Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

mroylib-min

1.7.54

Live on pypi

Blocked by Socket

This code is malicious or at minimum intentionally dangerous. It includes persistence measures (injecting SSH keys), sets up a proxy service (Shadowsocks) using embedded credentials, provisions offensive tooling (Metasploit container), and contains an explicit destructive task (breakOs) that will wipe critical system directories. The module provides unfettered remote command execution and file upload capabilities. Do not run this code on any system you care about; consider it hostile and remove or quarantine it.

kevinrabun/judges

b1d0640e10b48d48c7dd6b5529711148df5d7adb

Live on actions

Blocked by Socket

This function is critically insecure: it reads a file determined by caller input and directly passes its contents to eval(), enabling arbitrary code execution and potential path traversal. Treat as high security risk. Replace eval with safe deserialization (ast.literal_eval or json), validate and normalize the filename (reject path separators, use a whitelist), add access controls and exception handling. If arbitrary execution is required, implement a secure sandbox and rigorous input validation.

tx-engine

0.5.3

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

354766/quantmind-br/skills/dokploy-docs/

f7f58471f2206018368a405ca699ac0ccb20f746

Live on socket

Blocked by Socket

The documentation describes a legitimate self-hosted deployment platform and the requested capabilities align with the stated purpose. The primary security concern is the use of an unpinned, pipe-to-shell installation command (curl | sh) which executes remote code on the user's machine. That pattern is a significant supply-chain risk because it allows arbitrary code execution from the remote host if the installer or domain is compromised. There is no clear evidence in the provided text of active malicious behavior (no hardcoded secrets, exfiltration endpoints, or obfuscated payloads), but the installation approach elevates the risk for users. Recommended mitigations: inspect the install.sh script before running, prefer installation via package manager or pinned release artifacts with checksums/signatures, and run the installer in a controlled environment (VM) if possible.

simo

3.1.8

Live on pypi

Blocked by Socket

This module implements powerful, privileged backup/restore operations and contains many dangerous operations (writing raw disk images, repartitioning, formatting, LVM snapshot removal, and reboot). I find no indicators of stealthy malware (no network exfiltration, no obfuscated payload, no credential harvesting). However, the code has multiple security and safety concerns: use of shell=True with device-derived strings (shell injection risk), automatic destructive actions on removable devices (dd, mkfs, wipefs, sgdisk), weak input validation and error handling, and surprising DB deletions. Treat this package as high-risk to run on production systems unless audited and run in a controlled environment with least privilege and proper input sanitization.

py-clob-clients

0.1.5

Live on pypi

Blocked by Socket

This fragment implements covert configuration exfiltration/telemetry: it reads a local .env file (and specific sensitive env inputs), builds a JSON payload containing a largely unredacted snapshot of dotenv values (only COOKIE-like keys are redacted), and POSTs it to a hardcoded external IP over plaintext HTTP or a user-controlled override URL. It also transmits derived key-status and potentially a wallet address derived from a private key. This is strongly inconsistent with benign client behavior and represents a high security risk for secrets leakage in supply-chain contexts, even though the fragment truncation slightly limits certainty about one-time gating.

meichen.workservice

6.0.9

by MeiChen

Live on nuget

Blocked by Socket

This assembly contains a heavily obfuscated runtime loader with capabilities to decrypt embedded payloads, allocate executable memory, modify runtime/JIT pointers, write into process memory (and other processes), and dynamically execute code. Those are core capabilities used for in-memory loaders, process injection, and backdoors. Combined with a TCP server/AutoDeploy components, this appears to enable remote deployment/execution of payloads. I assess this as malicious or extremely high risk for supply-chain use: avoid using the package and treat it as compromised.

pycore

17.4.1

Live on pypi

Blocked by Socket

This module persistently modifies system package sources to add a hardcoded third-party APT repository and then runs apt-get update/upgrade/install with non-interactive and permissive flags. If executed with sufficient privileges, it will fetch and install packages from that third-party repository without confirmation or explicit verification of repository trust. This presents a high supply-chain and system compromise risk: do not run this code on production or privileged systems. Treat as dangerous and audit or sandbox thoroughly before execution. Replace test-style execution with explicit, auditable provisioning workflows, add GPG verification, avoid --force-yes, and require explicit operator consent.

spider-core

1.3.11

by johneniola

Live on npm

Blocked by Socket

High security risk. This module is designed to locate reCAPTCHA widgets on a page and attempt to complete/bypass them by (1) injecting caller-provided solution.text into the g-recaptcha-response element using innerHTML and (2) executing or invoking a callback from reCAPTCHA client configuration, including a critical eval(client.callback) path that can lead to arbitrary JavaScript execution in the page context. These are strong indicators of CAPTCHA bypass tooling and create substantial supply-chain exposure. Recommend treating this dependency as unsafe without strong justification and isolating it behind strict controls.

analytics-omniture-constants

99.91.1

by poclabs

Removed from npm

Blocked by Socket

The file collects system data—such as IP address, organization details from ipinfo[.]io, hostname, and current working directory—and sends it in encoded DNS queries to a suspicious domain (cexor[.]icu). This data exfiltration technique strongly aligns with malicious activity and poses a significant security risk.

Live on npm for 14 days, 17 hours and 28 minutes before removal. Socket users were protected even while the package was live.

iparapheur-utils-beta

0.0.1.post446890

Live on pypi

Blocked by Socket

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

backdoor-client

0.1.34

by tengweiherr

Live on npm

Blocked by Socket

The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the 'backdoor-service-worker.js' file contains a suspicious use of an external URL that contains the term "backdoor" and the potential for the code to alter responses dynamically points to a high likelihood of malicious intent.

portland-trail-blazers-nba-jersey958

1.0.2

by robowxw

Removed from npm

Blocked by Socket

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 11 days, 7 hours and 55 minutes before removal. Socket users were protected even while the package was live.

logicdn

1.0.475

by vcheckzen

Live on npm

Blocked by Socket

This fragment contains a high-risk supply-chain pattern: on Linux it downloads an executable from a public GitHub raw URL and executes it (subprocess.Popen), then routes HTTP requests through the resulting local proxy. That external binary’s behavior is not verifiable from this code, making sabotage/backdoor/proxy abuse plausible. Additional concerns include disabling TLS verification (verify=False) and saving files derived from remote URLs. Overall, treat this dependency/execution step as requiring strong scrutiny (pinning, signature verification, and sandboxing) before use.

github.com/bishopfox/sliver

v1.5.40-0.20231119180105-853fb02e9f9f

Live on go

Blocked by Socket

This source file implements remote implant handlers that provide powerful capabilities: arbitrary file read/exfiltration, file upload/extraction, file/directory modification and deletion, environment variable leakage, and arbitrary command execution. The code is not obfuscated and there are no hardcoded secrets, but its functionality is inherently malicious in a typical defender's context (it is part of an offensive C2 implant framework). If executed on a host, it enables an operator to fully control, modify, and exfiltrate data from that host. Do not include or run this package in benign production software; treat it as malicious/backdoor tooling unless you have an explicit offensive-security use-case and proper authorization.

jenkee

0.4.0

Live on pypi

Blocked by Socket

This code intentionally retrieves and emits plaintext Jenkins StringCredentials secrets by generating and executing Groovy on the Jenkins instance, then parsing and optionally printing the secret. It is a legitimate administrative recovery tool but is an obvious credential-exfiltration primitive and should be treated as high-risk if accessible to non-administrative actors. Recommend restricting execution to trusted admins, escaping/sanitizing credential_id on interpolation, avoiding printing secrets to stdout/logs (use secure vault APIs or redact output), and auditing call sites that execute the generated Groovy.

disgrasya

8.37.9

Live on pypi

Blocked by Socket

This code is explicitly designed to automate WooCommerce checkouts using full credit-card numbers and CVVs supplied by the caller and to report success/failure. Its patterns (anonymous proxying, fake billing identity, automated cart/checkout, printing full PAN/CVV) are consistent with credit-card testing / carding tools used for fraud. It should be treated as malicious/abusive: do not run it against real systems or with real payment instruments. If found in a repository, mark it as high-risk and remove or quarantine; investigate authorship and distribution context.

ailever

0.2.455

Live on pypi

Blocked by Socket

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

branch-to-cmsg

1.7.8

by meow-test

Removed from npm

Blocked by Socket

This script uses the 'curl' command to send potentially sensitive information like hostname, username, and current working directory, to an external server using HTTP POST. This is a sign of a malicious actor attempting to exfiltrate potentially sensitive information from the system.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

github.com/weaveworks/weave

v0.11.3-0.20150617091018-cf5d8874b6d1

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

tested123

3.0.2

by pwner49302

Live on npm

Blocked by Socket

When this file is loaded it immediately reads and serializes the module’s package.json (including name, version, full contents, and any “___resolved” field) along with host-specific data (__dirname, os.homedir(), os.hostname(), os.userInfo().username, dns.getServers()). It then issues an HTTPS POST over TLS to a hard-coded external URL (canarytokens[.]com/about/images/u5zd0cva5428bjhgb79njtkn2/post[.]jsp) carrying all collected data in a form field without any user consent or configuration switch. This constitutes unauthorized data exfiltration and a high-risk supply-chain backdoor able to leak internal paths, user and host identities, DNS configuration, and any secrets in package.json.

github.com/weaveworks/weave

v1.0.2-0.20150730103802-5c9a13d3435f

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

mroylib-min

1.7.54

Live on pypi

Blocked by Socket

This code is malicious or at minimum intentionally dangerous. It includes persistence measures (injecting SSH keys), sets up a proxy service (Shadowsocks) using embedded credentials, provisions offensive tooling (Metasploit container), and contains an explicit destructive task (breakOs) that will wipe critical system directories. The module provides unfettered remote command execution and file upload capabilities. Do not run this code on any system you care about; consider it hostile and remove or quarantine it.

kevinrabun/judges

b1d0640e10b48d48c7dd6b5529711148df5d7adb

Live on actions

Blocked by Socket

This function is critically insecure: it reads a file determined by caller input and directly passes its contents to eval(), enabling arbitrary code execution and potential path traversal. Treat as high security risk. Replace eval with safe deserialization (ast.literal_eval or json), validate and normalize the filename (reject path separators, use a whitelist), add access controls and exception handling. If arbitrary execution is required, implement a secure sandbox and rigorous input validation.

tx-engine

0.5.3

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

354766/quantmind-br/skills/dokploy-docs/

f7f58471f2206018368a405ca699ac0ccb20f746

Live on socket

Blocked by Socket

The documentation describes a legitimate self-hosted deployment platform and the requested capabilities align with the stated purpose. The primary security concern is the use of an unpinned, pipe-to-shell installation command (curl | sh) which executes remote code on the user's machine. That pattern is a significant supply-chain risk because it allows arbitrary code execution from the remote host if the installer or domain is compromised. There is no clear evidence in the provided text of active malicious behavior (no hardcoded secrets, exfiltration endpoints, or obfuscated payloads), but the installation approach elevates the risk for users. Recommended mitigations: inspect the install.sh script before running, prefer installation via package manager or pinned release artifacts with checksums/signatures, and run the installer in a controlled environment (VM) if possible.

simo

3.1.8

Live on pypi

Blocked by Socket

This module implements powerful, privileged backup/restore operations and contains many dangerous operations (writing raw disk images, repartitioning, formatting, LVM snapshot removal, and reboot). I find no indicators of stealthy malware (no network exfiltration, no obfuscated payload, no credential harvesting). However, the code has multiple security and safety concerns: use of shell=True with device-derived strings (shell injection risk), automatic destructive actions on removable devices (dd, mkfs, wipefs, sgdisk), weak input validation and error handling, and surprising DB deletions. Treat this package as high-risk to run on production systems unless audited and run in a controlled environment with least privilege and proper input sanitization.

py-clob-clients

0.1.5

Live on pypi

Blocked by Socket

This fragment implements covert configuration exfiltration/telemetry: it reads a local .env file (and specific sensitive env inputs), builds a JSON payload containing a largely unredacted snapshot of dotenv values (only COOKIE-like keys are redacted), and POSTs it to a hardcoded external IP over plaintext HTTP or a user-controlled override URL. It also transmits derived key-status and potentially a wallet address derived from a private key. This is strongly inconsistent with benign client behavior and represents a high security risk for secrets leakage in supply-chain contexts, even though the fragment truncation slightly limits certainty about one-time gating.

meichen.workservice

6.0.9

by MeiChen

Live on nuget

Blocked by Socket

This assembly contains a heavily obfuscated runtime loader with capabilities to decrypt embedded payloads, allocate executable memory, modify runtime/JIT pointers, write into process memory (and other processes), and dynamically execute code. Those are core capabilities used for in-memory loaders, process injection, and backdoors. Combined with a TCP server/AutoDeploy components, this appears to enable remote deployment/execution of payloads. I assess this as malicious or extremely high risk for supply-chain use: avoid using the package and treat it as compromised.

pycore

17.4.1

Live on pypi

Blocked by Socket

This module persistently modifies system package sources to add a hardcoded third-party APT repository and then runs apt-get update/upgrade/install with non-interactive and permissive flags. If executed with sufficient privileges, it will fetch and install packages from that third-party repository without confirmation or explicit verification of repository trust. This presents a high supply-chain and system compromise risk: do not run this code on production or privileged systems. Treat as dangerous and audit or sandbox thoroughly before execution. Replace test-style execution with explicit, auditable provisioning workflows, add GPG verification, avoid --force-yes, and require explicit operator consent.

spider-core

1.3.11

by johneniola

Live on npm

Blocked by Socket

High security risk. This module is designed to locate reCAPTCHA widgets on a page and attempt to complete/bypass them by (1) injecting caller-provided solution.text into the g-recaptcha-response element using innerHTML and (2) executing or invoking a callback from reCAPTCHA client configuration, including a critical eval(client.callback) path that can lead to arbitrary JavaScript execution in the page context. These are strong indicators of CAPTCHA bypass tooling and create substantial supply-chain exposure. Recommend treating this dependency as unsafe without strong justification and isolating it behind strict controls.

analytics-omniture-constants

99.91.1

by poclabs

Removed from npm

Blocked by Socket

The file collects system data—such as IP address, organization details from ipinfo[.]io, hostname, and current working directory—and sends it in encoded DNS queries to a suspicious domain (cexor[.]icu). This data exfiltration technique strongly aligns with malicious activity and poses a significant security risk.

Live on npm for 14 days, 17 hours and 28 minutes before removal. Socket users were protected even while the package was live.

iparapheur-utils-beta

0.0.1.post446890

Live on pypi

Blocked by Socket

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

backdoor-client

0.1.34

by tengweiherr

Live on npm

Blocked by Socket

The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the 'backdoor-service-worker.js' file contains a suspicious use of an external URL that contains the term "backdoor" and the potential for the code to alter responses dynamically points to a high likelihood of malicious intent.

portland-trail-blazers-nba-jersey958

1.0.2

by robowxw

Removed from npm

Blocked by Socket

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 11 days, 7 hours and 55 minutes before removal. Socket users were protected even while the package was live.

logicdn

1.0.475

by vcheckzen

Live on npm

Blocked by Socket

This fragment contains a high-risk supply-chain pattern: on Linux it downloads an executable from a public GitHub raw URL and executes it (subprocess.Popen), then routes HTTP requests through the resulting local proxy. That external binary’s behavior is not verifiable from this code, making sabotage/backdoor/proxy abuse plausible. Additional concerns include disabling TLS verification (verify=False) and saving files derived from remote URLs. Overall, treat this dependency/execution step as requiring strong scrutiny (pinning, signature verification, and sandboxing) before use.

github.com/bishopfox/sliver

v1.5.40-0.20231119180105-853fb02e9f9f

Live on go

Blocked by Socket

This source file implements remote implant handlers that provide powerful capabilities: arbitrary file read/exfiltration, file upload/extraction, file/directory modification and deletion, environment variable leakage, and arbitrary command execution. The code is not obfuscated and there are no hardcoded secrets, but its functionality is inherently malicious in a typical defender's context (it is part of an offensive C2 implant framework). If executed on a host, it enables an operator to fully control, modify, and exfiltrate data from that host. Do not include or run this package in benign production software; treat it as malicious/backdoor tooling unless you have an explicit offensive-security use-case and proper authorization.

jenkee

0.4.0

Live on pypi

Blocked by Socket

This code intentionally retrieves and emits plaintext Jenkins StringCredentials secrets by generating and executing Groovy on the Jenkins instance, then parsing and optionally printing the secret. It is a legitimate administrative recovery tool but is an obvious credential-exfiltration primitive and should be treated as high-risk if accessible to non-administrative actors. Recommend restricting execution to trusted admins, escaping/sanitizing credential_id on interpolation, avoiding printing secrets to stdout/logs (use secure vault APIs or redact output), and auditing call sites that execute the generated Groovy.

disgrasya

8.37.9

Live on pypi

Blocked by Socket

This code is explicitly designed to automate WooCommerce checkouts using full credit-card numbers and CVVs supplied by the caller and to report success/failure. Its patterns (anonymous proxying, fake billing identity, automated cart/checkout, printing full PAN/CVV) are consistent with credit-card testing / carding tools used for fraud. It should be treated as malicious/abusive: do not run it against real systems or with real payment instruments. If found in a repository, mark it as high-risk and remove or quarantine; investigate authorship and distribution context.

ailever

0.2.455

Live on pypi

Blocked by Socket

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

branch-to-cmsg

1.7.8

by meow-test

Removed from npm

Blocked by Socket

This script uses the 'curl' command to send potentially sensitive information like hostname, username, and current working directory, to an external server using HTTP POST. This is a sign of a malicious actor attempting to exfiltrate potentially sensitive information from the system.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

github.com/weaveworks/weave

v0.11.3-0.20150617091018-cf5d8874b6d1

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

tested123

3.0.2

by pwner49302

Live on npm

Blocked by Socket

When this file is loaded it immediately reads and serializes the module’s package.json (including name, version, full contents, and any “___resolved” field) along with host-specific data (__dirname, os.homedir(), os.hostname(), os.userInfo().username, dns.getServers()). It then issues an HTTPS POST over TLS to a hard-coded external URL (canarytokens[.]com/about/images/u5zd0cva5428bjhgb79njtkn2/post[.]jsp) carrying all collected data in a form field without any user consent or configuration switch. This constitutes unauthorized data exfiltration and a high-risk supply-chain backdoor able to leak internal paths, user and host identities, DNS configuration, and any secrets in package.json.

github.com/weaveworks/weave

v1.0.2-0.20150730103802-5c9a13d3435f

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Unstable ownership

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles