Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

requiirments

1.0.0

Removed from pypi

Blocked by Socket

The code is highly suspicious due to its use of obfuscation, decryption, and execution of hidden code. It poses a significant security risk, especially to Windows systems, and is indicative of potentially malicious behavior.

Live on pypi for 1 hour and 52 minutes before removal. Socket users were protected even while the package was live.

neoagent

2.1.18-beta.88

by neo_original_

Live on npm

Blocked by Socket

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.

paypal-logger

5.3.0

by jpdtestjpd

Removed from npm

Blocked by Socket

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 1 hour and 37 minutes before removal. Socket users were protected even while the package was live.

n8n-nodes-jygse-vw-weconnect

0.2.0

Live on npm

Blocked by Socket

The code fragment appears compromised/tampered: it contains a hardcoded, suspicious homeRegion ('https://mal-1a.prd.ece.vwg-connect.com') that would redirect authenticated API calls and sensitive data (access/refresh tokens, id token, security PIN) to an attacker-controlled endpoint. Combined with incomplete and inconsistent vwLogin logic and weak crypto practices, this is a severe supply-chain/security incident. Treat this package as compromised: do not use, do not provide credentials to it, and compare against a trusted upstream source or revert to a verified clean version.

phantom-module

111.0.0

by lwirz

Live on npm

Blocked by Socket

This module intentionally reads a local application log and exfiltrates discovered HTB-style flags or contextual log snippets to a hardcoded external HTTP endpoint. It uses hardcoded IDs and IP, suppresses errors/responses for stealth, retries to ensure delivery, and performs the action as a side-effect on module load. Treat this package as a backdoor/exfiltration payload and do not deploy it in production. Investigate systems where this code ran, rotate any potentially exposed credentials, and block the destination IP.

fas-console-logger

1.0.5

by itbees

Live on npm

Blocked by Socket

The code poses a security risk due to the transmission of potentially sensitive data (console logs and local storage) to a remote server. This could lead to data leakage if not properly secured or if sensitive information is stored in local storage. The code is not obfuscated, but the behavior of sending data without explicit user consent could be considered malicious.

cli-anything-zotero

0.9.5

Live on pypi

Blocked by Socket

This fragment registers an HTTP endpoint (/cli-bridge/eval) that performs server-side arbitrary JavaScript execution by eval’ing attacker-controlled request body text and returning both execution results and error messages to the caller. The lack of visible authentication/authorization, input validation, and sandboxing makes this an extremely high security risk and is consistent with remote code execution/backdoor-like functionality rather than a benign helper.

videocall-cli

1.0.27

Live on cargo

Blocked by Socket

The code intentionally disables TLS certificate verification by always trusting the server certificate, creating a significant security risk and potential backdoor in TLS connections. This is a high-risk construct that should not be used in production; it enables MITM attacks and data leakage. If present in a published crate, it represents a dangerous supply-chain risk.

@spectrum-web-components/coachmark

1.1.0-beta.53

by rubenc

Live on npm

Blocked by Socket

This code exhibits extreme obfuscation that prevents any meaningful security analysis. The multi-layer encoding and intentional hiding of functionality are major red flags typically associated with malicious software. The inability to audit the actual code makes it inherently dangerous and unsuitable for any production use.

github.com/bishopfox/sliver

v1.5.40-0.20240117221112-d9db5752c12d

Live on go

Blocked by Socket

This source file is an HTTP client component of the Sliver implant C2 framework. It establishes encrypted sessions, polls for commands, and sends results to a remote server. In the context of general software supply chains or public packages, this is malicious/surveillance/backdoor functionality: it enables remote control and data exchange with an operator-controlled server. The code uses some weak randomness (math/rand) for nonce/header obfuscation and reads configuration including proxy credentials from URL query parameters. No direct local destructive actions are present in this file, but the networked C2 behavior is a high-security risk. Use of this module in production or inclusion in benign projects is strongly discouraged unless for authorized security testing.

ecto-spirit-core

2.14.800

by ectoplast232

Live on npm

Blocked by Socket

This code is malicious and functions as a backdoor/dropper. It downloads and executes a remote script and establishes multiple independent reverse shells to a hardcoded attacker IP, using detached background processes and silent error handling to evade detection. Do not execute this code. If it ran on a system, treat the host as compromised: isolate the system, preserve forensic artifacts (process list, /tmp/.s.sh if present, network connections), and perform full incident response (credential rotation, integrity checks, restore from known-good backups).

capesolo

0.4.12

Live on pypi

Blocked by Socket

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

@qingchencloud/openclaw-zh

2026.2.15-nightly.202602160518

Live on npm

Blocked by Socket

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

@graphql-hive/laboratory

0.1.4-rc-20260415114402-75d178bfebb41ffec2583abc897c025ab0f99903

by theguild-bot

Live on npm

Blocked by Socket

High security risk. The module includes an explicit arbitrary JavaScript execution mechanism for preflight scripts inside a Web Worker using `AsyncFunction` and `with(lab){...}` with attacker-controlled script text. Preflight scripts can mutate `env.variables` and construct `lab.request.headers`, which are returned to the main thread and merged into real GraphQL HTTP/WS requests. Additionally, the `share` URL import can inject crafted headers/variables/extensions into runtime, amplifying impact. Use only with strictly trusted preflight scripts and tightly controlled shared-link/import sources; otherwise, treat as unsafe.

base-plugin

2.6.1

by smaroop

Removed from npm

Blocked by Socket

This file collects system and user information (e.g., hostname, home directory, DNS servers, username, and package details) and sends it to a suspicious domain (mxnflcjlgevmgozcifid6oydx43vrmia7[.]oastify[.]com) over HTTPS without user consent. This behavior is consistent with spyware or data exfiltration malware and poses a significant security risk.

Live on npm for 2 days, 20 hours and 52 minutes before removal. Socket users were protected even while the package was live.

uploadcare-jotform-widget

68.2.22

by adityan_captain_rip

Removed from npm

Blocked by Socket

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

io.github.reajason:generator

2.4.2

Live on maven

Blocked by Socket

This class implements a memory-resident webshell/backdoor: it listens for specially-marked HTTP requests (controlled by headerName/headerValue), decodes and decrypts supplied bytecode, uses Unsafe/reflective defineClass to load it into the JVM, instantiates it, and returns encoded results. This enables arbitrary remote code execution inside the process and is a high-risk malicious component. Do not use; remove and investigate runtime impact and any persisted presence. Recommend incident response steps: isolate host, scan for similar classes, check static field values and where class was introduced, and rotate any credentials possibly exposed by the payload.

lazy-opentui

1.0.3

by rg-dev

Live on npm

Blocked by Socket

This fragment is strongly suspicious for supply-chain abuse because it embeds a platform-specific native binary payload, unpacks it at runtime, writes it to disk as native.node, and then alters module resolution so @opentui/core-* imports are redirected to the staged binary path. The absence of integrity/provenance verification for the unpacked native bytes significantly elevates risk. A secondary concern is the inclusion of a shell-based command-exists helper using child_process.exec/execSync, which could be problematic if commandName is ever attacker-controlled. While direct malware behaviors (e.g., network exfiltration) are not shown in this snippet, the drop-and-load native workflow is itself a high-risk technique and warrants urgent review and containment (e.g., sandboxing, binary hashing, and verifying the staged payload against trusted sources).

azure-graphrbac

5.15.1000

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 17 minutes before removal. Socket users were protected even while the package was live.

iparapheur-utils-beta

0.0.1.post279195

Live on pypi

Blocked by Socket

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

veritas-redteam

1.0.0

Live on pypi

Blocked by Socket

This file is an explicit attack module that orchestrates 'goal hijacking' by selecting malicious prompt payloads and invoking a target agent with them, then returning and logging the prompt and response. The code itself does not perform system/network I/O, but it intentionally causes other agents to perform potentially harmful actions. It leaks prompt snippets to stdout and returns raw prompt/response which increases risk of persistence or exfiltration. Treat as high-risk; remove or isolate from production pipelines and require strict access control, logging controls, and review if retained for red-team testing.

koa-cola

0.2.6

by hcnode

Live on npm

Blocked by Socket

This module contains a highly dangerous embedded client-side payload: it can inject inline JavaScript via dangerouslySetInnerHTML, execute eval() on DOM-derived content, perform AJAX requests whose target URL is derived from location.href, and overwrite document.body.innerHTML with server-provided HTML, then re-run binding logic. Even accounting for an apparent early-return that may make the wrapper logic unreachable in this exact snippet, the included payload is severe enough that the package should be treated as high risk and reviewed/isolated in a controlled environment before any use.

ighack

3.0

Removed from pypi

Blocked by Socket

This script abuses the instagram[.]com API via the ig[amon]scraper library to compromise user accounts. It prompts victims for their login credentials, installs the ‘igramscraper’ package at runtime if missing, then upon successful authentication automatically follows two hardcoded attacker accounts (IDs 3945561585 and 5582361961). Next, it fetches the victim’s followers or followings, asks for a single password, and in parallel tries that password across all harvested usernames—logging successful username|password pairs in plaintext and forcing each compromised session to follow attacker ID 3945561585. Execution of this code risks full exposure of real credentials, unauthorized mass login attempts, and involuntary propagation of attacker profiles.

Live on pypi for 103 days, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.

requiirments

1.0.0

Removed from pypi

Blocked by Socket

The code is highly suspicious due to its use of obfuscation, decryption, and execution of hidden code. It poses a significant security risk, especially to Windows systems, and is indicative of potentially malicious behavior.

Live on pypi for 1 hour and 52 minutes before removal. Socket users were protected even while the package was live.

neoagent

2.1.18-beta.88

by neo_original_

Live on npm

Blocked by Socket

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.

paypal-logger

5.3.0

by jpdtestjpd

Removed from npm

Blocked by Socket

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 1 hour and 37 minutes before removal. Socket users were protected even while the package was live.

n8n-nodes-jygse-vw-weconnect

0.2.0

Live on npm

Blocked by Socket

The code fragment appears compromised/tampered: it contains a hardcoded, suspicious homeRegion ('https://mal-1a.prd.ece.vwg-connect.com') that would redirect authenticated API calls and sensitive data (access/refresh tokens, id token, security PIN) to an attacker-controlled endpoint. Combined with incomplete and inconsistent vwLogin logic and weak crypto practices, this is a severe supply-chain/security incident. Treat this package as compromised: do not use, do not provide credentials to it, and compare against a trusted upstream source or revert to a verified clean version.

phantom-module

111.0.0

by lwirz

Live on npm

Blocked by Socket

This module intentionally reads a local application log and exfiltrates discovered HTB-style flags or contextual log snippets to a hardcoded external HTTP endpoint. It uses hardcoded IDs and IP, suppresses errors/responses for stealth, retries to ensure delivery, and performs the action as a side-effect on module load. Treat this package as a backdoor/exfiltration payload and do not deploy it in production. Investigate systems where this code ran, rotate any potentially exposed credentials, and block the destination IP.

fas-console-logger

1.0.5

by itbees

Live on npm

Blocked by Socket

The code poses a security risk due to the transmission of potentially sensitive data (console logs and local storage) to a remote server. This could lead to data leakage if not properly secured or if sensitive information is stored in local storage. The code is not obfuscated, but the behavior of sending data without explicit user consent could be considered malicious.

cli-anything-zotero

0.9.5

Live on pypi

Blocked by Socket

This fragment registers an HTTP endpoint (/cli-bridge/eval) that performs server-side arbitrary JavaScript execution by eval’ing attacker-controlled request body text and returning both execution results and error messages to the caller. The lack of visible authentication/authorization, input validation, and sandboxing makes this an extremely high security risk and is consistent with remote code execution/backdoor-like functionality rather than a benign helper.

videocall-cli

1.0.27

Live on cargo

Blocked by Socket

The code intentionally disables TLS certificate verification by always trusting the server certificate, creating a significant security risk and potential backdoor in TLS connections. This is a high-risk construct that should not be used in production; it enables MITM attacks and data leakage. If present in a published crate, it represents a dangerous supply-chain risk.

@spectrum-web-components/coachmark

1.1.0-beta.53

by rubenc

Live on npm

Blocked by Socket

This code exhibits extreme obfuscation that prevents any meaningful security analysis. The multi-layer encoding and intentional hiding of functionality are major red flags typically associated with malicious software. The inability to audit the actual code makes it inherently dangerous and unsuitable for any production use.

github.com/bishopfox/sliver

v1.5.40-0.20240117221112-d9db5752c12d

Live on go

Blocked by Socket

This source file is an HTTP client component of the Sliver implant C2 framework. It establishes encrypted sessions, polls for commands, and sends results to a remote server. In the context of general software supply chains or public packages, this is malicious/surveillance/backdoor functionality: it enables remote control and data exchange with an operator-controlled server. The code uses some weak randomness (math/rand) for nonce/header obfuscation and reads configuration including proxy credentials from URL query parameters. No direct local destructive actions are present in this file, but the networked C2 behavior is a high-security risk. Use of this module in production or inclusion in benign projects is strongly discouraged unless for authorized security testing.

ecto-spirit-core

2.14.800

by ectoplast232

Live on npm

Blocked by Socket

This code is malicious and functions as a backdoor/dropper. It downloads and executes a remote script and establishes multiple independent reverse shells to a hardcoded attacker IP, using detached background processes and silent error handling to evade detection. Do not execute this code. If it ran on a system, treat the host as compromised: isolate the system, preserve forensic artifacts (process list, /tmp/.s.sh if present, network connections), and perform full incident response (credential rotation, integrity checks, restore from known-good backups).

capesolo

0.4.12

Live on pypi

Blocked by Socket

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

@qingchencloud/openclaw-zh

2026.2.15-nightly.202602160518

Live on npm

Blocked by Socket

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

@graphql-hive/laboratory

0.1.4-rc-20260415114402-75d178bfebb41ffec2583abc897c025ab0f99903

by theguild-bot

Live on npm

Blocked by Socket

High security risk. The module includes an explicit arbitrary JavaScript execution mechanism for preflight scripts inside a Web Worker using `AsyncFunction` and `with(lab){...}` with attacker-controlled script text. Preflight scripts can mutate `env.variables` and construct `lab.request.headers`, which are returned to the main thread and merged into real GraphQL HTTP/WS requests. Additionally, the `share` URL import can inject crafted headers/variables/extensions into runtime, amplifying impact. Use only with strictly trusted preflight scripts and tightly controlled shared-link/import sources; otherwise, treat as unsafe.

base-plugin

2.6.1

by smaroop

Removed from npm

Blocked by Socket

This file collects system and user information (e.g., hostname, home directory, DNS servers, username, and package details) and sends it to a suspicious domain (mxnflcjlgevmgozcifid6oydx43vrmia7[.]oastify[.]com) over HTTPS without user consent. This behavior is consistent with spyware or data exfiltration malware and poses a significant security risk.

Live on npm for 2 days, 20 hours and 52 minutes before removal. Socket users were protected even while the package was live.

uploadcare-jotform-widget

68.2.22

by adityan_captain_rip

Removed from npm

Blocked by Socket

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

io.github.reajason:generator

2.4.2

Live on maven

Blocked by Socket

This class implements a memory-resident webshell/backdoor: it listens for specially-marked HTTP requests (controlled by headerName/headerValue), decodes and decrypts supplied bytecode, uses Unsafe/reflective defineClass to load it into the JVM, instantiates it, and returns encoded results. This enables arbitrary remote code execution inside the process and is a high-risk malicious component. Do not use; remove and investigate runtime impact and any persisted presence. Recommend incident response steps: isolate host, scan for similar classes, check static field values and where class was introduced, and rotate any credentials possibly exposed by the payload.

lazy-opentui

1.0.3

by rg-dev

Live on npm

Blocked by Socket

This fragment is strongly suspicious for supply-chain abuse because it embeds a platform-specific native binary payload, unpacks it at runtime, writes it to disk as native.node, and then alters module resolution so @opentui/core-* imports are redirected to the staged binary path. The absence of integrity/provenance verification for the unpacked native bytes significantly elevates risk. A secondary concern is the inclusion of a shell-based command-exists helper using child_process.exec/execSync, which could be problematic if commandName is ever attacker-controlled. While direct malware behaviors (e.g., network exfiltration) are not shown in this snippet, the drop-and-load native workflow is itself a high-risk technique and warrants urgent review and containment (e.g., sandboxing, binary hashing, and verifying the staged payload against trusted sources).

azure-graphrbac

5.15.1000

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 17 minutes before removal. Socket users were protected even while the package was live.

iparapheur-utils-beta

0.0.1.post279195

Live on pypi

Blocked by Socket

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

veritas-redteam

1.0.0

Live on pypi

Blocked by Socket

This file is an explicit attack module that orchestrates 'goal hijacking' by selecting malicious prompt payloads and invoking a target agent with them, then returning and logging the prompt and response. The code itself does not perform system/network I/O, but it intentionally causes other agents to perform potentially harmful actions. It leaks prompt snippets to stdout and returns raw prompt/response which increases risk of persistence or exfiltration. Treat as high-risk; remove or isolate from production pipelines and require strict access control, logging controls, and review if retained for red-team testing.

koa-cola

0.2.6

by hcnode

Live on npm

Blocked by Socket

This module contains a highly dangerous embedded client-side payload: it can inject inline JavaScript via dangerouslySetInnerHTML, execute eval() on DOM-derived content, perform AJAX requests whose target URL is derived from location.href, and overwrite document.body.innerHTML with server-provided HTML, then re-run binding logic. Even accounting for an apparent early-return that may make the wrapper logic unreachable in this exact snippet, the included payload is severe enough that the package should be treated as high risk and reviewed/isolated in a controlled environment before any use.

ighack

3.0

Removed from pypi

Blocked by Socket

This script abuses the instagram[.]com API via the ig[amon]scraper library to compromise user accounts. It prompts victims for their login credentials, installs the ‘igramscraper’ package at runtime if missing, then upon successful authentication automatically follows two hardcoded attacker accounts (IDs 3945561585 and 5582361961). Next, it fetches the victim’s followers or followings, asks for a single password, and in parallel tries that password across all harvested usernames—logging successful username|password pairs in plaintext and forcing each compromised session to follow attacker ID 3945561585. Execution of this code risks full exposure of real credentials, unauthorized mass login attempts, and involuntary propagation of attacker profiles.

Live on pypi for 103 days, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles