Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

gh555.qqq

15.73.90

by kkn1n

Removed from openvsx

Blocked by Socket

The threat is a VS Code extension (qqq.js) that uses Chrome DevTools Protocol to automate a Chromium instance, harvests session cookies and related headers via Network.getCookies and document.cookie, and reuses these credentials in subsequent download requests. It also auto-downloads and executes external binaries and components from various sources, with ancillary clipboard access and interop code, creating multiple attack surfaces including supply-chain risk and potential data leakage. Overall, it represents a credential-stealing and exfiltration risk tied to a browser automation workflow and external binary usage.

Live on openvsx for 28 days, 12 hours and 51 minutes before removal. Socket users were protected even while the package was live.

nyc-config

4.9.0

by jpdtestjpd

Removed from npm

Blocked by Socket

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 5 hours and 53 minutes before removal. Socket users were protected even while the package was live.

github.com/yaklang/yaklang

v1.3.3-rc7.0.20240523120910-b17b1b3f81d0

Live on go

Blocked by Socket

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

netdog

0.1.6

Removed from pypi

Blocked by Socket

This module implements a bidirectional bridge between network sockets and a local process, enabling interactive remote control (remote shell) when exec is provided. It is high-risk: subprocess creation uses shell=True and network input is forwarded directly to subprocess stdin with no authentication, authorization, encryption, or sanitization. In a trusted, well-controlled environment (local-only testing, isolated VM) it can be useful; in general production or untrusted-network deployments it should be considered dangerous and not used without adding robust authentication, encryption (TLS), input validation, and avoiding shell=True (use list args). Recommendation: do not run exposed to untrusted networks; change subprocess invocation to avoid shell=True, add authentication and TLS, and restrict/validate exec strings and network sources.

Live on pypi for 2 hours before removal. Socket users were protected even while the package was live.

composio-core

0.1.59

Removed from pypi

Blocked by Socket

This module contains risky behavior consistent with a supply-chain/security misconfiguration rather than explicit malicious code. The most serious issue is a hardcoded API key embedded in source and use of an SDK client to fetch remote data which is then written into the package filesystem. The subprocess calls to read git user.name/email add further privacy risk. There is no explicit code that exfiltrates or executes arbitrary code, but the secret in source and file-write side-effects make this package unsuitable for use until credentials are removed and behavior is made explicit and secure.

Live on pypi for 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

wileys

0.2.6

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

mtmai

0.4.206

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

snakeddos

0.0.2

Live on pypi

Blocked by Socket

This file implements a malicious network flood and local-file transmission tool. It will create massive concurrent outbound TCP connections and stream a local file to the configured target — actions consistent with denial-of-service and data-exfiltration malware. The code is not obfuscated but is intentionally destructive/abusive. Do not run this code. Investigate any instances where this file appears in repositories or systems and treat as malicious/artifact of abuse. The script also contains a syntax error that may prevent execution as provided.

igf

1.1.1

by GitHub Actions

Live on npm

Blocked by Socket

This dependency fragment is a high-capability in-process instrumentation and runtime manipulation toolkit. It can dynamically generate executable wrappers (eval), compile native code (CModule), patch executable memory (Memory.protect/patchCode) and rewrite execution entrypoints/trampolines, replace Objective-C/ART/Dalvik methods, and enable JDWP debugging/control via socketpair handshake. While it may be dual-use (debugging), its active tampering + code execution capabilities make it strongly dangerous in a supply-chain context and consistent with malware-like sabotage/backdoor behavior potential if misused by consumers or an attacker.

mtmai

0.4.190

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

neutrinoparticles.pixi

2.1.0

by y.miroshnyk

Live on npm

Blocked by Socket

This module contains a high-severity supply-chain/asset execution risk: it dynamically executes loader-provided JavaScript content using eval() to instantiate a NeutrinoEffect, then uses the resulting effect to control subsequent texture loading and rendering behavior. If resource.data is attacker-influenced (compromised asset, tampered CDN/package, or malicious effect resource), this provides arbitrary code execution in the application context. Rendering/buffer code is largely non-suspicious aside from consuming attacker-controlled outputs.

escape-htlm

1.0.10

by xwlazssz

Removed from npm

Blocked by Socket

The code exhibits malicious behavior consistent with ransomware, including unauthorized file encryption and suspicious network communication. The legitimate error handling functionality is likely being used as a cover for the ransomware components. Immediate action is required to address the threat posed by this code.

Live on npm for 2 hours and 46 minutes before removal. Socket users were protected even while the package was live.

@0xme5war/apicli

2.0.0

Live on npm

Blocked by Socket

The package will automatically run index.js during installation via the postinstall hook. This is a high-risk behavior because it grants the package arbitrary code execution on the host at install time. The package metadata (description 'Hijack', odd repository field) increases suspicion. Inspect the contents of index.js before installing or avoid installing this package from untrusted sources.

vddocumentlib

5.2.4

by moneji3377

Removed from npm

Blocked by Socket

The code exhibits characteristics of potentially malicious behavior, including DNS resolution to suspicious domains and execution of obfuscated commands. The use of obfuscation suggests an attempt to conceal its true intent, which could be harmful. The risk and malware scores are high due to these factors.

Live on npm for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

github.com/XiaomingX/data-cve-poc

v0.0.0-20250123002740-ed79d10af151

Live on go

Blocked by Socket

This code fragment is overwhelmingly indicative of an offensive Grav CMS exploit/PoC. It automates authenticated admin interaction, creates a new page, harvests nonce tokens from HTML, and submits attacker-controlled content intended to trigger SSTI/RCE and command execution. The only notable uncertainty is that the payload literal is missing/incomplete in the provided fragment, but the injection chain and explicit exploitation messaging remain strong indicators of malicious intent.

@flasher/flasher-sweetalert

1.3.1

by yoeunes

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

sbcli-dev

4.0.8

Live on pypi

Blocked by Socket

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

cbdev2024test

12.0.0

by cbdev2024

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by collecting and sending detailed system information to a remote server without user consent. The use of a detached child process suggests an attempt to maintain persistence. This poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

1.0.1

Live on pypi

Blocked by Socket

This module is high risk. It deliberately conceals executable code in an embedded compressed Base64 blob and executes it immediately on import via exec(). That pattern grants the payload full program privileges with no visibility or integrity checks, and is frequently used for malicious supply-chain implants. If you cannot fully decode and audit the inner payload, treat this package as untrusted and remove or isolate it. If permitted, decode and inspect (or run in a tightly controlled sandbox) the decompressed source to determine intent before allowing use in production.

docs-component-size-limit-dialog

1.1.0

by xml69120

Removed from npm

Blocked by Socket

The code executes system commands and sends their output to a suspicious remote server, indicating potential malicious behavior. The code is not obfuscated, but it poses a high security risk due to the nature of the actions performed.

Live on npm for 13 hours and 32 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.1182

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

kfsd

0.0.167

Live on pypi

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

ailever

1.0.104

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

gh555.qqq

15.73.90

by kkn1n

Removed from openvsx

Blocked by Socket

The threat is a VS Code extension (qqq.js) that uses Chrome DevTools Protocol to automate a Chromium instance, harvests session cookies and related headers via Network.getCookies and document.cookie, and reuses these credentials in subsequent download requests. It also auto-downloads and executes external binaries and components from various sources, with ancillary clipboard access and interop code, creating multiple attack surfaces including supply-chain risk and potential data leakage. Overall, it represents a credential-stealing and exfiltration risk tied to a browser automation workflow and external binary usage.

Live on openvsx for 28 days, 12 hours and 51 minutes before removal. Socket users were protected even while the package was live.

nyc-config

4.9.0

by jpdtestjpd

Removed from npm

Blocked by Socket

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 5 hours and 53 minutes before removal. Socket users were protected even while the package was live.

github.com/yaklang/yaklang

v1.3.3-rc7.0.20240523120910-b17b1b3f81d0

Live on go

Blocked by Socket

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

netdog

0.1.6

Removed from pypi

Blocked by Socket

This module implements a bidirectional bridge between network sockets and a local process, enabling interactive remote control (remote shell) when exec is provided. It is high-risk: subprocess creation uses shell=True and network input is forwarded directly to subprocess stdin with no authentication, authorization, encryption, or sanitization. In a trusted, well-controlled environment (local-only testing, isolated VM) it can be useful; in general production or untrusted-network deployments it should be considered dangerous and not used without adding robust authentication, encryption (TLS), input validation, and avoiding shell=True (use list args). Recommendation: do not run exposed to untrusted networks; change subprocess invocation to avoid shell=True, add authentication and TLS, and restrict/validate exec strings and network sources.

Live on pypi for 2 hours before removal. Socket users were protected even while the package was live.

composio-core

0.1.59

Removed from pypi

Blocked by Socket

This module contains risky behavior consistent with a supply-chain/security misconfiguration rather than explicit malicious code. The most serious issue is a hardcoded API key embedded in source and use of an SDK client to fetch remote data which is then written into the package filesystem. The subprocess calls to read git user.name/email add further privacy risk. There is no explicit code that exfiltrates or executes arbitrary code, but the secret in source and file-write side-effects make this package unsuitable for use until credentials are removed and behavior is made explicit and secure.

Live on pypi for 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

wileys

0.2.6

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

mtmai

0.4.206

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

snakeddos

0.0.2

Live on pypi

Blocked by Socket

This file implements a malicious network flood and local-file transmission tool. It will create massive concurrent outbound TCP connections and stream a local file to the configured target — actions consistent with denial-of-service and data-exfiltration malware. The code is not obfuscated but is intentionally destructive/abusive. Do not run this code. Investigate any instances where this file appears in repositories or systems and treat as malicious/artifact of abuse. The script also contains a syntax error that may prevent execution as provided.

igf

1.1.1

by GitHub Actions

Live on npm

Blocked by Socket

This dependency fragment is a high-capability in-process instrumentation and runtime manipulation toolkit. It can dynamically generate executable wrappers (eval), compile native code (CModule), patch executable memory (Memory.protect/patchCode) and rewrite execution entrypoints/trampolines, replace Objective-C/ART/Dalvik methods, and enable JDWP debugging/control via socketpair handshake. While it may be dual-use (debugging), its active tampering + code execution capabilities make it strongly dangerous in a supply-chain context and consistent with malware-like sabotage/backdoor behavior potential if misused by consumers or an attacker.

mtmai

0.4.190

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

neutrinoparticles.pixi

2.1.0

by y.miroshnyk

Live on npm

Blocked by Socket

This module contains a high-severity supply-chain/asset execution risk: it dynamically executes loader-provided JavaScript content using eval() to instantiate a NeutrinoEffect, then uses the resulting effect to control subsequent texture loading and rendering behavior. If resource.data is attacker-influenced (compromised asset, tampered CDN/package, or malicious effect resource), this provides arbitrary code execution in the application context. Rendering/buffer code is largely non-suspicious aside from consuming attacker-controlled outputs.

escape-htlm

1.0.10

by xwlazssz

Removed from npm

Blocked by Socket

The code exhibits malicious behavior consistent with ransomware, including unauthorized file encryption and suspicious network communication. The legitimate error handling functionality is likely being used as a cover for the ransomware components. Immediate action is required to address the threat posed by this code.

Live on npm for 2 hours and 46 minutes before removal. Socket users were protected even while the package was live.

@0xme5war/apicli

2.0.0

Live on npm

Blocked by Socket

The package will automatically run index.js during installation via the postinstall hook. This is a high-risk behavior because it grants the package arbitrary code execution on the host at install time. The package metadata (description 'Hijack', odd repository field) increases suspicion. Inspect the contents of index.js before installing or avoid installing this package from untrusted sources.

vddocumentlib

5.2.4

by moneji3377

Removed from npm

Blocked by Socket

The code exhibits characteristics of potentially malicious behavior, including DNS resolution to suspicious domains and execution of obfuscated commands. The use of obfuscation suggests an attempt to conceal its true intent, which could be harmful. The risk and malware scores are high due to these factors.

Live on npm for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

github.com/XiaomingX/data-cve-poc

v0.0.0-20250123002740-ed79d10af151

Live on go

Blocked by Socket

This code fragment is overwhelmingly indicative of an offensive Grav CMS exploit/PoC. It automates authenticated admin interaction, creates a new page, harvests nonce tokens from HTML, and submits attacker-controlled content intended to trigger SSTI/RCE and command execution. The only notable uncertainty is that the payload literal is missing/incomplete in the provided fragment, but the injection chain and explicit exploitation messaging remain strong indicators of malicious intent.

@flasher/flasher-sweetalert

1.3.1

by yoeunes

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

sbcli-dev

4.0.8

Live on pypi

Blocked by Socket

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

cbdev2024test

12.0.0

by cbdev2024

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by collecting and sending detailed system information to a remote server without user consent. The use of a detached child process suggests an attempt to maintain persistence. This poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

1.0.1

Live on pypi

Blocked by Socket

This module is high risk. It deliberately conceals executable code in an embedded compressed Base64 blob and executes it immediately on import via exec(). That pattern grants the payload full program privileges with no visibility or integrity checks, and is frequently used for malicious supply-chain implants. If you cannot fully decode and audit the inner payload, treat this package as untrusted and remove or isolate it. If permitted, decode and inspect (or run in a tightly controlled sandbox) the decompressed source to determine intent before allowing use in production.

docs-component-size-limit-dialog

1.1.0

by xml69120

Removed from npm

Blocked by Socket

The code executes system commands and sends their output to a suspicious remote server, indicating potential malicious behavior. The code is not obfuscated, but it poses a high security risk due to the nature of the actions performed.

Live on npm for 13 hours and 32 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.1182

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

kfsd

0.0.167

Live on pypi

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

ailever

1.0.104

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles