Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

io.github.reajason:packer

2.4.0

Live on maven

Blocked by Socket

This script implements an unguarded dynamic JVM bytecode loader and executor. If attacker-controlled base64Str or className are possible, this is an immediate and critical remote code execution backdoor. Even if inputs are intended to be trusted, the technique is dangerous and should only be used with strong validation (cryptographic signatures, strict origin checks) and within a hardened sandbox/limited-permission ClassLoader. Treat occurrences of this code pattern as high-risk and review calling context and template injection controls before use.

pretty-fancy

1.0.4

by npm_kei

Live on npm

Blocked by Socket

This module is strongly indicative of an info-stealer/data-exfiltration component. It performs bulk local file discovery and reading from user directories, stages outputs with directory creation and permission changes, fingerprints the host (OS/IP/username), and exfiltrates the collected file contents to a remote server via fetch() JSON API calls. The presence of server-side gating (alreadySent) and heavy obfuscation further increases the likelihood of malicious intent.

ailever

0.3.52

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

miracatch.activedirectory

1.0.88

by ActiveDirectory, Miracatch

Live on nuget

Blocked by Socket

The code fragment encapsulates a high-privilege AD management tool that can create and delete GPOs, deploy binaries and policy templates to SYSVOL, modify critical registry settings, and install services across domain controllers. While administrative tooling can be legitimate, the combination of domain-wide distribution, persistence mechanisms, and broad policy modifications presents substantial risk for misuse (supply-chain abuse or insider action). The component should be treated as high-risk; require strict provenance, code reviews, restricted execution environments, and robust runtime integrity checks. Hardening recommendations include restricting SYSVOL deployment, auditing LDAP operations, validating all streamed content, and limiting the scope and privileges of any deployed services or scheduled tasks.

richardtmiles/carbonphp

12.1.2

Live on composer

Blocked by Socket

Report 3 correctly identifies a high-risk backdoor-like pattern (selfHidingFile) that can leak or serve arbitrary local files upon license validation, compounded by extensive remote content handling and shell command usage. This creates strong supply-chain and runtime security concerns. The prudent stance is to treat the code as potentially malicious, isolate or remove the backdoor construct, require rigorous input validation, and refactor to a safe, auditable migration workflow without privileged file-serving mechanisms.

ailever

0.3.165

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

thispackagedoesnotexist

0.4.5

Live on pypi

Blocked by Socket

This module is a thin controller that executes a packaged Windows binary (files/proxy/reverse.exe) to connect to a remote host:port and reports connection status. The pattern and naming strongly suggest reverse-shell or tunneling/backdoor behavior. The Python code amplifies supply-chain risk (executes local binary), uses unsafe subprocess usage (shell=True, unsanitized inputs), and leaks status/errors to a client. Treat as high risk: validate binary provenance and avoid executing it until analyzed in a safe environment.

github.com/gravitl/netmaker

v0.5.12-0.20210811042540-5e1876dc49a8

Live on go

Blocked by Socket

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

mtmai

0.3.1313

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

luksdk-web

1.1.10

by luksdk

Live on npm

Blocked by Socket

The fragment embodies a high-risk runtime interceptor pattern, patching DOM and network APIs, and injecting a customized script to hijack asset loading inside iframes. While potentially intended for legitimate instrumentation, the breadth and depth of runtime monkey-patching—especially in combination with tampering of a game framework’s loader—constitute a severe security and supply-chain risk. It warrants removal or strict scoping to trusted contexts, thorough provenance verification, and a formal threat assessment before any deployment in public-facing packages.

jupyterlab_apod_testg_9

0.1.0

by gafnit

Live on npm

Blocked by Socket

The source code is malicious and designed to steal AWS IAM credentials by exploiting the JupyterLab terminal API and the AWS instance metadata service. It logs sensitive cookies, bypasses CSRF protections, and executes unauthorized commands to exfiltrate credentials. This is a critical security risk and a clear supply chain attack. The code should be considered malware and the package must be blocked or removed immediately.

hyatt-avatar

999.999.999

by pkgpusher6

Live on npm

Blocked by Socket

This module performs unauthorized data exfiltration to an external endpoint (webhook[.]site/hyatt). On module load, it automatically collects and transmits sensitive system information including hostname, platform details, user information (username, uid, gid, shell, homedir), and environment variables. It specifically harvests environment variable names containing 'hyatt' and captures values for NODE_ENV, KUBERNETES_SERVICE_HOST, AWS_REGION, and npm_config_registry, which may expose deployment configurations and secrets. The data is sent via HTTPS POST to a hardcoded webhook[.]site endpoint without user consent, error handling, or opt-out mechanism. The module also imports child_process.execSync but doesn't use it, suggesting potential for additional malicious capabilities. This behavior constitutes a supply chain attack that could compromise sensitive information in any environment where the module is loaded.

keyloggerscreenshot

0.3.1

Live on pypi

Blocked by Socket

The analyzed fragment represents a clearly malicious toolchain designed for covert data collection (keylogging, screen capture) and remote control via dynamically generated Python payloads. The combination of runtime file creation, network-oriented servers, phishing integration, and weak input validation constitutes a high-risk supply-chain/backdoor scenario if distributed or executed in environments without strict controls.

saker

1.0.2

Live on pypi

Blocked by Socket

This file is an exploit utility that fingerprints and attempts to exploit Apache Struts2 CVE-2018-11776 to achieve remote command execution. It consumes user-supplied URLs and commands and issues HTTP requests containing crafted OGNL payloads. In the provided snippet the exploit() payload construction is broken, preventing successful exploitation without fixing that line. The code should be treated as high risk and only used in authorized security testing. There is no evidence of hidden backdoors or exfiltration to third parties within this file, but the ability to run arbitrary commands on remote hosts constitutes a significant danger if misused.

xazerb

1.6.5

by ryezx

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

azure-graphrbac

1.29.1000

Removed from npm

Blocked by Socket

The code is designed to exfiltrate system and project data to external servers without user consent, indicating malicious intent. This poses a significant security risk.

Live on npm for 1 hour and 8 minutes before removal. Socket users were protected even while the package was live.

shein-icon

0.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

pybotnet

0.18.9

Live on pypi

Blocked by Socket

This module contains clear backdoor/botnet-like capabilities: targeted command dispatch (via host MAC token), remote arbitrary shell execution, system information gathering, and references to file transfer and screenshot features enabling exfiltration. Code quality issues exist (incorrect exception handling and malformed help output), but these do not reduce the severity of the functionality. Treat this package as malicious: do not run on production systems, isolate and analyze the rest of the repository in a controlled environment to identify C2 endpoints and exfiltration behavior.

somepackage-marksl

2.0.3

by marksl0455

Removed from npm

Blocked by Socket

The script is likely collecting runtime data (call stack, headers) that can be sensitive and sending it to a potentially malicious server. This indicates a high possibility of being part of a data exfiltration mechanism or remote logging for malicious purposes.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

upgenius

0.1.16

Live on pypi

Blocked by Socket

The code is primarily designed for managing a proxy pool and making HTTP/HTTPS requests using proxies. However, the use of 'eval' or 'exec' poses a significant security risk, potentially allowing for arbitrary code execution. This presents a high security risk and should be addressed immediately.

hackingtools

2.7.3

Live on pypi

Blocked by Socket

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

tokenize-transformer

0.2.14

Removed from pypi

Blocked by Socket

This code is not explicitly a remote-access/backdoor malware sample, but it contains high-risk issues: a hardcoded API key sent in Authorization headers, unfiltered exfiltration of user-provided text to an external LLM endpoint, and deliberate suppression of stdout/stderr and warnings which hide runtime behavior. Fixes: remove embedded credentials and load API keys from secure config or environment; do not send sensitive input to third parties or add redaction/consent; restore logging and avoid redirecting stdout/stderr; fix exception handling ('return Non' -> return None or re-raise); add input validation and rate/size limits. Treat this package as risky for production until remediated.

Live on pypi for 11 minutes before removal. Socket users were protected even while the package was live.

github.com/gravitl/netmaker

v0.7.2-0.20210819230023-72e7f6bfde40

Live on go

Blocked by Socket

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

io.github.reajason:packer

2.4.0

Live on maven

Blocked by Socket

This script implements an unguarded dynamic JVM bytecode loader and executor. If attacker-controlled base64Str or className are possible, this is an immediate and critical remote code execution backdoor. Even if inputs are intended to be trusted, the technique is dangerous and should only be used with strong validation (cryptographic signatures, strict origin checks) and within a hardened sandbox/limited-permission ClassLoader. Treat occurrences of this code pattern as high-risk and review calling context and template injection controls before use.

pretty-fancy

1.0.4

by npm_kei

Live on npm

Blocked by Socket

This module is strongly indicative of an info-stealer/data-exfiltration component. It performs bulk local file discovery and reading from user directories, stages outputs with directory creation and permission changes, fingerprints the host (OS/IP/username), and exfiltrates the collected file contents to a remote server via fetch() JSON API calls. The presence of server-side gating (alreadySent) and heavy obfuscation further increases the likelihood of malicious intent.

ailever

0.3.52

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

miracatch.activedirectory

1.0.88

by ActiveDirectory, Miracatch

Live on nuget

Blocked by Socket

The code fragment encapsulates a high-privilege AD management tool that can create and delete GPOs, deploy binaries and policy templates to SYSVOL, modify critical registry settings, and install services across domain controllers. While administrative tooling can be legitimate, the combination of domain-wide distribution, persistence mechanisms, and broad policy modifications presents substantial risk for misuse (supply-chain abuse or insider action). The component should be treated as high-risk; require strict provenance, code reviews, restricted execution environments, and robust runtime integrity checks. Hardening recommendations include restricting SYSVOL deployment, auditing LDAP operations, validating all streamed content, and limiting the scope and privileges of any deployed services or scheduled tasks.

richardtmiles/carbonphp

12.1.2

Live on composer

Blocked by Socket

Report 3 correctly identifies a high-risk backdoor-like pattern (selfHidingFile) that can leak or serve arbitrary local files upon license validation, compounded by extensive remote content handling and shell command usage. This creates strong supply-chain and runtime security concerns. The prudent stance is to treat the code as potentially malicious, isolate or remove the backdoor construct, require rigorous input validation, and refactor to a safe, auditable migration workflow without privileged file-serving mechanisms.

ailever

0.3.165

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

thispackagedoesnotexist

0.4.5

Live on pypi

Blocked by Socket

This module is a thin controller that executes a packaged Windows binary (files/proxy/reverse.exe) to connect to a remote host:port and reports connection status. The pattern and naming strongly suggest reverse-shell or tunneling/backdoor behavior. The Python code amplifies supply-chain risk (executes local binary), uses unsafe subprocess usage (shell=True, unsanitized inputs), and leaks status/errors to a client. Treat as high risk: validate binary provenance and avoid executing it until analyzed in a safe environment.

github.com/gravitl/netmaker

v0.5.12-0.20210811042540-5e1876dc49a8

Live on go

Blocked by Socket

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

mtmai

0.3.1313

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

luksdk-web

1.1.10

by luksdk

Live on npm

Blocked by Socket

The fragment embodies a high-risk runtime interceptor pattern, patching DOM and network APIs, and injecting a customized script to hijack asset loading inside iframes. While potentially intended for legitimate instrumentation, the breadth and depth of runtime monkey-patching—especially in combination with tampering of a game framework’s loader—constitute a severe security and supply-chain risk. It warrants removal or strict scoping to trusted contexts, thorough provenance verification, and a formal threat assessment before any deployment in public-facing packages.

jupyterlab_apod_testg_9

0.1.0

by gafnit

Live on npm

Blocked by Socket

The source code is malicious and designed to steal AWS IAM credentials by exploiting the JupyterLab terminal API and the AWS instance metadata service. It logs sensitive cookies, bypasses CSRF protections, and executes unauthorized commands to exfiltrate credentials. This is a critical security risk and a clear supply chain attack. The code should be considered malware and the package must be blocked or removed immediately.

hyatt-avatar

999.999.999

by pkgpusher6

Live on npm

Blocked by Socket

This module performs unauthorized data exfiltration to an external endpoint (webhook[.]site/hyatt). On module load, it automatically collects and transmits sensitive system information including hostname, platform details, user information (username, uid, gid, shell, homedir), and environment variables. It specifically harvests environment variable names containing 'hyatt' and captures values for NODE_ENV, KUBERNETES_SERVICE_HOST, AWS_REGION, and npm_config_registry, which may expose deployment configurations and secrets. The data is sent via HTTPS POST to a hardcoded webhook[.]site endpoint without user consent, error handling, or opt-out mechanism. The module also imports child_process.execSync but doesn't use it, suggesting potential for additional malicious capabilities. This behavior constitutes a supply chain attack that could compromise sensitive information in any environment where the module is loaded.

keyloggerscreenshot

0.3.1

Live on pypi

Blocked by Socket

The analyzed fragment represents a clearly malicious toolchain designed for covert data collection (keylogging, screen capture) and remote control via dynamically generated Python payloads. The combination of runtime file creation, network-oriented servers, phishing integration, and weak input validation constitutes a high-risk supply-chain/backdoor scenario if distributed or executed in environments without strict controls.

saker

1.0.2

Live on pypi

Blocked by Socket

This file is an exploit utility that fingerprints and attempts to exploit Apache Struts2 CVE-2018-11776 to achieve remote command execution. It consumes user-supplied URLs and commands and issues HTTP requests containing crafted OGNL payloads. In the provided snippet the exploit() payload construction is broken, preventing successful exploitation without fixing that line. The code should be treated as high risk and only used in authorized security testing. There is no evidence of hidden backdoors or exfiltration to third parties within this file, but the ability to run arbitrary commands on remote hosts constitutes a significant danger if misused.

xazerb

1.6.5

by ryezx

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

azure-graphrbac

1.29.1000

Removed from npm

Blocked by Socket

The code is designed to exfiltrate system and project data to external servers without user consent, indicating malicious intent. This poses a significant security risk.

Live on npm for 1 hour and 8 minutes before removal. Socket users were protected even while the package was live.

shein-icon

0.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

pybotnet

0.18.9

Live on pypi

Blocked by Socket

This module contains clear backdoor/botnet-like capabilities: targeted command dispatch (via host MAC token), remote arbitrary shell execution, system information gathering, and references to file transfer and screenshot features enabling exfiltration. Code quality issues exist (incorrect exception handling and malformed help output), but these do not reduce the severity of the functionality. Treat this package as malicious: do not run on production systems, isolate and analyze the rest of the repository in a controlled environment to identify C2 endpoints and exfiltration behavior.

somepackage-marksl

2.0.3

by marksl0455

Removed from npm

Blocked by Socket

The script is likely collecting runtime data (call stack, headers) that can be sensitive and sending it to a potentially malicious server. This indicates a high possibility of being part of a data exfiltration mechanism or remote logging for malicious purposes.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

upgenius

0.1.16

Live on pypi

Blocked by Socket

The code is primarily designed for managing a proxy pool and making HTTP/HTTPS requests using proxies. However, the use of 'eval' or 'exec' poses a significant security risk, potentially allowing for arbitrary code execution. This presents a high security risk and should be addressed immediately.

hackingtools

2.7.3

Live on pypi

Blocked by Socket

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

tokenize-transformer

0.2.14

Removed from pypi

Blocked by Socket

This code is not explicitly a remote-access/backdoor malware sample, but it contains high-risk issues: a hardcoded API key sent in Authorization headers, unfiltered exfiltration of user-provided text to an external LLM endpoint, and deliberate suppression of stdout/stderr and warnings which hide runtime behavior. Fixes: remove embedded credentials and load API keys from secure config or environment; do not send sensitive input to third parties or add redaction/consent; restore logging and avoid redirecting stdout/stderr; fix exception handling ('return Non' -> return None or re-raise); add input validation and rate/size limits. Treat this package as risky for production until remediated.

Live on pypi for 11 minutes before removal. Socket users were protected even while the package was live.

github.com/gravitl/netmaker

v0.7.2-0.20210819230023-72e7f6bfde40

Live on go

Blocked by Socket

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles