Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

groove-dev

0.17.5

by groove-ai

Live on npm

Blocked by Socket

This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.

patientenapp

3.3.1563

Removed from npm

Blocked by Socket

The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

yxspkg

6.6.0

Live on pypi

Blocked by Socket

The fragment is an opaque, binary/packed payload or heavily obfuscated content that cannot be reliably analyzed statically. While this alone does not prove malicious intent, it signals high risk and warrants isolation, request for a readable source or deobfuscated form, and controlled dynamic analysis to determine any harmful behavior or data leakage potential.

tensorkube

0.0.91

Live on pypi

Blocked by Socket

This template itself is not obfuscated and contains no direct data-exfiltration code, but it provisions a Lambda with broad, potentially destructive privileges (IAM deletion/modify, ECR deletion, CloudFormation DeleteStack, EFS deletion, S3 delete, EC2 security group deletion). The template configures automatic invocation of that Lambda to delete ECR images as part of stack operations. If the referenced Lambda image is untrusted or compromised, these permissions could be abused to cause substantial account-wide damage. Recommend treating this as high-risk from a privilege perspective: audit and pin the Lambda image, restrict IAM policies to least privilege (avoid Resource:"*"), and require manual approval for destructive teardown actions.

ravstack

18.0.2

by ravproject.dev

Live on npm

Blocked by Socket

This code fragment implements an obfuscated, command-executing OS bridge that performs more than monitoring: it can capture the screen, access/copy the clipboard, scan WiFi/network identifiers, terminate/target browser processes, and execute disruptive system/power actions including scheduled-task creation. The combination of sensitive-data capture plus direct host control and persistence-like behavior indicates a strong malicious/spyware/remote-agent risk. Treat the package as highly dangerous and unsuitable for inclusion without strong isolation and full-code review (especially for any network exfiltration not shown here).

pinokiod

3.9.25

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

@cr0wst/rsnoop

1.0.0

by cr0wst

Live on npm

Blocked by Socket

The code presents significant security risks due to its functionality of snooping on RabbitMQ exchanges, which could lead to unauthorized access to sensitive data. The potential for misuse warrants a high malware and risk score.

downcity

1.0.467

by wangenius

Live on npm

Blocked by Socket

This module is high-risk because it contains an explicit HTTP-driven pathway to execute shell commands using a request-supplied command (even though execution time is clamped). Additionally, it implements a broad /api/* proxy that forwards raw requests to an upstream URL derived from agent selection. If strict authentication/authorization, command allowlisting/sanitization, and tightly constrained upstream URL construction/forwarding are not enforced in the referenced handlers, this effectively provides remote control-plane capabilities with potential for RCE and proxy abuse.

py-solana-cli

1.3

Live on pypi

Blocked by Socket

This code intentionally reads a local Solana keypair file (defaulting to C:\\solana\\keypair.json or a user-supplied path) and uploads it to a hard-coded Telegram bot/chat. The presence of clear-text bot credentials and a direct requests.post of the file indicate deliberate credential theft/data exfiltration. The package should be treated as malicious: do not run it, rotate any exposed keys, and remove the package from systems where it executed.

torchmonarch-nightly

2025.10.19

Live on pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

elf-stats-silvered-bow-679

1.0.0

by niwdee

Live on npm

Blocked by Socket

This postinstall hook executes local JavaScript during installation. Without inspecting index.js, this is high risk: it may perform data exfiltration, install additional code, modify the system, or run arbitrary commands. Treat this as suspicious; inspect the contents of index.js before installing or avoid installing the package in sensitive environments.

mtmai

0.3.1332

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

monolith-twirp-copilotapi-chat

1.0.53

by Nick Quaranto

Live on rubygems

Blocked by Socket

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

esm.dev

2.0.7

by johngeorgewright

Live on npm

Blocked by Socket

The code automates an interactive npm login using hardcoded credentials, introducing significant security risks (credential leakage, abuse, backdoor-like behavior) and fragile behavior. Remove hardcoded credentials, avoid non-interactive login automation, and adopt secure authentication methods (e.g., environment-based secrets, npm tokens, or CI secrets with proper access controls). Implement robust error handling and validate registry before attempting login.

oujec.assigs

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

win32library.pieroviano

1.0.0.28

by Piero Viano

Live on nuget

Blocked by Socket

The code exhibits strong indicators of obfuscation and high-risk capabilities (process control, network share management, registry ACL changes, and runtime payload decryption). Although legitimate admin tooling cannot be ruled out, the combination of runtime- decrypting payloads, broad system access, and covert I/O redirection constitutes a credible risk of malicious behavior or backdoor-like potential, especially in a supply-chain context. Recommend treating this as a high-risk component requiring sandboxed testing, full behavioral analysis, and, if possible, removal or strict access controls before deployment in open-source or client-facing packages.

muaddib-scanner

2.2.14

by dnszlsk

Live on npm

Blocked by Socket

This package is malicious: its postinstall hook executes index.js on install and the package description explicitly identifies it as a Discord webhook credential-exfiltration sample. Installing this package will very likely cause sensitive data to be collected and sent to an attacker-controlled webhook and therefore presents a high risk of data exfiltration and compromise.

slg-dev-ops

1.21.10

Live on pypi

Blocked by Socket

This script contains high-risk operations and insecure practices. The most serious issue is copying the local private SSH key to the remote host, which is credential exfiltration and allows the remote host to impersonate the local user elsewhere. Additionally, interpolating passwords and other inputs into shell commands (subprocess.run with shell=True) creates shell injection and credential leakage risks. The code as given contains undefined variables and would not run as-is, but its intent is concerning. Treat this code as dangerous: do not run it with real keys or against untrusted hosts; review and remove any copying of private keys and replace unsafe sudo/password handling and shell interpolation with secure alternatives (use ssh-copy-id for public keys, use ssh-agent or proper key management, avoid echoing passwords, avoid shell=True or properly escape inputs).

tgpski/skeptic

29a54baeb6e1e934d3b191c646e42359b8c8751b

Live on actions

Blocked by Socket

This fragment is a strong secret-harvesting probe: it attempts to read multiple high-value credential/config files from standard developer locations (AWS/GCP credentials, SSH private key, npm/Docker auth, and .env) while suppressing errors to avoid noisy failures. Because the snippet ends before showing what happens to the read data, actual exfiltration is not confirmed here, but the intent and targeting pattern present a significant supply-chain security concern and warrants full-module review for any transmission or misuse of `content`.

fca-test

20.0.8

by johnlester-umaru

Removed from npm

Blocked by Socket

The code includes a piece of obfuscated JavaScript that employs an eval function, which is suspicious and indicative of potential malicious intent, especially considering the unnecessary complexity. There is also an attempt to handle errors in a way that seems to suggest awareness of code tampering, which is not a common practice in benign code.

Live on npm for 3 hours and 14 minutes before removal. Socket users were protected even while the package was live.

ire-preview

3.2.35

by esaia

Live on npm

Blocked by Socket

This front-end module contains a critical sink: it executes arbitrary JavaScript from data-driven tooltip actions via eval(actionData.script). If the action/script payload can be influenced through compromised configuration/data (e.g., via CMS/API/supply-chain), it provides immediate client-side arbitrary code execution. Additionally, it opens and links to external URLs and loads images using store-provided URL strings without visible allowlisting/sanitization in this module, increasing phishing/tabnabbing and untrusted navigation/resource risks.

@swiggy-private/js-utils

99999999.10004.9999

by webbdays

Live on npm

Blocked by Socket

The code exhibits behavior typical of malware by collecting and transmitting sensitive system information to an external server without user consent. This poses a significant security risk.

groove-dev

0.17.5

by groove-ai

Live on npm

Blocked by Socket

This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.

patientenapp

3.3.1563

Removed from npm

Blocked by Socket

The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

yxspkg

6.6.0

Live on pypi

Blocked by Socket

The fragment is an opaque, binary/packed payload or heavily obfuscated content that cannot be reliably analyzed statically. While this alone does not prove malicious intent, it signals high risk and warrants isolation, request for a readable source or deobfuscated form, and controlled dynamic analysis to determine any harmful behavior or data leakage potential.

tensorkube

0.0.91

Live on pypi

Blocked by Socket

This template itself is not obfuscated and contains no direct data-exfiltration code, but it provisions a Lambda with broad, potentially destructive privileges (IAM deletion/modify, ECR deletion, CloudFormation DeleteStack, EFS deletion, S3 delete, EC2 security group deletion). The template configures automatic invocation of that Lambda to delete ECR images as part of stack operations. If the referenced Lambda image is untrusted or compromised, these permissions could be abused to cause substantial account-wide damage. Recommend treating this as high-risk from a privilege perspective: audit and pin the Lambda image, restrict IAM policies to least privilege (avoid Resource:"*"), and require manual approval for destructive teardown actions.

ravstack

18.0.2

by ravproject.dev

Live on npm

Blocked by Socket

This code fragment implements an obfuscated, command-executing OS bridge that performs more than monitoring: it can capture the screen, access/copy the clipboard, scan WiFi/network identifiers, terminate/target browser processes, and execute disruptive system/power actions including scheduled-task creation. The combination of sensitive-data capture plus direct host control and persistence-like behavior indicates a strong malicious/spyware/remote-agent risk. Treat the package as highly dangerous and unsuitable for inclusion without strong isolation and full-code review (especially for any network exfiltration not shown here).

pinokiod

3.9.25

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

@cr0wst/rsnoop

1.0.0

by cr0wst

Live on npm

Blocked by Socket

The code presents significant security risks due to its functionality of snooping on RabbitMQ exchanges, which could lead to unauthorized access to sensitive data. The potential for misuse warrants a high malware and risk score.

downcity

1.0.467

by wangenius

Live on npm

Blocked by Socket

This module is high-risk because it contains an explicit HTTP-driven pathway to execute shell commands using a request-supplied command (even though execution time is clamped). Additionally, it implements a broad /api/* proxy that forwards raw requests to an upstream URL derived from agent selection. If strict authentication/authorization, command allowlisting/sanitization, and tightly constrained upstream URL construction/forwarding are not enforced in the referenced handlers, this effectively provides remote control-plane capabilities with potential for RCE and proxy abuse.

py-solana-cli

1.3

Live on pypi

Blocked by Socket

This code intentionally reads a local Solana keypair file (defaulting to C:\\solana\\keypair.json or a user-supplied path) and uploads it to a hard-coded Telegram bot/chat. The presence of clear-text bot credentials and a direct requests.post of the file indicate deliberate credential theft/data exfiltration. The package should be treated as malicious: do not run it, rotate any exposed keys, and remove the package from systems where it executed.

torchmonarch-nightly

2025.10.19

Live on pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

elf-stats-silvered-bow-679

1.0.0

by niwdee

Live on npm

Blocked by Socket

This postinstall hook executes local JavaScript during installation. Without inspecting index.js, this is high risk: it may perform data exfiltration, install additional code, modify the system, or run arbitrary commands. Treat this as suspicious; inspect the contents of index.js before installing or avoid installing the package in sensitive environments.

mtmai

0.3.1332

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

monolith-twirp-copilotapi-chat

1.0.53

by Nick Quaranto

Live on rubygems

Blocked by Socket

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

esm.dev

2.0.7

by johngeorgewright

Live on npm

Blocked by Socket

The code automates an interactive npm login using hardcoded credentials, introducing significant security risks (credential leakage, abuse, backdoor-like behavior) and fragile behavior. Remove hardcoded credentials, avoid non-interactive login automation, and adopt secure authentication methods (e.g., environment-based secrets, npm tokens, or CI secrets with proper access controls). Implement robust error handling and validate registry before attempting login.

oujec.assigs

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

win32library.pieroviano

1.0.0.28

by Piero Viano

Live on nuget

Blocked by Socket

The code exhibits strong indicators of obfuscation and high-risk capabilities (process control, network share management, registry ACL changes, and runtime payload decryption). Although legitimate admin tooling cannot be ruled out, the combination of runtime- decrypting payloads, broad system access, and covert I/O redirection constitutes a credible risk of malicious behavior or backdoor-like potential, especially in a supply-chain context. Recommend treating this as a high-risk component requiring sandboxed testing, full behavioral analysis, and, if possible, removal or strict access controls before deployment in open-source or client-facing packages.

muaddib-scanner

2.2.14

by dnszlsk

Live on npm

Blocked by Socket

This package is malicious: its postinstall hook executes index.js on install and the package description explicitly identifies it as a Discord webhook credential-exfiltration sample. Installing this package will very likely cause sensitive data to be collected and sent to an attacker-controlled webhook and therefore presents a high risk of data exfiltration and compromise.

slg-dev-ops

1.21.10

Live on pypi

Blocked by Socket

This script contains high-risk operations and insecure practices. The most serious issue is copying the local private SSH key to the remote host, which is credential exfiltration and allows the remote host to impersonate the local user elsewhere. Additionally, interpolating passwords and other inputs into shell commands (subprocess.run with shell=True) creates shell injection and credential leakage risks. The code as given contains undefined variables and would not run as-is, but its intent is concerning. Treat this code as dangerous: do not run it with real keys or against untrusted hosts; review and remove any copying of private keys and replace unsafe sudo/password handling and shell interpolation with secure alternatives (use ssh-copy-id for public keys, use ssh-agent or proper key management, avoid echoing passwords, avoid shell=True or properly escape inputs).

tgpski/skeptic

29a54baeb6e1e934d3b191c646e42359b8c8751b

Live on actions

Blocked by Socket

This fragment is a strong secret-harvesting probe: it attempts to read multiple high-value credential/config files from standard developer locations (AWS/GCP credentials, SSH private key, npm/Docker auth, and .env) while suppressing errors to avoid noisy failures. Because the snippet ends before showing what happens to the read data, actual exfiltration is not confirmed here, but the intent and targeting pattern present a significant supply-chain security concern and warrants full-module review for any transmission or misuse of `content`.

fca-test

20.0.8

by johnlester-umaru

Removed from npm

Blocked by Socket

The code includes a piece of obfuscated JavaScript that employs an eval function, which is suspicious and indicative of potential malicious intent, especially considering the unnecessary complexity. There is also an attempt to handle errors in a way that seems to suggest awareness of code tampering, which is not a common practice in benign code.

Live on npm for 3 hours and 14 minutes before removal. Socket users were protected even while the package was live.

ire-preview

3.2.35

by esaia

Live on npm

Blocked by Socket

This front-end module contains a critical sink: it executes arbitrary JavaScript from data-driven tooltip actions via eval(actionData.script). If the action/script payload can be influenced through compromised configuration/data (e.g., via CMS/API/supply-chain), it provides immediate client-side arbitrary code execution. Additionally, it opens and links to external URLs and loads images using store-provided URL strings without visible allowlisting/sanitization in this module, increasing phishing/tabnabbing and untrusted navigation/resource risks.

@swiggy-private/js-utils

99999999.10004.9999

by webbdays

Live on npm

Blocked by Socket

The code exhibits behavior typical of malware by collecting and transmitting sensitive system information to an external server without user consent. This poses a significant security risk.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles