Launch Week Day 4: Introducing Data Exports.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

openclaw-cojad

2604.8.2100

by cojad

Live on npm

Blocked by Socket

This module is explicitly designed for supply-chain style configuration hijacking. It captures a provided OpenAI API key during non-interactive onboarding, persists it into plugin configuration, injects an attacker-controlled provider endpoint, enables the malicious plugin automatically, and rewrites default agent model routing to use the attacker-defined provider/model. If executed without a robust guard, it would enable credential theft and/or traffic redirection. The included test suggests the host project intends to block this exact class of hijack, but the plugin logic itself is malicious.

newdcm.office

2.0.0

by rosiu

Live on nuget

Blocked by Socket

This fragment is dominated by a sophisticated in-memory loader/packer pattern: it reconstructs and decrypts embedded payload data, inspects process memory mappings, modifies its own process memory via /proc/self/mem, changes/uses native memory mapping/protection primitives, and executes hidden logic via reflection-based delegate wiring and DynamicMethod IL generation. The visible Excel/PDF/report helper surface appears stubbed/decoy-like in this fragment. Overall, the module should be treated as extremely high risk for supply-chain compromise; malware intent is strongly indicated, even though outbound network exfiltration is not clearly demonstrated within the shown code.

luksdk-web

1.1.15

by luksdk

Live on npm

Blocked by Socket

The code embodies a high-risk runtime interception and resource-redirection mechanism within an iframe. It hijacks script loading, rewrites network/resource URLs to blob-based equivalents, detects and reacts to cocos engine versions, and rewrites core engine loaders. Although some parts might serve legitimate offline-preload or anti-tamper aims, the overall pattern enables covert manipulation of asset loading and potential data leakage via parent window communication. Provenance and strict scope controls are essential before enabling such functionality in a production supply chain.

norsodikin

0.8.9.2

Live on pypi

Blocked by Socket

The flagged Python class (SSHUserManager) carries out privileged system operations and remote exfiltration. It embeds a hard-coded Telegram bot token (7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA) and chat_id (1964437366), dynamically imports modules via __import__(), and uses subprocess.run with sudo to add users (adduser), set passwords (chpasswd), grant sudo privileges (usermod ‑aG sudo), expire/delete accounts (usermod --expiredate, deluser), and clear the terminal. It retrieves the host IP with os.popen('hostname -I') and sends SSH credentials and host information in plaintext to https://api[.]telegram[.]org/bot7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA/sendMessage, including an inline keyboard link to https://t[.]me/NorSodikin. This pattern enables unauthorized backdoor provisioning and credential exfiltration, posing a severe security risk.

emuto

1.42.0

by kantord

Live on npm

Blocked by Socket

The code exhibits a dangerous dynamic execution pattern (eval of compiler(sourceCode)) that allows arbitrary code to run at runtime from untrusted input. This is a significant supply-chain and runtime-security risk. Treat as high-risk; remove or replace eval with a safe, declarative transformation or implement strict sandboxing and provenance checks.

yrodevgit/codetazer

v1.8

Live on composer

Blocked by Socket

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

vworldviewdir

1.0.0

by 0x000asdqwe

Live on npm

Blocked by Socket

The snippet unconditionally exfiltrates package and environment metadata to a hardcoded external domain via HTTPS POST and surfaces the response to stdout. While it could be legitimate telemetry in some contexts, the lack of user consent, configurability, authentication, or error handling makes it a privacy/security concern and warrants removal or strict controls in any distribution.

uniquebible

0.1.52

Live on pypi

Blocked by Socket

The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.

unified-login-url

9.6.0

by jpdhackerone02

Live on npm

Blocked by Socket

This module is designed to collect host-identifying metadata (hostname, username, local/public IPs, working directory, OS details) and exfiltrate it to remote servers using plaintext HTTP to hardcoded IP addresses and a WebSocket fallback. The suppression of logging during the npm 'preinstall' lifecycle event and dynamic imports for network libraries are strong indicators of stealthy, likely malicious behavior. Treat this package as malicious or at minimum unacceptable unauthorized telemetry. Remove or isolate it, audit projects where it appears, and block the listed endpoints/network egress.

ailever

0.3.344

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

azure-graphrbac

13.10.1000

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 4 hours and 24 minutes before removal. Socket users were protected even while the package was live.

arc402-cli

1.0.0-rc.1

by arc402

Live on npm

Blocked by Socket

A malicious drain tool in package/src/drain-v4.ts orchestrates a WalletConnect/MetaMask approval flow to entice the user, then uses a locally stored private key to authorize and execute an ETH transfer from the targeted contract (V4_WALLET) to a hardcoded attacker/OWNER address, reading local secrets from the machine.

exif-utils

0.1.53

by mshwarzberg

Removed from npm

Blocked by Socket

The code contains potential security risks due to the direct execution of shell commands with user-provided paths without proper sanitization. This could lead to command injection attacks. While no explicit malicious intent is observed, the security risks are significant and should be addressed.

Live on npm for 154 days, 16 hours and 16 minutes before removal. Socket users were protected even while the package was live.

tx-engine

0.6.6

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

mtmai

0.4.141

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

backtrader-bokeh

0.8.9

Live on pypi

Blocked by Socket

The fragment is a highly obfuscated payload designed to hide and execute arbitrary code at runtime. The use of reversed base64 decoding followed by an immediate exec constitutes a classic malware/backdoor delivery technique. Given the obfuscation level and dynamic execution, this code represents a significant security risk and should be treated as malicious until proven benign through thorough, controlled decoding in a secure environment.

mysten-metrics

9.0.1

Live on cargo

Blocked by Socket

This code is highly suspicious and strongly consistent with malicious telemetry/exfiltration/beaconing behavior: it collects host/user/directory metadata and sends it to a hardcoded external webhook using PowerShell. The presence of a supply-chain “hit” marker further supports a triggered validation/beacon motive rather than benign functionality.

mtmai

0.3.1138

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

onnxruntime-winml

1.0.0

Removed from pypi

Blocked by Socket

This fragment performs an immediate, unsolicited network beacon to a hardcoded external server on import/execution. While the payload here is only a static 'HelloBeacon' string and there is no direct evidence of data theft or destructive actions, the pattern (import-time network call, hardcoded endpoint, browser-like User-Agent, unused imports) is a supply-chain red flag. Treat the package as suspicious: do not allow this code to run in sensitive environments until the repository owner and intent are validated, the endpoint provenance is confirmed, and network calls are made opt-in or removed. Audit the full package for any code that reads local secrets, encodes data, or performs additional outbound connections.

Live on pypi for 4 hours and 51 minutes before removal. Socket users were protected even while the package was live.

harperdb

3.2.1

by harperdb_team

Live on npm

Blocked by Socket

The install script itself (node-gyp-build) appears to be a legitimate build step for a native addon but increases risk due to native code execution. The duplicative declaration of msgpackr in dependencies and optionalDependencies matches the supplied CRITICAL DEPENDENCY RULE and should be treated as a high-risk indicator that warrants further investigation (look at how msgpackr resolves in lockfiles, overrides, and the published tarball). No immediate evidence of remote command execution, telemetry, or exfiltration in the install script, but the native build step and the dependency-section duplication raise significant concern.

github.com/rclone/rclone

v1.64.1-0.20231123164903-5fba5025168a

Live on go

Blocked by Socket

The code embeds a real OpenSSH private key and materializes it on disk to enable a local SFTP server using rclone with a fixed authorized key. This creates a high risk of credential leakage, backdoor-style access, and abuse if the package is used in a larger project or in production. Recommend removing hardcoded secrets, using ephemeral or dynamically provisioned keys, and avoiding exposing local services or sensitive credentials unless strictly audited. If SFTP must be provided, implement robust access controls, separate key management, and audit all sourced scripts (e.g., rclone-serve.bash).

openclaw-cojad

2604.8.2100

by cojad

Live on npm

Blocked by Socket

This module is explicitly designed for supply-chain style configuration hijacking. It captures a provided OpenAI API key during non-interactive onboarding, persists it into plugin configuration, injects an attacker-controlled provider endpoint, enables the malicious plugin automatically, and rewrites default agent model routing to use the attacker-defined provider/model. If executed without a robust guard, it would enable credential theft and/or traffic redirection. The included test suggests the host project intends to block this exact class of hijack, but the plugin logic itself is malicious.

newdcm.office

2.0.0

by rosiu

Live on nuget

Blocked by Socket

This fragment is dominated by a sophisticated in-memory loader/packer pattern: it reconstructs and decrypts embedded payload data, inspects process memory mappings, modifies its own process memory via /proc/self/mem, changes/uses native memory mapping/protection primitives, and executes hidden logic via reflection-based delegate wiring and DynamicMethod IL generation. The visible Excel/PDF/report helper surface appears stubbed/decoy-like in this fragment. Overall, the module should be treated as extremely high risk for supply-chain compromise; malware intent is strongly indicated, even though outbound network exfiltration is not clearly demonstrated within the shown code.

luksdk-web

1.1.15

by luksdk

Live on npm

Blocked by Socket

The code embodies a high-risk runtime interception and resource-redirection mechanism within an iframe. It hijacks script loading, rewrites network/resource URLs to blob-based equivalents, detects and reacts to cocos engine versions, and rewrites core engine loaders. Although some parts might serve legitimate offline-preload or anti-tamper aims, the overall pattern enables covert manipulation of asset loading and potential data leakage via parent window communication. Provenance and strict scope controls are essential before enabling such functionality in a production supply chain.

norsodikin

0.8.9.2

Live on pypi

Blocked by Socket

The flagged Python class (SSHUserManager) carries out privileged system operations and remote exfiltration. It embeds a hard-coded Telegram bot token (7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA) and chat_id (1964437366), dynamically imports modules via __import__(), and uses subprocess.run with sudo to add users (adduser), set passwords (chpasswd), grant sudo privileges (usermod ‑aG sudo), expire/delete accounts (usermod --expiredate, deluser), and clear the terminal. It retrieves the host IP with os.popen('hostname -I') and sends SSH credentials and host information in plaintext to https://api[.]telegram[.]org/bot7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA/sendMessage, including an inline keyboard link to https://t[.]me/NorSodikin. This pattern enables unauthorized backdoor provisioning and credential exfiltration, posing a severe security risk.

emuto

1.42.0

by kantord

Live on npm

Blocked by Socket

The code exhibits a dangerous dynamic execution pattern (eval of compiler(sourceCode)) that allows arbitrary code to run at runtime from untrusted input. This is a significant supply-chain and runtime-security risk. Treat as high-risk; remove or replace eval with a safe, declarative transformation or implement strict sandboxing and provenance checks.

yrodevgit/codetazer

v1.8

Live on composer

Blocked by Socket

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

vworldviewdir

1.0.0

by 0x000asdqwe

Live on npm

Blocked by Socket

The snippet unconditionally exfiltrates package and environment metadata to a hardcoded external domain via HTTPS POST and surfaces the response to stdout. While it could be legitimate telemetry in some contexts, the lack of user consent, configurability, authentication, or error handling makes it a privacy/security concern and warrants removal or strict controls in any distribution.

uniquebible

0.1.52

Live on pypi

Blocked by Socket

The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.

unified-login-url

9.6.0

by jpdhackerone02

Live on npm

Blocked by Socket

This module is designed to collect host-identifying metadata (hostname, username, local/public IPs, working directory, OS details) and exfiltrate it to remote servers using plaintext HTTP to hardcoded IP addresses and a WebSocket fallback. The suppression of logging during the npm 'preinstall' lifecycle event and dynamic imports for network libraries are strong indicators of stealthy, likely malicious behavior. Treat this package as malicious or at minimum unacceptable unauthorized telemetry. Remove or isolate it, audit projects where it appears, and block the listed endpoints/network egress.

ailever

0.3.344

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

azure-graphrbac

13.10.1000

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 4 hours and 24 minutes before removal. Socket users were protected even while the package was live.

arc402-cli

1.0.0-rc.1

by arc402

Live on npm

Blocked by Socket

A malicious drain tool in package/src/drain-v4.ts orchestrates a WalletConnect/MetaMask approval flow to entice the user, then uses a locally stored private key to authorize and execute an ETH transfer from the targeted contract (V4_WALLET) to a hardcoded attacker/OWNER address, reading local secrets from the machine.

exif-utils

0.1.53

by mshwarzberg

Removed from npm

Blocked by Socket

The code contains potential security risks due to the direct execution of shell commands with user-provided paths without proper sanitization. This could lead to command injection attacks. While no explicit malicious intent is observed, the security risks are significant and should be addressed.

Live on npm for 154 days, 16 hours and 16 minutes before removal. Socket users were protected even while the package was live.

tx-engine

0.6.6

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

mtmai

0.4.141

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

backtrader-bokeh

0.8.9

Live on pypi

Blocked by Socket

The fragment is a highly obfuscated payload designed to hide and execute arbitrary code at runtime. The use of reversed base64 decoding followed by an immediate exec constitutes a classic malware/backdoor delivery technique. Given the obfuscation level and dynamic execution, this code represents a significant security risk and should be treated as malicious until proven benign through thorough, controlled decoding in a secure environment.

mysten-metrics

9.0.1

Live on cargo

Blocked by Socket

This code is highly suspicious and strongly consistent with malicious telemetry/exfiltration/beaconing behavior: it collects host/user/directory metadata and sends it to a hardcoded external webhook using PowerShell. The presence of a supply-chain “hit” marker further supports a triggered validation/beacon motive rather than benign functionality.

mtmai

0.3.1138

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

onnxruntime-winml

1.0.0

Removed from pypi

Blocked by Socket

This fragment performs an immediate, unsolicited network beacon to a hardcoded external server on import/execution. While the payload here is only a static 'HelloBeacon' string and there is no direct evidence of data theft or destructive actions, the pattern (import-time network call, hardcoded endpoint, browser-like User-Agent, unused imports) is a supply-chain red flag. Treat the package as suspicious: do not allow this code to run in sensitive environments until the repository owner and intent are validated, the endpoint provenance is confirmed, and network calls are made opt-in or removed. Audit the full package for any code that reads local secrets, encodes data, or performs additional outbound connections.

Live on pypi for 4 hours and 51 minutes before removal. Socket users were protected even while the package was live.

harperdb

3.2.1

by harperdb_team

Live on npm

Blocked by Socket

The install script itself (node-gyp-build) appears to be a legitimate build step for a native addon but increases risk due to native code execution. The duplicative declaration of msgpackr in dependencies and optionalDependencies matches the supplied CRITICAL DEPENDENCY RULE and should be treated as a high-risk indicator that warrants further investigation (look at how msgpackr resolves in lockfiles, overrides, and the published tarball). No immediate evidence of remote command execution, telemetry, or exfiltration in the install script, but the native build step and the dependency-section duplication raise significant concern.

github.com/rclone/rclone

v1.64.1-0.20231123164903-5fba5025168a

Live on go

Blocked by Socket

The code embeds a real OpenSSH private key and materializes it on disk to enable a local SFTP server using rclone with a fixed authorized key. This creates a high risk of credential leakage, backdoor-style access, and abuse if the package is used in a larger project or in production. Recommend removing hardcoded secrets, using ephemeral or dynamically provisioned keys, and avoiding exposing local services or sensitive credentials unless strictly audited. If SFTP must be provided, implement robust access controls, separate key management, and audit all sourced scripts (e.g., rclone-serve.bash).

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles