
Product
Introducing Data Exports
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
hive-os-settings
2.33.0
Removed from pypi
Blocked by Socket
This code is a highly reliable malware-loader pattern: it spawns PowerShell to download arbitrary content from a hard-coded URL and immediately executes it using `iex`, with no integrity or safety checks. Based on the deterministic network-to-execution flow, it is extremely likely malicious.
Live on pypi for 2 days, 13 hours and 30 minutes before removal. Socket users were protected even while the package was live.
ac-event-emitter
5.1.999
Removed from npm
Blocked by Socket
The code is highly suspicious and exhibits several characteristics of malware. It is obfuscated, collects sensitive system information, and sends this information to a remote server using a covert method. The risk, malware, and obfuscation scores should all be high due to the serious nature of these activities.
Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.
mume-with-litvis
0.16.0
by kachkaev
Live on npm
Blocked by Socket
The branch of the codebase presents non-trivial security risks due to dynamic code execution pathways (allowUnsafeEval, allowUnsafeNewFunction, Function wrapper) and a dependency-loading mechanism (loadDependency) that can execute modules from disk based on untrusted inputs. These patterns create strong potential for supply-chain or runtime code injection if inputs/dependencies are tampered. While the rest of the utilities are common for an extension system, the unsafe pathways should be removed or tightly restricted, with explicit whitelisting, sandboxing, and input provenance checks. Recommended actions include eliminating or locking down unsafe evaluators, validating dependencyPath against allowed sets, isolating dependency execution, and minimizing writes to the user’s home directory without strict validation.
nyc-config
8.7.0
by jpdtestjpd
Removed from npm
Blocked by Socket
The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.
Live on npm for 1 day, 6 hours and 10 minutes before removal. Socket users were protected even while the package was live.
experience-template-renderer-react
3.806.0
by hexp-tmpl
Removed from npm
Blocked by Socket
This code exhibits highly suspicious and malicious behavior. It collects sensitive environment data and exfiltrates it to a hardcoded, obfuscated domain using intentionally obscured data. The author has gone to great lengths to hide their intent through string manipulation, complex filters, and anti-analysis checks. This code serves no legitimate purpose and poses a severe security risk by stealing potentially sensitive data from the environment. It has all the hallmarks of malware designed for data theft from compromised npm packages or developer machines. Under no circumstances should this code be run, used or included in any project.
Live on npm for 2 hours and 31 minutes before removal. Socket users were protected even while the package was live.
agent-messenger
2.3.0
by devxoul
Live on npm
Blocked by Socket
This code fragment is strongly indicative of malicious credential/token theft. It enumerates local browser/Slack storage, copies and queries cookie databases, decrypts protected Slack cookies (xoxd-) using OS key mechanisms (macOS Keychain, Windows DPAPI via PowerShell, Linux keyring/derived keys), scans LevelDB/IndexedDB/blob data for Slack access tokens (xoxc-), reconstructs/parses them, and returns deduplicated tokens and cookies for downstream unauthorized authentication/session compromise. Treat the package as dangerous; investigate for additional exfiltration and execution logic outside this module.
rkjp
1.0
Removed from pypi
Blocked by Socket
This module is an obfuscated dynamic loader/launcher. It decodes strings from large numeric/byte blobs, performs dynamic __import__ and globals().update to populate names, and then calls a nested chain of dynamically-resolved callables built from the decoded payload. Because the actual imported modules and functions are computed at runtime from obfuscated data, the file can execute arbitrary code and therefore poses a high supply-chain risk. Recommend treating this package as suspicious: do not run it in production, perform dynamic analysis in a safe sandbox to decode the imports/payload, and if this appears unexpectedly in a dependency, consider revoking the dependency and auditing the source repository.
Live on pypi for 1 day, 5 hours and 55 minutes before removal. Socket users were protected even while the package was live.
talk.chat
0.1.0
by miraclx
Live on npm
Blocked by Socket
Significant security risk due to a hardcoded backdoor admin path and an always-present @root admin connected to process.stdout. This undermines supply-chain security and remote control integrity. Recommendation: remove hardcoded credentials, replace sudo with proper authentication/authorization mechanisms, eliminate non-network admin handlers, implement robust input validation, and adopt least-privilege admin models with audit trails.
yrodevgit/codetazer
9.0
Live on composer
Blocked by Socket
The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.
sbcli-dev
4.0.50
Live on pypi
Blocked by Socket
This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.
saoudrizwan.cline-nightly
3.28.1757765394
Live on openvsx
Blocked by Socket
The analyzed bundle presents a mixed risk profile: legitimate utilities for cross-platform browser launching and telemetry, but with strong data-access capabilities (clipboard, registry probing) and host-command execution paths (EncodedCommand, spawn/execFile). This combination can enable covert data exfiltration or unintended system actions if data sources are untrusted or misused. Recommend a thorough security audit by extension maintainers, including: explicit user consent prompts for clipboard usage, clear disclosure of data sent over the network and its destinations, restriction or hardening of encoded PowerShell commands, sanitization of inputs feeding into browser-launch paths, and a review of third-party library integrations for unnecessary privilege elevation or data collection. Overall risk: elevated (moderate to high) until a full audit confirms safe usage patterns.
ckanext-toolbelt
0.4.20
Live on pypi
Blocked by Socket
The code primarily serves to provide alert functionality using the SweetAlert2 library. However, it includes potentially risky behavior, such as the use of new Function(), and dynamically playing a remote audio file based on locale and domain conditions. This requires further scrutiny for any context-specific vulnerabilities.
bluelamp-ai
0.45.3
Removed from pypi
Blocked by Socket
This module intentionally conceals a Python payload and executes it at import/runtime. That pattern is high risk: it provides arbitrary code execution and circumvents static inspection. Without decoding the embedded payload, one cannot determine if it is malicious; however, the concealment and exec() usage are characteristic of supply-chain backdoors or other malicious implants. Treat this package as untrusted until the embedded payload is decoded and audited in a safe environment. Do not run this code in production or on systems with sensitive data.
Live on pypi for 1 day, 14 hours and 51 minutes before removal. Socket users were protected even while the package was live.
fca-cyber-rajib
31.42.1
by islamickcyberchat
Live on npm
Blocked by Socket
The module implements Facebook Messenger realtime MQTT handling and mostly contains plausible, legitimate logic. However, it includes a large intentionally obfuscated payload that is decoded and executed with eval() during message processing. That is a strong supply-chain/malware indicator: runtime-evaluated concealed code, dynamic require and dynamic global mutation. Even if the visible surrounding logic is benign, the eval block could perform data exfiltration, load additional modules, or alter behavior unpredictably. I recommend treating this package as high risk until the obfuscated evaled code is decoded and reviewed; do not use in sensitive environments.
@twork-data-services/sme-customer-employee-company
4.99.0
by nikallass
Live on npm
Blocked by Socket
This package runs a local script (index.js) silently during npm install. Because the script runs with the installer's privileges and its output is suppressed, it is a high-risk behavior — inspect the contents of index.js before installing, avoid installing into sensitive environments, or run installation in an isolated/sandboxed environment.
mtxai
0.0.145
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
carlosferreyra
1.2.11
by GitHub Actions
Live on npm
Blocked by Socket
This module is a high-risk bootstrapper that conditionally auto-installs a binary by downloading OS-specific installer scripts from a hardcoded GitHub Releases URL and executing them immediately (PowerShell 'iwr|iex' with ExecutionPolicy Bypass on Windows; 'curl ... | sh' on non-Windows) with no integrity/signature verification. After installation, it executes the resulting binary with user-supplied arguments. The primary supply-chain risk is arbitrary remote code execution if the hosted installer content is altered or compromised.
sbcli-mig
1.0.289
Live on pypi
Blocked by Socket
This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).
tfjs-layers
1.5.0
by jpdtestjpd
Removed from npm
Blocked by Socket
This package runs a local script during install. That behavior enables untrusted code execution and is a high security risk unless you can inspect and verify index.js. The presence of network libraries increases the likelihood that the script could perform remote communications or exfiltrate data. Review the contents of index.js before installing or run the installation in an isolated environment.
Live on npm for 5 hours and 21 minutes before removal. Socket users were protected even while the package was live.
@bmg-web/bmg-collapse
999.999.99
by linustorvalds95
Live on npm
Blocked by Socket
High-risk pattern: the installer executes arbitrary JS produced at install time. This is a vector for remote code execution, data exfiltration, telemetry, reverse shells, and system modification. Do not install without inspecting the contents of asd.js and any runtime network activity it performs. If you cannot review asd.js and its behavior, treat this package as malicious/untrusted.
@liquid-web/app-services
1.2.9213
by marucube35
Live on npm
Blocked by Socket
The script harvests extensive host and user data—including full environment variables, contents of ~/.env and ~/.bashrc, /etc/passwd (or Windows SAM), hosts file, shell command histories and outputs from whoami, ls/dir, ps/tasklist, ipconfig/ip a, sudo -l and more—and enriches it with public IP and geo/ASN data fetched from https://ipapi[.]co/json/. All collected data (system_info, user_info, process_info, network_info) is serialized into JSON and exfiltrated via HTTPS POST to a hardcoded endpoint https://d2jir5pdoh0514pqop007fmz11pp19m4a[.]insomnia1102[.]online. This behavior constitutes unauthorized data collection and remote exfiltration, representing a high‐severity supply-chain malware risk.
gitbook-start-plugin-iaas-ull-es-ericlucastania
1.0.24
by tania77
Live on npm
Blocked by Socket
The code actively performs SSH key generation, key distribution to a remote host, and remote command execution, leveraging credentials from package.json. While not inherently malicious in all contexts, the pattern is high-risk for supply-chain or runtime compromise, as it can establish persistent remote access (backdoor) and execute arbitrary commands on a target IAAS host. There is no input validation or safeguards visible, and an unused import suggests possible incomplete or obfuscated intent. Overall, this represents a significant security risk if the package is installed in an environment without strict trust and control.
isite
2025.1.10
by absunstar
Live on npm
Blocked by Socket
This code implements a persistent remote code execution backdoor. It sends local system configuration data to an obfuscated remote server and then evaluates and executes any JavaScript code returned by that server. The backdoor runs every hour, maintaining persistent access. The code uses obfuscation techniques including encoded strings and suspicious headers ('User-Agent': 'eval') to hide the actual server destination. This pattern represents a severe security risk as it allows complete remote control of the affected system, potential data exfiltration, and execution of arbitrary malicious commands.
hive-os-settings
2.33.0
Removed from pypi
Blocked by Socket
This code is a highly reliable malware-loader pattern: it spawns PowerShell to download arbitrary content from a hard-coded URL and immediately executes it using `iex`, with no integrity or safety checks. Based on the deterministic network-to-execution flow, it is extremely likely malicious.
Live on pypi for 2 days, 13 hours and 30 minutes before removal. Socket users were protected even while the package was live.
ac-event-emitter
5.1.999
Removed from npm
Blocked by Socket
The code is highly suspicious and exhibits several characteristics of malware. It is obfuscated, collects sensitive system information, and sends this information to a remote server using a covert method. The risk, malware, and obfuscation scores should all be high due to the serious nature of these activities.
Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.
mume-with-litvis
0.16.0
by kachkaev
Live on npm
Blocked by Socket
The branch of the codebase presents non-trivial security risks due to dynamic code execution pathways (allowUnsafeEval, allowUnsafeNewFunction, Function wrapper) and a dependency-loading mechanism (loadDependency) that can execute modules from disk based on untrusted inputs. These patterns create strong potential for supply-chain or runtime code injection if inputs/dependencies are tampered. While the rest of the utilities are common for an extension system, the unsafe pathways should be removed or tightly restricted, with explicit whitelisting, sandboxing, and input provenance checks. Recommended actions include eliminating or locking down unsafe evaluators, validating dependencyPath against allowed sets, isolating dependency execution, and minimizing writes to the user’s home directory without strict validation.
nyc-config
8.7.0
by jpdtestjpd
Removed from npm
Blocked by Socket
The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.
Live on npm for 1 day, 6 hours and 10 minutes before removal. Socket users were protected even while the package was live.
experience-template-renderer-react
3.806.0
by hexp-tmpl
Removed from npm
Blocked by Socket
This code exhibits highly suspicious and malicious behavior. It collects sensitive environment data and exfiltrates it to a hardcoded, obfuscated domain using intentionally obscured data. The author has gone to great lengths to hide their intent through string manipulation, complex filters, and anti-analysis checks. This code serves no legitimate purpose and poses a severe security risk by stealing potentially sensitive data from the environment. It has all the hallmarks of malware designed for data theft from compromised npm packages or developer machines. Under no circumstances should this code be run, used or included in any project.
Live on npm for 2 hours and 31 minutes before removal. Socket users were protected even while the package was live.
agent-messenger
2.3.0
by devxoul
Live on npm
Blocked by Socket
This code fragment is strongly indicative of malicious credential/token theft. It enumerates local browser/Slack storage, copies and queries cookie databases, decrypts protected Slack cookies (xoxd-) using OS key mechanisms (macOS Keychain, Windows DPAPI via PowerShell, Linux keyring/derived keys), scans LevelDB/IndexedDB/blob data for Slack access tokens (xoxc-), reconstructs/parses them, and returns deduplicated tokens and cookies for downstream unauthorized authentication/session compromise. Treat the package as dangerous; investigate for additional exfiltration and execution logic outside this module.
rkjp
1.0
Removed from pypi
Blocked by Socket
This module is an obfuscated dynamic loader/launcher. It decodes strings from large numeric/byte blobs, performs dynamic __import__ and globals().update to populate names, and then calls a nested chain of dynamically-resolved callables built from the decoded payload. Because the actual imported modules and functions are computed at runtime from obfuscated data, the file can execute arbitrary code and therefore poses a high supply-chain risk. Recommend treating this package as suspicious: do not run it in production, perform dynamic analysis in a safe sandbox to decode the imports/payload, and if this appears unexpectedly in a dependency, consider revoking the dependency and auditing the source repository.
Live on pypi for 1 day, 5 hours and 55 minutes before removal. Socket users were protected even while the package was live.
talk.chat
0.1.0
by miraclx
Live on npm
Blocked by Socket
Significant security risk due to a hardcoded backdoor admin path and an always-present @root admin connected to process.stdout. This undermines supply-chain security and remote control integrity. Recommendation: remove hardcoded credentials, replace sudo with proper authentication/authorization mechanisms, eliminate non-network admin handlers, implement robust input validation, and adopt least-privilege admin models with audit trails.
yrodevgit/codetazer
9.0
Live on composer
Blocked by Socket
The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.
sbcli-dev
4.0.50
Live on pypi
Blocked by Socket
This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.
saoudrizwan.cline-nightly
3.28.1757765394
Live on openvsx
Blocked by Socket
The analyzed bundle presents a mixed risk profile: legitimate utilities for cross-platform browser launching and telemetry, but with strong data-access capabilities (clipboard, registry probing) and host-command execution paths (EncodedCommand, spawn/execFile). This combination can enable covert data exfiltration or unintended system actions if data sources are untrusted or misused. Recommend a thorough security audit by extension maintainers, including: explicit user consent prompts for clipboard usage, clear disclosure of data sent over the network and its destinations, restriction or hardening of encoded PowerShell commands, sanitization of inputs feeding into browser-launch paths, and a review of third-party library integrations for unnecessary privilege elevation or data collection. Overall risk: elevated (moderate to high) until a full audit confirms safe usage patterns.
ckanext-toolbelt
0.4.20
Live on pypi
Blocked by Socket
The code primarily serves to provide alert functionality using the SweetAlert2 library. However, it includes potentially risky behavior, such as the use of new Function(), and dynamically playing a remote audio file based on locale and domain conditions. This requires further scrutiny for any context-specific vulnerabilities.
bluelamp-ai
0.45.3
Removed from pypi
Blocked by Socket
This module intentionally conceals a Python payload and executes it at import/runtime. That pattern is high risk: it provides arbitrary code execution and circumvents static inspection. Without decoding the embedded payload, one cannot determine if it is malicious; however, the concealment and exec() usage are characteristic of supply-chain backdoors or other malicious implants. Treat this package as untrusted until the embedded payload is decoded and audited in a safe environment. Do not run this code in production or on systems with sensitive data.
Live on pypi for 1 day, 14 hours and 51 minutes before removal. Socket users were protected even while the package was live.
fca-cyber-rajib
31.42.1
by islamickcyberchat
Live on npm
Blocked by Socket
The module implements Facebook Messenger realtime MQTT handling and mostly contains plausible, legitimate logic. However, it includes a large intentionally obfuscated payload that is decoded and executed with eval() during message processing. That is a strong supply-chain/malware indicator: runtime-evaluated concealed code, dynamic require and dynamic global mutation. Even if the visible surrounding logic is benign, the eval block could perform data exfiltration, load additional modules, or alter behavior unpredictably. I recommend treating this package as high risk until the obfuscated evaled code is decoded and reviewed; do not use in sensitive environments.
@twork-data-services/sme-customer-employee-company
4.99.0
by nikallass
Live on npm
Blocked by Socket
This package runs a local script (index.js) silently during npm install. Because the script runs with the installer's privileges and its output is suppressed, it is a high-risk behavior — inspect the contents of index.js before installing, avoid installing into sensitive environments, or run installation in an isolated/sandboxed environment.
mtxai
0.0.145
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
carlosferreyra
1.2.11
by GitHub Actions
Live on npm
Blocked by Socket
This module is a high-risk bootstrapper that conditionally auto-installs a binary by downloading OS-specific installer scripts from a hardcoded GitHub Releases URL and executing them immediately (PowerShell 'iwr|iex' with ExecutionPolicy Bypass on Windows; 'curl ... | sh' on non-Windows) with no integrity/signature verification. After installation, it executes the resulting binary with user-supplied arguments. The primary supply-chain risk is arbitrary remote code execution if the hosted installer content is altered or compromised.
sbcli-mig
1.0.289
Live on pypi
Blocked by Socket
This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).
tfjs-layers
1.5.0
by jpdtestjpd
Removed from npm
Blocked by Socket
This package runs a local script during install. That behavior enables untrusted code execution and is a high security risk unless you can inspect and verify index.js. The presence of network libraries increases the likelihood that the script could perform remote communications or exfiltrate data. Review the contents of index.js before installing or run the installation in an isolated environment.
Live on npm for 5 hours and 21 minutes before removal. Socket users were protected even while the package was live.
@bmg-web/bmg-collapse
999.999.99
by linustorvalds95
Live on npm
Blocked by Socket
High-risk pattern: the installer executes arbitrary JS produced at install time. This is a vector for remote code execution, data exfiltration, telemetry, reverse shells, and system modification. Do not install without inspecting the contents of asd.js and any runtime network activity it performs. If you cannot review asd.js and its behavior, treat this package as malicious/untrusted.
@liquid-web/app-services
1.2.9213
by marucube35
Live on npm
Blocked by Socket
The script harvests extensive host and user data—including full environment variables, contents of ~/.env and ~/.bashrc, /etc/passwd (or Windows SAM), hosts file, shell command histories and outputs from whoami, ls/dir, ps/tasklist, ipconfig/ip a, sudo -l and more—and enriches it with public IP and geo/ASN data fetched from https://ipapi[.]co/json/. All collected data (system_info, user_info, process_info, network_info) is serialized into JSON and exfiltrated via HTTPS POST to a hardcoded endpoint https://d2jir5pdoh0514pqop007fmz11pp19m4a[.]insomnia1102[.]online. This behavior constitutes unauthorized data collection and remote exfiltration, representing a high‐severity supply-chain malware risk.
gitbook-start-plugin-iaas-ull-es-ericlucastania
1.0.24
by tania77
Live on npm
Blocked by Socket
The code actively performs SSH key generation, key distribution to a remote host, and remote command execution, leveraging credentials from package.json. While not inherently malicious in all contexts, the pattern is high-risk for supply-chain or runtime compromise, as it can establish persistent remote access (backdoor) and execute arbitrary commands on a target IAAS host. There is no input validation or safeguards visible, and an unused import suggests possible incomplete or obfuscated intent. Overall, this represents a significant security risk if the package is installed in an environment without strict trust and control.
isite
2025.1.10
by absunstar
Live on npm
Blocked by Socket
This code implements a persistent remote code execution backdoor. It sends local system configuration data to an obfuscated remote server and then evaluates and executes any JavaScript code returned by that server. The backdoor runs every hour, maintaining persistent access. The code uses obfuscation techniques including encoded strings and suspicious headers ('User-Agent': 'eval') to hide the actual server destination. This pattern represents a severe security risk as it allows complete remote control of the affected system, potential data exfiltration, and execution of arbitrary malicious commands.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.