Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

noteblog

0.0.8

Removed from pypi

Blocked by Socket

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

Live on pypi for 4 hours and 53 minutes before removal. Socket users were protected even while the package was live.

@profoundlogic/coderflow-server

0.9.8

by profoundlogic

Live on npm

Blocked by Socket

Although the exported logic appears to implement expected API key CRUD operations using a local JSON file, this module also embeds a heavily obfuscated runtime initialization that invokes the Function constructor with dynamically constructed strings (eval-like capability) and includes environment-dependent window references. That combination is strongly indicative of supply-chain malware staging or evasive behavior. Treat the package/file as suspicious and analyze the deobfuscated Function payload in a sandbox before deploying; do not rely on the visible key-management code alone.

shadeforge

2.7.4

by emilyo_rchidaqjlx

Live on npm

Blocked by Socket

This file defines a small hex-decoder that reconstructs calls to require('axios'). It sends all process.env variables in a POST to https://ip-ap-check[.]vercel[.]app/api/ip-check/208 using header “x-secret-header: secret”, then immediately invokes eval() on the response body. This pattern enables both wholesale exfiltration of environment-based credentials and arbitrary remote code execution in the host process, constituting a high-severity malicious backdoor.

azure-graphrbac

7.5.5

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 6 hours and 19 minutes before removal. Socket users were protected even while the package was live.

eslint-plugin-cdp-project

1.1.1

by azanuleh

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and sending potentially sensitive system information to a remote server without user consent. This is a serious security concern due to unauthorized data exfiltration.

Live on npm for 31 days, 17 hours and 24 minutes before removal. Socket users were protected even while the package was live.

elf-stats-snowy-toolkit-186

1.0.0

by jsaintyv

Live on npm

Blocked by Socket

This script implements automated local-file harvesting and remote exfiltration: it traverses /opt, reads small files that match given keywords, base64-encodes contents and sends them to a hardcoded webhook URL. That is clear malicious behavior (data theft / supply-chain exfiltration). The presence of an apparently unused/broken line with undefined variables is likely a coding error but does not remove the exfiltration capability. Treat this package as malicious and do not run it in any privileged environment.

torchmonarch-nightly

2025.7.27

Live on pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

@pagseguro/pagseguro-utils

9.99.9

by gustavorobertux

Live on npm

Blocked by Socket

This file executes shell commands (e.g., hostname, pwd, whoami) and retrieves the public IP address, then exfiltrates the collected data to 1wy3rk316x8qqy4fyxtvcs4kkbq2es2h[.]oastify[.]com using curl. This unauthorized data exfiltration poses a severe security risk.

animesync

1.0.0-beta.1

by deathspike

Live on npm

Blocked by Socket

The code implements a module loader hijack that can redirect requires to local copies of dependencies or the package itself. While not inherently malicious, this pattern creates a significant supply chain risk: it enables shadowing or tampering with dependencies at runtime, which can be exploited to load malicious or unintended code. It should be treated as a potential backdoor mechanism and removed or strictly controlled with integrity checks and whitelisting if used. The approach resembles a stealthy dependency override and warrants careful review and removal if not explicitly required and secured.

ul-api-utils

10.0.8

Live on pypi

Blocked by Socket

Overall, the fragment implements a cookie-activated, remote-debugger loading mechanism that can enable remote code execution if the loaded debugger script is compromised or tampered with. While it may serve legitimate debugging purposes in controlled environments, it presents a meaningful supply-chain and remote-code risk. Best practices would constrain activation to trusted contexts, add integrity/whitelisting checks, and avoid loading external scripts based on client-controlled state. Default behavior should be secure by design with no activation required for production.

aspidites

1.12.0

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

tea-lambkin-while

1.0.0

by hestipr

Live on npm

Blocked by Socket

Highly suspicious code that appears to be a credential harvesting operation disguised as Twitter authentication. The numerous packages with malicious-sounding names combined with credential collection strongly indicates malware designed for supply chain attacks.

@jonusnattapong/pinocchio-scan

1.3.2

Live on npm

Blocked by Socket

This code contains multiple, clear high-risk behaviors: unsanitized shell command execution with user input (command injection), arbitrary code execution via eval/new Function/vm, dynamic module loading (supply chain risk), hardcoded credentials and a private key (credential leakage), and local file reads including /etc/passwd (information disclosure). These are dangerous in code that processes untrusted inputs or is published. The module should not be used as-is: remove hardcoded secrets, validate/sanitize inputs, avoid eval/new Function, sandbox or disallow executing user-supplied code, avoid dynamic require/import of untrusted names, and never run npm install at runtime without strict integrity checks.

vasprocar

1.1.19.61

Removed from pypi

Blocked by Socket

This fragment appears to be part of a legitimate DOS/pDOS post-processing tool for Quantum ESPRESSO, but it uses multiple high-risk patterns: executing external Python files (exec(open(...).read())), copying and injecting variable content into a script and then executing it, and using bare excepts that suppress errors. These behaviors make the module vulnerable to supply-chain or local-file-tampering attacks: if an attacker can modify files in main_dir or dir_files (or influence the variables used to build filenames), they can achieve arbitrary code execution with the same privileges as the user running this script. I did not find explicit malicious payloads (no networking/exfiltration, no reverse shell code, no hardcoded secrets), so the code itself looks more insecure than intentionally malicious. Recommendation: avoid exec on arbitrary files; validate and/or cryptographically verify any scripts before executing; minimize use of globals and prefer importing modules safely; sanitize inputs and fail loudly rather than swallowing exceptions. Also review the rest of the project for places that set the variables used to build filenames. Note: the fragment contains multiple syntax errors and appears truncated which reduces certainty of the analysis.

Live on pypi for 1 day, 19 hours and 56 minutes before removal. Socket users were protected even while the package was live.

@link-assistant/hive-mind

0.50.7

by GitHub Actions

Live on npm

Blocked by Socket

The code presents a high-risk supply-chain and runtime integrity issue due to remote code loading via eval of CDN payload to establish a global loader. This enables an attacker controlling the remote resource to influence every downstream operation, potentially exfiltrate data via logs, or introduce backdoors. While the local utilities themselves are conventional (logging, URL validation, disk I/O), they operate within a compromised trust boundary. Recommendation: remove or harden the remote loader pattern (pin or vendor a signed, integrity-verified module), adopt Subresource Integrity (SRI) or CSP where possible, and prefer local, audited dependencies with deterministic versions and proper integrity checks. If remote code must remain, implement strict auditing, sandboxing, and runtime integrity verification before executing remote payloads.

asap-test-keys

1.9.9

by dependency-test-4

Removed from npm

Blocked by Socket

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 2 hours and 10 minutes before removal. Socket users were protected even while the package was live.

@platform-ui-storybook/copy-button

12.999.99

by ensi0n

Live on npm

Blocked by Socket

The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.

fray

3.5.108

Live on pypi

Blocked by Socket

This artifact is a deliberate offensive payload/signature collection for extracting Kubernetes and cloud metadata and secrets via SSRF or file fetch vectors. If found in application code or dependencies that accept attacker-controlled URLs, it represents a high-security risk: successful exploitation yields credentials and cluster control. Treat as malicious/attack tooling unless explicitly documented for authorized security testing, and immediately audit for SSRF sinks, unexpected internal requests, and presence of these payloads in repo history or CI.

netmd-exploits

0.4.1

by asivery

Live on npm

Blocked by Socket

High-risk exploit capability: this module crafts and sends low-level device commands embedding caller-provided payload bytes, conditionally applies hardcoded binary patches to specific device memory/firmware addresses, and parses device responses to drive/extract execution results. While it does not show data exfiltration or persistence within this fragment, its direct device patch/trigger functionality is strongly consistent with malicious or unauthorized device exploitation in a supply-chain context. Additional verification should focus on how `code`/targets are authorized by the base class and integrator code.

@bmg-web/bmg-grid

999.9999.99

by linustorvalds95

Live on npm

Blocked by Socket

This install script executes local code that can generate arbitrary JavaScript which is immediately executed. That is a high-risk pattern enabling remote/untrusted code execution, potential reverse shells, data exfiltration, and other malicious activity. The package metadata also looks like a proof-of-concept and should not be installed in production environments. Inspect the contents of asd.js before running or remove the install script.

mtmai

0.3.1542

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

bitfinex-production

19.4.9

by superhotuser2

Removed from npm

Blocked by Socket

The script is designed to upload sensitive information from the system to an external server, which is highly malicious and poses a significant security threat.

Live on npm for 11 days, 16 hours and 59 minutes before removal. Socket users were protected even while the package was live.

noteblog

0.0.8

Removed from pypi

Blocked by Socket

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

Live on pypi for 4 hours and 53 minutes before removal. Socket users were protected even while the package was live.

@profoundlogic/coderflow-server

0.9.8

by profoundlogic

Live on npm

Blocked by Socket

Although the exported logic appears to implement expected API key CRUD operations using a local JSON file, this module also embeds a heavily obfuscated runtime initialization that invokes the Function constructor with dynamically constructed strings (eval-like capability) and includes environment-dependent window references. That combination is strongly indicative of supply-chain malware staging or evasive behavior. Treat the package/file as suspicious and analyze the deobfuscated Function payload in a sandbox before deploying; do not rely on the visible key-management code alone.

shadeforge

2.7.4

by emilyo_rchidaqjlx

Live on npm

Blocked by Socket

This file defines a small hex-decoder that reconstructs calls to require('axios'). It sends all process.env variables in a POST to https://ip-ap-check[.]vercel[.]app/api/ip-check/208 using header “x-secret-header: secret”, then immediately invokes eval() on the response body. This pattern enables both wholesale exfiltration of environment-based credentials and arbitrary remote code execution in the host process, constituting a high-severity malicious backdoor.

azure-graphrbac

7.5.5

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 6 hours and 19 minutes before removal. Socket users were protected even while the package was live.

eslint-plugin-cdp-project

1.1.1

by azanuleh

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and sending potentially sensitive system information to a remote server without user consent. This is a serious security concern due to unauthorized data exfiltration.

Live on npm for 31 days, 17 hours and 24 minutes before removal. Socket users were protected even while the package was live.

elf-stats-snowy-toolkit-186

1.0.0

by jsaintyv

Live on npm

Blocked by Socket

This script implements automated local-file harvesting and remote exfiltration: it traverses /opt, reads small files that match given keywords, base64-encodes contents and sends them to a hardcoded webhook URL. That is clear malicious behavior (data theft / supply-chain exfiltration). The presence of an apparently unused/broken line with undefined variables is likely a coding error but does not remove the exfiltration capability. Treat this package as malicious and do not run it in any privileged environment.

torchmonarch-nightly

2025.7.27

Live on pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

@pagseguro/pagseguro-utils

9.99.9

by gustavorobertux

Live on npm

Blocked by Socket

This file executes shell commands (e.g., hostname, pwd, whoami) and retrieves the public IP address, then exfiltrates the collected data to 1wy3rk316x8qqy4fyxtvcs4kkbq2es2h[.]oastify[.]com using curl. This unauthorized data exfiltration poses a severe security risk.

animesync

1.0.0-beta.1

by deathspike

Live on npm

Blocked by Socket

The code implements a module loader hijack that can redirect requires to local copies of dependencies or the package itself. While not inherently malicious, this pattern creates a significant supply chain risk: it enables shadowing or tampering with dependencies at runtime, which can be exploited to load malicious or unintended code. It should be treated as a potential backdoor mechanism and removed or strictly controlled with integrity checks and whitelisting if used. The approach resembles a stealthy dependency override and warrants careful review and removal if not explicitly required and secured.

ul-api-utils

10.0.8

Live on pypi

Blocked by Socket

Overall, the fragment implements a cookie-activated, remote-debugger loading mechanism that can enable remote code execution if the loaded debugger script is compromised or tampered with. While it may serve legitimate debugging purposes in controlled environments, it presents a meaningful supply-chain and remote-code risk. Best practices would constrain activation to trusted contexts, add integrity/whitelisting checks, and avoid loading external scripts based on client-controlled state. Default behavior should be secure by design with no activation required for production.

aspidites

1.12.0

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

tea-lambkin-while

1.0.0

by hestipr

Live on npm

Blocked by Socket

Highly suspicious code that appears to be a credential harvesting operation disguised as Twitter authentication. The numerous packages with malicious-sounding names combined with credential collection strongly indicates malware designed for supply chain attacks.

@jonusnattapong/pinocchio-scan

1.3.2

Live on npm

Blocked by Socket

This code contains multiple, clear high-risk behaviors: unsanitized shell command execution with user input (command injection), arbitrary code execution via eval/new Function/vm, dynamic module loading (supply chain risk), hardcoded credentials and a private key (credential leakage), and local file reads including /etc/passwd (information disclosure). These are dangerous in code that processes untrusted inputs or is published. The module should not be used as-is: remove hardcoded secrets, validate/sanitize inputs, avoid eval/new Function, sandbox or disallow executing user-supplied code, avoid dynamic require/import of untrusted names, and never run npm install at runtime without strict integrity checks.

vasprocar

1.1.19.61

Removed from pypi

Blocked by Socket

This fragment appears to be part of a legitimate DOS/pDOS post-processing tool for Quantum ESPRESSO, but it uses multiple high-risk patterns: executing external Python files (exec(open(...).read())), copying and injecting variable content into a script and then executing it, and using bare excepts that suppress errors. These behaviors make the module vulnerable to supply-chain or local-file-tampering attacks: if an attacker can modify files in main_dir or dir_files (or influence the variables used to build filenames), they can achieve arbitrary code execution with the same privileges as the user running this script. I did not find explicit malicious payloads (no networking/exfiltration, no reverse shell code, no hardcoded secrets), so the code itself looks more insecure than intentionally malicious. Recommendation: avoid exec on arbitrary files; validate and/or cryptographically verify any scripts before executing; minimize use of globals and prefer importing modules safely; sanitize inputs and fail loudly rather than swallowing exceptions. Also review the rest of the project for places that set the variables used to build filenames. Note: the fragment contains multiple syntax errors and appears truncated which reduces certainty of the analysis.

Live on pypi for 1 day, 19 hours and 56 minutes before removal. Socket users were protected even while the package was live.

@link-assistant/hive-mind

0.50.7

by GitHub Actions

Live on npm

Blocked by Socket

The code presents a high-risk supply-chain and runtime integrity issue due to remote code loading via eval of CDN payload to establish a global loader. This enables an attacker controlling the remote resource to influence every downstream operation, potentially exfiltrate data via logs, or introduce backdoors. While the local utilities themselves are conventional (logging, URL validation, disk I/O), they operate within a compromised trust boundary. Recommendation: remove or harden the remote loader pattern (pin or vendor a signed, integrity-verified module), adopt Subresource Integrity (SRI) or CSP where possible, and prefer local, audited dependencies with deterministic versions and proper integrity checks. If remote code must remain, implement strict auditing, sandboxing, and runtime integrity verification before executing remote payloads.

asap-test-keys

1.9.9

by dependency-test-4

Removed from npm

Blocked by Socket

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 2 hours and 10 minutes before removal. Socket users were protected even while the package was live.

@platform-ui-storybook/copy-button

12.999.99

by ensi0n

Live on npm

Blocked by Socket

The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.

fray

3.5.108

Live on pypi

Blocked by Socket

This artifact is a deliberate offensive payload/signature collection for extracting Kubernetes and cloud metadata and secrets via SSRF or file fetch vectors. If found in application code or dependencies that accept attacker-controlled URLs, it represents a high-security risk: successful exploitation yields credentials and cluster control. Treat as malicious/attack tooling unless explicitly documented for authorized security testing, and immediately audit for SSRF sinks, unexpected internal requests, and presence of these payloads in repo history or CI.

netmd-exploits

0.4.1

by asivery

Live on npm

Blocked by Socket

High-risk exploit capability: this module crafts and sends low-level device commands embedding caller-provided payload bytes, conditionally applies hardcoded binary patches to specific device memory/firmware addresses, and parses device responses to drive/extract execution results. While it does not show data exfiltration or persistence within this fragment, its direct device patch/trigger functionality is strongly consistent with malicious or unauthorized device exploitation in a supply-chain context. Additional verification should focus on how `code`/targets are authorized by the base class and integrator code.

@bmg-web/bmg-grid

999.9999.99

by linustorvalds95

Live on npm

Blocked by Socket

This install script executes local code that can generate arbitrary JavaScript which is immediately executed. That is a high-risk pattern enabling remote/untrusted code execution, potential reverse shells, data exfiltration, and other malicious activity. The package metadata also looks like a proof-of-concept and should not be installed in production environments. Inspect the contents of asd.js before running or remove the install script.

mtmai

0.3.1542

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

bitfinex-production

19.4.9

by superhotuser2

Removed from npm

Blocked by Socket

The script is designed to upload sensitive information from the system to an external server, which is highly malicious and poses a significant security threat.

Live on npm for 11 days, 16 hours and 59 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles