Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

sbcli-dev

6.2.1

Live on pypi

Blocked by Socket

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

officialxviid/disgester

v1.0.0

Live on composer

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is disclosed in documentation of the package and seriously disrupts user experience.

atom.sdk.net

5.1.0-alpha.2505161

by GZ Systems

Live on nuget

Blocked by Socket

This assembly contains a sophisticated obfuscated runtime loader/packer: it reads encrypted embedded resources or files, decrypts them with a hardcoded symmetric key/IV, performs RSA signature verification, allocates executable memory, writes the decrypted payload into memory or other process memory, creates delegates/function pointers and invokes the in-memory code. It also exposes/uses native nfapi calls to control a network driver. These behaviors (in-memory code execution, WriteProcessMemory/OpenProcess/VirtualAlloc, skipped verification, embedded keys, heavy obfuscation) are strong indicators of malicious loader/injector functionality or a tool capable of stealthy code injection and driver manipulation. Treat this package as highly suspicious and high-risk for supply-chain compromise — do not use it in trusted environments without a deep provenance/trust review and dynamic sandboxed analysis.

ailever

0.3.60

Live on pypi

Blocked by Socket

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

greybel-proxy

2.1.6

by ayecue

Removed from npm

Blocked by Socket

The code employs obfuscation, atypical patterns, dynamic code execution, and interaction with the global scope with malicious intent.

Live on npm for 70 days, 2 hours and 11 minutes before removal. Socket users were protected even while the package was live.

molli

1.0.0b3

Removed from pypi

Blocked by Socket

This module is a straightforward job-runner that executes commands and reads/writes files as described by a JobInput. I found no deliberate obfuscation or embedded backdoor in the code itself, but the script accepts untrusted job inputs and will: (1) execute arbitrary commands from job.commands, (2) write files to paths provided in job.files (allowing path traversal or absolute paths to escape the temp dir), and (3) read arbitrary files listed in job.return_files and include them in the output. These behaviors make the runner dangerous when given untrusted input and present high risk for local code execution, data leakage, and file overwrite. Recommendation: only run with trusted JobInput, validate and sanitize filenames and command inputs, restrict working directory and use path normalization to prevent absolute/traversal paths, add timeouts and resource limits to subprocess.run, and consider stronger sandboxing (containers, limited privileges).

Live on pypi for 10 hours and 6 minutes before removal. Socket users were protected even while the package was live.

github.com/bishopfox/sliver

v1.5.40-0.20250507144823-509d1b46fff1

Live on go

Blocked by Socket

This source performs privileged/local reconnaissance by enumerating processes and network interfaces across network namespaces and returning that data via RPC/protobuf responses. The code is clear and not obfuscated, contains no hardcoded secrets, and does not itself open network channels, but it uses unix.Setns and /proc namespace file descriptors to enumerate other network namespaces — a capability seen in post-exploitation/implant tooling. Given the file header and package origin (Sliver implant framework), this module is intended for offensive use and poses a high security risk if present on a host. Restrict execution privileges and treat deployments of this code as hostile unless explicitly required and authorized.

fiji-core-framework

7.999.0

by officeathand

Removed from npm

Blocked by Socket

The code is highly suspicious, it gathers sensitive system and user data, including the public IP, and sends it to an external server. Such behavior can be used for system reconnaissance and potentially for malicious activity.

Live on npm for 17 days, 12 hours and 37 minutes before removal. Socket users were protected even while the package was live.

undici-jey

6.21.6

by jrjs

Live on npm

Blocked by Socket

The code is obfuscated using base64 encoding, which can hide its true purpose. Without further analysis of the decoded WebAssembly module, it's difficult to assess the security risks or potential malicious behavior. The reports are flawed and do not provide any useful information.

github.com/apache/trafficcontrol

v1.1.4-0.20180817205556-a0043434fcaa

Live on go

Blocked by Socket

This code fragment performs a privileged, unconditional systemd service stop for a hardcoded service (`traffic_router`). It presents a significant operational disruption risk in a supply-chain context. However, with only this single line and no broader context, there is insufficient evidence to confirm broader malicious behavior (e.g., exfiltration/persistence).

relap-lk

0.20.99

by zantadyl

Removed from npm

Blocked by Socket

This source code is malicious. It covertly collects and exfiltrates system information via DNS queries, disables TLS certificate validation to evade detection, and downloads and executes arbitrary remote code from a suspicious C2 server. The use of eval() on remote content and disabling security checks pose critical security risks. This code should be considered a high security threat and avoided.

Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.

cmds-py

0.115

Live on pypi

Blocked by Socket

This module is high-risk and shows clear malicious/supply-chain behaviors: writing hardcoded PyPI credentials, executing shell commands with shell=True, self-modifying source, overwriting installed packages (apscheduler), and attempting to append code into Python stdlib files for persistence. Even if some parts are buggy or undefined, the overall intent is to gain persistent, remote-capable control and to publish packages to PyPI using embedded credentials. Do not use this package; treat it as malicious and remove any files it modified. Review systems where this ran for modified stdlib or site-packages files and rotate any exposed credentials.

@blocklet/pages-kit

0.4.127

by wangshijun

Live on npm

Blocked by Socket

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

apple-gateway

999.9.9

by amigomioteconsidero6

Removed from npm

Blocked by Socket

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 3 hours and 43 minutes before removal. Socket users were protected even while the package was live.

github.com/weaveworks/weave

v1.2.2-0.20151111095624-29f7015e58ad

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

muaddib-scanner

2.2.19

by dnszlsk

Live on npm

Blocked by Socket

This fragment is a high-risk dropper/backdoor: it conditionally executes a remote shell script based on environment detection, enabling remote control or destructive actions. It should be considered malware-like behavior and is unacceptable in any npm package context without explicit user consent and strong security controls.

shafa-bo

0.0.75

by binapm

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

@weavy/uikit-web

19.1.2

by weavy.admin

Live on npm

Blocked by Socket

The code is vulnerable to command injection due to lack of input sanitization on the 'url' parameter before it is used in the 'exec' function. An attacker could exploit this vulnerability to execute arbitrary commands on the host system.

yaaaf

0.0.10

Removed from pypi

Blocked by Socket

This module does not itself contain hardcoded malware, but it performs highly dangerous operations: it executes untrusted, model-generated Python code with wide access to program globals, filesystem and data. That design creates a remote code execution vector and a high risk of data exposure or system compromise if the LLM output is malicious or compromised. Use only in tightly controlled, sandboxed environments after adding strict execution controls. The code fragment is dangerous due to its execution model rather than demonstrable embedded malware.

Live on pypi for 15 hours and 41 minutes before removal. Socket users were protected even while the package was live.

woo-cart-expiration

99.10.10

Removed from npm

Blocked by Socket

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

n8n-nodes-gg-udhasudsh-hgjkhg-official

0.0.51

Live on npm

Blocked by Socket

The fragment appears to build Google Ads mutate operations and send them to the official Google Ads API. There is no clear evidence of malicious behavior (no eval/exec, no socket connections to unknown domains, no credential harvesting within this fragment). The major concern is heavy obfuscation which makes full review harder and warrants caution — review the rest of the module (including the deobfuscation helper and GoogleAdsClient implementation) and where 'credentials' originate. Overall, this fragment looks like legitimate ad/campaign-management logic rather than malware.

bek-dor

2.0

Removed from pypi

Blocked by Socket

This client implements a remote-control/backdoor mechanism: it fetches a variable from a remote server, writes a file using server-supplied filename and contents, executes that file via os.system, and then deletes it. There is no validation, authentication, or encryption. This is high-risk behavior and can be used for arbitrary remote code execution and supply-chain or backdoor attacks. Do not run this code against untrusted servers. Replace remote execution, add authentication, use signed payloads, validate filenames (no path traversal), and avoid executing arbitrary files from network sources.

Live on pypi for 4 hours and 48 minutes before removal. Socket users were protected even while the package was live.

lgblkb-tools

0.9.39

Live on pypi

Blocked by Socket

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

azure-web-pubsub-express

0.0.1-security.2

Removed from npm

Blocked by Socket

Possible typosquat of [@azure/web-pubsub](https://socket.dev/npm/package/@azure/web-pubsub) Explanation: The package 'azure-web-pubsub-express' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name is very similar to '@azure/web-pubsub', and the lack of a distinct description or purpose suggests it could be a typosquat. The maintainer 'npm' does not provide enough information to confirm legitimacy.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

sbcli-dev

6.2.1

Live on pypi

Blocked by Socket

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

officialxviid/disgester

v1.0.0

Live on composer

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is disclosed in documentation of the package and seriously disrupts user experience.

atom.sdk.net

5.1.0-alpha.2505161

by GZ Systems

Live on nuget

Blocked by Socket

This assembly contains a sophisticated obfuscated runtime loader/packer: it reads encrypted embedded resources or files, decrypts them with a hardcoded symmetric key/IV, performs RSA signature verification, allocates executable memory, writes the decrypted payload into memory or other process memory, creates delegates/function pointers and invokes the in-memory code. It also exposes/uses native nfapi calls to control a network driver. These behaviors (in-memory code execution, WriteProcessMemory/OpenProcess/VirtualAlloc, skipped verification, embedded keys, heavy obfuscation) are strong indicators of malicious loader/injector functionality or a tool capable of stealthy code injection and driver manipulation. Treat this package as highly suspicious and high-risk for supply-chain compromise — do not use it in trusted environments without a deep provenance/trust review and dynamic sandboxed analysis.

ailever

0.3.60

Live on pypi

Blocked by Socket

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

greybel-proxy

2.1.6

by ayecue

Removed from npm

Blocked by Socket

The code employs obfuscation, atypical patterns, dynamic code execution, and interaction with the global scope with malicious intent.

Live on npm for 70 days, 2 hours and 11 minutes before removal. Socket users were protected even while the package was live.

molli

1.0.0b3

Removed from pypi

Blocked by Socket

This module is a straightforward job-runner that executes commands and reads/writes files as described by a JobInput. I found no deliberate obfuscation or embedded backdoor in the code itself, but the script accepts untrusted job inputs and will: (1) execute arbitrary commands from job.commands, (2) write files to paths provided in job.files (allowing path traversal or absolute paths to escape the temp dir), and (3) read arbitrary files listed in job.return_files and include them in the output. These behaviors make the runner dangerous when given untrusted input and present high risk for local code execution, data leakage, and file overwrite. Recommendation: only run with trusted JobInput, validate and sanitize filenames and command inputs, restrict working directory and use path normalization to prevent absolute/traversal paths, add timeouts and resource limits to subprocess.run, and consider stronger sandboxing (containers, limited privileges).

Live on pypi for 10 hours and 6 minutes before removal. Socket users were protected even while the package was live.

github.com/bishopfox/sliver

v1.5.40-0.20250507144823-509d1b46fff1

Live on go

Blocked by Socket

This source performs privileged/local reconnaissance by enumerating processes and network interfaces across network namespaces and returning that data via RPC/protobuf responses. The code is clear and not obfuscated, contains no hardcoded secrets, and does not itself open network channels, but it uses unix.Setns and /proc namespace file descriptors to enumerate other network namespaces — a capability seen in post-exploitation/implant tooling. Given the file header and package origin (Sliver implant framework), this module is intended for offensive use and poses a high security risk if present on a host. Restrict execution privileges and treat deployments of this code as hostile unless explicitly required and authorized.

fiji-core-framework

7.999.0

by officeathand

Removed from npm

Blocked by Socket

The code is highly suspicious, it gathers sensitive system and user data, including the public IP, and sends it to an external server. Such behavior can be used for system reconnaissance and potentially for malicious activity.

Live on npm for 17 days, 12 hours and 37 minutes before removal. Socket users were protected even while the package was live.

undici-jey

6.21.6

by jrjs

Live on npm

Blocked by Socket

The code is obfuscated using base64 encoding, which can hide its true purpose. Without further analysis of the decoded WebAssembly module, it's difficult to assess the security risks or potential malicious behavior. The reports are flawed and do not provide any useful information.

github.com/apache/trafficcontrol

v1.1.4-0.20180817205556-a0043434fcaa

Live on go

Blocked by Socket

This code fragment performs a privileged, unconditional systemd service stop for a hardcoded service (`traffic_router`). It presents a significant operational disruption risk in a supply-chain context. However, with only this single line and no broader context, there is insufficient evidence to confirm broader malicious behavior (e.g., exfiltration/persistence).

relap-lk

0.20.99

by zantadyl

Removed from npm

Blocked by Socket

This source code is malicious. It covertly collects and exfiltrates system information via DNS queries, disables TLS certificate validation to evade detection, and downloads and executes arbitrary remote code from a suspicious C2 server. The use of eval() on remote content and disabling security checks pose critical security risks. This code should be considered a high security threat and avoided.

Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.

cmds-py

0.115

Live on pypi

Blocked by Socket

This module is high-risk and shows clear malicious/supply-chain behaviors: writing hardcoded PyPI credentials, executing shell commands with shell=True, self-modifying source, overwriting installed packages (apscheduler), and attempting to append code into Python stdlib files for persistence. Even if some parts are buggy or undefined, the overall intent is to gain persistent, remote-capable control and to publish packages to PyPI using embedded credentials. Do not use this package; treat it as malicious and remove any files it modified. Review systems where this ran for modified stdlib or site-packages files and rotate any exposed credentials.

@blocklet/pages-kit

0.4.127

by wangshijun

Live on npm

Blocked by Socket

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

apple-gateway

999.9.9

by amigomioteconsidero6

Removed from npm

Blocked by Socket

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 3 hours and 43 minutes before removal. Socket users were protected even while the package was live.

github.com/weaveworks/weave

v1.2.2-0.20151111095624-29f7015e58ad

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

muaddib-scanner

2.2.19

by dnszlsk

Live on npm

Blocked by Socket

This fragment is a high-risk dropper/backdoor: it conditionally executes a remote shell script based on environment detection, enabling remote control or destructive actions. It should be considered malware-like behavior and is unacceptable in any npm package context without explicit user consent and strong security controls.

shafa-bo

0.0.75

by binapm

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

@weavy/uikit-web

19.1.2

by weavy.admin

Live on npm

Blocked by Socket

The code is vulnerable to command injection due to lack of input sanitization on the 'url' parameter before it is used in the 'exec' function. An attacker could exploit this vulnerability to execute arbitrary commands on the host system.

yaaaf

0.0.10

Removed from pypi

Blocked by Socket

This module does not itself contain hardcoded malware, but it performs highly dangerous operations: it executes untrusted, model-generated Python code with wide access to program globals, filesystem and data. That design creates a remote code execution vector and a high risk of data exposure or system compromise if the LLM output is malicious or compromised. Use only in tightly controlled, sandboxed environments after adding strict execution controls. The code fragment is dangerous due to its execution model rather than demonstrable embedded malware.

Live on pypi for 15 hours and 41 minutes before removal. Socket users were protected even while the package was live.

woo-cart-expiration

99.10.10

Removed from npm

Blocked by Socket

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

n8n-nodes-gg-udhasudsh-hgjkhg-official

0.0.51

Live on npm

Blocked by Socket

The fragment appears to build Google Ads mutate operations and send them to the official Google Ads API. There is no clear evidence of malicious behavior (no eval/exec, no socket connections to unknown domains, no credential harvesting within this fragment). The major concern is heavy obfuscation which makes full review harder and warrants caution — review the rest of the module (including the deobfuscation helper and GoogleAdsClient implementation) and where 'credentials' originate. Overall, this fragment looks like legitimate ad/campaign-management logic rather than malware.

bek-dor

2.0

Removed from pypi

Blocked by Socket

This client implements a remote-control/backdoor mechanism: it fetches a variable from a remote server, writes a file using server-supplied filename and contents, executes that file via os.system, and then deletes it. There is no validation, authentication, or encryption. This is high-risk behavior and can be used for arbitrary remote code execution and supply-chain or backdoor attacks. Do not run this code against untrusted servers. Replace remote execution, add authentication, use signed payloads, validate filenames (no path traversal), and avoid executing arbitrary files from network sources.

Live on pypi for 4 hours and 48 minutes before removal. Socket users were protected even while the package was live.

lgblkb-tools

0.9.39

Live on pypi

Blocked by Socket

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

azure-web-pubsub-express

0.0.1-security.2

Removed from npm

Blocked by Socket

Possible typosquat of [@azure/web-pubsub](https://socket.dev/npm/package/@azure/web-pubsub) Explanation: The package 'azure-web-pubsub-express' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name is very similar to '@azure/web-pubsub', and the lack of a distinct description or purpose suggests it could be a typosquat. The maintainer 'npm' does not provide enough information to confirm legitimacy.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles