
Company News
Socket Has Acquired Secure Annex
Socket has acquired Secure Annex to expand extension security across browsers, IDEs, and AI tools.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
9router
0.4.8
by decolua
Live on npm
Blocked by Socket
High-risk behavior: the module contains explicit MITM auto-start and tunnel auto-reconnect/watchdog logic, including secret loading and repeated restarts based on network changes. The presence of startMitm(...), loadEncryptedPassword(...), and a hardcoded fallback key suggests an embedded proxy/MITM agent rather than standard application functionality. This should be treated as suspicious and requires in-depth review of the referenced modules (g.startMitm, g.loadEncryptedPassword, e.cb, f.ss) and configuration/permissions to determine whether it enables unauthorized interception or data access.
kcvlib
1.1.0
Live on pypi
Blocked by Socket
This module functions as a concealed encrypted-payload loader. It may install a crypto dependency from the network if Crypto.* is missing, decrypts an embedded AES-CBC ciphertext using a PBKDF2-derived key from hardcoded material, decodes the plaintext as UTF-8, and immediately executes it via exec() at import time. Without inspecting the decrypted payload, behavior cannot be proven malicious, but the design strongly matches backdoor/installer patterns and represents a serious supply-chain security risk.
@graphql-hive/laboratory
0.1.7-alpha-20260428091248-9ef3f7a90eee325688850f655dea2ec1eb761a96
by theguild-bot
Live on npm
Blocked by Socket
High-risk supply-chain/application-layer capability: the module executes an externally provided preflight “lab script” using the JavaScript Function constructor inside a Web Worker, allowing arbitrary logic to read/modify environment variables and request headers, then return that computed data to the main thread. This creates a strong path for secret exposure and request manipulation, and it combines with programmable GraphQL header/variable/extension injection and configurable HTTP/WS/SSE endpoints to potentially facilitate exfiltration or integrity compromise if script inputs or share-imported state are not strictly trusted.
wm-plugin-json-conditions
1.0.0
by adam-bug-bounty
Live on npm
Blocked by Socket
This code fragment is strongly consistent with malicious telemetry/exfiltration: it collects hostname and user information from the local environment and unconditionally sends them to a hardcoded external endpoint over HTTPS on module load. It contains no legitimate business logic, no consent/config gating, and no sanitization/redaction.
@misterhuydo/sentinel
1.6.14
by misterhuydo
Live on npm
Blocked by Socket
This fragment performs multiple host-altering actions: it patches on-disk JSON settings, adjusts npm prefix and user PATH by editing shell rc files, and attempts to create and enable a persistent systemd service running `${workspace}/startAll.sh` (with sudo). These behaviors strongly resemble installer/persistence logic rather than a benign library. Without seeing the rest of the module (especially what startAll.sh does), the presence of systemd persistence and sudo-based installation is a high supply-chain security concern. Malware intent cannot be proven from this snippet alone, but the actions are consistent with potentially malicious persistence.
kcvlib
1.0.1
Live on pypi
Blocked by Socket
This module is a classic decrypt-and-execute loader. It suppresses dependency installation noise, decrypts a large embedded payload using AES-CBC with a PBKDF2-derived key from hardcoded material, decodes the result to UTF-8, and immediately executes it via exec(). The combination of runtime pip installation, embedded ciphertext, and direct exec strongly indicates malicious supply-chain behavior rather than benign functionality. The decrypted payload content is not visible in this snippet, so full impact requires sandboxing, but the loader itself is highly dangerous.
pinokiod
7.2.8
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
@budibase/string-templates
3.37.0
by christos-budibase
Live on npm
Blocked by Socket
High-risk behavior is present: the module provides an arbitrary JavaScript execution engine (`processJS` -> `runJS`) and additionally evaluates user-provided snippet code via `eval(...)` through a Proxy (`snippets`). This strongly elevates the likelihood of supply-chain sabotage or malicious runtime behavior. The same bundle also includes a server-side file read helper (`fs.readFileSync`) in `code.embed`, which could enable local file disclosure if its arguments are attacker-influenced. Overall, the fragment is not merely a utility library; it contains explicit code-execution capabilities consistent with a backdoor/weaponizable feature.
xlabrouter
1.0.27
by xlabglobal
Live on npm
Blocked by Socket
This code performs targeted credential/token harvesting from Cursor IDE’s local SQLite state database (including accessToken and machineId) and exfiltrates the results by returning them in a network-facing Next.js GET JSON response. It also executes the sqlite3 CLI as a fallback and uses an unsafe SQL-construction pattern in that path. This is highly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality.
gvozdarin.kiro-deep-suite
1.2.1
by legionspiderstart
Live on openvsx
Blocked by Socket
Despite the file containing largely benign status-bar UI logic, it also bundles an obfuscated activation-time loader that performs environment/host discovery, initiates HTTPS network requests with response-driven branching, and can execute OS commands via execSync/spawnSync. This combination is strongly indicative of supply-chain malware/backdoor behavior and should be treated as high risk; additional dynamic analysis and verification of the distributed package are required before trusting it.
reflexio-ai
0.2.19
Live on pypi
Blocked by Socket
While the module’s intended role is benign SQLite CRUD/search with FTS/vector indexing, the provided code fragment is severely corrupted and the search_user_playbooks SQL construction is anomalously malformed—apparently embedding INSERT operations into unrelated tables and referencing undefined variables. This strongly suggests either malicious sabotage or severe packaging/transformation corruption that could enable unexpected persistent writes (data integrity attacks) and/or cause denial-of-service via SQL errors. No clear network/exfiltration/backdoor behavior is shown in this excerpt, but the integrity risk is high.
birdnode
1.9.5
by clawalpha
Live on npm
Blocked by Socket
This module is a purpose-built local credential/session extraction component. It copies Chrome/Firefox cookie databases, selects authentication-relevant cookies for “.x.com” (ct0 and auth_token), decrypts Chrome values (AES for standard Chrome encryption formats and Windows DPAPI via PowerShell execSync), and returns the plaintext cookies as “X.com credentials” to the caller. Such targeted DPAPI/AES decryption plus auth-cookie harvesting is strongly indicative of malicious supply-chain behavior (session hijacking/impersonation), even though network exfiltration is not shown in the provided fragment.
chlklib
1.0.9
by nero1005
Live on npm
Blocked by Socket
This code is a high-confidence malicious remote payload loader. It performs a network fetch to a hardcoded external endpoint, XOR-decodes the response with a hardcoded key, and executes the decoded content via eval() with no integrity checks—creating a direct remote-to-code execution path typical of supply-chain backdoors. Use of this dependency should be considered unsafe.
@4ier/neo
2.1.0
by 4ier
Live on npm
Blocked by Socket
This module is high-risk browser instrumentation: it globally intercepts user interactions and multiple network channels, serializes sensitive request/response/DOM content (including bodies and headers), and forwards records via window.postMessage using a wildcard origin ('*'). Even without explicit code-execution or system-damage behaviors, the capability and dataflow strongly align with tracking or potential data exfiltration. Treat the package as suspicious unless the intended destination/listener is strictly controlled and privacy-preserving guarantees are verifiable.
netshell
1.0.1
Live on pypi
Blocked by Socket
This module is highly indicative of malicious supply-chain or abuse tooling: it provides an interactive HTTP command-injection “shell” that embeds operator-supplied commands into a query-string payload, sends them to an arbitrary target, and parses/prints remote command output. While it does not execute commands locally, it is directly operational for remote exploitation and data extraction from vulnerable web apps, making it inappropriate as a dependency in benign software.
@pisell/materials
6.11.54
by zhiwei.wang
Live on npm
Blocked by Socket
Suspicious supply-chain risk. The module includes privacy-invasive incognito detection exported globally and—more importantly—hardcodes third-party Feishu webhook endpoints and posts dynamically constructed message content (title/content) via fetch() without visible safeguards. Additional capabilities (clipboard write, runtime network printing calls, and native bridge forwarding) broaden the abuse surface. Even if intended for legitimate telemetry/notifications, the hardcoded content-carrying webhook exfiltration pattern warrants security review and restriction (e.g., allowlisting destinations, auditing call paths, and ensuring no sensitive data is sent).
mintcat-code
1.8.5
by iriscat
Live on npm
Blocked by Socket
This fragment is mostly consistent with sharp’s native module loader and image-processing option validation, but it also includes a macOS-only clipboard image extraction capability implemented via AppleScript (`osascript`). It reads user clipboard PNG data, writes it to `/tmp`, reads it back into memory, deletes the file, and returns the clipboard image bytes to the caller—an inherently privacy-sensitive behavior that can enable clipboard harvesting. No network exfiltration is shown in the provided code, so maliciousness depends on how the returned data is used by the importing application, but the capability itself is a significant security concern.
lsh
99.1.0
Live on cargo
Blocked by Socket
This code is highly indicative of malicious telemetry/exfiltration. It collects local identity (username and hostname) and external network identity (public IP) and sends them to a third-party Telegram endpoint using hardcoded bot credentials. The “hit” style message and unconditional transmission strongly match covert reporting/backdoor behavior rather than legitimate application functionality.
@evomap/evolver
1.74.1
by autogame-17
Live on npm
Blocked by Socket
This module is a supply-chain risk because it implements obfuscated, credentialed HTTP egress of structured internal state and event records to a runtime-configured remote endpoint using an Authorization token from environment variables. While the fragment does not show classic malware behaviors (no shell/FS damage shown), the combination of heavy obfuscation, silent error swallowing, and broad telemetry/event reporting to an arbitrary authenticated destination makes it plausibly covert and should be reviewed for legitimacy, data minimization, and allowlisted destinations.
wm-plugin-create-iframe-capturing
1.0.1
by adam-bug-bounty
Live on npm
Blocked by Socket
This code fragment is strongly consistent with malicious telemetry/exfiltration: it collects hostname and user information from the local environment and unconditionally sends them to a hardcoded external endpoint over HTTPS on module load. It contains no legitimate business logic, no consent/config gating, and no sanitization/redaction.
@octra/web-media
2.0.1
by julianpoemp
Live on npm
Blocked by Socket
This module fragment includes a high-severity arbitrary code execution mechanism. It dynamically generates a Web Worker and then evaluates attacker-controlled serialized function code (eval on both the main thread for validation and inside the worker for actual execution) and invokes the resulting functions with attacker-controlled arguments. In any supply-chain scenario where job payloads can be influenced, this functions as a backdoor-like capability and should be treated as a critical security risk.
devils-horn
1.1.2
Live on pypi
Blocked by Socket
This module is a highly suspicious and effectively unsafe supply-chain loader: it hides functionality in an embedded, heavily layered encoded/compressed blob, deserializes it with `marshal.loads`, and immediately executes it using `exec` at import time. Even without inspecting the decoded payload, the marshal+exec pattern combined with extreme obfuscation is strongly indicative of malicious dropper/backdoor behavior.
chlklib
1.1.0
by nero1005
Live on npm
Blocked by Socket
This module is a high-risk remote payload loader/backdoor pattern: it downloads an XOR-encoded script from a hardcoded external endpoint, decodes it with a hardcoded key, and executes it using `eval()` without integrity checks. Treat the dependency as malicious/compromised and avoid use; review the rest of the package for additional post-eval capabilities (e.g., command execution).
@kmmao/happy-coder
0.75.20
by kmmao
Live on npm
Blocked by Socket
This module contains multiple high-severity supply-chain security red flags consistent with a remote-control/backdoor capability: it registers RPC handlers that execute arbitrary shell commands ('bash') and can spawn an interactive terminal running a specified shell, plus it provides remote file read/write primitives. It also supports remote log upload under an environment-variable toggle. The protection against abuse relies on regex heuristics rather than strong allowlisting/sandboxing, making it plausible that a malicious server (or compromised server) could leverage these primitives for host compromise and data theft.
scrybe-cli
0.27.1
by siaarzh
Live on npm
Blocked by Socket
This module’s primary behavior is installing and removing a macOS LaunchAgent by writing a plist to ~/Library/LaunchAgents and enabling/disabling it with launchctl bootstrap/bootout. It creates an autostart execution pipeline (RunAtLoad=true) where the executed command is supplied by writeLauncherScript() from ./shared.js and embedded into ProgramArguments without escaping. While this fragment shows no direct data theft or networking, the persistence/autostart design is commonly associated with malware, so the overall package behavior should be treated as high risk until the generated launcherScript and MARKER_PLIST_ID are reviewed.
9router
0.4.8
by decolua
Live on npm
Blocked by Socket
High-risk behavior: the module contains explicit MITM auto-start and tunnel auto-reconnect/watchdog logic, including secret loading and repeated restarts based on network changes. The presence of startMitm(...), loadEncryptedPassword(...), and a hardcoded fallback key suggests an embedded proxy/MITM agent rather than standard application functionality. This should be treated as suspicious and requires in-depth review of the referenced modules (g.startMitm, g.loadEncryptedPassword, e.cb, f.ss) and configuration/permissions to determine whether it enables unauthorized interception or data access.
kcvlib
1.1.0
Live on pypi
Blocked by Socket
This module functions as a concealed encrypted-payload loader. It may install a crypto dependency from the network if Crypto.* is missing, decrypts an embedded AES-CBC ciphertext using a PBKDF2-derived key from hardcoded material, decodes the plaintext as UTF-8, and immediately executes it via exec() at import time. Without inspecting the decrypted payload, behavior cannot be proven malicious, but the design strongly matches backdoor/installer patterns and represents a serious supply-chain security risk.
@graphql-hive/laboratory
0.1.7-alpha-20260428091248-9ef3f7a90eee325688850f655dea2ec1eb761a96
by theguild-bot
Live on npm
Blocked by Socket
High-risk supply-chain/application-layer capability: the module executes an externally provided preflight “lab script” using the JavaScript Function constructor inside a Web Worker, allowing arbitrary logic to read/modify environment variables and request headers, then return that computed data to the main thread. This creates a strong path for secret exposure and request manipulation, and it combines with programmable GraphQL header/variable/extension injection and configurable HTTP/WS/SSE endpoints to potentially facilitate exfiltration or integrity compromise if script inputs or share-imported state are not strictly trusted.
wm-plugin-json-conditions
1.0.0
by adam-bug-bounty
Live on npm
Blocked by Socket
This code fragment is strongly consistent with malicious telemetry/exfiltration: it collects hostname and user information from the local environment and unconditionally sends them to a hardcoded external endpoint over HTTPS on module load. It contains no legitimate business logic, no consent/config gating, and no sanitization/redaction.
@misterhuydo/sentinel
1.6.14
by misterhuydo
Live on npm
Blocked by Socket
This fragment performs multiple host-altering actions: it patches on-disk JSON settings, adjusts npm prefix and user PATH by editing shell rc files, and attempts to create and enable a persistent systemd service running `${workspace}/startAll.sh` (with sudo). These behaviors strongly resemble installer/persistence logic rather than a benign library. Without seeing the rest of the module (especially what startAll.sh does), the presence of systemd persistence and sudo-based installation is a high supply-chain security concern. Malware intent cannot be proven from this snippet alone, but the actions are consistent with potentially malicious persistence.
kcvlib
1.0.1
Live on pypi
Blocked by Socket
This module is a classic decrypt-and-execute loader. It suppresses dependency installation noise, decrypts a large embedded payload using AES-CBC with a PBKDF2-derived key from hardcoded material, decodes the result to UTF-8, and immediately executes it via exec(). The combination of runtime pip installation, embedded ciphertext, and direct exec strongly indicates malicious supply-chain behavior rather than benign functionality. The decrypted payload content is not visible in this snippet, so full impact requires sandboxing, but the loader itself is highly dangerous.
pinokiod
7.2.8
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
@budibase/string-templates
3.37.0
by christos-budibase
Live on npm
Blocked by Socket
High-risk behavior is present: the module provides an arbitrary JavaScript execution engine (`processJS` -> `runJS`) and additionally evaluates user-provided snippet code via `eval(...)` through a Proxy (`snippets`). This strongly elevates the likelihood of supply-chain sabotage or malicious runtime behavior. The same bundle also includes a server-side file read helper (`fs.readFileSync`) in `code.embed`, which could enable local file disclosure if its arguments are attacker-influenced. Overall, the fragment is not merely a utility library; it contains explicit code-execution capabilities consistent with a backdoor/weaponizable feature.
xlabrouter
1.0.27
by xlabglobal
Live on npm
Blocked by Socket
This code performs targeted credential/token harvesting from Cursor IDE’s local SQLite state database (including accessToken and machineId) and exfiltrates the results by returning them in a network-facing Next.js GET JSON response. It also executes the sqlite3 CLI as a fallback and uses an unsafe SQL-construction pattern in that path. This is highly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality.
gvozdarin.kiro-deep-suite
1.2.1
by legionspiderstart
Live on openvsx
Blocked by Socket
Despite the file containing largely benign status-bar UI logic, it also bundles an obfuscated activation-time loader that performs environment/host discovery, initiates HTTPS network requests with response-driven branching, and can execute OS commands via execSync/spawnSync. This combination is strongly indicative of supply-chain malware/backdoor behavior and should be treated as high risk; additional dynamic analysis and verification of the distributed package are required before trusting it.
reflexio-ai
0.2.19
Live on pypi
Blocked by Socket
While the module’s intended role is benign SQLite CRUD/search with FTS/vector indexing, the provided code fragment is severely corrupted and the search_user_playbooks SQL construction is anomalously malformed—apparently embedding INSERT operations into unrelated tables and referencing undefined variables. This strongly suggests either malicious sabotage or severe packaging/transformation corruption that could enable unexpected persistent writes (data integrity attacks) and/or cause denial-of-service via SQL errors. No clear network/exfiltration/backdoor behavior is shown in this excerpt, but the integrity risk is high.
birdnode
1.9.5
by clawalpha
Live on npm
Blocked by Socket
This module is a purpose-built local credential/session extraction component. It copies Chrome/Firefox cookie databases, selects authentication-relevant cookies for “.x.com” (ct0 and auth_token), decrypts Chrome values (AES for standard Chrome encryption formats and Windows DPAPI via PowerShell execSync), and returns the plaintext cookies as “X.com credentials” to the caller. Such targeted DPAPI/AES decryption plus auth-cookie harvesting is strongly indicative of malicious supply-chain behavior (session hijacking/impersonation), even though network exfiltration is not shown in the provided fragment.
chlklib
1.0.9
by nero1005
Live on npm
Blocked by Socket
This code is a high-confidence malicious remote payload loader. It performs a network fetch to a hardcoded external endpoint, XOR-decodes the response with a hardcoded key, and executes the decoded content via eval() with no integrity checks—creating a direct remote-to-code execution path typical of supply-chain backdoors. Use of this dependency should be considered unsafe.
@4ier/neo
2.1.0
by 4ier
Live on npm
Blocked by Socket
This module is high-risk browser instrumentation: it globally intercepts user interactions and multiple network channels, serializes sensitive request/response/DOM content (including bodies and headers), and forwards records via window.postMessage using a wildcard origin ('*'). Even without explicit code-execution or system-damage behaviors, the capability and dataflow strongly align with tracking or potential data exfiltration. Treat the package as suspicious unless the intended destination/listener is strictly controlled and privacy-preserving guarantees are verifiable.
netshell
1.0.1
Live on pypi
Blocked by Socket
This module is highly indicative of malicious supply-chain or abuse tooling: it provides an interactive HTTP command-injection “shell” that embeds operator-supplied commands into a query-string payload, sends them to an arbitrary target, and parses/prints remote command output. While it does not execute commands locally, it is directly operational for remote exploitation and data extraction from vulnerable web apps, making it inappropriate as a dependency in benign software.
@pisell/materials
6.11.54
by zhiwei.wang
Live on npm
Blocked by Socket
Suspicious supply-chain risk. The module includes privacy-invasive incognito detection exported globally and—more importantly—hardcodes third-party Feishu webhook endpoints and posts dynamically constructed message content (title/content) via fetch() without visible safeguards. Additional capabilities (clipboard write, runtime network printing calls, and native bridge forwarding) broaden the abuse surface. Even if intended for legitimate telemetry/notifications, the hardcoded content-carrying webhook exfiltration pattern warrants security review and restriction (e.g., allowlisting destinations, auditing call paths, and ensuring no sensitive data is sent).
mintcat-code
1.8.5
by iriscat
Live on npm
Blocked by Socket
This fragment is mostly consistent with sharp’s native module loader and image-processing option validation, but it also includes a macOS-only clipboard image extraction capability implemented via AppleScript (`osascript`). It reads user clipboard PNG data, writes it to `/tmp`, reads it back into memory, deletes the file, and returns the clipboard image bytes to the caller—an inherently privacy-sensitive behavior that can enable clipboard harvesting. No network exfiltration is shown in the provided code, so maliciousness depends on how the returned data is used by the importing application, but the capability itself is a significant security concern.
lsh
99.1.0
Live on cargo
Blocked by Socket
This code is highly indicative of malicious telemetry/exfiltration. It collects local identity (username and hostname) and external network identity (public IP) and sends them to a third-party Telegram endpoint using hardcoded bot credentials. The “hit” style message and unconditional transmission strongly match covert reporting/backdoor behavior rather than legitimate application functionality.
@evomap/evolver
1.74.1
by autogame-17
Live on npm
Blocked by Socket
This module is a supply-chain risk because it implements obfuscated, credentialed HTTP egress of structured internal state and event records to a runtime-configured remote endpoint using an Authorization token from environment variables. While the fragment does not show classic malware behaviors (no shell/FS damage shown), the combination of heavy obfuscation, silent error swallowing, and broad telemetry/event reporting to an arbitrary authenticated destination makes it plausibly covert and should be reviewed for legitimacy, data minimization, and allowlisted destinations.
wm-plugin-create-iframe-capturing
1.0.1
by adam-bug-bounty
Live on npm
Blocked by Socket
This code fragment is strongly consistent with malicious telemetry/exfiltration: it collects hostname and user information from the local environment and unconditionally sends them to a hardcoded external endpoint over HTTPS on module load. It contains no legitimate business logic, no consent/config gating, and no sanitization/redaction.
@octra/web-media
2.0.1
by julianpoemp
Live on npm
Blocked by Socket
This module fragment includes a high-severity arbitrary code execution mechanism. It dynamically generates a Web Worker and then evaluates attacker-controlled serialized function code (eval on both the main thread for validation and inside the worker for actual execution) and invokes the resulting functions with attacker-controlled arguments. In any supply-chain scenario where job payloads can be influenced, this functions as a backdoor-like capability and should be treated as a critical security risk.
devils-horn
1.1.2
Live on pypi
Blocked by Socket
This module is a highly suspicious and effectively unsafe supply-chain loader: it hides functionality in an embedded, heavily layered encoded/compressed blob, deserializes it with `marshal.loads`, and immediately executes it using `exec` at import time. Even without inspecting the decoded payload, the marshal+exec pattern combined with extreme obfuscation is strongly indicative of malicious dropper/backdoor behavior.
chlklib
1.1.0
by nero1005
Live on npm
Blocked by Socket
This module is a high-risk remote payload loader/backdoor pattern: it downloads an XOR-encoded script from a hardcoded external endpoint, decodes it with a hardcoded key, and executes it using `eval()` without integrity checks. Treat the dependency as malicious/compromised and avoid use; review the rest of the package for additional post-eval capabilities (e.g., command execution).
@kmmao/happy-coder
0.75.20
by kmmao
Live on npm
Blocked by Socket
This module contains multiple high-severity supply-chain security red flags consistent with a remote-control/backdoor capability: it registers RPC handlers that execute arbitrary shell commands ('bash') and can spawn an interactive terminal running a specified shell, plus it provides remote file read/write primitives. It also supports remote log upload under an environment-variable toggle. The protection against abuse relies on regex heuristics rather than strong allowlisting/sandboxing, making it plausible that a malicious server (or compromised server) could leverage these primitives for host compromise and data theft.
scrybe-cli
0.27.1
by siaarzh
Live on npm
Blocked by Socket
This module’s primary behavior is installing and removing a macOS LaunchAgent by writing a plist to ~/Library/LaunchAgents and enabling/disabling it with launchctl bootstrap/bootout. It creates an autostart execution pipeline (RunAtLoad=true) where the executed command is supplied by writeLauncherScript() from ./shared.js and embedded into ProgramArguments without escaping. While this fragment shows no direct data theft or networking, the persistence/autostart design is commonly associated with malware, so the overall package behavior should be treated as high risk until the generated launcherScript and MARKER_PLIST_ID are reviewed.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Company News
Socket has acquired Secure Annex to expand extension security across browsers, IDEs, and AI tools.

Research
/Security News
Socket is tracking cloned Open VSX extensions tied to GlassWorm, with several updated from benign-looking sleepers into malware delivery vehicles.

Product
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.