Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

sbcli-dev

6.0.9

Live on pypi

Blocked by Socket

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

chomar-device-fingerprinting

1.9.11

by ercucan9

Removed from npm

Blocked by Socket

The main concern is the obfuscation of the code, which can hide malicious activities. The code seems to perform fingerprinting by gathering a variety of data points about the user's environment. Further analysis, such as deobfuscation and dynamic analysis, would be necessary to make a more informed assessment.

Live on npm for 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

kfsd

0.0.88

Live on pypi

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

@epic-social/social-modules

999.999.999

Live on npm

Blocked by Socket

While the execution of 'build.js' may be benign, the subsequent curl command raises significant security concerns as it could be used to exfiltrate data or send telemetry to an external server.

mtmai

0.3.1290

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

github.com/WithSecureLabs/drozer

v0.0.0-20250513111829-2fd39e940531

Live on go

Blocked by Socket

This code actively searches for an exposed Java object in the window environment and leverages Java reflection to obtain java.lang.Runtime, giving it the ability to execute arbitrary shell commands and load native libraries. It also performs local reconnaissance (id, ps) to discover package names. In an Android WebView that exposes a Java bridge to untrusted content, this is a high‑risk backdoor/post‑exploitation capability. Treat this code as malicious in most deployment contexts: do not expose Java bridges to untrusted pages and remove or audit any code that allows untrusted JS to call native functionality.

@kbr-gmbh/kbr-ebus

2.3.44-dev.2

by kbradmin

Live on npm

Blocked by Socket

This fragment elevates and executes package-local shell scripts as root (sudo), preserving the environment (-E). That pattern is high risk for supply-chain attacks: if the bash directory or preinstall.sh can be altered by an attacker (or was malicious in the distributed package), arbitrary root code execution follows. The missing import for exec is likely a bug, but whether accidental or intentional, it increases uncertainty. Recommend: do not run these scripts with sudo; remove -E; validate and cryptographically verify script contents, avoid executing package-provided scripts as root, and fix the missing child_process import. Treat as security alert and audit the referenced bash/preinstall.sh before allowing execution.

tailwind-merge-v2

99.99.1

by p3nt3st

Live on npm

Blocked by Socket

This package attempts to covertly send environment and host information to an external numeric IP address during installation. This constitutes telemetry/data exfiltration and is a high security risk. The use of plain HTTP and an IP address, plus collecting user/host/current-directory data, strongly suggests malicious or at least privacy-invasive behavior. Do not install or run this package in sensitive environments.

foundary

5.2.3

by daniel604

Removed from npm

Blocked by Socket

The code initiates a detached child process that runs an external script (`smtp-connection/index.js`) with its I/O streams ignored. This pattern is suspicious as it can be used to execute code in the background without direct visibility or control from the parent process. While it could be for legitimate background operations, the combination of detachment, ignored I/O, and unreferencing the child process raises concerns about potential hidden malicious activity, such as data exfiltration or establishing persistent connections.

Live on npm for 1 day, 15 hours and 13 minutes before removal. Socket users were protected even while the package was live.

con4gis/framework

1.1.17

Live on composer

Blocked by Socket

The provided file is a modified/tampered SweetAlert2 bundle containing a malicious payload: a locale- and host-targeted, delayed activation that disables page interaction and autoplays a looping audio file loaded from a third-party domain. This is a clear supply-chain compromise or malicious insertion. Immediate actions: do NOT use this package version; remove it from deployments; audit package integrity (compare with official upstream release, verify checksums/signatures); rotate any secrets that may have been exposed in environments where this version was deployed; notify maintainers and users. Replace with a clean, verified release and investigate how the compromise occurred.

fsd

0.0.766

Removed from pypi

Blocked by Socket

This code is not obviously a self-contained malware dropper, but it provides a high-privilege execution surface: it runs arbitrary shell commands (shell=True) and writes/appends to files based on external plans or user input without sanitization. That makes it dangerous in contexts where steps/plans or inputs are untrusted or come from remote services. If upstream agents or data are compromised, this module can be abused to execute arbitrary code, modify repository or system files, or launch persistent processes. Recommend treating inputs as untrusted, adding strict validation/sanitization for commands and file paths, avoiding shell=True or using explicit argument lists, and adding allowlists and dry-run / manual approval for changes.

Live on pypi for 5 days, 10 hours and 8 minutes before removal. Socket users were protected even while the package was live.

habu

0.0.35

Live on pypi

Blocked by Socket

This file implements a Slowloris-style Denial-of-Service tool: it opens multiple TCP connections to a target and periodically sends partial headers to keep connections alive, consuming server resources. There is no obfuscation or data-exfiltration behavior, but the code is intentionally disruptive and should not be used against systems without explicit authorization. The https option is not implemented, and there are minor coding issues (unused imports, list mutation during iteration). Treat this as malicious/offensive tooling and block or review usage according to policy.

docker-software-manager

0.1.3

Live on pypi

Blocked by Socket

The script functions as a cleanup utility targeting docker-gen/nginx artifacts and a related systemd unit. While it could be legitimate maintenance, the use of hardcoded, nonstandard unit path, incomplete cleanup markers, and unconditional disable without proper validation raises concerns about anti-forensic behavior and potential suppression of remnants after compromise. It warrants careful review in a supply-chain context to confirm intended behavior and ensure system integrity.

cloudcmd

19.9.19

by coderaiser

Live on npm

Blocked by Socket

High security risk. The fragment contains an explicit remote-code-execution mechanism by compiling and executing server-fetched user-menu text with Function(...), followed by invocation of those actions in the browser. It also dynamically loads additional JS modules at runtime and renders server-derived content using innerHTML-based templating, and includes an optional shell-command execution feature via bash -c. No overt malware exfiltration is visible in this fragment, but the structural execution primitives are severe and suitable for supply-chain/backdoor behavior if the server endpoints/templates/modules are compromised or insufficiently authorized.

uniquebible

0.1.64

Live on pypi

Blocked by Socket

The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.

jessa-vue-components

11.15.1563

Removed from npm

Blocked by Socket

The script is designed to exfiltrate sensitive system information to an external server via DNS queries. The use of obfuscation and the method of data transmission indicate malicious intent.

Live on npm for 1 hour and 10 minutes before removal. Socket users were protected even while the package was live.

github.com/BishopFox/sliver

v0.0.0-20200818125130-f7e23aa7de40

Live on go

Blocked by Socket

This module implements server-side RPC handlers of the Sliver implant framework that read/generate shellcode and DLL bytes, parse PE exports to compute reflective loader offsets, and forward marshalled requests containing executable payloads to remote implants via session.Request. There is no obfuscation or hidden credential theft, but the functionality enables remote arbitrary code execution, process migration, and DLL sideloading — operations that are malicious or dangerous outside an authorized red-team context. The code also contains some robustness issues (use of log.Fatal, limited validation when parsing PE files) that could affect availability.

354766/PurpleAILAB/Decepticon/web-exploitation/

c76d20efcd61c802af3d9504a893e9cb3307cdfc

Live on socket

Blocked by Socket

MALICIOUS. This skill is purpose-built to let an AI agent conduct real-world web exploitation, steal cloud credentials and data, establish shells, and escalate access. Its capabilities are fundamentally incompatible with a benign helper skill and create high-risk autonomous attack and exfiltration behavior.

svg-content-validation

1.0.5

by metrhogins

Removed from npm

Blocked by Socket

This module scans directories for .svg files and — when a file looks like SVG — attempts to ensure and execute an npm package (base64-decoded as 'svg-safety-tool') by installing it at runtime (or installing 'request') and then requiring it and calling its plugin function. That behavior presents a significant supply-chain and remote code execution risk: an attacker controlling the npm package (or the npm registry) could execute arbitrary code on systems that run this module. The base64-obfuscated package name, automatic installs, and invocation of third-party plugin code are strong red flags. I assess this as dangerous and not safe to use without strict controls (offline CI-approved deps, checksums/signatures, sandboxing).

Live on npm for 23 days, 9 hours and 48 minutes before removal. Socket users were protected even while the package was live.

carbonorm/carbonphp

14.6.8

Live on composer

Blocked by Socket

The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.

354766/wgpsec/AboutSecurity/jwt-attack-methodology/

4ed68e1c1069653c46dc2e32c7b87835e9548ef3

Live on socket

Blocked by Socket

This document is a step-by-step offensive guide demonstrating multiple confirmed JWT attacks (RS256→HS256 confusion, kid injection variants, jku/x5u replacement, and weak-key brute forcing). It contains actionable exploit examples that, when a server is misconfigured or vulnerable, enable authentication bypass and secret disclosure. The code snippets instruct reading sensitive files (e.g., /flag.txt) and using attacker-controlled keys or outputs as HMAC secrets, indicating clear malicious intent to compromise systems. Treat packages or code containing this content as malicious guidance; ensure servers strictly validate 'alg', sanitize and whitelist 'kid', avoid fetching keys from untrusted URLs, and use strong secrets.

elf-stats-storybook-reindeer-552

2.1.0

Live on npm

Blocked by Socket

This file implements a straightforward and functional reverse shell: it connects to a hardcoded remote IP:port, spawns /bin/sh, and pipes input/output between the shell and the network socket. This gives a remote actor arbitrary command execution and data exfiltration capabilities. The code is malicious in context and poses an immediate, high-risk threat. Remove/quarantine the file and treat systems that ran it as compromised.

sbcli-dev

6.0.9

Live on pypi

Blocked by Socket

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

chomar-device-fingerprinting

1.9.11

by ercucan9

Removed from npm

Blocked by Socket

The main concern is the obfuscation of the code, which can hide malicious activities. The code seems to perform fingerprinting by gathering a variety of data points about the user's environment. Further analysis, such as deobfuscation and dynamic analysis, would be necessary to make a more informed assessment.

Live on npm for 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

kfsd

0.0.88

Live on pypi

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

@epic-social/social-modules

999.999.999

Live on npm

Blocked by Socket

While the execution of 'build.js' may be benign, the subsequent curl command raises significant security concerns as it could be used to exfiltrate data or send telemetry to an external server.

mtmai

0.3.1290

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

github.com/WithSecureLabs/drozer

v0.0.0-20250513111829-2fd39e940531

Live on go

Blocked by Socket

This code actively searches for an exposed Java object in the window environment and leverages Java reflection to obtain java.lang.Runtime, giving it the ability to execute arbitrary shell commands and load native libraries. It also performs local reconnaissance (id, ps) to discover package names. In an Android WebView that exposes a Java bridge to untrusted content, this is a high‑risk backdoor/post‑exploitation capability. Treat this code as malicious in most deployment contexts: do not expose Java bridges to untrusted pages and remove or audit any code that allows untrusted JS to call native functionality.

@kbr-gmbh/kbr-ebus

2.3.44-dev.2

by kbradmin

Live on npm

Blocked by Socket

This fragment elevates and executes package-local shell scripts as root (sudo), preserving the environment (-E). That pattern is high risk for supply-chain attacks: if the bash directory or preinstall.sh can be altered by an attacker (or was malicious in the distributed package), arbitrary root code execution follows. The missing import for exec is likely a bug, but whether accidental or intentional, it increases uncertainty. Recommend: do not run these scripts with sudo; remove -E; validate and cryptographically verify script contents, avoid executing package-provided scripts as root, and fix the missing child_process import. Treat as security alert and audit the referenced bash/preinstall.sh before allowing execution.

tailwind-merge-v2

99.99.1

by p3nt3st

Live on npm

Blocked by Socket

This package attempts to covertly send environment and host information to an external numeric IP address during installation. This constitutes telemetry/data exfiltration and is a high security risk. The use of plain HTTP and an IP address, plus collecting user/host/current-directory data, strongly suggests malicious or at least privacy-invasive behavior. Do not install or run this package in sensitive environments.

foundary

5.2.3

by daniel604

Removed from npm

Blocked by Socket

The code initiates a detached child process that runs an external script (`smtp-connection/index.js`) with its I/O streams ignored. This pattern is suspicious as it can be used to execute code in the background without direct visibility or control from the parent process. While it could be for legitimate background operations, the combination of detachment, ignored I/O, and unreferencing the child process raises concerns about potential hidden malicious activity, such as data exfiltration or establishing persistent connections.

Live on npm for 1 day, 15 hours and 13 minutes before removal. Socket users were protected even while the package was live.

con4gis/framework

1.1.17

Live on composer

Blocked by Socket

The provided file is a modified/tampered SweetAlert2 bundle containing a malicious payload: a locale- and host-targeted, delayed activation that disables page interaction and autoplays a looping audio file loaded from a third-party domain. This is a clear supply-chain compromise or malicious insertion. Immediate actions: do NOT use this package version; remove it from deployments; audit package integrity (compare with official upstream release, verify checksums/signatures); rotate any secrets that may have been exposed in environments where this version was deployed; notify maintainers and users. Replace with a clean, verified release and investigate how the compromise occurred.

fsd

0.0.766

Removed from pypi

Blocked by Socket

This code is not obviously a self-contained malware dropper, but it provides a high-privilege execution surface: it runs arbitrary shell commands (shell=True) and writes/appends to files based on external plans or user input without sanitization. That makes it dangerous in contexts where steps/plans or inputs are untrusted or come from remote services. If upstream agents or data are compromised, this module can be abused to execute arbitrary code, modify repository or system files, or launch persistent processes. Recommend treating inputs as untrusted, adding strict validation/sanitization for commands and file paths, avoiding shell=True or using explicit argument lists, and adding allowlists and dry-run / manual approval for changes.

Live on pypi for 5 days, 10 hours and 8 minutes before removal. Socket users were protected even while the package was live.

habu

0.0.35

Live on pypi

Blocked by Socket

This file implements a Slowloris-style Denial-of-Service tool: it opens multiple TCP connections to a target and periodically sends partial headers to keep connections alive, consuming server resources. There is no obfuscation or data-exfiltration behavior, but the code is intentionally disruptive and should not be used against systems without explicit authorization. The https option is not implemented, and there are minor coding issues (unused imports, list mutation during iteration). Treat this as malicious/offensive tooling and block or review usage according to policy.

docker-software-manager

0.1.3

Live on pypi

Blocked by Socket

The script functions as a cleanup utility targeting docker-gen/nginx artifacts and a related systemd unit. While it could be legitimate maintenance, the use of hardcoded, nonstandard unit path, incomplete cleanup markers, and unconditional disable without proper validation raises concerns about anti-forensic behavior and potential suppression of remnants after compromise. It warrants careful review in a supply-chain context to confirm intended behavior and ensure system integrity.

cloudcmd

19.9.19

by coderaiser

Live on npm

Blocked by Socket

High security risk. The fragment contains an explicit remote-code-execution mechanism by compiling and executing server-fetched user-menu text with Function(...), followed by invocation of those actions in the browser. It also dynamically loads additional JS modules at runtime and renders server-derived content using innerHTML-based templating, and includes an optional shell-command execution feature via bash -c. No overt malware exfiltration is visible in this fragment, but the structural execution primitives are severe and suitable for supply-chain/backdoor behavior if the server endpoints/templates/modules are compromised or insufficiently authorized.

uniquebible

0.1.64

Live on pypi

Blocked by Socket

The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.

jessa-vue-components

11.15.1563

Removed from npm

Blocked by Socket

The script is designed to exfiltrate sensitive system information to an external server via DNS queries. The use of obfuscation and the method of data transmission indicate malicious intent.

Live on npm for 1 hour and 10 minutes before removal. Socket users were protected even while the package was live.

github.com/BishopFox/sliver

v0.0.0-20200818125130-f7e23aa7de40

Live on go

Blocked by Socket

This module implements server-side RPC handlers of the Sliver implant framework that read/generate shellcode and DLL bytes, parse PE exports to compute reflective loader offsets, and forward marshalled requests containing executable payloads to remote implants via session.Request. There is no obfuscation or hidden credential theft, but the functionality enables remote arbitrary code execution, process migration, and DLL sideloading — operations that are malicious or dangerous outside an authorized red-team context. The code also contains some robustness issues (use of log.Fatal, limited validation when parsing PE files) that could affect availability.

354766/PurpleAILAB/Decepticon/web-exploitation/

c76d20efcd61c802af3d9504a893e9cb3307cdfc

Live on socket

Blocked by Socket

MALICIOUS. This skill is purpose-built to let an AI agent conduct real-world web exploitation, steal cloud credentials and data, establish shells, and escalate access. Its capabilities are fundamentally incompatible with a benign helper skill and create high-risk autonomous attack and exfiltration behavior.

svg-content-validation

1.0.5

by metrhogins

Removed from npm

Blocked by Socket

This module scans directories for .svg files and — when a file looks like SVG — attempts to ensure and execute an npm package (base64-decoded as 'svg-safety-tool') by installing it at runtime (or installing 'request') and then requiring it and calling its plugin function. That behavior presents a significant supply-chain and remote code execution risk: an attacker controlling the npm package (or the npm registry) could execute arbitrary code on systems that run this module. The base64-obfuscated package name, automatic installs, and invocation of third-party plugin code are strong red flags. I assess this as dangerous and not safe to use without strict controls (offline CI-approved deps, checksums/signatures, sandboxing).

Live on npm for 23 days, 9 hours and 48 minutes before removal. Socket users were protected even while the package was live.

carbonorm/carbonphp

14.6.8

Live on composer

Blocked by Socket

The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.

354766/wgpsec/AboutSecurity/jwt-attack-methodology/

4ed68e1c1069653c46dc2e32c7b87835e9548ef3

Live on socket

Blocked by Socket

This document is a step-by-step offensive guide demonstrating multiple confirmed JWT attacks (RS256→HS256 confusion, kid injection variants, jku/x5u replacement, and weak-key brute forcing). It contains actionable exploit examples that, when a server is misconfigured or vulnerable, enable authentication bypass and secret disclosure. The code snippets instruct reading sensitive files (e.g., /flag.txt) and using attacker-controlled keys or outputs as HMAC secrets, indicating clear malicious intent to compromise systems. Treat packages or code containing this content as malicious guidance; ensure servers strictly validate 'alg', sanitize and whitelist 'kid', avoid fetching keys from untrusted URLs, and use strong secrets.

elf-stats-storybook-reindeer-552

2.1.0

Live on npm

Blocked by Socket

This file implements a straightforward and functional reverse shell: it connects to a hardcoded remote IP:port, spawns /bin/sh, and pipes input/output between the shell and the network socket. This gives a remote actor arbitrary command execution and data exfiltration capabilities. The code is malicious in context and poses an immediate, high-risk threat. Remove/quarantine the file and treat systems that ran it as compromised.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles