Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

spr-base-ui

9.9.0

by alexbirsan

Live on npm

Blocked by Socket

The code functions as a DNS-based data exfiltration beacon with runtime DNS reconfiguration for resilience. It targets host/system data, encodes it, and transmits via unusual DNS queries to a controlled domain. The presence of a hostname-based anti-analysis guard and explicit domain suffixes indicates intentional stealth. This represents high security risk and malware-like behavior depending on intent and deployment context.

damn-vulnerable-ai-agent

0.7.4

by ecolibria

Live on npm

Blocked by Socket

This script is an exploit tool for credential theft: it queries a local agent with prompts crafted to extract API keys and other secrets and prints any returned values. It should be treated as malicious in intent. While the script itself does not exfiltrate data to remote hosts, it facilitates unauthorized disclosure of sensitive credentials and provides additional prompt techniques to coax secrets out of agents. Do not run in production environments; remove or isolate such tools and audit the target agent for secret handling misconfigurations.

backdoor-client

0.1.27

by tengweiherr

Removed from npm

Blocked by Socket

The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the 'backdoor-service-worker.js' file contains a suspicious use of an external URL that contains the term "backdoor" and the potential for the code to alter responses dynamically points to a high likelihood of malicious intent.

Live on npm for 46 days, 6 hours and 11 minutes before removal. Socket users were protected even while the package was live.

expo-superwall

0.7.2

by makisuo-superwall

Live on npm

Blocked by Socket

This package runs a local postinstall script (scripts/check-expo-version.js) during installation and publishes the scripts folder, so the script will be executed on install. That behavior is the primary risk: any arbitrary code in that script can perform data exfiltration, install backdoors, modify files, or run reverse shells. Additionally, the use of identical non-version dependencies across sections (expo, react-native) with wildcard '*' increases supply-chain risk per the provided critical rules. No remote-code-download URLs were found, and no overrides/resolutions redirecting to non-registry sources were present. Recommended action: inspect the contents of scripts/check-expo-version.js (and any files in the published scripts folder) before installing; prefer packages that avoid install-time code execution or constrain dependency versions; treat duplicate non-versioned dependency declarations as suspicious and verify upstream intent.

nodelogex

3.17.1

by devwills

Live on npm

Blocked by Socket

The code includes a deliberate time-gated remote-code-fetch-and-execute backdoor: after a hardcoded publish time it downloads a base64-encoded JavaScript payload from a Google Drive URL, decodes it, builds a Function from the fetched source, and executes it with Node's require. This gives arbitrary remote code full access to the host process (filesystem, network, child processes, env). There are no integrity checks, and errors are silently ignored. Treat this as a critical supply-chain backdoor; remove or block this code and consider the package compromised.

libdw

3.1.5

Live on pypi

Blocked by Socket

This module implements an unauthenticated, network-accessible command listener that accepts raw null-separated command strings and dispatches them into the application via common.do. Because it binds to all interfaces, runs without authentication or encryption, and directly executes dispatch functions on untrusted input, it represents a high security risk and can function as a backdoor. Remediation: remove or restrict this listener, require strong authentication and TLS, add input validation, proper error handling, binding to localhost or explicit interfaces, and audit/limit what common.do can execute.

xyloxml

0.1.0

Removed from pypi

Blocked by Socket

This module implements an interpreter that evaluates arbitrary Python expressions and executes code parsed from input text using eval() and exec() with module globals. There are no obfuscated or hidden malicious payloads in the file itself, but the interpreter design allows arbitrary code execution and side effects if template text or context are attacker-controlled. In trusted scenarios (templates and context strictly controlled) this can be acceptable, but using this with untrusted templates or untrusted context presents a critical security risk (remote code execution, data exfiltration, filesystem/process/network access). Recommend treating this as unsafe for untrusted inputs and deploying strict sandboxing or removing eval/exec usage before use in hostile environments.

Live on pypi for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

sqrt-bn-enhanced

2.0.2

Removed from npm

Blocked by Socket

This module contains a deliberate credential-stealing backdoor: when sqrt_bn() is called and a .env file exists in process.cwd(), the code reads and parses the .env file and exfiltrates its contents via HTTP POST to Telegram Bot API endpoints (bot token embedded, specific chat IDs). The core math functions are benign, but the secret harvesting/exfiltration is malicious, unrelated to library functionality, and poses a severe supply-chain/security risk. Immediate remediation: remove/replace the package, revoke any exposed tokens found in .env, and audit systems for further compromise.

Live on npm for 14 hours and 50 minutes before removal. Socket users were protected even while the package was live.

@esvndev/es-react-import-export

1.0.38

by esvndev

Live on npm

Blocked by Socket

High severity supply-chain security concerns. The module embeds a dialog templating engine that evaluates template-provided values using new Function(`return ${value}`)(), creating an arbitrary JavaScript execution primitive in the browser if an attacker can influence the template DOM/markup. It also performs unsanitized DOM HTML injection via DOMParser/appendChild and includes suspicious environment-gated remote audio loading/playback from a hardcoded external domain. Treat this dependency as unsafe and require replacement or strict sandboxing/templating removal.

@beisen-oneops/amis-core

1.0.2-alpha.14

by beisen_oneops

Live on npm

Blocked by Socket

This fragment contains two major high-risk behaviors: (1) remote/untrusted network content is executed as JavaScript via new Function in jsFetcher, and (2) JSONP fetching injects and executes a remote script from api.url. Additionally, conditional expression evaluation (tpl.evalExpression) and proxyUrl selection based on decrypted server data increase overall risk. These patterns are consistent with payload execution/tracking frameworks and should be reviewed for strict allowlists and safe implementations. Malware probability is therefore elevated, though exact exploitability depends on how api.url/response.data/tpl.evalExpression are controlled/validated elsewhere.

fca-cyber-rajib

4.0.4

by islamickcyberchat

Live on npm

Blocked by Socket

The module implements Facebook Messenger realtime MQTT handling and mostly contains plausible, legitimate logic. However, it includes a large intentionally obfuscated payload that is decoded and executed with eval() during message processing. That is a strong supply-chain/malware indicator: runtime-evaluated concealed code, dynamic require and dynamic global mutation. Even if the visible surrounding logic is benign, the eval block could perform data exfiltration, load additional modules, or alter behavior unpredictably. I recommend treating this package as high risk until the obfuscated evaled code is decoded and reviewed; do not use in sensitive environments.

ul-api-utils

9.4.0

Live on pypi

Blocked by Socket

Overall, the fragment implements a cookie-activated, remote-debugger loading mechanism that can enable remote code execution if the loaded debugger script is compromised or tampered with. While it may serve legitimate debugging purposes in controlled environments, it presents a meaningful supply-chain and remote-code risk. Best practices would constrain activation to trusted contexts, add integrity/whitelisting checks, and avoid loading external scripts based on client-controlled state. Default behavior should be secure by design with no activation required for production.

vite-config-react

1.2.7

by nathan333

Live on npm

Blocked by Socket

This module is a high-confidence remote code execution loader: it makes an outbound request to a hardcoded URL, uses an untrusted response field (`data.logger`) as JavaScript code, and executes it via `new Function` while providing `require` to the payload. The embedded credential-like values and console-log preservation further align with supply-chain/backdoor behavior. Immediate review/removal is warranted.

musescore-dl

0.33.0

by librescore-user

Removed from npm

Blocked by Socket

The code exhibits potentially malicious behavior, particularly with the use of eval-like Function constructor for executing dynamically constructed code strings, which can lead to arbitrary code execution vulnerabilities. Additionally, the direct use of external URLs and base64 encoded images could be leveraged for XSS attacks or malicious content delivery. Developers should sanitize all inputs and consider safer alternatives to eval-like constructs.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

termites

1.0.0

by maplewizard

Live on npm

Blocked by Socket

This code implements a full-featured reverse shell / remote administration backdoor: it registers system identity to a remote WebSocket server, spawns an interactive shell with full environment, streams shell output to the server, and accepts remote input that is written directly to the shell (allowing arbitrary remote command execution). It enables exfiltration of sensitive data (shell output, files, environment variables) and persistent remote control (reconnect/backoff). Treat as high-risk/malicious in supply-chain contexts; do not run unless you explicitly trust the remote server and intend this behavior.

ironclaw

2026.2.15-1.6

Live on npm

Blocked by Socket

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

plengauer/thoth

7ccc406dffb0275b436114bb570e92ad274b1ee6

Live on actions

Blocked by Socket

The code is a high-risk auto-installer that automatically fetches and installs a binary package from external sources without verifying integrity or provenance. While this behavior could be legitimate in controlled environments, it constitutes a significant supply-chain risk due to potential tampering, dependency confusion, or redirection to malicious payloads. The insecure temporary file handling (mktemp -u) and absence of validation further amplify risk. Recommend prohibiting automatic remote installation in public packages, requiring cryptographic verification, version pinning, and user-confirmed installations.

opendagent

0.2.8

Live on pypi

Blocked by Socket

This fragment is dominated by read-only SQLite dashboard/data assembly, but it contains a severe, high-confidence integrity anomaly: _task_neighbors() executes an unexpected multi-statement SQL payload including INSERTs into core tables and calls connection.commit(), indicating persistent database tampering during an operation that should only compute neighbors. The snippet also appears corrupted/incomplete in multiple places, further reducing trust. Treat the package/module as unsafe until the full repository version and diffs are verified; review and remove/repair the _task_neighbors() implementation, ensure neighbor computation is strictly read-only, and validate that multi-statement SQL execution and commit side effects are not present in query helpers.

tiktok-coins-hack603

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

mcp-ashare-quant

0.1.4

Live on pypi

Blocked by Socket

The code does not itself contain obfuscated or clearly malicious payloads, but it deliberately executes the first 'multipart.py' it finds on any sys.path entry and installs it as the 'multipart' module. This is a significant supply-chain and path-hijacking risk: an attacker able to place a file named 'multipart.py' on an earlier sys.path entry can achieve arbitrary code execution in the process. The fallback import contains a probable typo that may cause runtime ImportError. Recommend removing or narrowing the sys.path scan, validating file provenance, and fixing the fallback names.

baileys-cleaner

1.0.4

by ztuyctyara

Removed from npm

Blocked by Socket

This script checks that it is running under "/home/container", then recursively archives files from that directory into a password-protected ZIP (password 'zyuraa'), captures the host’s non-internal IPv4 address, and uploads the archive via multipart/form-data to catbox[.]moe (https://catbox[.]moe/user/api.php). Upon success or failure, it posts the IP address and the upload link or error details to a Firebase Realtime Database endpoint at https://db-node-dmp-default-rtdb[.]asia-southeast1[.]firebasedatabase[.]app/npm-dump.json. Temporary files are removed after completion or on error. This behavior constitutes unauthorized data theft and exfiltration.

Live on npm for 12 days, 16 hours and 54 minutes before removal. Socket users were protected even while the package was live.

visitor-targeting

1.0.2

by anupamas02

Removed from npm

Blocked by Socket

The code poses significant privacy and security risks by transmitting sensitive user information to an external server without consent. The behavior aligns with data theft and potential malicious activity, warranting a high malware and security risk score.

Live on npm for 8 days, 19 hours and 46 minutes before removal. Socket users were protected even while the package was live.

csound-wasm

6.15.0-3

by hlolli

Live on npm

Blocked by Socket

High likelihood of malicious or sabotaging behavior due to (1) execution of base64-delivered JavaScript via AudioWorklet addModule, (2) message-driven RPC that can read/write/call/construct arbitrary object paths based on ev.data, and (3) large embedded binary/heap/encoding routines that appear unrelated to standard Comlink/worker messaging. Even without full context, the combination of these anomalies and the presence of exploit-like tooling elevates malware risk.

spr-base-ui

9.9.0

by alexbirsan

Live on npm

Blocked by Socket

The code functions as a DNS-based data exfiltration beacon with runtime DNS reconfiguration for resilience. It targets host/system data, encodes it, and transmits via unusual DNS queries to a controlled domain. The presence of a hostname-based anti-analysis guard and explicit domain suffixes indicates intentional stealth. This represents high security risk and malware-like behavior depending on intent and deployment context.

damn-vulnerable-ai-agent

0.7.4

by ecolibria

Live on npm

Blocked by Socket

This script is an exploit tool for credential theft: it queries a local agent with prompts crafted to extract API keys and other secrets and prints any returned values. It should be treated as malicious in intent. While the script itself does not exfiltrate data to remote hosts, it facilitates unauthorized disclosure of sensitive credentials and provides additional prompt techniques to coax secrets out of agents. Do not run in production environments; remove or isolate such tools and audit the target agent for secret handling misconfigurations.

backdoor-client

0.1.27

by tengweiherr

Removed from npm

Blocked by Socket

The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the 'backdoor-service-worker.js' file contains a suspicious use of an external URL that contains the term "backdoor" and the potential for the code to alter responses dynamically points to a high likelihood of malicious intent.

Live on npm for 46 days, 6 hours and 11 minutes before removal. Socket users were protected even while the package was live.

expo-superwall

0.7.2

by makisuo-superwall

Live on npm

Blocked by Socket

This package runs a local postinstall script (scripts/check-expo-version.js) during installation and publishes the scripts folder, so the script will be executed on install. That behavior is the primary risk: any arbitrary code in that script can perform data exfiltration, install backdoors, modify files, or run reverse shells. Additionally, the use of identical non-version dependencies across sections (expo, react-native) with wildcard '*' increases supply-chain risk per the provided critical rules. No remote-code-download URLs were found, and no overrides/resolutions redirecting to non-registry sources were present. Recommended action: inspect the contents of scripts/check-expo-version.js (and any files in the published scripts folder) before installing; prefer packages that avoid install-time code execution or constrain dependency versions; treat duplicate non-versioned dependency declarations as suspicious and verify upstream intent.

nodelogex

3.17.1

by devwills

Live on npm

Blocked by Socket

The code includes a deliberate time-gated remote-code-fetch-and-execute backdoor: after a hardcoded publish time it downloads a base64-encoded JavaScript payload from a Google Drive URL, decodes it, builds a Function from the fetched source, and executes it with Node's require. This gives arbitrary remote code full access to the host process (filesystem, network, child processes, env). There are no integrity checks, and errors are silently ignored. Treat this as a critical supply-chain backdoor; remove or block this code and consider the package compromised.

libdw

3.1.5

Live on pypi

Blocked by Socket

This module implements an unauthenticated, network-accessible command listener that accepts raw null-separated command strings and dispatches them into the application via common.do. Because it binds to all interfaces, runs without authentication or encryption, and directly executes dispatch functions on untrusted input, it represents a high security risk and can function as a backdoor. Remediation: remove or restrict this listener, require strong authentication and TLS, add input validation, proper error handling, binding to localhost or explicit interfaces, and audit/limit what common.do can execute.

xyloxml

0.1.0

Removed from pypi

Blocked by Socket

This module implements an interpreter that evaluates arbitrary Python expressions and executes code parsed from input text using eval() and exec() with module globals. There are no obfuscated or hidden malicious payloads in the file itself, but the interpreter design allows arbitrary code execution and side effects if template text or context are attacker-controlled. In trusted scenarios (templates and context strictly controlled) this can be acceptable, but using this with untrusted templates or untrusted context presents a critical security risk (remote code execution, data exfiltration, filesystem/process/network access). Recommend treating this as unsafe for untrusted inputs and deploying strict sandboxing or removing eval/exec usage before use in hostile environments.

Live on pypi for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

sqrt-bn-enhanced

2.0.2

Removed from npm

Blocked by Socket

This module contains a deliberate credential-stealing backdoor: when sqrt_bn() is called and a .env file exists in process.cwd(), the code reads and parses the .env file and exfiltrates its contents via HTTP POST to Telegram Bot API endpoints (bot token embedded, specific chat IDs). The core math functions are benign, but the secret harvesting/exfiltration is malicious, unrelated to library functionality, and poses a severe supply-chain/security risk. Immediate remediation: remove/replace the package, revoke any exposed tokens found in .env, and audit systems for further compromise.

Live on npm for 14 hours and 50 minutes before removal. Socket users were protected even while the package was live.

@esvndev/es-react-import-export

1.0.38

by esvndev

Live on npm

Blocked by Socket

High severity supply-chain security concerns. The module embeds a dialog templating engine that evaluates template-provided values using new Function(`return ${value}`)(), creating an arbitrary JavaScript execution primitive in the browser if an attacker can influence the template DOM/markup. It also performs unsanitized DOM HTML injection via DOMParser/appendChild and includes suspicious environment-gated remote audio loading/playback from a hardcoded external domain. Treat this dependency as unsafe and require replacement or strict sandboxing/templating removal.

@beisen-oneops/amis-core

1.0.2-alpha.14

by beisen_oneops

Live on npm

Blocked by Socket

This fragment contains two major high-risk behaviors: (1) remote/untrusted network content is executed as JavaScript via new Function in jsFetcher, and (2) JSONP fetching injects and executes a remote script from api.url. Additionally, conditional expression evaluation (tpl.evalExpression) and proxyUrl selection based on decrypted server data increase overall risk. These patterns are consistent with payload execution/tracking frameworks and should be reviewed for strict allowlists and safe implementations. Malware probability is therefore elevated, though exact exploitability depends on how api.url/response.data/tpl.evalExpression are controlled/validated elsewhere.

fca-cyber-rajib

4.0.4

by islamickcyberchat

Live on npm

Blocked by Socket

The module implements Facebook Messenger realtime MQTT handling and mostly contains plausible, legitimate logic. However, it includes a large intentionally obfuscated payload that is decoded and executed with eval() during message processing. That is a strong supply-chain/malware indicator: runtime-evaluated concealed code, dynamic require and dynamic global mutation. Even if the visible surrounding logic is benign, the eval block could perform data exfiltration, load additional modules, or alter behavior unpredictably. I recommend treating this package as high risk until the obfuscated evaled code is decoded and reviewed; do not use in sensitive environments.

ul-api-utils

9.4.0

Live on pypi

Blocked by Socket

Overall, the fragment implements a cookie-activated, remote-debugger loading mechanism that can enable remote code execution if the loaded debugger script is compromised or tampered with. While it may serve legitimate debugging purposes in controlled environments, it presents a meaningful supply-chain and remote-code risk. Best practices would constrain activation to trusted contexts, add integrity/whitelisting checks, and avoid loading external scripts based on client-controlled state. Default behavior should be secure by design with no activation required for production.

vite-config-react

1.2.7

by nathan333

Live on npm

Blocked by Socket

This module is a high-confidence remote code execution loader: it makes an outbound request to a hardcoded URL, uses an untrusted response field (`data.logger`) as JavaScript code, and executes it via `new Function` while providing `require` to the payload. The embedded credential-like values and console-log preservation further align with supply-chain/backdoor behavior. Immediate review/removal is warranted.

musescore-dl

0.33.0

by librescore-user

Removed from npm

Blocked by Socket

The code exhibits potentially malicious behavior, particularly with the use of eval-like Function constructor for executing dynamically constructed code strings, which can lead to arbitrary code execution vulnerabilities. Additionally, the direct use of external URLs and base64 encoded images could be leveraged for XSS attacks or malicious content delivery. Developers should sanitize all inputs and consider safer alternatives to eval-like constructs.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

termites

1.0.0

by maplewizard

Live on npm

Blocked by Socket

This code implements a full-featured reverse shell / remote administration backdoor: it registers system identity to a remote WebSocket server, spawns an interactive shell with full environment, streams shell output to the server, and accepts remote input that is written directly to the shell (allowing arbitrary remote command execution). It enables exfiltration of sensitive data (shell output, files, environment variables) and persistent remote control (reconnect/backoff). Treat as high-risk/malicious in supply-chain contexts; do not run unless you explicitly trust the remote server and intend this behavior.

ironclaw

2026.2.15-1.6

Live on npm

Blocked by Socket

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

plengauer/thoth

7ccc406dffb0275b436114bb570e92ad274b1ee6

Live on actions

Blocked by Socket

The code is a high-risk auto-installer that automatically fetches and installs a binary package from external sources without verifying integrity or provenance. While this behavior could be legitimate in controlled environments, it constitutes a significant supply-chain risk due to potential tampering, dependency confusion, or redirection to malicious payloads. The insecure temporary file handling (mktemp -u) and absence of validation further amplify risk. Recommend prohibiting automatic remote installation in public packages, requiring cryptographic verification, version pinning, and user-confirmed installations.

opendagent

0.2.8

Live on pypi

Blocked by Socket

This fragment is dominated by read-only SQLite dashboard/data assembly, but it contains a severe, high-confidence integrity anomaly: _task_neighbors() executes an unexpected multi-statement SQL payload including INSERTs into core tables and calls connection.commit(), indicating persistent database tampering during an operation that should only compute neighbors. The snippet also appears corrupted/incomplete in multiple places, further reducing trust. Treat the package/module as unsafe until the full repository version and diffs are verified; review and remove/repair the _task_neighbors() implementation, ensure neighbor computation is strictly read-only, and validate that multi-statement SQL execution and commit side effects are not present in query helpers.

tiktok-coins-hack603

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

mcp-ashare-quant

0.1.4

Live on pypi

Blocked by Socket

The code does not itself contain obfuscated or clearly malicious payloads, but it deliberately executes the first 'multipart.py' it finds on any sys.path entry and installs it as the 'multipart' module. This is a significant supply-chain and path-hijacking risk: an attacker able to place a file named 'multipart.py' on an earlier sys.path entry can achieve arbitrary code execution in the process. The fallback import contains a probable typo that may cause runtime ImportError. Recommend removing or narrowing the sys.path scan, validating file provenance, and fixing the fallback names.

baileys-cleaner

1.0.4

by ztuyctyara

Removed from npm

Blocked by Socket

This script checks that it is running under "/home/container", then recursively archives files from that directory into a password-protected ZIP (password 'zyuraa'), captures the host’s non-internal IPv4 address, and uploads the archive via multipart/form-data to catbox[.]moe (https://catbox[.]moe/user/api.php). Upon success or failure, it posts the IP address and the upload link or error details to a Firebase Realtime Database endpoint at https://db-node-dmp-default-rtdb[.]asia-southeast1[.]firebasedatabase[.]app/npm-dump.json. Temporary files are removed after completion or on error. This behavior constitutes unauthorized data theft and exfiltration.

Live on npm for 12 days, 16 hours and 54 minutes before removal. Socket users were protected even while the package was live.

visitor-targeting

1.0.2

by anupamas02

Removed from npm

Blocked by Socket

The code poses significant privacy and security risks by transmitting sensitive user information to an external server without consent. The behavior aligns with data theft and potential malicious activity, warranting a high malware and security risk score.

Live on npm for 8 days, 19 hours and 46 minutes before removal. Socket users were protected even while the package was live.

csound-wasm

6.15.0-3

by hlolli

Live on npm

Blocked by Socket

High likelihood of malicious or sabotaging behavior due to (1) execution of base64-delivered JavaScript via AudioWorklet addModule, (2) message-driven RPC that can read/write/call/construct arbitrary object paths based on ev.data, and (3) large embedded binary/heap/encoding routines that appear unrelated to standard Comlink/worker messaging. Even without full context, the combination of these anomalies and the presence of exploit-like tooling elevates malware risk.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles