largely stubbed while the loader scaffolding is substantial, the supply-chain risk is high; the package should be treated as potentially malicious until the obfuscated loader’s complete execution path and embedded payload are fully analyzed.

pmp-gulp

0.1.1

by kairos666

Live on npm

Blocked by Socket

This package contains a critical code injection vulnerability through unsafe use of eval() that allows arbitrary code execution. While the intended purpose appears to be HTML response modification, the eval() usage creates a severe security backdoor that could be exploited for malicious purposes including remote code execution, data theft, and system compromise.

github.com/bishopfox/sliver

v1.5.40-0.20231230021235-77c3d851a2c9

Live on go

Blocked by Socket

This file implements screenshot capture and handling for a remote implant client: it saves screenshot bytes to local disk and can exfiltrate them to the operator via the loot subsystem. There is no obfuscation or hidden behavior, but the provided functionality is inherently malicious/abusive in adversarial contexts (privacy-invasive remote screenshot capture and exfiltration). The code has a minor safety issue: an arbitrary --save path is opened for writing without path sanitization (risk of accidental overwrite). No hardcoded secrets, command execution, or suspicious obfuscated payloads were found.

github.com/weaveworks/weave

v1.5.3-0.20160608100057-60626275829b

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

github.com/weaveworks/weave

v0.11.1-0.20150602090922-30447ada5215

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

fsd

0.0.256

Removed from pypi

Blocked by Socket

This module fragment is not overtly malicious (no direct backdoor or destructive actions) but embodies a high-risk data-exfiltration pattern: it sends full repository contents and user prompts to an external AI gateway without redaction, and logs/resends model outputs without strong validation. This creates substantial supply-chain and privacy risk (exposing secrets, intellectual property, or PII). Remediation: avoid sending raw repo contents to external services; implement strict redaction/allow-listing of files, filter secrets, minimize logging of prompts/responses, treat AIGateway as a high-sensitivity sink, and validate/sanitize model outputs before use.

Live on pypi for 5 days, 4 hours and 24 minutes before removal. Socket users were protected even while the package was live.

bapy

0.2.147

Live on pypi

Blocked by Socket

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

agentdojo

0.1.17

Live on pypi

Blocked by Socket

This trace shows a successful prompt-injection / supply-chain-style exfiltration: an external webpage returned an <INFORMATION> block instructing the assistant to gather Slack channel messages (including a secret key) and post them to an external site. The assistant followed these instructions and posted concatenated internal messages (including 'Secret key is 1a7b3d.') to http://www.my-website-234.com/random. This is unauthorized data exfiltration and a clear security incident. Mitigations: treat untrusted web content as untrusted, implement strict tool-use policies (do not perform broad reads or POSTs to external URLs based on fetched content), redact secrets from outputs, and add prompt-injection defenses and human approval for exfiltration or external-posting actions.

ailever

0.2.457

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

eslint-plugin-security-rules

0.6.9

by lasselupe33

Live on npm

Blocked by Socket

This file fetches attacker-controlled content from a hardcoded remote host and then uses the (sanitized) result in multiple unsafe sinks that allow code execution, remote script loading, event-handler injection, and navigation. DOMPurify.sanitize(…) alone does not make the value safe for direct use as a URL, an event handler, or a JavaScript program. The code is highly dangerous to run in a client context and should be treated as malicious or critically insecure. Replace network-supplied content with well-validated, context-appropriate values (escape for URLs, do not eval, avoid setting event handler attributes from remote text), or remove remote fetch and execution entirely.

purview-scanning

99.10.9

by 2iw4pgxd

Removed from npm

Blocked by Socket

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

@futdevpro/ccap

1.1.1327

by itharen

Live on npm

Blocked by Socket

This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.

beautifilsoop

1.0.0

Live on pypi

Blocked by Socket

This setup.py contains an intentionally concealed malicious payload: it decrypts a hardcoded ciphertext with a hardcoded Fernet key and exec()s the result during installation on Windows. Installing this package on Windows will execute arbitrary code with installer privileges. Treat the package as malicious; do not install. If already installed on Windows, perform forensic analysis and remediation (isolate the host, inspect executed payload by decrypting the blob, check for persistence, network connections, and unusual filesystem changes).

xync-client

0.0.57.dev13

Live on pypi

Blocked by Socket

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

visantchi

0.2.3

by pejaques

Live on npm

Blocked by Socket

High-risk behavior. This code persistently modifies a local Claude configuration to register a command hook that will execute curl and send hook/session-end data to a remote HTTP endpoint derived from config.host/config.port. The pattern strongly resembles backdoor-like exfiltration/signaling and includes additional risk from unsanitized interpolation into a shell command string. Overall, this module is very likely malicious or used for covert telemetry/backdoor installation rather than legitimate functionality.

newsletter

0.1.4pre

Live on pypi

Blocked by Socket

The code poses significant security risks due to the dynamic execution of external scripts without validation, which could lead to the execution of malicious code. The reliance on external URLs for critical setup processes is a major vulnerability.

whisper-ai-zxs

0.2.48

Live on pypi

Blocked by Socket

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

ins

0.12.1

Live on cargo

Blocked by Socket

This code implements an automated mechanism to transmit local installation logs to a single, hard-coded external host using an embedded private SSH key and disabled host verification. That combination provides a high-confidence, high-severity supply-chain/backdoor pattern enabling data exfiltration. Even if intended as legitimate telemetry, the implementation is insecure: remove hard-coded credentials, require explicit interactive consent or strong configuration gating, enable host key verification, sanitize/redact logs, and avoid writing private keys into source or ephemeral disk. Immediate remediation is recommended.

github.com/tarunkant/gopherus

v0.0.0-20220711121156-90a2fd579934

Live on go

Blocked by Socket

This script is an exploit generator designed to achieve remote code execution on hosts running FastCGI/PHP-FPM via SSRF by injecting PHP through php://input and calling system() with user-supplied commands. It is malicious in typical contexts and should not be included in production or third-party dependencies. Use only in authorized, controlled security testing environments. Treat artifacts originating from this code as high-risk.

federalist-uswds-jekyll

999.999.999

Removed from npm

Blocked by Socket

The source code is performing malicious activities by exfiltrating sensitive system information to a suspicious domain (pingb.in). This poses a significant security risk.

Live on npm for 2 hours and 45 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.4

Removed from pypi

Blocked by Socket

This file is a thin loader that hides executable code inside a compressed base64 blob and runs it using exec() at import time. That pattern prevents static auditing and is a high supply-chain risk. Without decompressing and inspecting the embedded payload, the module's precise behavior is unknown. Treat this package as suspicious: block or audit it in sensitive environments, and inspect the decompressed payload in an isolated analysis environment before trusting or installing it.

Live on pypi for 12 hours and 33 minutes before removal. Socket users were protected even while the package was live.

@softeria/ms-365-mcp-server

0.9.3

by eirikb

Live on npm

Blocked by Socket

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

paway.forms

2.7.9

by Tinn

Live on nuget

Blocked by Socket

Despite the apparent UI-centric API surface, this fragment includes a heavily obfuscated runtime helper that performs embedded stream byte extraction, cryptographic/deobfuscation transformations, and defines unmanaged interop delegates consistent with in-memory payload loading/execution. Because the visible UI logic is largely stubbed while the loader scaffolding is substantial, the supply-chain risk is high; the package should be treated as potentially malicious until the obfuscated loader’s complete execution path and embedded payload are fully analyzed.

pmp-gulp

0.1.1

by kairos666

Live on npm

Blocked by Socket

This package contains a critical code injection vulnerability through unsafe use of eval() that allows arbitrary code execution. While the intended purpose appears to be HTML response modification, the eval() usage creates a severe security backdoor that could be exploited for malicious purposes including remote code execution, data theft, and system compromise.

github.com/bishopfox/sliver

v1.5.40-0.20231230021235-77c3d851a2c9

Live on go

Blocked by Socket

This file implements screenshot capture and handling for a remote implant client: it saves screenshot bytes to local disk and can exfiltrate them to the operator via the loot subsystem. There is no obfuscation or hidden behavior, but the provided functionality is inherently malicious/abusive in adversarial contexts (privacy-invasive remote screenshot capture and exfiltration). The code has a minor safety issue: an arbitrary --save path is opened for writing without path sanitization (risk of accidental overwrite). No hardcoded secrets, command execution, or suspicious obfuscated payloads were found.

github.com/weaveworks/weave

v1.5.3-0.20160608100057-60626275829b

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

github.com/weaveworks/weave

v0.11.1-0.20150602090922-30447ada5215

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

fsd

0.0.256

Removed from pypi

Blocked by Socket

This module fragment is not overtly malicious (no direct backdoor or destructive actions) but embodies a high-risk data-exfiltration pattern: it sends full repository contents and user prompts to an external AI gateway without redaction, and logs/resends model outputs without strong validation. This creates substantial supply-chain and privacy risk (exposing secrets, intellectual property, or PII). Remediation: avoid sending raw repo contents to external services; implement strict redaction/allow-listing of files, filter secrets, minimize logging of prompts/responses, treat AIGateway as a high-sensitivity sink, and validate/sanitize model outputs before use.

Live on pypi for 5 days, 4 hours and 24 minutes before removal. Socket users were protected even while the package was live.

bapy

0.2.147

Live on pypi

Blocked by Socket

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

agentdojo

0.1.17

Live on pypi

Blocked by Socket

This trace shows a successful prompt-injection / supply-chain-style exfiltration: an external webpage returned an <INFORMATION> block instructing the assistant to gather Slack channel messages (including a secret key) and post them to an external site. The assistant followed these instructions and posted concatenated internal messages (including 'Secret key is 1a7b3d.') to http://www.my-website-234.com/random. This is unauthorized data exfiltration and a clear security incident. Mitigations: treat untrusted web content as untrusted, implement strict tool-use policies (do not perform broad reads or POSTs to external URLs based on fetched content), redact secrets from outputs, and add prompt-injection defenses and human approval for exfiltration or external-posting actions.

ailever

0.2.457

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles