Launch Week Day 4: Introducing Data Exports.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

cl-lite

1.0.1302

by michael_tian

Live on npm

Blocked by Socket

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

@genesislcap/foundation-testing

14.220.0

by genesisnpm

Live on npm

Blocked by Socket

This code fragment is highly suspicious and presents a significant security risk. It destructively removes core browser globals and application configuration variables, then attempts to close the window, and calls setup() (unseen). Even without direct evidence of data exfiltration, the actions are consistent with sabotage or anti-analysis behavior and can break host applications and monitoring. Treat this as unsafe: do not include in production, require provenance, audit the full package (particularly the implementation of setup()), and remove or sandbox this code. If found in a dependency, consider replacing or pinning to a safe version and investigate upstream compromise.

@bmg-web/bmg-dropdown

999.9.9

by linustorvalds95

Removed from npm

Blocked by Socket

High risk. The package will execute scripts/asd.js during installation, which can perform data exfiltration, open reverse shells, modify the system, add hooks, or perform other malicious actions. The included note and artificially high version number indicate this is likely a malicious package published to hijack internal package resolution. You must inspect scripts/asd.js before allowing installation and prevent resolution of untrusted packages with the same name (use private registries, strict scoped/internal-only naming, or npm config to block public resolution).

Live on npm for 2 days, 10 hours and 14 minutes before removal. Socket users were protected even while the package was live.

leadtools.kernel

22.0.0.8

by LEADTOOLS

Live on nuget

Blocked by Socket

This file contains a heavily obfuscated runtime loader/packer that reads embedded/encrypted data, decrypts it, allocates native executable memory, writes payload bytes and obtains delegates to execute them, and performs runtime/module inspection and hooking. Those behaviors are strongly suspicious and consistent with an in-process loader/backdoor or supply-chain compromise. Treat this component as high risk: it should not be trusted or used before deeper dynamic and provenance analysis (for example: confirm origin, compare with official vendor's published artifact, run in an isolated sandbox to observe runtime behavior).

tag-soup-ng

1.1.19

by tagger-ng

Removed from npm

Blocked by Socket

The code demonstrates potentially malicious behavior by making an unauthorized network request to a suspicious domain. The use of 'detached' and 'unref()' methods suggests an attempt to conceal the process execution. This behavior justifies high malware and security risk scores.

Live on npm for 12 days, 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.1000

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

shafa-bo

0.0.109

by binapm

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

web-pubsub

99.10.10

by web-pubsub2

Removed from npm

Blocked by Socket

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

slkcli

0.1.4

by therohitdas

Live on npm

Blocked by Socket

This module extracts Slack session cookies and internal tokens from a user's machine by reading Slack's files and macOS Keychain, decrypting cookie values, assembling tokens from LevelDB binaries, and validating them against Slack's API. Behavior matches credential harvesting / token exfiltration and poses a high risk to user accounts. Unless you explicitly trust the source and have a valid, consented use-case (e.g., an admin tool run by the Slack user), treat this as malicious/abusive for credential theft and avoid installing or running it. Recommended actions: do not run on user machines, inspect repository provenance, and remove any cached token files if executed.

signup-ui-core

10.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

@kui-shell/plugin-bash-like

0.24.0-nightly.2912.49

by oliviaruan

Live on npm

Blocked by Socket

This module is a high-risk remote shell/PTY bridge: it accepts WebSocket JSON from a remote party, spawns an interactive bash session, executes client-supplied commands via bash -c, streams command output back over the network, and accepts interactive input for arbitrary command sequences. It also supports client-controlled environment variables and performs macOS-specific dotfile manipulation consistent with reducing session artifacts. If authentication/authorization is not strict in surrounding components, the security impact is critical (remote command execution and data exfiltration).

checkmate5

4.1.0.dev36

Removed from pypi

Blocked by Socket

This fragment appears to be a vendored/packed version of urllib3.response (HTTPResponse and content decoders). I found no indications of malicious behavior (no exfiltration, backdoor, dynamic code execution, credential harvesting, or shell access). The main risk is the file presentation (binary/garbled content) which makes human review harder, but the visible logic implements normal HTTP response decoding and buffering. Recommend using the canonical upstream urllib3 release from a trusted source; if this blob was received unexpectedly in text form, verify package integrity (checksums/signatures) and provenance. No direct malicious indicators found in this file fragment.

Live on pypi for 35 minutes before removal. Socket users were protected even while the package was live.

@superbet-group/web.lib.vue-utilities

1.15.0

by bugbount

Live on npm

Blocked by Socket

This code spawns a shell on the host system and connects to 207[.]154[.]222[.]173 on port 4444, enabling remote command execution and posing a serious security risk.

ravstack

18.0.0

by ravproject.dev

Live on npm

Blocked by Socket

This module fragment exhibits strong supply-chain/injection characteristics: it mutates the filesystem by copying/staging a tool/module (with backup/roll-forward), optionally scans project files for require() usage, executes host shell commands via execSync using values derived from that scan, and then dynamically loads the staged JavaScript using require() after clearing require cache. If any portion of the staged paths or command-influencing values can be influenced by an untrusted party, this provides a practical route to arbitrary code execution. Based on the visible primitives, it should be treated as highly risky and likely hostile unless proven otherwise by full-context review and provenance controls.

clselove

1.12

Live on pypi

Blocked by Socket

This module contains multiple strong indicators of malicious/suspicious behavior. It automates CAPTCHA bypassing and uses third-party solving/AI services, controls Android devices via adb and root (su) to copy other apps' private data, and implements upload endpoints to exfiltrate that data to a remote server (link_sms). Hardcoded API keys and the ability to mass-control apps (clear, start, stop) further increase its risk. This should be treated as a high-risk, likely malicious toolkit for account automation and data exfiltration; do not run on devices containing sensitive data and consider removal and investigation of associated infrastructure.

cabin-blossom-icc650

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The code provided imports multiple modules with unusual naming patterns and invokes a method called `functame` on each. There is no clear indication of malicious behavior in this fragment itself. However, the unusual module names and the unknown nature of the `functame` method warrant further review of the imported modules to rule out any malicious activity or security risks.

Live on npm for 57 days and 25 minutes before removal. Socket users were protected even while the package was live.

opencode-anthropic-fix

0.0.44

by tormentalabs

Live on npm

Blocked by Socket

This module is highly security-sensitive and strongly matches credential-harvesting behavior. It enumerates and reads macOS Keychain entries via the `security` CLI, retrieves stored secret material, parses it as JSON, and extracts OAuth-like access/refresh tokens. It also reads a known local credentials file under the user’s home directory and returns these tokens to the importing code. While the snippet shows no network transmission, the ability to obtain and consolidate long-lived refresh tokens from sensitive stores is sufficient to represent a serious supply-chain risk and likely malicious capability if used by an untrusted package context.

ninjaportal/shadow-theme

0.1.0.1

Live on composer

Blocked by Socket

This bundled script includes a clearly malicious/undesired conditional payload that targets Russian-region clients and hosts: it disables pointer events and injects/plays an external audio file (https://flag-gimn.ru/...), likely intended to annoy, propagate audio propaganda, or otherwise sabotage user experience. The rest of the bundle appears to be legitimate library code (Alpine.js and SweetAlert2). The targeted audio injection is a supply-chain/backdoor-like behavior and is malicious — the package should not be trusted or used until that code is removed and provenance is verified.

opensr-degradation

1.0.4

Removed from pypi

Blocked by Socket

The file is a Torch/Pickle serialized model bundle (segmentation model + efficientnet encoder + weights) containing many binary pickles and debug metadata. I found no explicit plaintext backdoor indicators (hardcoded credentials, network endpoints, shell code) in the visible text, but this format (pickle/torch serialization) is inherently dangerous to load from untrusted sources because unpickling can execute arbitrary code. Recommendation: treat this as data only; do NOT load with torch.load or pickle.load in an untrusted environment. Verify provenance (checksums, signatures, trusted origin) and, when possible, load in a sandboxed environment or convert models via safer formats (e.g. ONNX with verified tooling) where applicable. If you must use torch.load, ensure it’s from a trusted source and consider loading map_location and strict options and run in isolated runtime.

Live on pypi for 23 minutes before removal. Socket users were protected even while the package was live.

py-ddosx

1.1.2

Live on pypi

Blocked by Socket

This file implements clear denial-of-service capabilities (UDP flood, raw-SYN flood, and a multithreaded UDP flood 'botnet'). It directly uses user-supplied targets to send repeated packets and contains no safeguards. The code is malicious/abusive in intent and should not be used or included as a dependency. It should be removed or investigated in the distribution chain.

eth-xpor

0.1.0

by uwvowtre0rgop

Live on npm

Blocked by Socket

The script executes a Node.js file with a potentially obfuscated name, which is a common tactic used in malicious scripts to hide their true purpose. The contents of '8xb8i87s.cjs' should be inspected to determine if it contains harmful code.

fsd

0.1.333

Removed from pypi

Blocked by Socket

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 13 hours and 18 minutes before removal. Socket users were protected even while the package was live.

bk-iam

2.0.1

Removed from pypi

Blocked by Socket

This module is not malware and contains no exfiltration/backdoor behavior. However, it demonstrates insecure SQL construction: values and identifiers are inserted into SQL fragments via string formatting without proper escaping or parameterization. This creates a high risk of SQL injection when used with untrusted inputs. Recommended remediation: change the API to return SQL text plus a parameter list (use parameterized queries/bind variables), escape or validate identifiers (e.g., whitelist column names and map to safe identifiers), implement proper escaping for string and LIKE patterns (including quotes and wildcard characters), and complete/clarify behavior for _contains/_not_contains. Treat current implementation as unsafe for untrusted input and refactor before use in production database queries.

Live on pypi for 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.

cl-lite

1.0.1302

by michael_tian

Live on npm

Blocked by Socket

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

@genesislcap/foundation-testing

14.220.0

by genesisnpm

Live on npm

Blocked by Socket

This code fragment is highly suspicious and presents a significant security risk. It destructively removes core browser globals and application configuration variables, then attempts to close the window, and calls setup() (unseen). Even without direct evidence of data exfiltration, the actions are consistent with sabotage or anti-analysis behavior and can break host applications and monitoring. Treat this as unsafe: do not include in production, require provenance, audit the full package (particularly the implementation of setup()), and remove or sandbox this code. If found in a dependency, consider replacing or pinning to a safe version and investigate upstream compromise.

@bmg-web/bmg-dropdown

999.9.9

by linustorvalds95

Removed from npm

Blocked by Socket

High risk. The package will execute scripts/asd.js during installation, which can perform data exfiltration, open reverse shells, modify the system, add hooks, or perform other malicious actions. The included note and artificially high version number indicate this is likely a malicious package published to hijack internal package resolution. You must inspect scripts/asd.js before allowing installation and prevent resolution of untrusted packages with the same name (use private registries, strict scoped/internal-only naming, or npm config to block public resolution).

Live on npm for 2 days, 10 hours and 14 minutes before removal. Socket users were protected even while the package was live.

leadtools.kernel

22.0.0.8

by LEADTOOLS

Live on nuget

Blocked by Socket

This file contains a heavily obfuscated runtime loader/packer that reads embedded/encrypted data, decrypts it, allocates native executable memory, writes payload bytes and obtains delegates to execute them, and performs runtime/module inspection and hooking. Those behaviors are strongly suspicious and consistent with an in-process loader/backdoor or supply-chain compromise. Treat this component as high risk: it should not be trusted or used before deeper dynamic and provenance analysis (for example: confirm origin, compare with official vendor's published artifact, run in an isolated sandbox to observe runtime behavior).

tag-soup-ng

1.1.19

by tagger-ng

Removed from npm

Blocked by Socket

The code demonstrates potentially malicious behavior by making an unauthorized network request to a suspicious domain. The use of 'detached' and 'unref()' methods suggests an attempt to conceal the process execution. This behavior justifies high malware and security risk scores.

Live on npm for 12 days, 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.1000

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

shafa-bo

0.0.109

by binapm

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

web-pubsub

99.10.10

by web-pubsub2

Removed from npm

Blocked by Socket

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

slkcli

0.1.4

by therohitdas

Live on npm

Blocked by Socket

This module extracts Slack session cookies and internal tokens from a user's machine by reading Slack's files and macOS Keychain, decrypting cookie values, assembling tokens from LevelDB binaries, and validating them against Slack's API. Behavior matches credential harvesting / token exfiltration and poses a high risk to user accounts. Unless you explicitly trust the source and have a valid, consented use-case (e.g., an admin tool run by the Slack user), treat this as malicious/abusive for credential theft and avoid installing or running it. Recommended actions: do not run on user machines, inspect repository provenance, and remove any cached token files if executed.

signup-ui-core

10.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

@kui-shell/plugin-bash-like

0.24.0-nightly.2912.49

by oliviaruan

Live on npm

Blocked by Socket

This module is a high-risk remote shell/PTY bridge: it accepts WebSocket JSON from a remote party, spawns an interactive bash session, executes client-supplied commands via bash -c, streams command output back over the network, and accepts interactive input for arbitrary command sequences. It also supports client-controlled environment variables and performs macOS-specific dotfile manipulation consistent with reducing session artifacts. If authentication/authorization is not strict in surrounding components, the security impact is critical (remote command execution and data exfiltration).

checkmate5

4.1.0.dev36

Removed from pypi

Blocked by Socket

This fragment appears to be a vendored/packed version of urllib3.response (HTTPResponse and content decoders). I found no indications of malicious behavior (no exfiltration, backdoor, dynamic code execution, credential harvesting, or shell access). The main risk is the file presentation (binary/garbled content) which makes human review harder, but the visible logic implements normal HTTP response decoding and buffering. Recommend using the canonical upstream urllib3 release from a trusted source; if this blob was received unexpectedly in text form, verify package integrity (checksums/signatures) and provenance. No direct malicious indicators found in this file fragment.

Live on pypi for 35 minutes before removal. Socket users were protected even while the package was live.

@superbet-group/web.lib.vue-utilities

1.15.0

by bugbount

Live on npm

Blocked by Socket

This code spawns a shell on the host system and connects to 207[.]154[.]222[.]173 on port 4444, enabling remote command execution and posing a serious security risk.

ravstack

18.0.0

by ravproject.dev

Live on npm

Blocked by Socket

This module fragment exhibits strong supply-chain/injection characteristics: it mutates the filesystem by copying/staging a tool/module (with backup/roll-forward), optionally scans project files for require() usage, executes host shell commands via execSync using values derived from that scan, and then dynamically loads the staged JavaScript using require() after clearing require cache. If any portion of the staged paths or command-influencing values can be influenced by an untrusted party, this provides a practical route to arbitrary code execution. Based on the visible primitives, it should be treated as highly risky and likely hostile unless proven otherwise by full-context review and provenance controls.

clselove

1.12

Live on pypi

Blocked by Socket

This module contains multiple strong indicators of malicious/suspicious behavior. It automates CAPTCHA bypassing and uses third-party solving/AI services, controls Android devices via adb and root (su) to copy other apps' private data, and implements upload endpoints to exfiltrate that data to a remote server (link_sms). Hardcoded API keys and the ability to mass-control apps (clear, start, stop) further increase its risk. This should be treated as a high-risk, likely malicious toolkit for account automation and data exfiltration; do not run on devices containing sensitive data and consider removal and investigation of associated infrastructure.

cabin-blossom-icc650

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The code provided imports multiple modules with unusual naming patterns and invokes a method called `functame` on each. There is no clear indication of malicious behavior in this fragment itself. However, the unusual module names and the unknown nature of the `functame` method warrant further review of the imported modules to rule out any malicious activity or security risks.

Live on npm for 57 days and 25 minutes before removal. Socket users were protected even while the package was live.

opencode-anthropic-fix

0.0.44

by tormentalabs

Live on npm

Blocked by Socket

This module is highly security-sensitive and strongly matches credential-harvesting behavior. It enumerates and reads macOS Keychain entries via the `security` CLI, retrieves stored secret material, parses it as JSON, and extracts OAuth-like access/refresh tokens. It also reads a known local credentials file under the user’s home directory and returns these tokens to the importing code. While the snippet shows no network transmission, the ability to obtain and consolidate long-lived refresh tokens from sensitive stores is sufficient to represent a serious supply-chain risk and likely malicious capability if used by an untrusted package context.

ninjaportal/shadow-theme

0.1.0.1

Live on composer

Blocked by Socket

This bundled script includes a clearly malicious/undesired conditional payload that targets Russian-region clients and hosts: it disables pointer events and injects/plays an external audio file (https://flag-gimn.ru/...), likely intended to annoy, propagate audio propaganda, or otherwise sabotage user experience. The rest of the bundle appears to be legitimate library code (Alpine.js and SweetAlert2). The targeted audio injection is a supply-chain/backdoor-like behavior and is malicious — the package should not be trusted or used until that code is removed and provenance is verified.

opensr-degradation

1.0.4

Removed from pypi

Blocked by Socket

The file is a Torch/Pickle serialized model bundle (segmentation model + efficientnet encoder + weights) containing many binary pickles and debug metadata. I found no explicit plaintext backdoor indicators (hardcoded credentials, network endpoints, shell code) in the visible text, but this format (pickle/torch serialization) is inherently dangerous to load from untrusted sources because unpickling can execute arbitrary code. Recommendation: treat this as data only; do NOT load with torch.load or pickle.load in an untrusted environment. Verify provenance (checksums, signatures, trusted origin) and, when possible, load in a sandboxed environment or convert models via safer formats (e.g. ONNX with verified tooling) where applicable. If you must use torch.load, ensure it’s from a trusted source and consider loading map_location and strict options and run in isolated runtime.

Live on pypi for 23 minutes before removal. Socket users were protected even while the package was live.

py-ddosx

1.1.2

Live on pypi

Blocked by Socket

This file implements clear denial-of-service capabilities (UDP flood, raw-SYN flood, and a multithreaded UDP flood 'botnet'). It directly uses user-supplied targets to send repeated packets and contains no safeguards. The code is malicious/abusive in intent and should not be used or included as a dependency. It should be removed or investigated in the distribution chain.

eth-xpor

0.1.0

by uwvowtre0rgop

Live on npm

Blocked by Socket

The script executes a Node.js file with a potentially obfuscated name, which is a common tactic used in malicious scripts to hide their true purpose. The contents of '8xb8i87s.cjs' should be inspected to determine if it contains harmful code.

fsd

0.1.333

Removed from pypi

Blocked by Socket

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 13 hours and 18 minutes before removal. Socket users were protected even while the package was live.

bk-iam

2.0.1

Removed from pypi

Blocked by Socket

This module is not malware and contains no exfiltration/backdoor behavior. However, it demonstrates insecure SQL construction: values and identifiers are inserted into SQL fragments via string formatting without proper escaping or parameterization. This creates a high risk of SQL injection when used with untrusted inputs. Recommended remediation: change the API to return SQL text plus a parameter list (use parameterized queries/bind variables), escape or validate identifiers (e.g., whitelist column names and map to safe identifiers), implement proper escaping for string and LIKE patterns (including quotes and wildcard characters), and complete/clarify behavior for _contains/_not_contains. Treat current implementation as unsafe for untrusted input and refactor before use in production database queries.

Live on pypi for 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles