
Product
Introducing Data Exports
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
richardtmiles/carbonphp
13.1.0
Live on composer
Blocked by Socket
The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.
github.com/apache/trafficcontrol
v1.1.4-0.20170109040459-306c861825c4
Live on go
Blocked by Socket
This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.
tronclinet
0.0.1
Removed from pypi
Blocked by Socket
The file defines a function `perm(private_key)` that improperly builds its payload as a list containing a set with the misspelled key `'ptivat_key'` and the sensitive `private_key`. It then sends this data in plain HTTP POST to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/tron—effectively exfiltrating the private key. Immediately afterward, it issues a GET to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/switcher and uses the (potentially attacker-controlled) JSON response to alter its return value, indicating a remotely controlled backdoor. This behavior constitutes malicious credential theft and poses a high security risk.
Live on pypi for 3 hours and 45 minutes before removal. Socket users were protected even while the package was live.
richardtmiles/carbonphp
11.0.3
Live on composer
Blocked by Socket
The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.
c2s-bouygues-ngx-dnd-master
2.0.7
by qzlp2p
Live on npm
Blocked by Socket
The package runs the TypeScript compiler at postinstall. The critical issue is that "typescript" appears in both dependencies and devDependencies — per the stated rules this is a high-risk pattern (possible supply-chain/trickery). Aside from that, there are no explicit remote-download-or-exec commands in the scripts and no http:// dependency URLs, but running tsc during install increases exposure. Recommend treating this package as high risk until the duplicate dependency is explained/removed and the package source (and any files executed during tsc) are reviewed.
graphalgo
3.5.5
Removed from pypi
Blocked by Socket
Heavily obfuscated malicious code that uses multiple encoding layers to hide and execute a substantial payload. The code employs a lambda function that processes an extremely long base64-encoded string through the following obfuscation chain: string reversal ([::-1]) -> base64 decoding -> zlib decompression -> dynamic execution via exec(). The multi-layer encoding technique (combining string reversal, base64 encoding, and zlib compression) is specifically designed to evade security scanners and hide the true malicious functionality. The obfuscated payload is approximately 14KB of compressed data, suggesting significant hidden functionality that gets executed at runtime. This pattern is consistent with supply chain attacks where malicious code is embedded in seemingly legitimate packages. Any system that has executed this code should be considered compromised as the actual payload's capabilities cannot be determined without controlled deobfuscation.
Live on pypi for 4 hours and 9 minutes before removal. Socket users were protected even while the package was live.
bapy
0.2.158
Live on pypi
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
354766/1nference-sh/skills/flux-image/
a58d3fb37e3b01a7ed157f9283102da23ebba2d0
Live on socket
Blocked by Socket
[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]
carbonorm/carbonphp
13.6.0
Live on composer
Blocked by Socket
The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.
clawbench-cli
0.1.3
Live on pypi
Blocked by Socket
This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.
psn-code-generator-ps3734
1.0.2
by muhammadharunmiya44
Removed from npm
Blocked by Socket
The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.
Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.
clselove
1.33
Removed from pypi
Blocked by Socket
This file implements a high-risk Android/web automation toolkit with behaviors consistent with malware or malicious automation. Key behaviors: - Privileged access and modification of Android app private data: uses `su -c` plus `cp -rf` and `chmod -R 777` to copy files into and out of `/data/user/0/<apk>` (other apps’ private storage), enabling theft or tampering with app data. - Data exfiltration: `up_file()` copies an app’s private directory (`/data/user/0/<apk>`) to external storage, zips it, and uploads it to a remote server via `requests.post(f"{link_sms}/upload/<folder>/<username>.zip")`, and updates remote JSON state via PATCH/DELETE requests to `link_sms` (operator-controlled endpoint imported from the package). - Remote payload staging/injection: `do_file()` / `do_kiwi()` download ZIP archives from `link_sms` (e.g., `GET {link_sms}/files/<folder>/<username>.zip`), extract to `/sdcard/`, then copy into an app’s private directory under root, effectively allowing remote file deployment into app data. - Remote device control primitives: extensive ADB command execution via `subprocess.run(..., shell=True)` (e.g., `adb shell pm clear`, `am start`, `input text`, swipes/taps), enabling scripted control of a connected device. - Automated CAPTCHA bypass / account-abuse helpers: integrates 2Captcha (`http://2captcha[.]com/...`), AI chat completion calls to DeepSeek (`https://api[.]deepseek[.]com/v1/chat/completions`), audio download + speech-to-text for reCAPTCHA, and OpenCV-based Geetest slider solving; these features are commonly used for large-scale automated signup/login abuse. - Embedded secrets: hardcoded API keys/tokens are present for 2Captcha and AI services, which could be abused by anyone obtaining the code. Observed external endpoints in code include: `2captcha[.]com`, `api[.]deepseek[.]com`, `api[.]us[.]nylas[.]com`, `tempmail[.]plus`, `inboxes[.]com`, and `0x0[.]st` (commented). The primary command-and-control / storage endpoint is `link_sms` (value defined elsewhere in the package), which is used for file download/upload and remote JSON coordination. Overall, the code provides direct mechanisms to steal and remotely upload sensitive app data from rooted Android devices, and to inject remote content into app-private storage, alongside automation/bypass tooling—behavior consistent with malware or a malicious abuse toolkit.
Live on pypi for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.
new-for-my-singing-monsters-zap-to-wublin215
1.0.2
by atiaromaryalab
Removed from npm
Blocked by Socket
The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.
Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.
github.com/wh1t3zer/sliver-server_new
v1.0.0
Live on go
Blocked by Socket
This source file contains explicit primitives to execute arbitrary native code: in-process shellcode execution and dynamic library sideloading into spawned processes. Those operations are high-risk and commonly used by implants/backdoors and red-team tools. Unless your threat model explicitly allows runtime execution of attacker-supplied native payloads (e.g., a known, controlled offensive security tool), this code should be considered malicious or highly dangerous and rejected for use in general-purpose software.
kitt3n/pimcore-restrictions
dev-wip-azure-logout
Live on composer
Blocked by Socket
The script is designed to install configuration by embedding the contents of bundle.txt into Kernel.php, guarded by marker checks. While this can be legitimate for modular installation, the technique is risky because it injects external, unvalidated content into a core bootstrap file. If bundle.txt is altered by an attacker, or if the script runs in an environment where tampering occurred, this could lead to a backdoored Kernel.php. The stray 'f' at the end is a clear syntax error, indicating potential sloppy coding or tampering. Overall, there is a moderate to high risk of malicious behavior via dynamic code injection if bundle.txt is compromised, and the script’s execution integrity is questionable. Recommendation: validate the integrity of bundle.txt (e.g., checksum), avoid embedding external content directly into Kernel.php; prefer explicit, validated configuration scripts; fix the stray 'f'; consider auditing the contents of bundle.txt and adding safeguards to prevent repeated or unintended injections.
nport
2.0.0
by tuanngocptn
Removed from npm
Blocked by Socket
The package executes a local installer script at install time (node bin-manager.js). This is not proof of malware, but it is a moderate security risk because install scripts run with the privileges of the installing user and can perform destructive or exfiltrative actions. You should inspect bin-manager.js before installing or run the install in an isolated environment. There are no other immediate red flags in dependencies (no HTTP URLs, no external git/file deps), so the main concern is the content of bin-manager.js and any remote actions it performs.
Live on npm for 1 day, 17 hours and 3 minutes before removal. Socket users were protected even while the package was live.
mtmai
0.3.880
Live on pypi
Blocked by Socket
This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.
plengauer/thoth
ff41588e9bf1e01cfdbfcdbf7bf0fcc2d9407407
Live on actions
Blocked by Socket
The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.
lp-test-123
7.7.8
Removed from npm
Blocked by Socket
This script downloads a file from an untrusted source. The file could contain malicious code or other security risks.
Live on npm for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.
fastrub
2.8.0
Live on pypi
Blocked by Socket
This module is a legitimate-looking bot API client but contains explicit behavior that leaks the bot token and registers third-party endpoints by default. The code sends the token to fast-rub.ParsSource.ir (via GET to /set_token?token=...) and constructs webhook URLs containing the token pointing at ParsSource. By default (use_to_fastrub_webhook_on_message/use_to_fastrub_webhook_on_button True) the client will poll and send data to that third-party service. This is a significant privacy/supply-chain risk (credential exfiltration and remote control of where updates are sent). There is no obfuscation or remote code execution, but the token leakage and automatic endpoint registration appear intentionally integrated and should be treated as malicious or at minimum unacceptable for sensitive deployments unless the user explicitly trusts ParsSource. I recommend not using this package in production or supply-chain-sensitive contexts unless you remove/override the ParsSource flows and audit the network module.
express-lockdown
3.0.0
by zyenith
Live on npm
Blocked by Socket
The module combines legitimate Express hardening middleware with covert telemetry collection and exfiltration. By default it will collect request header data (x-forwarded-for), timestamps, and a persistent UUID and periodically POST that data to a hardcoded third-party endpoint using a static key. Key concerns: data exfiltration of client IPs, persistent tracking via a UUID, default-enabled outbound logging, and stealthy suppression of network errors. This behavior is inappropriate for a security utility unless clearly documented and explicitly opt-in. Recommend not using this module in production until telemetry is removed or made opt-in/configurable (no hardcoded endpoints/keys), error handling is restored (no silent catches), and defaults are safe (no collection by default).
txt2boil
0.4.4
Live on pypi
Blocked by Socket
This code dynamically executes Python taken from comment content labelled 'Python Gen:' by building and eval()-ing a function whose body comes directly from the regex capture. If the 'comm' input can be influenced by an attacker, this is a high-risk remote code execution vector. The group-index remapping makes the capture-to-execution mapping less obvious. Do not use on untrusted input; if this functionality is required, restrict or sanitize inputs, use a safe execution sandbox, or remove dynamic eval altogether.
@dashevo/wasm-dpp
2.0.0-rc.14
by shumkov
Live on npm
Blocked by Socket
Extremely high risk package due to complete obfuscation preventing security analysis. The code is so heavily encoded that its actual functionality cannot be determined through static analysis. This level of obfuscation is highly suspicious and typically indicates malicious intent or attempt to hide unauthorized behavior.
richardtmiles/carbonphp
13.1.0
Live on composer
Blocked by Socket
The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.
github.com/apache/trafficcontrol
v1.1.4-0.20170109040459-306c861825c4
Live on go
Blocked by Socket
This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.
tronclinet
0.0.1
Removed from pypi
Blocked by Socket
The file defines a function `perm(private_key)` that improperly builds its payload as a list containing a set with the misspelled key `'ptivat_key'` and the sensitive `private_key`. It then sends this data in plain HTTP POST to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/tron—effectively exfiltrating the private key. Immediately afterward, it issues a GET to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/switcher and uses the (potentially attacker-controlled) JSON response to alter its return value, indicating a remotely controlled backdoor. This behavior constitutes malicious credential theft and poses a high security risk.
Live on pypi for 3 hours and 45 minutes before removal. Socket users were protected even while the package was live.
richardtmiles/carbonphp
11.0.3
Live on composer
Blocked by Socket
The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.
c2s-bouygues-ngx-dnd-master
2.0.7
by qzlp2p
Live on npm
Blocked by Socket
The package runs the TypeScript compiler at postinstall. The critical issue is that "typescript" appears in both dependencies and devDependencies — per the stated rules this is a high-risk pattern (possible supply-chain/trickery). Aside from that, there are no explicit remote-download-or-exec commands in the scripts and no http:// dependency URLs, but running tsc during install increases exposure. Recommend treating this package as high risk until the duplicate dependency is explained/removed and the package source (and any files executed during tsc) are reviewed.
graphalgo
3.5.5
Removed from pypi
Blocked by Socket
Heavily obfuscated malicious code that uses multiple encoding layers to hide and execute a substantial payload. The code employs a lambda function that processes an extremely long base64-encoded string through the following obfuscation chain: string reversal ([::-1]) -> base64 decoding -> zlib decompression -> dynamic execution via exec(). The multi-layer encoding technique (combining string reversal, base64 encoding, and zlib compression) is specifically designed to evade security scanners and hide the true malicious functionality. The obfuscated payload is approximately 14KB of compressed data, suggesting significant hidden functionality that gets executed at runtime. This pattern is consistent with supply chain attacks where malicious code is embedded in seemingly legitimate packages. Any system that has executed this code should be considered compromised as the actual payload's capabilities cannot be determined without controlled deobfuscation.
Live on pypi for 4 hours and 9 minutes before removal. Socket users were protected even while the package was live.
bapy
0.2.158
Live on pypi
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
354766/1nference-sh/skills/flux-image/
a58d3fb37e3b01a7ed157f9283102da23ebba2d0
Live on socket
Blocked by Socket
[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]
carbonorm/carbonphp
13.6.0
Live on composer
Blocked by Socket
The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.
clawbench-cli
0.1.3
Live on pypi
Blocked by Socket
This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.
psn-code-generator-ps3734
1.0.2
by muhammadharunmiya44
Removed from npm
Blocked by Socket
The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.
Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.
clselove
1.33
Removed from pypi
Blocked by Socket
This file implements a high-risk Android/web automation toolkit with behaviors consistent with malware or malicious automation. Key behaviors: - Privileged access and modification of Android app private data: uses `su -c` plus `cp -rf` and `chmod -R 777` to copy files into and out of `/data/user/0/<apk>` (other apps’ private storage), enabling theft or tampering with app data. - Data exfiltration: `up_file()` copies an app’s private directory (`/data/user/0/<apk>`) to external storage, zips it, and uploads it to a remote server via `requests.post(f"{link_sms}/upload/<folder>/<username>.zip")`, and updates remote JSON state via PATCH/DELETE requests to `link_sms` (operator-controlled endpoint imported from the package). - Remote payload staging/injection: `do_file()` / `do_kiwi()` download ZIP archives from `link_sms` (e.g., `GET {link_sms}/files/<folder>/<username>.zip`), extract to `/sdcard/`, then copy into an app’s private directory under root, effectively allowing remote file deployment into app data. - Remote device control primitives: extensive ADB command execution via `subprocess.run(..., shell=True)` (e.g., `adb shell pm clear`, `am start`, `input text`, swipes/taps), enabling scripted control of a connected device. - Automated CAPTCHA bypass / account-abuse helpers: integrates 2Captcha (`http://2captcha[.]com/...`), AI chat completion calls to DeepSeek (`https://api[.]deepseek[.]com/v1/chat/completions`), audio download + speech-to-text for reCAPTCHA, and OpenCV-based Geetest slider solving; these features are commonly used for large-scale automated signup/login abuse. - Embedded secrets: hardcoded API keys/tokens are present for 2Captcha and AI services, which could be abused by anyone obtaining the code. Observed external endpoints in code include: `2captcha[.]com`, `api[.]deepseek[.]com`, `api[.]us[.]nylas[.]com`, `tempmail[.]plus`, `inboxes[.]com`, and `0x0[.]st` (commented). The primary command-and-control / storage endpoint is `link_sms` (value defined elsewhere in the package), which is used for file download/upload and remote JSON coordination. Overall, the code provides direct mechanisms to steal and remotely upload sensitive app data from rooted Android devices, and to inject remote content into app-private storage, alongside automation/bypass tooling—behavior consistent with malware or a malicious abuse toolkit.
Live on pypi for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.
new-for-my-singing-monsters-zap-to-wublin215
1.0.2
by atiaromaryalab
Removed from npm
Blocked by Socket
The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.
Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.
github.com/wh1t3zer/sliver-server_new
v1.0.0
Live on go
Blocked by Socket
This source file contains explicit primitives to execute arbitrary native code: in-process shellcode execution and dynamic library sideloading into spawned processes. Those operations are high-risk and commonly used by implants/backdoors and red-team tools. Unless your threat model explicitly allows runtime execution of attacker-supplied native payloads (e.g., a known, controlled offensive security tool), this code should be considered malicious or highly dangerous and rejected for use in general-purpose software.
kitt3n/pimcore-restrictions
dev-wip-azure-logout
Live on composer
Blocked by Socket
The script is designed to install configuration by embedding the contents of bundle.txt into Kernel.php, guarded by marker checks. While this can be legitimate for modular installation, the technique is risky because it injects external, unvalidated content into a core bootstrap file. If bundle.txt is altered by an attacker, or if the script runs in an environment where tampering occurred, this could lead to a backdoored Kernel.php. The stray 'f' at the end is a clear syntax error, indicating potential sloppy coding or tampering. Overall, there is a moderate to high risk of malicious behavior via dynamic code injection if bundle.txt is compromised, and the script’s execution integrity is questionable. Recommendation: validate the integrity of bundle.txt (e.g., checksum), avoid embedding external content directly into Kernel.php; prefer explicit, validated configuration scripts; fix the stray 'f'; consider auditing the contents of bundle.txt and adding safeguards to prevent repeated or unintended injections.
nport
2.0.0
by tuanngocptn
Removed from npm
Blocked by Socket
The package executes a local installer script at install time (node bin-manager.js). This is not proof of malware, but it is a moderate security risk because install scripts run with the privileges of the installing user and can perform destructive or exfiltrative actions. You should inspect bin-manager.js before installing or run the install in an isolated environment. There are no other immediate red flags in dependencies (no HTTP URLs, no external git/file deps), so the main concern is the content of bin-manager.js and any remote actions it performs.
Live on npm for 1 day, 17 hours and 3 minutes before removal. Socket users were protected even while the package was live.
mtmai
0.3.880
Live on pypi
Blocked by Socket
This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.
plengauer/thoth
ff41588e9bf1e01cfdbfcdbf7bf0fcc2d9407407
Live on actions
Blocked by Socket
The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.
lp-test-123
7.7.8
Removed from npm
Blocked by Socket
This script downloads a file from an untrusted source. The file could contain malicious code or other security risks.
Live on npm for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.
fastrub
2.8.0
Live on pypi
Blocked by Socket
This module is a legitimate-looking bot API client but contains explicit behavior that leaks the bot token and registers third-party endpoints by default. The code sends the token to fast-rub.ParsSource.ir (via GET to /set_token?token=...) and constructs webhook URLs containing the token pointing at ParsSource. By default (use_to_fastrub_webhook_on_message/use_to_fastrub_webhook_on_button True) the client will poll and send data to that third-party service. This is a significant privacy/supply-chain risk (credential exfiltration and remote control of where updates are sent). There is no obfuscation or remote code execution, but the token leakage and automatic endpoint registration appear intentionally integrated and should be treated as malicious or at minimum unacceptable for sensitive deployments unless the user explicitly trusts ParsSource. I recommend not using this package in production or supply-chain-sensitive contexts unless you remove/override the ParsSource flows and audit the network module.
express-lockdown
3.0.0
by zyenith
Live on npm
Blocked by Socket
The module combines legitimate Express hardening middleware with covert telemetry collection and exfiltration. By default it will collect request header data (x-forwarded-for), timestamps, and a persistent UUID and periodically POST that data to a hardcoded third-party endpoint using a static key. Key concerns: data exfiltration of client IPs, persistent tracking via a UUID, default-enabled outbound logging, and stealthy suppression of network errors. This behavior is inappropriate for a security utility unless clearly documented and explicitly opt-in. Recommend not using this module in production until telemetry is removed or made opt-in/configurable (no hardcoded endpoints/keys), error handling is restored (no silent catches), and defaults are safe (no collection by default).
txt2boil
0.4.4
Live on pypi
Blocked by Socket
This code dynamically executes Python taken from comment content labelled 'Python Gen:' by building and eval()-ing a function whose body comes directly from the regex capture. If the 'comm' input can be influenced by an attacker, this is a high-risk remote code execution vector. The group-index remapping makes the capture-to-execution mapping less obvious. Do not use on untrusted input; if this functionality is required, restrict or sanitize inputs, use a safe execution sandbox, or remove dynamic eval altogether.
@dashevo/wasm-dpp
2.0.0-rc.14
by shumkov
Live on npm
Blocked by Socket
Extremely high risk package due to complete obfuscation preventing security analysis. The code is so heavily encoded that its actual functionality cannot be determined through static analysis. This level of obfuscation is highly suspicious and typically indicates malicious intent or attempt to hide unauthorized behavior.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.