
Product
Introducing Reachability for PHP
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
bane
4.7.1
Live on pypi
Blocked by Socket
This module is a network attack toolkit designed to perform DoS/DDoS attacks (UDP/TCP floods, HTTP request flooding, slow-read attacks, proxied attacks, Tor-based attacks, etc.). It should be considered malicious in purpose; installing or running it can facilitate illegal activity. Review and blocking of this package in supply chains is strongly recommended; inspect any dependent 'bane' modules for further capabilities.
fsd
0.0.506
Removed from pypi
Blocked by Socket
The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.
Live on pypi for 5 days, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.
github.com/weaveworks/weave
v1.0.2-0.20150624155450-00744fb9b496
Live on go
Blocked by Socket
This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.
chernistry/bernstein
85235c78fd4b3889d590431371d954105a3fa10d
Live on actions
Blocked by Socket
This module is a high-risk template renderer because it contains an explicit arbitrary command execution capability driven by template contents (!`...`), implemented via subprocess.run with shell=True and no allowlisting. Command stdout is inserted into the returned output and stderr is partially logged, creating both remote code execution potential and data-exfiltration pathways if an attacker can influence templates or template selection inputs (e.g., role). The inline command feature and lack of validation are strongly consistent with backdoor/sabotage patterns and should be treated as unsafe unless the template source and role inputs are strictly trusted and locked down.
uniquebible
0.1.30
Removed from pypi
Blocked by Socket
The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.
Live on pypi for 1 day, 14 hours and 48 minutes before removal. Socket users were protected even while the package was live.
@evomap/evolver
1.61.2
by autogame-17
Live on npm
Blocked by Socket
This module fragment is a highly obfuscated, stateful “memory graph” engine that persistently writes/reads structured JSON to a filesystem path controlled by an environment variable. It includes explicit runtime dynamic code execution via Function-constructor-style gadgets and additional host filesystem path parsing/normalization used in fingerprinting/key generation. Even though the visible logic does not show outbound networking, the combination of (1) dynamic execution primitives, (2) environment-controlled persistence, and (3) obfuscated/stealthy control-flow strongly indicates elevated supply-chain compromise risk. Treat as malicious or at minimum as a high-priority review candidate requiring full deobfuscation, sandbox execution tracing, and verification of all filesystem targets and decoded runtime strings.
pytheas22
0.1.0
Live on pypi
Blocked by Socket
This file implements an automated SSH credential brute-force/credential-stuffing utility: it reads credential pairs from a local CSV, attempts logins to a hardcoded target concurrently, and records any successful credentials to disk. This behavior is malicious in intent or at minimum highly abusive when used against systems without explicit authorization. Do not run this code against third-party systems. Treat inclusion of this module in a codebase or dependency tree as a serious security risk and remove or isolate it; review where it came from and whether it was intentionally introduced.
thispackagedoesnotexist
0.3.7
Live on pypi
Blocked by Socket
This file contains malicious code designed to establish unauthorized remote desktop access via VNC (Virtual Network Computing). The code searches for and attempts to start winvnc.exe processes, then connects them to a remote host and port specified in the data payload. The malicious behavior includes: automatically launching VNC server software without user knowledge or consent, establishing outbound connections to attacker-controlled hosts, using subprocess calls with potentially unsafe parameters (shell=True, CREATE_NO_WINDOW), and implementing process management to ensure the VNC service remains active. The package structure reveals additional concerning elements including pre-compiled VNC executables, configuration files, and supporting libraries that would enable complete remote control of the infected system. While the code contains a reference to a non-existent package that would cause import errors, the malicious intent and capability for unauthorized remote access are clearly present.
ollash
0.1.1
Removed from pypi
Blocked by Socket
The code contains a critical design issue: it executes untrusted LLM output directly with shell=True after only a brittle parsing step, creating a high risk of command injection and system compromise. Additionally, the extract_command function currently contains a syntax error that will prevent the script from running as-is. While there is no explicit malicious code or hardcoded secrets, the usage pattern (trusting and executing model output without validation, sandboxing, or allowlisting) is dangerous. Recommend: fix the syntax bug; avoid shell=True by using a safe argument list or parsing/whitelisting commands; implement strict validation or an allowlist of permitted commands/arguments; run candidate commands in a sandboxed environment or show a safe-diff and require explicit, informed consent; add timeouts and error handling for subprocess calls.
Live on pypi for 1 hour and 18 minutes before removal. Socket users were protected even while the package was live.
fe-cookie-consent
5.9999.2
Removed from npm
Blocked by Socket
Possible typosquat of [react-cookie-consent](https://socket.dev/npm/package/react-cookie-consent) Explanation: The package 'fe-cookie-consent' is labeled as a 'security holding package', which is often used to prevent typosquatting. The name is similar enough to 'react-cookie-consent' to potentially confuse users, especially since it lacks a distinct namespace or description indicating a different purpose. The maintainer 'npm' suggests it is a placeholder to prevent misuse, but the similarity in name makes it suspicious. security holding package
Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.
pl-global-ec-uikit
0.9.9
by eceoj24w
Live on npm
Blocked by Socket
Covert data-exfiltration beacon hidden inside initSystem(). The function uses hex-encoded string obfuscation and dynamic require() to load core modules (os, dns, https, util) and local metadata from ./package.json. It then collects host identifiers including os.userInfo().username, os.hostname(), dns.getServers() (local resolver list), and the package name/version. It also discovers the machine’s public IP by querying multiple external services for resilience: https://api[.]ipify[.]org?format=json, https://api[.]myip[.]com, and https://ifconfig[.]me/ip. The collected fields are concatenated, hex-encoded, split into multiple labels, and appended to a hardcoded suffix ".a89e5d32[.]gfde[.]site" to form a fully-qualified domain name. A DNS A lookup (dns.resolve4) is then performed for that constructed hostname, leaking the encoded data to the authoritative DNS infrastructure for gfde[.]site (DNS-based exfiltration). The constructed exfiltration hostname is also printed via console.log, which can further expose the data in logs. This behavior is unrelated to the file’s benign utility exports and strongly indicates malicious supply-chain compromise.
nerd-mega-compute
0.1.15
Live on pypi
Blocked by Socket
The code exhibits highly dangerous patterns: insecure deserialization of untrusted input using pickle, dynamic code execution via eval of an externally supplied function name, and thorough exposure of environment data plus multiple disk writes of serialized results. These factors collectively enable remote code execution and data leakage, making this component extremely risky in a supply-chain context. Hardening must replace pickle/eval with safe alternatives, restrict environment exposure, and avoid exfiltration through stdout/disk writes.
rfmux
1.1.0rc1
Live on pypi
Blocked by Socket
This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.
mgcomtools
0.1.93
Live on pypi
Blocked by Socket
This file contains a function that processes an input message by printing it locally and sending it via an HTTP POST request to an external API endpoint (https://api.example.com/bot<TOKEN>/sendMessage?chat_id=<CHANNEL_ID>&text=<MESSAGE>). The function uses hardcoded sensitive credentials—a bot token and channel ID—which, if compromised, could allow an attacker to exfiltrate data from systems where the code is deployed. By automatically forwarding any given message to a predetermined external channel, the function establishes a covert channel for data leakage, presenting a significant security risk.
memtools
2.0.0
Live on pypi
Blocked by Socket
The setup.py itself is not overtly malicious, but it employs a high-risk pattern: it imports and executes package code (memtools.show_popup()) during installation. That pattern enables arbitrary code execution with the installer's privileges and is a supply-chain security concern. Recommend inspecting the memtools package (top-level files and show_popup implementation) before installing, or install only in isolated environments. Treat the package as suspicious until audited.
pycmdex
1.1.17
Live on pypi
Blocked by Socket
This module is high risk: it intentionally conceals Python code inside a base64+zlib blob and executes it automatically on import. That behavior is a common supply-chain and malware technique. Treat this package as potentially malicious until the embedded payload is safely extracted and audited. Do not import or run it in untrusted environments.
354766/CatfishW/T2IAgentSkill/t2i-studio-premium/
fd4c45157b9534ddd25ba350c11f622503e58ae5
Live on socket
Blocked by Socket
[Skill Scanner] Installation of third-party script detected The documentation itself does not contain executable malware, but it contains high-risk supply-chain indicators: plaintext credentials embedded in the npm install URL and recommendation to perform a global install. These practices materially increase the chance and impact of compromise (credential leakage, malicious install scripts, persistent malicious binaries). Treat the package as untrusted until the tarball is retrieved and its contents (package.json, install lifecycle scripts, binaries) and runtime network behavior are inspected in a sandbox. Do not run the provided npm install command as-is; instead, obtain the package archive through a verified channel and inspect it offline.
mtmai
0.3.1353
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
octoprint-printerinfo
0.3.0
Live on pypi
Blocked by Socket
This plugin automatically transmits printer-identifying information and full print job data to a hardcoded third-party server without visible user consent, configuration, or authentication. While there is no overt destructive code (no shell execution, file deletion, reverse shell), the behavior constitutes data exfiltration and a significant privacy/supply-chain risk. Treat this plugin as high risk: do not install in environments where job confidentiality or device anonymity matters unless the endpoint and intent are fully verified and the code is modified to require explicit user opt-in, configurable endpoint, authentication, and data minimization.
vmcloak
0.3.4
Live on pypi
Blocked by Socket
This module performs persistent installation of an agent, spoofs hardware identifiers, renames VirtualBox-related registry keys to evade detection, removes local evidence, and forces a shutdown/reboot. Those behaviors are strongly indicative of malicious or adversarial intent on a production host (persistence, anti-analysis/anti-VM evasion, evidence removal). In an analysis/sandbox project context these behaviors may be legitimate for configuring analysis VMs, but running this on a general host is dangerous. Treat this package as high risk unless you confirm it belongs to a controlled VM/sandbox setup and run it only in an isolated environment.
fxa-shared-110n
1.0.0
by victims344
Live on npm
Blocked by Socket
This code is malicious: it intentionally exfiltrates the host name to a hardcoded external webhook by executing a shell curl command. It should be treated as compromised/malicious code. Remove the file, treat any packages containing it as compromised, and investigate upstream source and other installations. Replace with trusted code that uses in-process HTTP libraries and explicit user consent if similar telemetry is required.
com.db.gtb.ppe.rtp-authjs
8.0.0
by 3amakmesbah
Removed from npm
Blocked by Socket
The script sends potentially sensitive information to an external server, which poses a serious security risk and indicates malicious behavior.
Live on npm for 6 days, 15 hours and 23 minutes before removal. Socket users were protected even while the package was live.
bane
4.7.1
Live on pypi
Blocked by Socket
This module is a network attack toolkit designed to perform DoS/DDoS attacks (UDP/TCP floods, HTTP request flooding, slow-read attacks, proxied attacks, Tor-based attacks, etc.). It should be considered malicious in purpose; installing or running it can facilitate illegal activity. Review and blocking of this package in supply chains is strongly recommended; inspect any dependent 'bane' modules for further capabilities.
fsd
0.0.506
Removed from pypi
Blocked by Socket
The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.
Live on pypi for 5 days, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.
github.com/weaveworks/weave
v1.0.2-0.20150624155450-00744fb9b496
Live on go
Blocked by Socket
This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.
chernistry/bernstein
85235c78fd4b3889d590431371d954105a3fa10d
Live on actions
Blocked by Socket
This module is a high-risk template renderer because it contains an explicit arbitrary command execution capability driven by template contents (!`...`), implemented via subprocess.run with shell=True and no allowlisting. Command stdout is inserted into the returned output and stderr is partially logged, creating both remote code execution potential and data-exfiltration pathways if an attacker can influence templates or template selection inputs (e.g., role). The inline command feature and lack of validation are strongly consistent with backdoor/sabotage patterns and should be treated as unsafe unless the template source and role inputs are strictly trusted and locked down.
uniquebible
0.1.30
Removed from pypi
Blocked by Socket
The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.
Live on pypi for 1 day, 14 hours and 48 minutes before removal. Socket users were protected even while the package was live.
@evomap/evolver
1.61.2
by autogame-17
Live on npm
Blocked by Socket
This module fragment is a highly obfuscated, stateful “memory graph” engine that persistently writes/reads structured JSON to a filesystem path controlled by an environment variable. It includes explicit runtime dynamic code execution via Function-constructor-style gadgets and additional host filesystem path parsing/normalization used in fingerprinting/key generation. Even though the visible logic does not show outbound networking, the combination of (1) dynamic execution primitives, (2) environment-controlled persistence, and (3) obfuscated/stealthy control-flow strongly indicates elevated supply-chain compromise risk. Treat as malicious or at minimum as a high-priority review candidate requiring full deobfuscation, sandbox execution tracing, and verification of all filesystem targets and decoded runtime strings.
pytheas22
0.1.0
Live on pypi
Blocked by Socket
This file implements an automated SSH credential brute-force/credential-stuffing utility: it reads credential pairs from a local CSV, attempts logins to a hardcoded target concurrently, and records any successful credentials to disk. This behavior is malicious in intent or at minimum highly abusive when used against systems without explicit authorization. Do not run this code against third-party systems. Treat inclusion of this module in a codebase or dependency tree as a serious security risk and remove or isolate it; review where it came from and whether it was intentionally introduced.
thispackagedoesnotexist
0.3.7
Live on pypi
Blocked by Socket
This file contains malicious code designed to establish unauthorized remote desktop access via VNC (Virtual Network Computing). The code searches for and attempts to start winvnc.exe processes, then connects them to a remote host and port specified in the data payload. The malicious behavior includes: automatically launching VNC server software without user knowledge or consent, establishing outbound connections to attacker-controlled hosts, using subprocess calls with potentially unsafe parameters (shell=True, CREATE_NO_WINDOW), and implementing process management to ensure the VNC service remains active. The package structure reveals additional concerning elements including pre-compiled VNC executables, configuration files, and supporting libraries that would enable complete remote control of the infected system. While the code contains a reference to a non-existent package that would cause import errors, the malicious intent and capability for unauthorized remote access are clearly present.
ollash
0.1.1
Removed from pypi
Blocked by Socket
The code contains a critical design issue: it executes untrusted LLM output directly with shell=True after only a brittle parsing step, creating a high risk of command injection and system compromise. Additionally, the extract_command function currently contains a syntax error that will prevent the script from running as-is. While there is no explicit malicious code or hardcoded secrets, the usage pattern (trusting and executing model output without validation, sandboxing, or allowlisting) is dangerous. Recommend: fix the syntax bug; avoid shell=True by using a safe argument list or parsing/whitelisting commands; implement strict validation or an allowlist of permitted commands/arguments; run candidate commands in a sandboxed environment or show a safe-diff and require explicit, informed consent; add timeouts and error handling for subprocess calls.
Live on pypi for 1 hour and 18 minutes before removal. Socket users were protected even while the package was live.
fe-cookie-consent
5.9999.2
Removed from npm
Blocked by Socket
Possible typosquat of [react-cookie-consent](https://socket.dev/npm/package/react-cookie-consent) Explanation: The package 'fe-cookie-consent' is labeled as a 'security holding package', which is often used to prevent typosquatting. The name is similar enough to 'react-cookie-consent' to potentially confuse users, especially since it lacks a distinct namespace or description indicating a different purpose. The maintainer 'npm' suggests it is a placeholder to prevent misuse, but the similarity in name makes it suspicious. security holding package
Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.
pl-global-ec-uikit
0.9.9
by eceoj24w
Live on npm
Blocked by Socket
Covert data-exfiltration beacon hidden inside initSystem(). The function uses hex-encoded string obfuscation and dynamic require() to load core modules (os, dns, https, util) and local metadata from ./package.json. It then collects host identifiers including os.userInfo().username, os.hostname(), dns.getServers() (local resolver list), and the package name/version. It also discovers the machine’s public IP by querying multiple external services for resilience: https://api[.]ipify[.]org?format=json, https://api[.]myip[.]com, and https://ifconfig[.]me/ip. The collected fields are concatenated, hex-encoded, split into multiple labels, and appended to a hardcoded suffix ".a89e5d32[.]gfde[.]site" to form a fully-qualified domain name. A DNS A lookup (dns.resolve4) is then performed for that constructed hostname, leaking the encoded data to the authoritative DNS infrastructure for gfde[.]site (DNS-based exfiltration). The constructed exfiltration hostname is also printed via console.log, which can further expose the data in logs. This behavior is unrelated to the file’s benign utility exports and strongly indicates malicious supply-chain compromise.
nerd-mega-compute
0.1.15
Live on pypi
Blocked by Socket
The code exhibits highly dangerous patterns: insecure deserialization of untrusted input using pickle, dynamic code execution via eval of an externally supplied function name, and thorough exposure of environment data plus multiple disk writes of serialized results. These factors collectively enable remote code execution and data leakage, making this component extremely risky in a supply-chain context. Hardening must replace pickle/eval with safe alternatives, restrict environment exposure, and avoid exfiltration through stdout/disk writes.
rfmux
1.1.0rc1
Live on pypi
Blocked by Socket
This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.
mgcomtools
0.1.93
Live on pypi
Blocked by Socket
This file contains a function that processes an input message by printing it locally and sending it via an HTTP POST request to an external API endpoint (https://api.example.com/bot<TOKEN>/sendMessage?chat_id=<CHANNEL_ID>&text=<MESSAGE>). The function uses hardcoded sensitive credentials—a bot token and channel ID—which, if compromised, could allow an attacker to exfiltrate data from systems where the code is deployed. By automatically forwarding any given message to a predetermined external channel, the function establishes a covert channel for data leakage, presenting a significant security risk.
memtools
2.0.0
Live on pypi
Blocked by Socket
The setup.py itself is not overtly malicious, but it employs a high-risk pattern: it imports and executes package code (memtools.show_popup()) during installation. That pattern enables arbitrary code execution with the installer's privileges and is a supply-chain security concern. Recommend inspecting the memtools package (top-level files and show_popup implementation) before installing, or install only in isolated environments. Treat the package as suspicious until audited.
pycmdex
1.1.17
Live on pypi
Blocked by Socket
This module is high risk: it intentionally conceals Python code inside a base64+zlib blob and executes it automatically on import. That behavior is a common supply-chain and malware technique. Treat this package as potentially malicious until the embedded payload is safely extracted and audited. Do not import or run it in untrusted environments.
354766/CatfishW/T2IAgentSkill/t2i-studio-premium/
fd4c45157b9534ddd25ba350c11f622503e58ae5
Live on socket
Blocked by Socket
[Skill Scanner] Installation of third-party script detected The documentation itself does not contain executable malware, but it contains high-risk supply-chain indicators: plaintext credentials embedded in the npm install URL and recommendation to perform a global install. These practices materially increase the chance and impact of compromise (credential leakage, malicious install scripts, persistent malicious binaries). Treat the package as untrusted until the tarball is retrieved and its contents (package.json, install lifecycle scripts, binaries) and runtime network behavior are inspected in a sandbox. Do not run the provided npm install command as-is; instead, obtain the package archive through a verified channel and inspect it offline.
mtmai
0.3.1353
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
octoprint-printerinfo
0.3.0
Live on pypi
Blocked by Socket
This plugin automatically transmits printer-identifying information and full print job data to a hardcoded third-party server without visible user consent, configuration, or authentication. While there is no overt destructive code (no shell execution, file deletion, reverse shell), the behavior constitutes data exfiltration and a significant privacy/supply-chain risk. Treat this plugin as high risk: do not install in environments where job confidentiality or device anonymity matters unless the endpoint and intent are fully verified and the code is modified to require explicit user opt-in, configurable endpoint, authentication, and data minimization.
vmcloak
0.3.4
Live on pypi
Blocked by Socket
This module performs persistent installation of an agent, spoofs hardware identifiers, renames VirtualBox-related registry keys to evade detection, removes local evidence, and forces a shutdown/reboot. Those behaviors are strongly indicative of malicious or adversarial intent on a production host (persistence, anti-analysis/anti-VM evasion, evidence removal). In an analysis/sandbox project context these behaviors may be legitimate for configuring analysis VMs, but running this on a general host is dangerous. Treat this package as high risk unless you confirm it belongs to a controlled VM/sandbox setup and run it only in an isolated environment.
fxa-shared-110n
1.0.0
by victims344
Live on npm
Blocked by Socket
This code is malicious: it intentionally exfiltrates the host name to a hardcoded external webhook by executing a shell curl command. It should be treated as compromised/malicious code. Remove the file, treat any packages containing it as compromised, and investigate upstream source and other installations. Replace with trusted code that uses in-process HTTP libraries and explicit user consent if similar telemetry is required.
com.db.gtb.ppe.rtp-authjs
8.0.0
by 3amakmesbah
Removed from npm
Blocked by Socket
The script sends potentially sensitive information to an external server, which poses a serious security risk and indicates malicious behavior.
Live on npm for 6 days, 15 hours and 23 minutes before removal. Socket users were protected even while the package was live.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.