Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

354766/inference-sh-9/skills/image-upscaling/

ec1ffe07c2ffd5564c7d036404295ec7fa08946c

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The artifact is documentation for a legitimate image-upscaling workflow that depends on a third-party CLI (infsh) and cloud-hosted inference backends. There is no explicit malicious code or hardcoded secrets in the provided text, but the distribution and execution model (curl | sh installer and running downloaded native binaries that transport images and tokens to remote services) present significant supply-chain and privacy risks. If you cannot trust inference.sh or need to protect sensitive images/credentials, avoid this flow or require manual verification of installer binaries and tighter operational controls. LLM verification: Not outright malware, but contains a high-risk supply-chain/install pattern. The skill legitimately describes running a remote CLI and sending images to a cloud service, which matches its stated purpose. However, the explicit recommendation to run `curl https://cli.inference.sh | sh` (download-and-execute) and to run `infsh login` (which will collect credentials) are supply-chain and credential-risk vectors. Treat this skill as suspicious: verify the installer checksum manually before executing,

muaddib-scanner

2.2.1

by dnszlsk

Live on npm

Blocked by Socket

This fragment is a high-risk dropper/backdoor: it conditionally executes a remote shell script based on environment detection, enabling remote control or destructive actions. It should be considered malware-like behavior and is unacceptable in any npm package context without explicit user consent and strong security controls.

vention-quest

1.1.0

by gamermount

Removed from npm

Blocked by Socket

The code is highly suspicious due to its behavior of collecting and exfiltrating sensitive system data to an untrusted external domain without user consent.

Live on npm for 5 days, 2 hours and 36 minutes before removal. Socket users were protected even while the package was live.

pyliveupdate

0.2.2

Live on pypi

Blocked by Socket

The module implements a reverse interactive Python console that provides remote arbitrary code execution and stdout/stderr exfiltration over a TCP connection. It behaves as a backdoor/reverse shell. There is no authentication, authorization, or encryption visible; the console executes received strings in the global context, making it highly dangerous in untrusted environments. The typographical bug when restoring stderr may leave outputs redirected or cause thread errors. Treat this code as high-risk: only allow in tightly controlled, trusted debugging scenarios or remove/restrict it from production dependencies.

pinokiod

7.1.62

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

github.com/bishopfox/sliver

v1.5.40-0.20240105210832-b20c5374b728

Live on go

Blocked by Socket

This file implements explicit offensive capabilities: execution of arbitrary native payloads in-process (LocalTask) and injection via memfd + LD_PRELOAD into spawned processes (Sideload). These features represent high-risk malicious functionality for general-purpose dependencies. Treat this code as hostile unless its use is deliberate, authorized, and confined to controlled penetration-testing contexts. Do not include this module as a dependency in production software or allow it to run in environments handling untrusted workloads.

hexdeclink

0.0.1

Removed from pypi

Blocked by Socket

The perm(private_key) function in main.py packages its input into a JSON object and issues an HTTPS POST to https://reda-sequestered-justine[.]ngrok-free[.]dev/tron, transmitting a value named “private_key” to an attacker-controlled server. It then performs a GET to https://reda-sequestered-justine[.]ngrok-free[.]dev/switcher, parses the JSON response, and uses its truthiness to alter the return value. There is no authentication, validation, error handling, timeout settings, or user consent—indicative of a covert supply-chain backdoor designed to steal cryptographic credentials.

Live on pypi for 111 days, 17 hours and 55 minutes before removal. Socket users were protected even while the package was live.

calypso-config

1004.0.0

by k4r1it0

Removed from npm

Blocked by Socket

The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.

Live on npm for 1 day, 12 hours and 8 minutes before removal. Socket users were protected even while the package was live.

fiinquant

0.11.0

Live on pypi

Blocked by Socket

This file contains obfuscated malicious code that uses multiple evasion techniques to hide its true functionality. The code implements a multi-stage decoder that: 1) Reverses an encoded string 2) Decodes it using base64 3) Decompresses it using zlib 4) Executes the resulting code using exec(). This pattern is a common malware technique designed to evade security scanning and hide malicious payloads. The use of exec() to execute arbitrary decoded content poses a severe security risk as it allows execution of potentially harmful code. The intentional obfuscation through multiple encoding layers combined with dynamic code execution strongly indicates this is malware rather than legitimate functionality. The code should not be executed as it likely contains a malicious payload designed for system compromise, data exfiltration, or other harmful activities.

mui-h4x

0.0.1

by detan

Live on npm

Blocked by Socket

The module implements per-machine encrypted storage but intentionally creates and stores a second ciphertext encrypted with a static developer-derived key (getDeveloperKey()). That duplicated developer-encrypted copy allows the developer (or anyone with the dev key derivation) to decrypt stored credentials/keys regardless of the target machine. This behavior constitutes a backdoor/supply-chain risk (credential access/exfiltration facilitation). There is no direct network exfiltration code in this file, but the presence of the dev-encrypted copy is a high-risk supply-chain indicator and should be treated as malicious for most threat models; do not trust this package for secure credential storage without auditing and removing the developer-encryption part.

github.com/milvus-io/milvus

v0.10.3-0.20210927105433-8690113f62d8

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

@whyour/qinglong

2.20.2-0

by whyour

Live on npm

Blocked by Socket

Functionally this package.json appears to describe a legitimate task-management project. However, it contains a high-risk supply-chain indicator: overrides and the direct dependency for sqlite3 point to a git+https repository instead of an npm registry release. Using overrides to redirect a dependency to a non-registry source is an established vector for malware/supply-chain compromise and should be treated as high risk. Additionally, the postinstall script and CLI shell scripts execute code during install/runtime and should be audited. Recommend auditing the target git repository (https://github.com/whyour/node-sqlite3.git) and the shell scripts and the 'max setup' command before installing in production or CI.

axp-base

991.0.0

by bugbounty.click

Removed from npm

Blocked by Socket

The script collects information like hostname, username, user group, and admin status and sends it to a remote server.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

super-winrar

1.2.6

by ayanokoji

Live on npm

Blocked by Socket

This module is highly consistent with malicious dropper/loader behavior: it obfuscates strings, dynamically loads required Node.js core modules, downloads an embedded-URL payload over HTTPS, writes it to a timestamped file in the OS temp directory as an executable, and then executes it as a detached process with stdio suppressed and the window hidden. This is not typical of legitimate dependency code and presents a critical security threat if executed in a build or runtime environment.

354766/inference-sh/skills/press-release-writing/

1fc472e9a03174a2f7b69062680b3e1d55347ae6

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The press-release-writing skill is a benign documentation/template skill whose runtime behaviors depend on the external inference.sh CLI and its backend services. The primary risks are operational: executing a remote install script (curl | sh), and sending potentially sensitive drafts/queries and credentials to third-party services when using 'infsh login' and 'infsh app run'. No hardcoded secrets, obfuscated code, or direct malicious actions are present in the skill text. Recommend caution: inspect the installer and verify checksums before running, limit the data you send to the external service, and prefer manual review of any credentials stored by the CLI. LLM verification: This SKILL.md appears to be legitimate documentation for a press-release writing skill that recommends using the inference.sh CLI for research. There is no direct evidence of embedded malware or obfuscated malicious code in the document itself. However, the file contains high-risk operational instructions: it recommends a 'curl | sh' installer and routes research and user-provided text through a third-party service (inference.sh). That creates a realistic risk of remote code execution at install

github.com/milvus-io/milvus

v0.10.3-0.20211229020847-029b1532598b

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

@atlasnomos/atlas

1.1.8

by atlas.dev

Live on npm

Blocked by Socket

This module acts as a reconnaissance/probing agent that collects potentially sensitive runtime information (presence of specific globals, internal module paths, existence/lengths of environment secrets, active handles, and direct access to an IdentityContext). The code itself does not transmit the collected data, but returning the structured results makes it trivial for other code to exfiltrate the findings. Given the explicit status message and targeted probes for secrets/internal modules, treat this as malicious or highly suspicious. Remove or audit thoroughly before use; if encountered in a dependency, assume it is a supply-chain risk.

@shennmine/libsignal-node

2.2.3

by shennmine

Live on npm

Blocked by Socket

This script is a malicious patcher that performs an in-place supply-chain modification of the Baileys library to inject automated 'newsletter follow' behavior (using hardcoded base64 IDs), persist that change via a marker file, and force process termination to activate the change. It constitutes a supply-chain/tampering attack that causes unauthorized actions using the victim's authenticated WhatsApp client. Treat systems where this ran as compromised, restore packages from known-good sources, and audit for additional modifications or persistence.

@gwp-gtmt-components/event-listener

88.8.8

by biratx01

Live on npm

Blocked by Socket

This code performs immediate, automatic exfiltration of local environment and package metadata to a hardcoded, opaque external host. It acts as unauthorized telemetry/backdoor and represents a high supply-chain risk. Treat as malicious until proven otherwise; remove or isolate the package and audit affected systems for leaked secrets.

ailever

0.1.162

Live on pypi

Blocked by Socket

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

richardtmiles/carbonphp

13.9.3

Live on composer

Blocked by Socket

The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.

github.com/tsilavinazh/wifi-go

v0.0.0-20240524192049-94cd8b380616

Live on go

Blocked by Socket

This program is a simple WiFi password brute-force tool: it reads candidate passwords from a local file and repeatedly invokes iwconfig with each candidate. That behavior is malicious/abusive in most contexts (unauthorized access attempts) and poses a high security risk if included in a dependency. It does not appear obfuscated nor to exfiltrate data, but its intent and actions (automated password guessing + executing system commands) make it unsuitable and dangerous in most legitimate packages.

crudadmin/resources

2.0.3

Live on composer

Blocked by Socket

The code contains a license/verification component that contacts an external license server and executes server-provided JavaScript (via new Function(...) and by inserting <script> tags from returned HTML). This creates a high-risk supply-chain capability: an attacker (or a malicious/compromised license server) can execute arbitrary JS in the admin application's context, exfiltrate the license key, host, CSRF token, or other client-side data, and persist server-supplied authentication objects in localStorage. This is not mere telemetry: dynamic remote code execution is present. I recommend treating this as a serious supply-chain risk: either remove/disable the automatic license callback execution and script injection or strictly validate and sandbox any server responses before executing them. If the project relies on this remote behavior, audit the remote endpoints and responses carefully.

claude-skills-library

2.0.12

by uqosiwo

Live on npm

Blocked by Socket

This package will execute a local JavaScript file at install time. That behavior is not intrinsically malicious, but it is a high-risk pattern because the postinstall script can execute arbitrary code and may call the bundled 7zr.exe native binary. You should inspect the contents of postinstall.js (and any binaries it invokes) before installing. If postinstall.js performs network calls, spawns shells, writes to unexpected locations, or transmits data, treat it as malicious and avoid installing.

354766/inference-sh-9/skills/image-upscaling/

ec1ffe07c2ffd5564c7d036404295ec7fa08946c

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The artifact is documentation for a legitimate image-upscaling workflow that depends on a third-party CLI (infsh) and cloud-hosted inference backends. There is no explicit malicious code or hardcoded secrets in the provided text, but the distribution and execution model (curl | sh installer and running downloaded native binaries that transport images and tokens to remote services) present significant supply-chain and privacy risks. If you cannot trust inference.sh or need to protect sensitive images/credentials, avoid this flow or require manual verification of installer binaries and tighter operational controls. LLM verification: Not outright malware, but contains a high-risk supply-chain/install pattern. The skill legitimately describes running a remote CLI and sending images to a cloud service, which matches its stated purpose. However, the explicit recommendation to run `curl https://cli.inference.sh | sh` (download-and-execute) and to run `infsh login` (which will collect credentials) are supply-chain and credential-risk vectors. Treat this skill as suspicious: verify the installer checksum manually before executing,

muaddib-scanner

2.2.1

by dnszlsk

Live on npm

Blocked by Socket

This fragment is a high-risk dropper/backdoor: it conditionally executes a remote shell script based on environment detection, enabling remote control or destructive actions. It should be considered malware-like behavior and is unacceptable in any npm package context without explicit user consent and strong security controls.

vention-quest

1.1.0

by gamermount

Removed from npm

Blocked by Socket

The code is highly suspicious due to its behavior of collecting and exfiltrating sensitive system data to an untrusted external domain without user consent.

Live on npm for 5 days, 2 hours and 36 minutes before removal. Socket users were protected even while the package was live.

pyliveupdate

0.2.2

Live on pypi

Blocked by Socket

The module implements a reverse interactive Python console that provides remote arbitrary code execution and stdout/stderr exfiltration over a TCP connection. It behaves as a backdoor/reverse shell. There is no authentication, authorization, or encryption visible; the console executes received strings in the global context, making it highly dangerous in untrusted environments. The typographical bug when restoring stderr may leave outputs redirected or cause thread errors. Treat this code as high-risk: only allow in tightly controlled, trusted debugging scenarios or remove/restrict it from production dependencies.

pinokiod

7.1.62

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

github.com/bishopfox/sliver

v1.5.40-0.20240105210832-b20c5374b728

Live on go

Blocked by Socket

This file implements explicit offensive capabilities: execution of arbitrary native payloads in-process (LocalTask) and injection via memfd + LD_PRELOAD into spawned processes (Sideload). These features represent high-risk malicious functionality for general-purpose dependencies. Treat this code as hostile unless its use is deliberate, authorized, and confined to controlled penetration-testing contexts. Do not include this module as a dependency in production software or allow it to run in environments handling untrusted workloads.

hexdeclink

0.0.1

Removed from pypi

Blocked by Socket

The perm(private_key) function in main.py packages its input into a JSON object and issues an HTTPS POST to https://reda-sequestered-justine[.]ngrok-free[.]dev/tron, transmitting a value named “private_key” to an attacker-controlled server. It then performs a GET to https://reda-sequestered-justine[.]ngrok-free[.]dev/switcher, parses the JSON response, and uses its truthiness to alter the return value. There is no authentication, validation, error handling, timeout settings, or user consent—indicative of a covert supply-chain backdoor designed to steal cryptographic credentials.

Live on pypi for 111 days, 17 hours and 55 minutes before removal. Socket users were protected even while the package was live.

calypso-config

1004.0.0

by k4r1it0

Removed from npm

Blocked by Socket

The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.

Live on npm for 1 day, 12 hours and 8 minutes before removal. Socket users were protected even while the package was live.

fiinquant

0.11.0

Live on pypi

Blocked by Socket

This file contains obfuscated malicious code that uses multiple evasion techniques to hide its true functionality. The code implements a multi-stage decoder that: 1) Reverses an encoded string 2) Decodes it using base64 3) Decompresses it using zlib 4) Executes the resulting code using exec(). This pattern is a common malware technique designed to evade security scanning and hide malicious payloads. The use of exec() to execute arbitrary decoded content poses a severe security risk as it allows execution of potentially harmful code. The intentional obfuscation through multiple encoding layers combined with dynamic code execution strongly indicates this is malware rather than legitimate functionality. The code should not be executed as it likely contains a malicious payload designed for system compromise, data exfiltration, or other harmful activities.

mui-h4x

0.0.1

by detan

Live on npm

Blocked by Socket

The module implements per-machine encrypted storage but intentionally creates and stores a second ciphertext encrypted with a static developer-derived key (getDeveloperKey()). That duplicated developer-encrypted copy allows the developer (or anyone with the dev key derivation) to decrypt stored credentials/keys regardless of the target machine. This behavior constitutes a backdoor/supply-chain risk (credential access/exfiltration facilitation). There is no direct network exfiltration code in this file, but the presence of the dev-encrypted copy is a high-risk supply-chain indicator and should be treated as malicious for most threat models; do not trust this package for secure credential storage without auditing and removing the developer-encryption part.

github.com/milvus-io/milvus

v0.10.3-0.20210927105433-8690113f62d8

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

@whyour/qinglong

2.20.2-0

by whyour

Live on npm

Blocked by Socket

Functionally this package.json appears to describe a legitimate task-management project. However, it contains a high-risk supply-chain indicator: overrides and the direct dependency for sqlite3 point to a git+https repository instead of an npm registry release. Using overrides to redirect a dependency to a non-registry source is an established vector for malware/supply-chain compromise and should be treated as high risk. Additionally, the postinstall script and CLI shell scripts execute code during install/runtime and should be audited. Recommend auditing the target git repository (https://github.com/whyour/node-sqlite3.git) and the shell scripts and the 'max setup' command before installing in production or CI.

axp-base

991.0.0

by bugbounty.click

Removed from npm

Blocked by Socket

The script collects information like hostname, username, user group, and admin status and sends it to a remote server.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

super-winrar

1.2.6

by ayanokoji

Live on npm

Blocked by Socket

This module is highly consistent with malicious dropper/loader behavior: it obfuscates strings, dynamically loads required Node.js core modules, downloads an embedded-URL payload over HTTPS, writes it to a timestamped file in the OS temp directory as an executable, and then executes it as a detached process with stdio suppressed and the window hidden. This is not typical of legitimate dependency code and presents a critical security threat if executed in a build or runtime environment.

354766/inference-sh/skills/press-release-writing/

1fc472e9a03174a2f7b69062680b3e1d55347ae6

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The press-release-writing skill is a benign documentation/template skill whose runtime behaviors depend on the external inference.sh CLI and its backend services. The primary risks are operational: executing a remote install script (curl | sh), and sending potentially sensitive drafts/queries and credentials to third-party services when using 'infsh login' and 'infsh app run'. No hardcoded secrets, obfuscated code, or direct malicious actions are present in the skill text. Recommend caution: inspect the installer and verify checksums before running, limit the data you send to the external service, and prefer manual review of any credentials stored by the CLI. LLM verification: This SKILL.md appears to be legitimate documentation for a press-release writing skill that recommends using the inference.sh CLI for research. There is no direct evidence of embedded malware or obfuscated malicious code in the document itself. However, the file contains high-risk operational instructions: it recommends a 'curl | sh' installer and routes research and user-provided text through a third-party service (inference.sh). That creates a realistic risk of remote code execution at install

github.com/milvus-io/milvus

v0.10.3-0.20211229020847-029b1532598b

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

@atlasnomos/atlas

1.1.8

by atlas.dev

Live on npm

Blocked by Socket

This module acts as a reconnaissance/probing agent that collects potentially sensitive runtime information (presence of specific globals, internal module paths, existence/lengths of environment secrets, active handles, and direct access to an IdentityContext). The code itself does not transmit the collected data, but returning the structured results makes it trivial for other code to exfiltrate the findings. Given the explicit status message and targeted probes for secrets/internal modules, treat this as malicious or highly suspicious. Remove or audit thoroughly before use; if encountered in a dependency, assume it is a supply-chain risk.

@shennmine/libsignal-node

2.2.3

by shennmine

Live on npm

Blocked by Socket

This script is a malicious patcher that performs an in-place supply-chain modification of the Baileys library to inject automated 'newsletter follow' behavior (using hardcoded base64 IDs), persist that change via a marker file, and force process termination to activate the change. It constitutes a supply-chain/tampering attack that causes unauthorized actions using the victim's authenticated WhatsApp client. Treat systems where this ran as compromised, restore packages from known-good sources, and audit for additional modifications or persistence.

@gwp-gtmt-components/event-listener

88.8.8

by biratx01

Live on npm

Blocked by Socket

This code performs immediate, automatic exfiltration of local environment and package metadata to a hardcoded, opaque external host. It acts as unauthorized telemetry/backdoor and represents a high supply-chain risk. Treat as malicious until proven otherwise; remove or isolate the package and audit affected systems for leaked secrets.

ailever

0.1.162

Live on pypi

Blocked by Socket

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

richardtmiles/carbonphp

13.9.3

Live on composer

Blocked by Socket

The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.

github.com/tsilavinazh/wifi-go

v0.0.0-20240524192049-94cd8b380616

Live on go

Blocked by Socket

This program is a simple WiFi password brute-force tool: it reads candidate passwords from a local file and repeatedly invokes iwconfig with each candidate. That behavior is malicious/abusive in most contexts (unauthorized access attempts) and poses a high security risk if included in a dependency. It does not appear obfuscated nor to exfiltrate data, but its intent and actions (automated password guessing + executing system commands) make it unsuitable and dangerous in most legitimate packages.

crudadmin/resources

2.0.3

Live on composer

Blocked by Socket

The code contains a license/verification component that contacts an external license server and executes server-provided JavaScript (via new Function(...) and by inserting <script> tags from returned HTML). This creates a high-risk supply-chain capability: an attacker (or a malicious/compromised license server) can execute arbitrary JS in the admin application's context, exfiltrate the license key, host, CSRF token, or other client-side data, and persist server-supplied authentication objects in localStorage. This is not mere telemetry: dynamic remote code execution is present. I recommend treating this as a serious supply-chain risk: either remove/disable the automatic license callback execution and script injection or strictly validate and sandbox any server responses before executing them. If the project relies on this remote behavior, audit the remote endpoints and responses carefully.

claude-skills-library

2.0.12

by uqosiwo

Live on npm

Blocked by Socket

This package will execute a local JavaScript file at install time. That behavior is not intrinsically malicious, but it is a high-risk pattern because the postinstall script can execute arbitrary code and may call the bundled 7zr.exe native binary. You should inspect the contents of postinstall.js (and any binaries it invokes) before installing. If postinstall.js performs network calls, spawns shells, writes to unexpected locations, or transmits data, treat it as malicious and avoid installing.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles