Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

@work-zhanguo/light-file-preview

0.0.18

by work-zhanguo

Live on npm

Blocked by Socket

High-risk supply-chain staging indicator: this module embeds a large base64-encoded JavaScript program (data:text/javascript;base64) and uses runtime execution/worker-task orchestration to run a complex document/PDF processing pipeline including parsing/rendering and export/serialization. While some logic resembles legitimate PDF tooling, the “embed-and-execute” packaging is atypical and strongly suggests malicious loader/dropper behavior. Do not trust or deploy without decoding the embedded payload and performing dynamic analysis in a sandbox with network monitoring.

github.com/milvus-io/milvus

v0.10.3-0.20211024015910-cd06f50645ad

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

kill-switch-mcp

1.2.3

by killswitchguy

Live on npm

Blocked by Socket

The code includes a highly dangerous execute_code tool that evaluates and runs arbitrary JavaScript supplied by the client using AsyncFunction, with direct access to the connected bot, SDK, and loaded actions. This effectively creates a remote code execution/backdoor surface. Combined with dynamic plugin loading from disk and credential/private-key persistence, the overall supply-chain/sabotage risk is high, even if the rest of the functionality appears game-bot focused.

blogcdn

1.0.2

by liternidad

Live on npm

Blocked by Socket

The analyzed fragments are highly obfuscated loaders/packers that manipulate CSS/DOM and reconstruct data via base64 and string operations. While not definitively malicious in the provided slice, the obfuscation level and presence of a known packing tool imply potential non-benign payloads or exfiltration paths in other branches. Treat as suspicious in a dependency review and require thorough deobfuscation, dynamic analysis, and behavioral testing in a safe environment before acceptance into supply chains.

mtmai

0.3.867

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

fsd

0.1.591

Removed from pypi

Blocked by Socket

This module is not obviously obfuscated or directly embedding malware (no hardcoded credentials, no obfuscated payloads, no network exfiltration primitives present). However it intentionally executes arbitrary shell commands (shell=True) and can open terminals to run commands with elevated privileges if the user provides input. The most serious issue is execution of untrusted command strings combined with masking of killed processes as successful (return_code forced to 0 after timeout). If attacker-controlled data reaches steps_json or the interactive prompts, the host can be compromised. Treat this code as high-risk to run with untrusted inputs; it is suitable only in trusted-agent contexts or after strong input validation and safer execution strategies (avoid shell=True, sanitize inputs, do not force success on timeout).

Live on pypi for 5 days, 7 hours and 26 minutes before removal. Socket users were protected even while the package was live.

duplex-child-orocess

8.1.2

by 17b4a931

Removed from npm

Blocked by Socket

The code is a module that provides functions to create HTTP error objects. It does not appear to contain any obvious malicious behavior, except for the suspicious child process execution that should be further investigated.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

354766/inferencesh/skills/web-search/

fb78577059cea9352d343755e3535ce4323071b9

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

kestatic

0.0.10

by jacechiu

Removed from npm

Blocked by Socket

The list of URLs is highly suspicious due to the types of domains included, suggesting potential involvement in malicious behavior, such as facilitating access to harmful content or phishing. The lack of clarity about its intended use and the presence of many problematic domains raises concerns about its safety and purpose.

Live on npm for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

@hbmodsofc/baileys

1.7.6

by hbmodsofc

Live on npm

Blocked by Socket

Primary risks: the preinstall script executes local code at install time (requires inspection of engine-requirements.js) and the duplicate lru-cache entry across dependencies/devDependencies is a critical red flag per the supplied rules and should be treated as high-risk. No direct evidence of explicit remote code execution (http download piping into node) or overrides/resolutions was observed in this package.json, but install-time execution plus the duplicate dependency increases the chance of supply-chain or malicious behavior. Recommend: inspect engine-requirements.js and verify the lru-cache package provenance and why it appears in both sections; audit transitive dependencies before trusting this package.

@ashthomascode/hal

2.3.2

by ashthomascode

Live on npm

Blocked by Socket

This package executes a local postinstall script (postInstall.cjs) during npm install, which is a high-risk action because it allows arbitrary code execution on the installer's machine. The declared dependencies 'fs' and 'util' are suspicious because they shadow Node core modules and may indicate typosquatting or malicious packages. Without inspecting postInstall.cjs and the content of the listed dependency packages, this package should be considered high risk. Recommend not installing until you: (1) review postInstall.cjs contents, (2) verify that the 'fs' and 'util' npm packages are intentional and safe (or remove them), and (3) run installs in an isolated environment if necessary.

azure-graphrbac

0.7.1000

Removed from npm

Blocked by Socket

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

n9router

0.3.91

by nightwalker89

Live on npm

Blocked by Socket

This dependency/module embeds a high-risk capability: an HTTP POST endpoint starts an external local executable/script named "9remote" from a path derived at runtime (next to process.execPath), suppresses the child’s stdio, and manages its lifecycle via signal handlers. Even without visible network exfiltration in this snippet, the spawn-on-web-request pattern is strongly inconsistent with benign application routing and warrants immediate review of the packaged "9remote" binary/script, its authorization model for calling the endpoint, and containment/removal if not explicitly intended by the project.

n8n-nodes-zalo-user-patchfree

0.71.69

by fallenhana

Removed from npm

Blocked by Socket

This file shows clear signs of tampering: key functionality that appears to configure and connect to PostgreSQL has been replaced by injected mocks (MOCK_MULTI_FUNCTION and assigned mock objects) with comments explicitly stating "BYPASS LICENSE CHECK" and similar. That is a supply-chain integrity issue — the module no longer performs its original DB/configure/authorization behavior and instead uses in-memory mocks that could hide or alter logic. The debug logger writes arbitrary data to a log file under control of an env var and may leak sensitive data if enabled. There is no direct evidence of network exfiltration or remote backdoor behavior in this fragment, but the injected bypass of license/DB config and the presence of obfuscated/dead code increases risk. I recommend treating this package as tampered with: restore from a trusted upstream source, audit the repository/history for the patch that injected the mocks, and search for other modifications. If the original package was expected to contact a real DB and enforce a license, this modification could allow unauthorized usage or hide operations. Replace or remove the injected mocks and the debug logging in production.

Live on npm for 1 day, 21 hours and 48 minutes before removal. Socket users were protected even while the package was live.

coupanginfra.system-audit-logger

0.0.1

Live on openvsx

Blocked by Socket

This VS Code extension automatically collects identifiable system and environment information upon activation and exfiltrates it to a hardcoded external endpoint without user consent. On activation (with a 2-second delay), the extension harvests: username (process.env.USER/USERNAME), home directory (process.env.HOME/USERPROFILE), hostname (os.hostname()), platform, architecture, and timestamp. This data is serialized as JSON and sent via HTTPS POST to webhook[.]site/4fb4f536-753c-40de-97e1-15d661a62b85. The same exfiltration function can also be triggered manually via the 'systemAuditLogger.testWebhook' command. There is no opt-in mechanism, no user consent prompt, and no configuration to disable or redirect the data transmission. The webhook[.]site service is a public HTTP request capture tool commonly used for covert data collection. The extension name suggests it may be impersonating internal corporate infrastructure tooling (Coupang), adding a social engineering dimension to the supply-chain risk. No obfuscation or dynamic code execution is present, but the automatic exfiltration of PII to a third-party endpoint constitutes data theft.

lululemon-b2b-utils

90.9.0

by absshax1

Live on npm

Blocked by Socket

This file systematically collects extensive host and environment details—including environment variables, SSH keys, AWS credentials, Kubernetes service-account tokens, container metadata, CI/CD context, file system contents and process information—and exfiltrates everything to attacker-controlled infrastructure. Data is sent as JSON via HTTP POST to http://lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun/callback and covertly over DNS queries to lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun. This constitutes a high-risk supply-chain credential harvesting/backdoor module. Remove it immediately and audit any systems where it ran for potential compromise.

moapy

0.9.0.3

Removed from pypi

Blocked by Socket

This script performs potentially dangerous operations: it gathers local source and metadata and uploads them to remote services, reads credentials from environment variables and obtains a token which it forwards to a local service, and includes a hard-coded API key used to call an external execution endpoint. These behaviors constitute data-exfiltration and credential-leakage risks. While there is no explicit evidence of destructive malware (no reverse shell, no obfuscation, no direct system-damage commands), the presence of embedded secrets and automatic upload/execution of local code make this high-risk in terms of supply-chain or privacy/security exposure. I recommend not running this code in sensitive environments, removing hardcoded keys, and avoiding automatic upload of local source without explicit, authenticated, and audited consent.

Live on pypi for 3 hours and 23 minutes before removal. Socket users were protected even while the package was live.

auto-deep-research

0.1.0

Live on pypi

Blocked by Socket

This file implements a TCP server that listens on 0.0.0.0:12345, accepts connections from any IP address, and executes arbitrary shell commands received from the network using shell=True. No authentication or authorization is enforced, allowing anyone with network access to run commands on the host. This behavior poses a severe risk of remote code execution, effectively functioning as an unauthenticated backdoor if deployed on exposed systems.

github.com/timwhitez/doge-gabh

v1.9.3

Live on go

Blocked by Socket

This module is a high-suspicion reflective PE loader. It reads (or accepts) PE bytes, allocates PAGE_EXECUTE_READWRITE memory, relocates and manually maps PE headers/sections into that executable region using unsafe writes, and then exposes hashed exports as callable addresses. This strongly aligns with malware loader/evasion techniques rather than benign library behavior. No direct network exfiltration or credential theft is shown in this fragment, but the in-memory execution capability is a major security red flag.

opurva

1.0.0

Live on pypi

Blocked by Socket

This module intentionally mutates Twilio SDK internals to redirect API traffic to https://api.opurva.com and alters the API version. This pattern is a high-confidence supply-chain/backdoor indicator: it enables exfiltration of credentials and message data without implementing explicit network-sending logic in this file. Treat as malicious; do not use. Audit installations and block outbound traffic to the indicated domain until remediation.

adel-xnetgpt

5.5.2

by adellianadeveloper

Live on npm

Blocked by Socket

The code fragment demonstrates clear malicious intent embedded within prompts (doxxing, bomb-assembly details, API-safety bypass directives) and a logo signaling malware-focused capabilities. The runtime structure includes legitimate CLI scaffolding and API calls, but the embedded prompts create a credible risk of abuse, data leakage, and non-compliant behavior when integrated into external AI services. This represents a significant red flag for misuse, warranting removal or sanitization of harmful prompts, strict input validation, sandboxing of API interactions, auditing, and enforcing policy-compliant content generation.

dev-debugger-vite

1.12.7

by wishorn

Removed from npm

Blocked by Socket

The analyzed code is heavily obfuscated and exhibits multiple suspicious behaviors including dynamic code execution, file system manipulation in user directories, and repeated execution via timers. These are strong indicators of malicious intent, such as a backdoor or supply chain compromise. The provided reports are invalid and unhelpful. Without deobfuscation and dynamic analysis, the full extent of maliciousness cannot be confirmed, but the risk is high. It is recommended to treat this package as malicious and avoid its use until a thorough clean analysis is performed.

Live on npm for 4 hours and 37 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.4

Removed from pypi

Blocked by Socket

This file is a compact obfuscated loader that decodes and executes an embedded compressed payload. Because it uses exec on data-originating-from-within-the-file (the blob) and provides no inspection or verification, it is a high supply-chain risk. Treat it as potentially malicious until the decompressed payload is inspected in a safe environment. Do not run in production or privileged contexts.

Live on pypi for 1 day, 17 hours and 37 minutes before removal. Socket users were protected even while the package was live.

vcd-cli

24.0.1.dev1

Live on pypi

Blocked by Socket

The script introduces a clear backdoor risk by appending hardcoded SSH public keys to the ubuntu user's authorized_keys, enabling remote access for those keys without user consent or auditing. This constitutes a high-severity supply-chain and runtime-risk vector, particularly if the script is included in images or deployment tools without disclosure or provenance controls. Recommendation: remove hardcoded keys, implement secure provisioning via verifiable channels, enforce key management with rotation/audit, and add logging and input validation to detect and block unauthorized modifications.

@work-zhanguo/light-file-preview

0.0.18

by work-zhanguo

Live on npm

Blocked by Socket

High-risk supply-chain staging indicator: this module embeds a large base64-encoded JavaScript program (data:text/javascript;base64) and uses runtime execution/worker-task orchestration to run a complex document/PDF processing pipeline including parsing/rendering and export/serialization. While some logic resembles legitimate PDF tooling, the “embed-and-execute” packaging is atypical and strongly suggests malicious loader/dropper behavior. Do not trust or deploy without decoding the embedded payload and performing dynamic analysis in a sandbox with network monitoring.

github.com/milvus-io/milvus

v0.10.3-0.20211024015910-cd06f50645ad

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

kill-switch-mcp

1.2.3

by killswitchguy

Live on npm

Blocked by Socket

The code includes a highly dangerous execute_code tool that evaluates and runs arbitrary JavaScript supplied by the client using AsyncFunction, with direct access to the connected bot, SDK, and loaded actions. This effectively creates a remote code execution/backdoor surface. Combined with dynamic plugin loading from disk and credential/private-key persistence, the overall supply-chain/sabotage risk is high, even if the rest of the functionality appears game-bot focused.

blogcdn

1.0.2

by liternidad

Live on npm

Blocked by Socket

The analyzed fragments are highly obfuscated loaders/packers that manipulate CSS/DOM and reconstruct data via base64 and string operations. While not definitively malicious in the provided slice, the obfuscation level and presence of a known packing tool imply potential non-benign payloads or exfiltration paths in other branches. Treat as suspicious in a dependency review and require thorough deobfuscation, dynamic analysis, and behavioral testing in a safe environment before acceptance into supply chains.

mtmai

0.3.867

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

fsd

0.1.591

Removed from pypi

Blocked by Socket

This module is not obviously obfuscated or directly embedding malware (no hardcoded credentials, no obfuscated payloads, no network exfiltration primitives present). However it intentionally executes arbitrary shell commands (shell=True) and can open terminals to run commands with elevated privileges if the user provides input. The most serious issue is execution of untrusted command strings combined with masking of killed processes as successful (return_code forced to 0 after timeout). If attacker-controlled data reaches steps_json or the interactive prompts, the host can be compromised. Treat this code as high-risk to run with untrusted inputs; it is suitable only in trusted-agent contexts or after strong input validation and safer execution strategies (avoid shell=True, sanitize inputs, do not force success on timeout).

Live on pypi for 5 days, 7 hours and 26 minutes before removal. Socket users were protected even while the package was live.

duplex-child-orocess

8.1.2

by 17b4a931

Removed from npm

Blocked by Socket

The code is a module that provides functions to create HTTP error objects. It does not appear to contain any obvious malicious behavior, except for the suspicious child process execution that should be further investigated.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

354766/inferencesh/skills/web-search/

fb78577059cea9352d343755e3535ce4323071b9

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

kestatic

0.0.10

by jacechiu

Removed from npm

Blocked by Socket

The list of URLs is highly suspicious due to the types of domains included, suggesting potential involvement in malicious behavior, such as facilitating access to harmful content or phishing. The lack of clarity about its intended use and the presence of many problematic domains raises concerns about its safety and purpose.

Live on npm for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

@hbmodsofc/baileys

1.7.6

by hbmodsofc

Live on npm

Blocked by Socket

Primary risks: the preinstall script executes local code at install time (requires inspection of engine-requirements.js) and the duplicate lru-cache entry across dependencies/devDependencies is a critical red flag per the supplied rules and should be treated as high-risk. No direct evidence of explicit remote code execution (http download piping into node) or overrides/resolutions was observed in this package.json, but install-time execution plus the duplicate dependency increases the chance of supply-chain or malicious behavior. Recommend: inspect engine-requirements.js and verify the lru-cache package provenance and why it appears in both sections; audit transitive dependencies before trusting this package.

@ashthomascode/hal

2.3.2

by ashthomascode

Live on npm

Blocked by Socket

This package executes a local postinstall script (postInstall.cjs) during npm install, which is a high-risk action because it allows arbitrary code execution on the installer's machine. The declared dependencies 'fs' and 'util' are suspicious because they shadow Node core modules and may indicate typosquatting or malicious packages. Without inspecting postInstall.cjs and the content of the listed dependency packages, this package should be considered high risk. Recommend not installing until you: (1) review postInstall.cjs contents, (2) verify that the 'fs' and 'util' npm packages are intentional and safe (or remove them), and (3) run installs in an isolated environment if necessary.

azure-graphrbac

0.7.1000

Removed from npm

Blocked by Socket

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

n9router

0.3.91

by nightwalker89

Live on npm

Blocked by Socket

This dependency/module embeds a high-risk capability: an HTTP POST endpoint starts an external local executable/script named "9remote" from a path derived at runtime (next to process.execPath), suppresses the child’s stdio, and manages its lifecycle via signal handlers. Even without visible network exfiltration in this snippet, the spawn-on-web-request pattern is strongly inconsistent with benign application routing and warrants immediate review of the packaged "9remote" binary/script, its authorization model for calling the endpoint, and containment/removal if not explicitly intended by the project.

n8n-nodes-zalo-user-patchfree

0.71.69

by fallenhana

Removed from npm

Blocked by Socket

This file shows clear signs of tampering: key functionality that appears to configure and connect to PostgreSQL has been replaced by injected mocks (MOCK_MULTI_FUNCTION and assigned mock objects) with comments explicitly stating "BYPASS LICENSE CHECK" and similar. That is a supply-chain integrity issue — the module no longer performs its original DB/configure/authorization behavior and instead uses in-memory mocks that could hide or alter logic. The debug logger writes arbitrary data to a log file under control of an env var and may leak sensitive data if enabled. There is no direct evidence of network exfiltration or remote backdoor behavior in this fragment, but the injected bypass of license/DB config and the presence of obfuscated/dead code increases risk. I recommend treating this package as tampered with: restore from a trusted upstream source, audit the repository/history for the patch that injected the mocks, and search for other modifications. If the original package was expected to contact a real DB and enforce a license, this modification could allow unauthorized usage or hide operations. Replace or remove the injected mocks and the debug logging in production.

Live on npm for 1 day, 21 hours and 48 minutes before removal. Socket users were protected even while the package was live.

coupanginfra.system-audit-logger

0.0.1

Live on openvsx

Blocked by Socket

This VS Code extension automatically collects identifiable system and environment information upon activation and exfiltrates it to a hardcoded external endpoint without user consent. On activation (with a 2-second delay), the extension harvests: username (process.env.USER/USERNAME), home directory (process.env.HOME/USERPROFILE), hostname (os.hostname()), platform, architecture, and timestamp. This data is serialized as JSON and sent via HTTPS POST to webhook[.]site/4fb4f536-753c-40de-97e1-15d661a62b85. The same exfiltration function can also be triggered manually via the 'systemAuditLogger.testWebhook' command. There is no opt-in mechanism, no user consent prompt, and no configuration to disable or redirect the data transmission. The webhook[.]site service is a public HTTP request capture tool commonly used for covert data collection. The extension name suggests it may be impersonating internal corporate infrastructure tooling (Coupang), adding a social engineering dimension to the supply-chain risk. No obfuscation or dynamic code execution is present, but the automatic exfiltration of PII to a third-party endpoint constitutes data theft.

lululemon-b2b-utils

90.9.0

by absshax1

Live on npm

Blocked by Socket

This file systematically collects extensive host and environment details—including environment variables, SSH keys, AWS credentials, Kubernetes service-account tokens, container metadata, CI/CD context, file system contents and process information—and exfiltrates everything to attacker-controlled infrastructure. Data is sent as JSON via HTTP POST to http://lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun/callback and covertly over DNS queries to lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun. This constitutes a high-risk supply-chain credential harvesting/backdoor module. Remove it immediately and audit any systems where it ran for potential compromise.

moapy

0.9.0.3

Removed from pypi

Blocked by Socket

This script performs potentially dangerous operations: it gathers local source and metadata and uploads them to remote services, reads credentials from environment variables and obtains a token which it forwards to a local service, and includes a hard-coded API key used to call an external execution endpoint. These behaviors constitute data-exfiltration and credential-leakage risks. While there is no explicit evidence of destructive malware (no reverse shell, no obfuscation, no direct system-damage commands), the presence of embedded secrets and automatic upload/execution of local code make this high-risk in terms of supply-chain or privacy/security exposure. I recommend not running this code in sensitive environments, removing hardcoded keys, and avoiding automatic upload of local source without explicit, authenticated, and audited consent.

Live on pypi for 3 hours and 23 minutes before removal. Socket users were protected even while the package was live.

auto-deep-research

0.1.0

Live on pypi

Blocked by Socket

This file implements a TCP server that listens on 0.0.0.0:12345, accepts connections from any IP address, and executes arbitrary shell commands received from the network using shell=True. No authentication or authorization is enforced, allowing anyone with network access to run commands on the host. This behavior poses a severe risk of remote code execution, effectively functioning as an unauthenticated backdoor if deployed on exposed systems.

github.com/timwhitez/doge-gabh

v1.9.3

Live on go

Blocked by Socket

This module is a high-suspicion reflective PE loader. It reads (or accepts) PE bytes, allocates PAGE_EXECUTE_READWRITE memory, relocates and manually maps PE headers/sections into that executable region using unsafe writes, and then exposes hashed exports as callable addresses. This strongly aligns with malware loader/evasion techniques rather than benign library behavior. No direct network exfiltration or credential theft is shown in this fragment, but the in-memory execution capability is a major security red flag.

opurva

1.0.0

Live on pypi

Blocked by Socket

This module intentionally mutates Twilio SDK internals to redirect API traffic to https://api.opurva.com and alters the API version. This pattern is a high-confidence supply-chain/backdoor indicator: it enables exfiltration of credentials and message data without implementing explicit network-sending logic in this file. Treat as malicious; do not use. Audit installations and block outbound traffic to the indicated domain until remediation.

adel-xnetgpt

5.5.2

by adellianadeveloper

Live on npm

Blocked by Socket

The code fragment demonstrates clear malicious intent embedded within prompts (doxxing, bomb-assembly details, API-safety bypass directives) and a logo signaling malware-focused capabilities. The runtime structure includes legitimate CLI scaffolding and API calls, but the embedded prompts create a credible risk of abuse, data leakage, and non-compliant behavior when integrated into external AI services. This represents a significant red flag for misuse, warranting removal or sanitization of harmful prompts, strict input validation, sandboxing of API interactions, auditing, and enforcing policy-compliant content generation.

dev-debugger-vite

1.12.7

by wishorn

Removed from npm

Blocked by Socket

The analyzed code is heavily obfuscated and exhibits multiple suspicious behaviors including dynamic code execution, file system manipulation in user directories, and repeated execution via timers. These are strong indicators of malicious intent, such as a backdoor or supply chain compromise. The provided reports are invalid and unhelpful. Without deobfuscation and dynamic analysis, the full extent of maliciousness cannot be confirmed, but the risk is high. It is recommended to treat this package as malicious and avoid its use until a thorough clean analysis is performed.

Live on npm for 4 hours and 37 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.4

Removed from pypi

Blocked by Socket

This file is a compact obfuscated loader that decodes and executes an embedded compressed payload. Because it uses exec on data-originating-from-within-the-file (the blob) and provides no inspection or verification, it is a high supply-chain risk. Treat it as potentially malicious until the decompressed payload is inspected in a safe environment. Do not run in production or privileged contexts.

Live on pypi for 1 day, 17 hours and 37 minutes before removal. Socket users were protected even while the package was live.

vcd-cli

24.0.1.dev1

Live on pypi

Blocked by Socket

The script introduces a clear backdoor risk by appending hardcoded SSH public keys to the ubuntu user's authorized_keys, enabling remote access for those keys without user consent or auditing. This constitutes a high-severity supply-chain and runtime-risk vector, particularly if the script is included in images or deployment tools without disclosure or provenance controls. Recommendation: remove hardcoded keys, implement secure provisioning via verifiable channels, enforce key management with rotation/audit, and add logging and input validation to detect and block unauthorized modifications.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles