Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

ms-vlmeval

0.1.0

Removed from pypi

Blocked by Socket

This module performs dataset download, reads pickled blobs from the downloaded snapshot, deserializes them with pickle.load, and writes extracted video bytes to disk; it also builds prompts and sends them to an external judge API. The immediate, high-risk issue is the untrusted pickle deserialization: deserializing pickles from a remote snapshot can lead to arbitrary code execution (RCE). Secondary risks include possible path traversal via unsanitized video_name when writing files and data leakage to external model APIs. I rate this as a significant security risk for supply-chain/malicious dataset content. Avoid running unwrap_hf_pkl or prepare_dataset on untrusted snapshots without first verifying and sandboxing the pickles (prefer using safe formats, signature/integrity checks, or an isolated execution environment).

Live on pypi for 3 hours and 11 minutes before removal. Socket users were protected even while the package was live.

ecojupyter

0.1.235

Live on pypi

Blocked by Socket

The analyzed code contains several high-risk patterns that could enable data leakage, remote control, or host compromise if misused. Notably: (a) arbitrary code execution in a Jupyter kernel via handleNotebookSessionContents, (b) downloading/executing an external installer with elevated privileges from GitHub, and (c) transmitting tokens and environment-derived data to external services. While these patterns may be intended for advanced monitoring, they require strict controls (least privilege, sandboxing, explicit consent, and integrity checks). Recommend treating as medium-to-high risk, with a need for formal threat modeling, code signing for external scripts, limited scope of kernel execution, and removal or hardening of host-level installers in production.

github.com/bishopfox/sliver

v0.0.0-20210407100104-613aaba35203

Live on go

Blocked by Socket

This file implements a DNS-based command-and-control transport (Sliver implant DNS C2). It encodes, fragments and transmits encrypted payloads via DNS TXT queries to an operator-controlled parent domain and receives commands the same way. The code provides full C2 capabilities (session bootstrap, encrypted send/receive, block reassembly). It also includes weaknesses: insecure random number generator for nonces/IDs and an unbounded in-memory replay cache. Given its functionality, this code is malicious in the general software supply-chain context and poses a high security risk if present in a dependency.

python-rootpath

0.1.7

Live on pypi

Blocked by Socket

This module manipulates sys.path to ensure code is loaded from the project root, then reaches out to https://pastebin[.]com/raw/mPx5K6DN (via urllib.request with a 2 s timeout), writes the returned payload bytes into a file named current.py alongside __init__.py, immediately imports rootpath.current (thereby executing arbitrary remote code with the host process’s privileges), and finally unlinks current.py to hide the fetched payload. There is no integrity check, sandboxing, or user consent—this is high-risk remote-code-execution supply-chain backdoor behavior.

github.com/v2fly/v2ray-core

v1.24.5-0.20200731063508-d84507ae15d4

Live on go

Blocked by Socket

This fragment performs unguarded, targeted tampering with supply-chain integrity controls: it deletes infra/control/verify.go and attempts to remove 'VSign' from the Go module configuration in-place. While there is no evidence of exfiltration or network activity, the actions are strongly consistent with disabling verification/signing mechanisms and therefore represent a high security risk.

norsodikin

0.2.dev3

Live on pypi

Blocked by Socket

This file includes hardcoded credentials (a Telegram bot token and chat ID) and transmits newly created SSH usernames and passwords to a remote endpoint (e.g., example[.]com) without user consent.

mroylib-min

1.8.8

Live on pypi

Blocked by Socket

This code is malicious or at minimum intentionally dangerous. It includes persistence measures (injecting SSH keys), sets up a proxy service (Shadowsocks) using embedded credentials, provisions offensive tooling (Metasploit container), and contains an explicit destructive task (breakOs) that will wipe critical system directories. The module provides unfettered remote command execution and file upload capabilities. Do not run this code on any system you care about; consider it hostile and remove or quarantine it.

horridapi

1.0.55

Live on pypi

Blocked by Socket

The code unconditionally sends sensitive configuration (mongo_url) and user data to a hard-coded third-party API. This constitutes a high supply-chain and data-exfiltration risk. Treat the module as unsafe for production until the remote service is verified, credential leakage is prevented, and proper error handling and least-privilege controls are implemented.

myagent

3.9.99

by lnsspsd

Live on npm

Blocked by Socket

The code exhibits a high-risk anti-pattern by using eval on user-supplied CLI input to mutate a settings object and then persisting that configuration to disk. This enables arbitrary code execution, unintended property manipulation, and potential leakage or misuse of sensitive configuration. Recommend removing eval entirely, replacing with a strict whitelist-based property updater, JSON parsing/validation, and proper authentication/permissions checks before writing to disk. Overall risk is high due to runtime code execution and disk persistence of configuration.

@emeraldsquad/json-stable-stringify

1.0.14

by emeraldsquad-npm

Live on npm

Blocked by Socket

This file contains a hidden encrypted payload that is conditionally decrypted using host/environment-derived values and then executed with eval. That design is strongly indicative of a targeted backdoor/supply-chain implant. Because the decrypted code is not visible, the exact malicious actions cannot be enumerated statically, but the pattern allows arbitrary code execution and potential credential/exfiltration activity on any host where decryption succeeds. Treat this package as compromised and high-risk: remove or block the package, audit affected hosts for indicators of compromise, and rotate any potentially exposed credentials (npm configs, Artifactory keys, environment secrets).

@usaa-grp-ent-conv-platform/usaa

1.1.17

by th3_mad_hack3r

Live on npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by collecting and transmitting sensitive system information to external servers without user consent. The use of suspicious domains and extensive data gathering indicates potential data exfiltration and unauthorized access.

atestofwhatmighthappenifwetypo

0.0.9

by davycrockett5729492

Removed from npm

Blocked by Socket

The source code exhibits clear signs of malicious behavior, including downloading and executing files from an external domain, changing file permissions, and running the files with elevated permissions. The risk and malware scores should be high due to the potential for significant harm. The obfuscation score is lower, as the code is not heavily obfuscated but does contain some minor obfuscation techniques.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

corio

2.0.8

Live on pypi

Blocked by Socket

The script contains a high-risk backdoor-like capability: when FMTR_DEV is enabled, it opens root SSH access with a hardcoded password, dumps environment data, and runs SSH in foreground with verbose logging. This undermines container isolation, enables remote compromise, and poses severe supply-chain security risks. It should be removed or replaced with secure, auditable behavior (e.g., disallow root SSH, use proper authentication via keys, avoid dumping environment, and validate inputs).

sane-fmt/action

a80894d5577e559ac1b4da9c6daa19e8dedbe360

Live on actions

Blocked by Socket

The analyzed fragment implements dynamic download and execution of an external binary from a remote release channel during a CI workflow. While this pattern can be legitimate for tooling, it introduces substantial supply-chain and runtime security risks due to lack of integrity verification, reliance on external binaries, and execution of downloaded code with elevated permissions in a CI environment. Recommend removing or hardening the dynamic download/execution path: use signed, verified binaries; implement checksum/signature verification; pin to a known-good hash; consider vendoring the tool or embedding it in the repository; restrict what inputs can influence the binary download; and add strict sandboxing or runner policies to prevent unintended data exposure or host compromise.

github.com/weaveworks/weave

v0.10.1-0.20150518222835-9017888b9c22

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

promise-react-com

1.0.2

by nousepromise

Live on npm

Blocked by Socket

The flagged file implements a React upload component that, upon user file selection, appends the file to a FormData and issues an unencrypted HTTP POST to http://kg[.]zhaodashen[.]cn/mt/admin/upload.jsp. There is no user consent prompt, file validation or use of HTTPS, and the hardcoded endpoint belongs to an unknown domain. This behavior constitutes unauthorized data exfiltration and a high-severity privacy breach, indicating malicious intent.

codemirror-plugin-analytics

1.0.0

by saiansh2525

Live on npm

Blocked by Socket

The code implements unauthorized analytics by intercepting CodeMirror usage and sending user identifiers and editor state to a suspicious external server without user consent. It contains bugs in fetch usage that may prevent proper data transmission but still represents a serious privacy violation and potential malware behavior. The override of a global constructor to inject this behavior is suspicious and obfuscates intent. Users should consider this code malicious and avoid using it.

leadtools.async.dll.netframework

20.0.0

by LEADTOOLS

Live on nuget

Blocked by Socket

Conclusion: This code fragment demonstrates strong obfuscation coupled with runtime payload decryption and unmanaged code loading capabilities, creating significant supply-chain and security risks. It warrants strict provenance verification, integrity checks (signatures/hashes), and comprehensive offline analysis in a secure sandbox prior to any use or distribution. The combination of hard-coded cryptographic material, memory-injection primitives, and dynamic loader patterns elevates the risk to a high level.

ocs-academic-hub

0.99.26

Live on pypi

Blocked by Socket

This code exhibits high-risk behavior: it reads a JWT from a user's browser localStorage via injected notebook JavaScript and transmits it to a hard-coded external endpoint, uses eval() on network-provided data (allowing remote code execution), and disables TLS verification for a request to the same endpoint. These patterns are consistent with credential exfiltration and remote-code-execution backdoors. Do not run this code in environments with sensitive credentials; treat it as malicious or at minimum extremely unsafe and refactor to remove eval, re-enable TLS verification, and avoid silent client-side token exfiltration.

abc-0329

1644657970

Live on pypi

Blocked by Socket

The module acts as a local HTTP agent/relay that collects user_key and client IPs, calls local services, and regularly posts aggregated 'online_user_list' and related metadata to a hard-coded remote domain using an embedded API key. Even though no interactive shell or destructive code is obvious in the readable portions, the automatic exfiltration behavior (periodic heartbeat plus proxied remote calls) and hard-coded credentials/endpoints are characteristic of a backdoor/telemetry agent. Treat this package as suspicious: do not run in trusted environments until provenance is validated, remote endpoints and the embedded API_KEY are audited, and the garbled/corrupted file content is resolved to a clean source for full review.

bsdploy

3.0.0b2

Live on pypi

Blocked by Socket

A shell script modifies the SSH server configuration to allow root login without a password, moves an authorized_keys file from a temporary location into the root user’s SSH directory, and attempts to reload SSH. These actions collectively create a high-risk scenario by enabling potential unauthorized root access. No external domains or IP addresses have been observed.

@multiplytech/openclaw

2026.2.15-pairing-code.5

Live on npm

Blocked by Socket

Based on the provided manifest/README, Peekaboo's capabilities align with its stated purpose (macOS UI automation). No explicit signs of embedded malware, obfuscation, hardcoded secrets, or network exfiltration are present in this document. The primary risks are: (1) supply-chain/trust risk from a third-party Homebrew tap installer; (2) local abuse via high-privilege APIs (Accessibility/Screen Recording) and execution of untrusted .peekaboo.json scripts; and (3) local secret exposure via clipboard and stored config credentials. Recommend: verify and audit the Homebrew tap and package source before installation, inspect the binary/source if possible, restrict access to stored config files, and treat any automation scripts as untrusted input. Avoid running scripts from untrusted sources and limit granted macOS permissions to necessary scopes.

azure-graphrbac

7.17.1000

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 12 hours and 44 minutes before removal. Socket users were protected even while the package was live.

jbrowse

1.0.0

by 0x2458

Removed from npm

Blocked by Socket

This file gathers user data, environment variables, and sensitive system files (e.g., /etc/passwd or the Windows hosts file) and sends them via a POST request to a suspicious remote domain (example[.]com). The purpose is clearly data theft, indicating malicious intent and a significant security threat.

Live on npm for 14 days, 5 hours and 9 minutes before removal. Socket users were protected even while the package was live.

ms-vlmeval

0.1.0

Removed from pypi

Blocked by Socket

This module performs dataset download, reads pickled blobs from the downloaded snapshot, deserializes them with pickle.load, and writes extracted video bytes to disk; it also builds prompts and sends them to an external judge API. The immediate, high-risk issue is the untrusted pickle deserialization: deserializing pickles from a remote snapshot can lead to arbitrary code execution (RCE). Secondary risks include possible path traversal via unsanitized video_name when writing files and data leakage to external model APIs. I rate this as a significant security risk for supply-chain/malicious dataset content. Avoid running unwrap_hf_pkl or prepare_dataset on untrusted snapshots without first verifying and sandboxing the pickles (prefer using safe formats, signature/integrity checks, or an isolated execution environment).

Live on pypi for 3 hours and 11 minutes before removal. Socket users were protected even while the package was live.

ecojupyter

0.1.235

Live on pypi

Blocked by Socket

The analyzed code contains several high-risk patterns that could enable data leakage, remote control, or host compromise if misused. Notably: (a) arbitrary code execution in a Jupyter kernel via handleNotebookSessionContents, (b) downloading/executing an external installer with elevated privileges from GitHub, and (c) transmitting tokens and environment-derived data to external services. While these patterns may be intended for advanced monitoring, they require strict controls (least privilege, sandboxing, explicit consent, and integrity checks). Recommend treating as medium-to-high risk, with a need for formal threat modeling, code signing for external scripts, limited scope of kernel execution, and removal or hardening of host-level installers in production.

github.com/bishopfox/sliver

v0.0.0-20210407100104-613aaba35203

Live on go

Blocked by Socket

This file implements a DNS-based command-and-control transport (Sliver implant DNS C2). It encodes, fragments and transmits encrypted payloads via DNS TXT queries to an operator-controlled parent domain and receives commands the same way. The code provides full C2 capabilities (session bootstrap, encrypted send/receive, block reassembly). It also includes weaknesses: insecure random number generator for nonces/IDs and an unbounded in-memory replay cache. Given its functionality, this code is malicious in the general software supply-chain context and poses a high security risk if present in a dependency.

python-rootpath

0.1.7

Live on pypi

Blocked by Socket

This module manipulates sys.path to ensure code is loaded from the project root, then reaches out to https://pastebin[.]com/raw/mPx5K6DN (via urllib.request with a 2 s timeout), writes the returned payload bytes into a file named current.py alongside __init__.py, immediately imports rootpath.current (thereby executing arbitrary remote code with the host process’s privileges), and finally unlinks current.py to hide the fetched payload. There is no integrity check, sandboxing, or user consent—this is high-risk remote-code-execution supply-chain backdoor behavior.

github.com/v2fly/v2ray-core

v1.24.5-0.20200731063508-d84507ae15d4

Live on go

Blocked by Socket

This fragment performs unguarded, targeted tampering with supply-chain integrity controls: it deletes infra/control/verify.go and attempts to remove 'VSign' from the Go module configuration in-place. While there is no evidence of exfiltration or network activity, the actions are strongly consistent with disabling verification/signing mechanisms and therefore represent a high security risk.

norsodikin

0.2.dev3

Live on pypi

Blocked by Socket

This file includes hardcoded credentials (a Telegram bot token and chat ID) and transmits newly created SSH usernames and passwords to a remote endpoint (e.g., example[.]com) without user consent.

mroylib-min

1.8.8

Live on pypi

Blocked by Socket

This code is malicious or at minimum intentionally dangerous. It includes persistence measures (injecting SSH keys), sets up a proxy service (Shadowsocks) using embedded credentials, provisions offensive tooling (Metasploit container), and contains an explicit destructive task (breakOs) that will wipe critical system directories. The module provides unfettered remote command execution and file upload capabilities. Do not run this code on any system you care about; consider it hostile and remove or quarantine it.

horridapi

1.0.55

Live on pypi

Blocked by Socket

The code unconditionally sends sensitive configuration (mongo_url) and user data to a hard-coded third-party API. This constitutes a high supply-chain and data-exfiltration risk. Treat the module as unsafe for production until the remote service is verified, credential leakage is prevented, and proper error handling and least-privilege controls are implemented.

myagent

3.9.99

by lnsspsd

Live on npm

Blocked by Socket

The code exhibits a high-risk anti-pattern by using eval on user-supplied CLI input to mutate a settings object and then persisting that configuration to disk. This enables arbitrary code execution, unintended property manipulation, and potential leakage or misuse of sensitive configuration. Recommend removing eval entirely, replacing with a strict whitelist-based property updater, JSON parsing/validation, and proper authentication/permissions checks before writing to disk. Overall risk is high due to runtime code execution and disk persistence of configuration.

@emeraldsquad/json-stable-stringify

1.0.14

by emeraldsquad-npm

Live on npm

Blocked by Socket

This file contains a hidden encrypted payload that is conditionally decrypted using host/environment-derived values and then executed with eval. That design is strongly indicative of a targeted backdoor/supply-chain implant. Because the decrypted code is not visible, the exact malicious actions cannot be enumerated statically, but the pattern allows arbitrary code execution and potential credential/exfiltration activity on any host where decryption succeeds. Treat this package as compromised and high-risk: remove or block the package, audit affected hosts for indicators of compromise, and rotate any potentially exposed credentials (npm configs, Artifactory keys, environment secrets).

@usaa-grp-ent-conv-platform/usaa

1.1.17

by th3_mad_hack3r

Live on npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by collecting and transmitting sensitive system information to external servers without user consent. The use of suspicious domains and extensive data gathering indicates potential data exfiltration and unauthorized access.

atestofwhatmighthappenifwetypo

0.0.9

by davycrockett5729492

Removed from npm

Blocked by Socket

The source code exhibits clear signs of malicious behavior, including downloading and executing files from an external domain, changing file permissions, and running the files with elevated permissions. The risk and malware scores should be high due to the potential for significant harm. The obfuscation score is lower, as the code is not heavily obfuscated but does contain some minor obfuscation techniques.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

corio

2.0.8

Live on pypi

Blocked by Socket

The script contains a high-risk backdoor-like capability: when FMTR_DEV is enabled, it opens root SSH access with a hardcoded password, dumps environment data, and runs SSH in foreground with verbose logging. This undermines container isolation, enables remote compromise, and poses severe supply-chain security risks. It should be removed or replaced with secure, auditable behavior (e.g., disallow root SSH, use proper authentication via keys, avoid dumping environment, and validate inputs).

sane-fmt/action

a80894d5577e559ac1b4da9c6daa19e8dedbe360

Live on actions

Blocked by Socket

The analyzed fragment implements dynamic download and execution of an external binary from a remote release channel during a CI workflow. While this pattern can be legitimate for tooling, it introduces substantial supply-chain and runtime security risks due to lack of integrity verification, reliance on external binaries, and execution of downloaded code with elevated permissions in a CI environment. Recommend removing or hardening the dynamic download/execution path: use signed, verified binaries; implement checksum/signature verification; pin to a known-good hash; consider vendoring the tool or embedding it in the repository; restrict what inputs can influence the binary download; and add strict sandboxing or runner policies to prevent unintended data exposure or host compromise.

github.com/weaveworks/weave

v0.10.1-0.20150518222835-9017888b9c22

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

promise-react-com

1.0.2

by nousepromise

Live on npm

Blocked by Socket

The flagged file implements a React upload component that, upon user file selection, appends the file to a FormData and issues an unencrypted HTTP POST to http://kg[.]zhaodashen[.]cn/mt/admin/upload.jsp. There is no user consent prompt, file validation or use of HTTPS, and the hardcoded endpoint belongs to an unknown domain. This behavior constitutes unauthorized data exfiltration and a high-severity privacy breach, indicating malicious intent.

codemirror-plugin-analytics

1.0.0

by saiansh2525

Live on npm

Blocked by Socket

The code implements unauthorized analytics by intercepting CodeMirror usage and sending user identifiers and editor state to a suspicious external server without user consent. It contains bugs in fetch usage that may prevent proper data transmission but still represents a serious privacy violation and potential malware behavior. The override of a global constructor to inject this behavior is suspicious and obfuscates intent. Users should consider this code malicious and avoid using it.

leadtools.async.dll.netframework

20.0.0

by LEADTOOLS

Live on nuget

Blocked by Socket

Conclusion: This code fragment demonstrates strong obfuscation coupled with runtime payload decryption and unmanaged code loading capabilities, creating significant supply-chain and security risks. It warrants strict provenance verification, integrity checks (signatures/hashes), and comprehensive offline analysis in a secure sandbox prior to any use or distribution. The combination of hard-coded cryptographic material, memory-injection primitives, and dynamic loader patterns elevates the risk to a high level.

ocs-academic-hub

0.99.26

Live on pypi

Blocked by Socket

This code exhibits high-risk behavior: it reads a JWT from a user's browser localStorage via injected notebook JavaScript and transmits it to a hard-coded external endpoint, uses eval() on network-provided data (allowing remote code execution), and disables TLS verification for a request to the same endpoint. These patterns are consistent with credential exfiltration and remote-code-execution backdoors. Do not run this code in environments with sensitive credentials; treat it as malicious or at minimum extremely unsafe and refactor to remove eval, re-enable TLS verification, and avoid silent client-side token exfiltration.

abc-0329

1644657970

Live on pypi

Blocked by Socket

The module acts as a local HTTP agent/relay that collects user_key and client IPs, calls local services, and regularly posts aggregated 'online_user_list' and related metadata to a hard-coded remote domain using an embedded API key. Even though no interactive shell or destructive code is obvious in the readable portions, the automatic exfiltration behavior (periodic heartbeat plus proxied remote calls) and hard-coded credentials/endpoints are characteristic of a backdoor/telemetry agent. Treat this package as suspicious: do not run in trusted environments until provenance is validated, remote endpoints and the embedded API_KEY are audited, and the garbled/corrupted file content is resolved to a clean source for full review.

bsdploy

3.0.0b2

Live on pypi

Blocked by Socket

A shell script modifies the SSH server configuration to allow root login without a password, moves an authorized_keys file from a temporary location into the root user’s SSH directory, and attempts to reload SSH. These actions collectively create a high-risk scenario by enabling potential unauthorized root access. No external domains or IP addresses have been observed.

@multiplytech/openclaw

2026.2.15-pairing-code.5

Live on npm

Blocked by Socket

Based on the provided manifest/README, Peekaboo's capabilities align with its stated purpose (macOS UI automation). No explicit signs of embedded malware, obfuscation, hardcoded secrets, or network exfiltration are present in this document. The primary risks are: (1) supply-chain/trust risk from a third-party Homebrew tap installer; (2) local abuse via high-privilege APIs (Accessibility/Screen Recording) and execution of untrusted .peekaboo.json scripts; and (3) local secret exposure via clipboard and stored config credentials. Recommend: verify and audit the Homebrew tap and package source before installation, inspect the binary/source if possible, restrict access to stored config files, and treat any automation scripts as untrusted input. Avoid running scripts from untrusted sources and limit granted macOS permissions to necessary scopes.

azure-graphrbac

7.17.1000

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 12 hours and 44 minutes before removal. Socket users were protected even while the package was live.

jbrowse

1.0.0

by 0x2458

Removed from npm

Blocked by Socket

This file gathers user data, environment variables, and sensitive system files (e.g., /etc/passwd or the Windows hosts file) and sends them via a POST request to a suspicious remote domain (example[.]com). The purpose is clearly data theft, indicating malicious intent and a significant security threat.

Live on npm for 14 days, 5 hours and 9 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles