Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

mhnumjp

1.999.0

by mhnamadi

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and attempting to exfiltrate system information using DNS queries. This poses a significant security risk.

Live on npm for 1 day, 4 hours and 28 minutes before removal. Socket users were protected even while the package was live.

momentic-mobile

0.74.1

by GitHub Actions

Live on npm

Blocked by Socket

This module contains clear malicious capability: it captures user keyboard/mouse/touch input and injects it into a remote session over a network transport, and it additionally reads the user clipboard and transmits clipboard contents remotely. These are high-severity supply-chain security indicators (clipboard theft + remote interaction control).

numasec

4.1.2

Live on pypi

Blocked by Socket

Best report selection: Report 1 is the most detailed and appropriately flags that no executable code exists, while still correctly treating the content as a hostile, operational exploit playbook. Improved findings: the YAML explicitly enumerates attacker-controlled inputs (SSRF/XSS/LFI/SSTI/XXE) and their harmful sinks (metadata/IAM credential theft, cookie/session exfiltration, log-poisoning→RCE, template-engine exec→RCE, XXE local file read and optional OOB exfiltration). Because this fragment is not runnable code, malware behavior cannot be directly confirmed; nonetheless, its weaponized nature makes it a serious security red flag for any software supply-chain artifact.

sh-py

17.18

Live on pypi

Blocked by Socket

This module is unsafe and likely malicious for use in any project. It executes arbitrary shell commands, writes hardcoded PyPI credentials to disk, self-modifies and self-deletes, decrypts/install hidden payloads, dynamically imports and executes externally controlled modules, and automates package uploads. These behaviors present a high supply-chain and local compromise risk. Do not run this code in trusted environments. Replace with audited, minimal build scripts and remove any credentials embedded in source or generated files.

openai-async-helpers

0.0.1

Removed from pypi

Blocked by Socket

This dependency fragment performs an immediate outbound HTTPS request to a hardcoded third-party webhook endpoint (webhook.site) and suppresses any errors. While no explicit data theft is shown in the visible code, the behavior is consistent with covert notification/beaconing commonly seen in supply-chain test payloads or malware staging. Verify the full package for what else executes around this module and whether network egress is expected by the project.

Live on pypi for 22 hours and 55 minutes before removal. Socket users were protected even while the package was live.

110free-livu-coins-2023-gen-mod-pdf-docdroid

1.0.2

by atiaromaryalab

Removed from npm

Blocked by Socket

The code has potential security concerns, including hardcoded credentials and automated interactions with websites

Live on npm for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.

@insihts/workflow

1.0.30

by rishabh_2001

Live on npm

Blocked by Socket

This module contains high-severity malicious/suspicious behavior: it injects executable JavaScript at runtime via a dynamically created <script> tag and that injected code exfiltrates data by POSTing to a hardcoded third-party webhook.site endpoint upon feedback form submission. Additionally, it renders flow-provided HTML using dangerouslySetInnerHTML, creating an XSS sink if inputs are not tightly controlled. Treat this package/module as dangerous and do not deploy without remediation and thorough investigation of the full build/output (not just this fragment).

354766/soul-brews-studio/oracle-skills-cli/oraclenet/

2ebff255429a58d4768e3f9770e54dce5b0c71f0

Live on socket

Blocked by Socket

The skill presents a coherent workflow to claim and interact with OracleNet identities, with cryptographic signing and remote verification as integral components. The primary security concerns arise from handling of private keys, multi-tool supply chain dependencies (bun, gh, cast), and exposure risk via external network calls and local storage of sensitive data. The design is proportionate to its stated purpose, but the presence of direct private-key handling in outputs and the reliance on multiple external CLI tools warrant careful controls (strict redaction, secure key storage, minimized logging, pinned/verified tool versions). Net risk is elevated due to credential handling and remote data flows, but the workflow itself is aligned with its purpose when properly safeguarded.

aspidites

1.5.2

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

servextools

0.1.57

Live on pypi

Blocked by Socket

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

v-focus-next

1.0.3

by hit757

Live on npm

Blocked by Socket

The code exhibits a high-risk, covert file-system tampering pattern: overwriting the project’s index.d.ts with a version-specific file based on detected Vue version via a system move. This constitutes a strong supply-chain/operational risk, capable of silently sabotaging typings and builds. Absence of input validation, error handling, and provenance checks exacerbates the risk. Recommended controls include eliminating runtime typography mutations, implementing explicit provenance verification (e.g., checksums or signed sources), logging all file operations, and replacing shell-based moves with safe, atomic, verifiable edits or build-time tooling that requires explicit consent.

@coryrowe/openclaw-zh

2026.2.15-nightly.202602171352

by cnrowe

Live on npm

Blocked by Socket

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

pinokiod

0.0.151

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

@demoability/loadgen-core

1.0.0

by sl4x0

Live on npm

Blocked by Socket

The code is a malicious backdoor that exfiltrates sensitive system information and public IP address to an attacker-controlled domain via DNS queries. This represents a high security risk and clear malware behavior. The code is not heavily obfuscated but uses shell command chaining to hide its intent. It should be considered dangerous and avoided.

@sidetree/test-vectors

0.3.1-unstable.49

by transmute-ci

Live on npm

Blocked by Socket

The fragment is data-oriented but describes a highly sensitive update mechanism that, if accepted without rigorous validation, could enable supply-chain compromise (e.g., replacing signing keys, altering update endpoints). It warrants immediate defensive measures: enforce strict signature verification, authority checks, schema validation, and endpoint/key whitelisting before applying any decoded updates.

ailever

0.3.267

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

n8n-nodes-text-helpers

0.1.0

by developer63u7

Removed from npm

Blocked by Socket

This script is malicious in behavior: it systematically harvests sensitive system, cloud, and application credentials and writes them to a local file under the n8n user's home. Even though it does not exfiltrate over the network itself, it stages highly sensitive data (AWS creds, SSH private keys, Kubernetes service account token, docker socket presence, application DB/config) which enables privilege escalation and remote exfiltration by subsequent actions. Treat this package as compromised and do not run it; remove and investigate any systems where it was executed.

Live on npm for 1 day, 20 hours and 26 minutes before removal. Socket users were protected even while the package was live.

sdp-transform-parser

99.99.100

by anurag.kumar6240

Removed from npm

Blocked by Socket

This preinstall hook is malicious: it attempts to read a sensitive local file (/etc/passwd) and send it to an external collector during npm install. This is data exfiltration and a clear supply-chain/telemetry threat. Do not install; remove the package and investigate any systems where it ran.

Live on npm for 2 days, 12 hours and 59 minutes before removal. Socket users were protected even while the package was live.

mm_soa

1.8.2

by qiuwenwu

Live on npm

Blocked by Socket

The fragment employs aggressive obfuscation and a packer-like decoding pattern that enables runtime code execution with broad network and filesystem capabilities. While not conclusive proof of malware without decoding in a secure sandbox, the combination of dynamic evaluation, remote-loading indicators, and cross-environment IO strongly indicates high supply-chain risk. Treat as dangerous; require replacement with a transparent, audited version or remove from dependencies until provenance and behavior are verified.

xync-client

0.0.165.dev1

Live on pypi

Blocked by Socket

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

cylab-be/webshell-detector

dev-include_wowa_training

Live on composer

Blocked by Socket

This source intentionally installs and runs a reverse-shell backdoor. It decodes a base64-embedded Perl payload to /tmp/.bc and executes it with hardcoded remote host and port, using multiple suppressed execution wrappers to maximize compatibility and stealth. Consider it malicious: remove and investigate any systems that executed this code, rotate credentials, and treat hosts as compromised.

@link-assistant/hive-mind

1.46.4

by GitHub Actions

Live on npm

Blocked by Socket

The dominant security issue is a critical supply-chain/RCE primitive: this module downloads executable JavaScript from a public CDN at runtime and executes it with eval to install a global loader (globalThis.use). This enables arbitrary code execution if the remote content is tampered with, making the package materially risky regardless of the otherwise-benign model-mapping logic. Secondary risk: it also fetches remote JSON metadata (models.dev) and interpolates remote fields into formatted output, which may become a downstream rendering/injection problem if not escaped by the consumer.

mhnumjp

1.999.0

by mhnamadi

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and attempting to exfiltrate system information using DNS queries. This poses a significant security risk.

Live on npm for 1 day, 4 hours and 28 minutes before removal. Socket users were protected even while the package was live.

momentic-mobile

0.74.1

by GitHub Actions

Live on npm

Blocked by Socket

This module contains clear malicious capability: it captures user keyboard/mouse/touch input and injects it into a remote session over a network transport, and it additionally reads the user clipboard and transmits clipboard contents remotely. These are high-severity supply-chain security indicators (clipboard theft + remote interaction control).

numasec

4.1.2

Live on pypi

Blocked by Socket

Best report selection: Report 1 is the most detailed and appropriately flags that no executable code exists, while still correctly treating the content as a hostile, operational exploit playbook. Improved findings: the YAML explicitly enumerates attacker-controlled inputs (SSRF/XSS/LFI/SSTI/XXE) and their harmful sinks (metadata/IAM credential theft, cookie/session exfiltration, log-poisoning→RCE, template-engine exec→RCE, XXE local file read and optional OOB exfiltration). Because this fragment is not runnable code, malware behavior cannot be directly confirmed; nonetheless, its weaponized nature makes it a serious security red flag for any software supply-chain artifact.

sh-py

17.18

Live on pypi

Blocked by Socket

This module is unsafe and likely malicious for use in any project. It executes arbitrary shell commands, writes hardcoded PyPI credentials to disk, self-modifies and self-deletes, decrypts/install hidden payloads, dynamically imports and executes externally controlled modules, and automates package uploads. These behaviors present a high supply-chain and local compromise risk. Do not run this code in trusted environments. Replace with audited, minimal build scripts and remove any credentials embedded in source or generated files.

openai-async-helpers

0.0.1

Removed from pypi

Blocked by Socket

This dependency fragment performs an immediate outbound HTTPS request to a hardcoded third-party webhook endpoint (webhook.site) and suppresses any errors. While no explicit data theft is shown in the visible code, the behavior is consistent with covert notification/beaconing commonly seen in supply-chain test payloads or malware staging. Verify the full package for what else executes around this module and whether network egress is expected by the project.

Live on pypi for 22 hours and 55 minutes before removal. Socket users were protected even while the package was live.

110free-livu-coins-2023-gen-mod-pdf-docdroid

1.0.2

by atiaromaryalab

Removed from npm

Blocked by Socket

The code has potential security concerns, including hardcoded credentials and automated interactions with websites

Live on npm for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.

@insihts/workflow

1.0.30

by rishabh_2001

Live on npm

Blocked by Socket

This module contains high-severity malicious/suspicious behavior: it injects executable JavaScript at runtime via a dynamically created <script> tag and that injected code exfiltrates data by POSTing to a hardcoded third-party webhook.site endpoint upon feedback form submission. Additionally, it renders flow-provided HTML using dangerouslySetInnerHTML, creating an XSS sink if inputs are not tightly controlled. Treat this package/module as dangerous and do not deploy without remediation and thorough investigation of the full build/output (not just this fragment).

354766/soul-brews-studio/oracle-skills-cli/oraclenet/

2ebff255429a58d4768e3f9770e54dce5b0c71f0

Live on socket

Blocked by Socket

The skill presents a coherent workflow to claim and interact with OracleNet identities, with cryptographic signing and remote verification as integral components. The primary security concerns arise from handling of private keys, multi-tool supply chain dependencies (bun, gh, cast), and exposure risk via external network calls and local storage of sensitive data. The design is proportionate to its stated purpose, but the presence of direct private-key handling in outputs and the reliance on multiple external CLI tools warrant careful controls (strict redaction, secure key storage, minimized logging, pinned/verified tool versions). Net risk is elevated due to credential handling and remote data flows, but the workflow itself is aligned with its purpose when properly safeguarded.

aspidites

1.5.2

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

servextools

0.1.57

Live on pypi

Blocked by Socket

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

v-focus-next

1.0.3

by hit757

Live on npm

Blocked by Socket

The code exhibits a high-risk, covert file-system tampering pattern: overwriting the project’s index.d.ts with a version-specific file based on detected Vue version via a system move. This constitutes a strong supply-chain/operational risk, capable of silently sabotaging typings and builds. Absence of input validation, error handling, and provenance checks exacerbates the risk. Recommended controls include eliminating runtime typography mutations, implementing explicit provenance verification (e.g., checksums or signed sources), logging all file operations, and replacing shell-based moves with safe, atomic, verifiable edits or build-time tooling that requires explicit consent.

@coryrowe/openclaw-zh

2026.2.15-nightly.202602171352

by cnrowe

Live on npm

Blocked by Socket

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

pinokiod

0.0.151

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

@demoability/loadgen-core

1.0.0

by sl4x0

Live on npm

Blocked by Socket

The code is a malicious backdoor that exfiltrates sensitive system information and public IP address to an attacker-controlled domain via DNS queries. This represents a high security risk and clear malware behavior. The code is not heavily obfuscated but uses shell command chaining to hide its intent. It should be considered dangerous and avoided.

@sidetree/test-vectors

0.3.1-unstable.49

by transmute-ci

Live on npm

Blocked by Socket

The fragment is data-oriented but describes a highly sensitive update mechanism that, if accepted without rigorous validation, could enable supply-chain compromise (e.g., replacing signing keys, altering update endpoints). It warrants immediate defensive measures: enforce strict signature verification, authority checks, schema validation, and endpoint/key whitelisting before applying any decoded updates.

ailever

0.3.267

Live on pypi

Blocked by Socket

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

n8n-nodes-text-helpers

0.1.0

by developer63u7

Removed from npm

Blocked by Socket

This script is malicious in behavior: it systematically harvests sensitive system, cloud, and application credentials and writes them to a local file under the n8n user's home. Even though it does not exfiltrate over the network itself, it stages highly sensitive data (AWS creds, SSH private keys, Kubernetes service account token, docker socket presence, application DB/config) which enables privilege escalation and remote exfiltration by subsequent actions. Treat this package as compromised and do not run it; remove and investigate any systems where it was executed.

Live on npm for 1 day, 20 hours and 26 minutes before removal. Socket users were protected even while the package was live.

sdp-transform-parser

99.99.100

by anurag.kumar6240

Removed from npm

Blocked by Socket

This preinstall hook is malicious: it attempts to read a sensitive local file (/etc/passwd) and send it to an external collector during npm install. This is data exfiltration and a clear supply-chain/telemetry threat. Do not install; remove the package and investigate any systems where it ran.

Live on npm for 2 days, 12 hours and 59 minutes before removal. Socket users were protected even while the package was live.

mm_soa

1.8.2

by qiuwenwu

Live on npm

Blocked by Socket

The fragment employs aggressive obfuscation and a packer-like decoding pattern that enables runtime code execution with broad network and filesystem capabilities. While not conclusive proof of malware without decoding in a secure sandbox, the combination of dynamic evaluation, remote-loading indicators, and cross-environment IO strongly indicates high supply-chain risk. Treat as dangerous; require replacement with a transparent, audited version or remove from dependencies until provenance and behavior are verified.

xync-client

0.0.165.dev1

Live on pypi

Blocked by Socket

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

cylab-be/webshell-detector

dev-include_wowa_training

Live on composer

Blocked by Socket

This source intentionally installs and runs a reverse-shell backdoor. It decodes a base64-embedded Perl payload to /tmp/.bc and executes it with hardcoded remote host and port, using multiple suppressed execution wrappers to maximize compatibility and stealth. Consider it malicious: remove and investigate any systems that executed this code, rotate credentials, and treat hosts as compromised.

@link-assistant/hive-mind

1.46.4

by GitHub Actions

Live on npm

Blocked by Socket

The dominant security issue is a critical supply-chain/RCE primitive: this module downloads executable JavaScript from a public CDN at runtime and executes it with eval to install a global loader (globalThis.use). This enables arbitrary code execution if the remote content is tampered with, making the package materially risky regardless of the otherwise-benign model-mapping logic. Secondary risk: it also fetches remote JSON metadata (models.dev) and interpolates remote fields into formatted output, which may become a downstream rendering/injection problem if not escaped by the consumer.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Unstable ownership

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles