Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

overseen

0.2.3

by itselviz

Live on npm

Blocked by Socket

This code is highly suspicious and likely malicious for the following reasons: it intentionally hides its logic via heavy obfuscation; it reads a stored Discord user token and uses it to perform programmatic axios requests to fetch channel messages; it repeatedly polls and parses message content (including potentially sensitive data like prices, identifiers, or private messages) and sends data out (HTTP requests and ipcRenderer notifications). This behavior is consistent with credential harvesting, account data scraping, and exfiltration. I recommend not running or shipping this code, auditing the full package and any other modules it depends on, rotating Discord credentials for any impacted accounts, and removing the package from deployments.

kimix

0.1.6

Live on pypi

Blocked by Socket

This module exposes extremely dangerous server-side capabilities through simple command handlers: direct arbitrary Python execution (`exec`), direct arbitrary OS/shell execution (`os.system`), arbitrary local file reading (`read_text` on caller-controlled paths), and process working-directory changes (`os.chdir`). Unless strictly restricted to authenticated, trusted operators elsewhere in the system, this constitutes an immediate remote compromise/backdoor-like risk. No overt obfuscation is present; the primary threat stems from the explicit execution and file-disclosure primitives.

xync-client

0.0.99.dev3

Live on pypi

Blocked by Socket

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

cve-2022-0739

1.0.0

Live on pypi

Blocked by Socket

This script is an exploit tool designed to perform SQL injection against the BookingPress WordPress plugin to enumerate database information and extract WordPress user credentials (usernames, emails, password hashes). It is explicitly malicious/offensive: it constructs injection payloads, harvests nonces to authenticate AJAX requests, and prints/exfiltrates sensitive data. It should not be used against systems without explicit authorization. Recommend treating this package or file as malicious exploit code and blocking or removing it from environments where arbitrary code execution or internet access to attacker-controlled targets is not allowed.

devsense.phptools-vscode

1.36.13417

Live on openvsx

Blocked by Socket

The fragment contains a credible data-exfiltration/backdoor pattern via a Node-based XMLHttpRequest path that writes to temporary disk files and spawns child processes to perform network I/O, coupled with obfuscated/minified sections and broad library bundling. While some components may be legitimate, the combination constitutes a notable security risk for supply chain trust in an OpenVSX extension. Recommend isolating or removing the IPC-like HTTP path, replacing with audited HTTP client usage, and performing a focused security review of the bundle before distribution.

354766/anajuliabit/memoclaw-skill/memoclaw/

49f74175eec708a7cd92e1bd74e80f6738c19b36

Live on socket

Blocked by Socket

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The MemoClaw docs and example integration present a compelling utility (persistent, vectorized memory storage) but expose a significant security design flaw: they require or encourage supplying the full wallet private key (via environment or config) and the JS example demonstrates transmitting that private key in API request bodies. This pattern is an unnecessary and dangerous credential‑exfiltration vector. Treat the package as high‑risk unless the implementation is audited and changed to perform local signing only and to avoid persisting or transmitting raw private keys. Do not use real wallets with this CLI/service until the auth flow is proven safe; if testing, use a dedicated empty wallet. Also audit any bulk ingest behavior to prevent accidental upload of sensitive local files. LLM verification: SUSPICIOUS — The skill's stated purpose matches its described capabilities (remote memory with wallet-based identity), but it requests a high-value secret (private key in MEMOCLAW_PRIVATE_KEY) which is disproportionate and introduces financial and impersonation risk. Centralizing potentially sensitive user data on api.memoclaw.com is a privacy risk, and the included static scanner findings (npm install references, directive to hide actions) increase suspicion of additional undisclosed install-ti

odaislib

1.11.3

Removed from pypi

Blocked by Socket

This code fragment is extremely suspicious and likely malicious. It implements multi-provider credential checking/auth automation, harvests and returns authentication artifacts (often alongside plaintext passwords), and contains a direct remote-code-execution generator (writes a loader that exec()s content fetched from a paste URL). Combined with TLS verification disabling and proxy routing, the overall security risk is critical; the module should not be used in any production or security-sensitive environment without strong isolation and removal/replace.

Live on pypi for 7 days, 12 hours and 18 minutes before removal. Socket users were protected even while the package was live.

github.com/weaveworks/weave

v1.4.5-0.20160209204259-264d5e482838

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

pybotnet

0.18.9

Live on pypi

Blocked by Socket

This module contains clear backdoor/botnet-like capabilities: targeted command dispatch (via host MAC token), remote arbitrary shell execution, system information gathering, and references to file transfer and screenshot features enabling exfiltration. Code quality issues exist (incorrect exception handling and malformed help output), but these do not reduce the severity of the functionality. Treat this package as malicious: do not run on production systems, isolate and analyze the rest of the repository in a controlled environment to identify C2 endpoints and exfiltration behavior.

option-trader

0.2.52

by jihuang4922

Removed from pypi

Blocked by Socket

The code is primarily intended for sending email notifications related to stock trading activities, but it includes hard-coded credentials and handles user data, raising potential security risks.

Live on pypi for 96 days, 22 hours and 17 minutes before removal. Socket users were protected even while the package was live.

requetses

0.5

Removed from pypi

Blocked by Socket

The code exhibits malicious behavior by attempting to exfiltrate user data (images) without consent, using hardcoded credentials to send the data to a Telegram bot. This constitutes a significant security risk and aligns with data theft activities.

Live on pypi for 2 hours and 47 minutes before removal. Socket users were protected even while the package was live.

ailever

0.2.283

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

github.com/sourcegraph/sourcegraph

v0.0.0-20210630185832-867df51fe47e

Live on go

Blocked by Socket

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

imagecomponents.wpf.imaging

4.0.0

by Image Components

Live on nuget

Blocked by Socket

This assembly contains a heavily obfuscated runtime loader/unpacker that reads encrypted embedded resources, performs cryptographic verification, allocates executable memory or writes into the process image (including /proc/self/mem), patches CLR/runtime method pointers and executes native payloads. Those behaviors are not consistent with a harmless WPF utilities package and match in-memory code-injection/loader/backdoor patterns. Treat this component as malicious or high-risk: do not include it in trusted supply chains until the maintainer provides a full, auditable justification and source-level transparency (preferably removing/isolating the loader).

@payvo/sdk-eos

1.1.19

by faustbrian

Live on npm

Blocked by Socket

This code contains a critical supply chain attack. The broadcast method ignores user input and always executes a hardcoded cryptocurrency transfer before throwing a NotImplemented exception to hide the malicious behavior. Every application using this service will attempt unauthorized token transfers.

patientenapp

6.19.1563

Removed from npm

Blocked by Socket

The code is malicious as it collects and sends system information to a remote server. It is heavily obfuscated to hide its true intent, which is indicative of malware.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

ikjbot

0.0.2

Live on pypi

Blocked by Socket

The code exhibits remote-configurable bot control with privilege management and persistence mechanisms, which together create meaningful abuse potential and supply-chain-like risk if tampered or deployed in uncontrolled environments. While some functionality aligns with legitimate automation, the remote admin/password flow and ability to alter party state remotely constitute a backdoor-like capability. Treat as high-risk; require strict authentication, remove remote password provisioning, harden admin management, audit external endpoints, and limit self-restart behaviors. A thorough code audit and containment in a trusted build process are recommended.

hs-lodash

4.6.999

Removed from npm

Blocked by Socket

The code is malicious as it exfiltrates sensitive system information to an external domain using DNS queries. This poses a significant security risk.

Live on npm for 2 hours and 31 minutes before removal. Socket users were protected even while the package was live.

yrodevgit/codetazer

v9.0.7

Live on composer

Blocked by Socket

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

cl-lite

1.0.1270

by michael_tian

Live on npm

Blocked by Socket

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

agentry-community

1.0.6

Live on pypi

Blocked by Socket

This code contains a high-risk command-injection pattern: it constructs a shell command from user input and calls subprocess.run with shell=True. While there is no direct sign of obfuscation, embedded backdoors, or built-in network exfiltration, the unsafe execution pattern is sufficient to enable arbitrary command execution, data theft, or destruction if an attacker can supply the 'command' or 'working_directory' values. Remediation is required: avoid shell=True, parse/validate inputs, constrain working_directory, and avoid returning raw command outputs to untrusted callers.

admin10001

1.0.220

by rank121

Removed from npm

Blocked by Socket

This package runs a preinstall step that fetches Google Cloud instance metadata and immediately posts it to an external domain. That behavior is direct data exfiltration of sensitive cloud metadata and is highly malicious. Do not install this package in any environment (especially cloud instances). Investigate any exposure of credentials and revoke affected service account keys or tokens.

Live on npm for 20 hours and 47 minutes before removal. Socket users were protected even while the package was live.

utility2

2019.11.24

by kaizhu

Live on npm

Blocked by Socket

This fragment is a mixed bundle: most visible logic is CSS parsing/linting, but it also contains explicit high-privilege capabilities—RCE via vm.runInThisContext on a raw CLI argument, destructive deletion via spawnSync('rm','-rf', dir), and arbitrary filesystem writes (with mkdir fallback). Even without proof of invocation, the presence of these primitives in a dependency creates a serious supply-chain security concern. Verify package entrypoints/public APIs, confirm whether these helpers are reachable in typical usage, and restrict/disable dangerous functionality where possible.

passagemath-standard

10.4.5

Removed from pypi

Blocked by Socket

The code offers convenient completion helpers but contains a high-risk pattern: using eval() on a substring derived from a user-controlled completion string with an attacker-controlled or broad globals mapping. This enables arbitrary code execution and information disclosure of objects available in 'globs'. The fragment is not evidently malicious or obfuscated, but it represents a moderate-to-high security risk in any context where 's' or 'globs' can be influenced by untrusted parties. Recommend removing eval and implementing a safe dotted-name resolution and tightening what globals are exposed.

Live on pypi for 1 day, 7 hours and 50 minutes before removal. Socket users were protected even while the package was live.

overseen

0.2.3

by itselviz

Live on npm

Blocked by Socket

This code is highly suspicious and likely malicious for the following reasons: it intentionally hides its logic via heavy obfuscation; it reads a stored Discord user token and uses it to perform programmatic axios requests to fetch channel messages; it repeatedly polls and parses message content (including potentially sensitive data like prices, identifiers, or private messages) and sends data out (HTTP requests and ipcRenderer notifications). This behavior is consistent with credential harvesting, account data scraping, and exfiltration. I recommend not running or shipping this code, auditing the full package and any other modules it depends on, rotating Discord credentials for any impacted accounts, and removing the package from deployments.

kimix

0.1.6

Live on pypi

Blocked by Socket

This module exposes extremely dangerous server-side capabilities through simple command handlers: direct arbitrary Python execution (`exec`), direct arbitrary OS/shell execution (`os.system`), arbitrary local file reading (`read_text` on caller-controlled paths), and process working-directory changes (`os.chdir`). Unless strictly restricted to authenticated, trusted operators elsewhere in the system, this constitutes an immediate remote compromise/backdoor-like risk. No overt obfuscation is present; the primary threat stems from the explicit execution and file-disclosure primitives.

xync-client

0.0.99.dev3

Live on pypi

Blocked by Socket

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

cve-2022-0739

1.0.0

Live on pypi

Blocked by Socket

This script is an exploit tool designed to perform SQL injection against the BookingPress WordPress plugin to enumerate database information and extract WordPress user credentials (usernames, emails, password hashes). It is explicitly malicious/offensive: it constructs injection payloads, harvests nonces to authenticate AJAX requests, and prints/exfiltrates sensitive data. It should not be used against systems without explicit authorization. Recommend treating this package or file as malicious exploit code and blocking or removing it from environments where arbitrary code execution or internet access to attacker-controlled targets is not allowed.

devsense.phptools-vscode

1.36.13417

Live on openvsx

Blocked by Socket

The fragment contains a credible data-exfiltration/backdoor pattern via a Node-based XMLHttpRequest path that writes to temporary disk files and spawns child processes to perform network I/O, coupled with obfuscated/minified sections and broad library bundling. While some components may be legitimate, the combination constitutes a notable security risk for supply chain trust in an OpenVSX extension. Recommend isolating or removing the IPC-like HTTP path, replacing with audited HTTP client usage, and performing a focused security review of the bundle before distribution.

354766/anajuliabit/memoclaw-skill/memoclaw/

49f74175eec708a7cd92e1bd74e80f6738c19b36

Live on socket

Blocked by Socket

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The MemoClaw docs and example integration present a compelling utility (persistent, vectorized memory storage) but expose a significant security design flaw: they require or encourage supplying the full wallet private key (via environment or config) and the JS example demonstrates transmitting that private key in API request bodies. This pattern is an unnecessary and dangerous credential‑exfiltration vector. Treat the package as high‑risk unless the implementation is audited and changed to perform local signing only and to avoid persisting or transmitting raw private keys. Do not use real wallets with this CLI/service until the auth flow is proven safe; if testing, use a dedicated empty wallet. Also audit any bulk ingest behavior to prevent accidental upload of sensitive local files. LLM verification: SUSPICIOUS — The skill's stated purpose matches its described capabilities (remote memory with wallet-based identity), but it requests a high-value secret (private key in MEMOCLAW_PRIVATE_KEY) which is disproportionate and introduces financial and impersonation risk. Centralizing potentially sensitive user data on api.memoclaw.com is a privacy risk, and the included static scanner findings (npm install references, directive to hide actions) increase suspicion of additional undisclosed install-ti

odaislib

1.11.3

Removed from pypi

Blocked by Socket

This code fragment is extremely suspicious and likely malicious. It implements multi-provider credential checking/auth automation, harvests and returns authentication artifacts (often alongside plaintext passwords), and contains a direct remote-code-execution generator (writes a loader that exec()s content fetched from a paste URL). Combined with TLS verification disabling and proxy routing, the overall security risk is critical; the module should not be used in any production or security-sensitive environment without strong isolation and removal/replace.

Live on pypi for 7 days, 12 hours and 18 minutes before removal. Socket users were protected even while the package was live.

github.com/weaveworks/weave

v1.4.5-0.20160209204259-264d5e482838

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

pybotnet

0.18.9

Live on pypi

Blocked by Socket

This module contains clear backdoor/botnet-like capabilities: targeted command dispatch (via host MAC token), remote arbitrary shell execution, system information gathering, and references to file transfer and screenshot features enabling exfiltration. Code quality issues exist (incorrect exception handling and malformed help output), but these do not reduce the severity of the functionality. Treat this package as malicious: do not run on production systems, isolate and analyze the rest of the repository in a controlled environment to identify C2 endpoints and exfiltration behavior.

option-trader

0.2.52

by jihuang4922

Removed from pypi

Blocked by Socket

The code is primarily intended for sending email notifications related to stock trading activities, but it includes hard-coded credentials and handles user data, raising potential security risks.

Live on pypi for 96 days, 22 hours and 17 minutes before removal. Socket users were protected even while the package was live.

requetses

0.5

Removed from pypi

Blocked by Socket

The code exhibits malicious behavior by attempting to exfiltrate user data (images) without consent, using hardcoded credentials to send the data to a Telegram bot. This constitutes a significant security risk and aligns with data theft activities.

Live on pypi for 2 hours and 47 minutes before removal. Socket users were protected even while the package was live.

ailever

0.2.283

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

github.com/sourcegraph/sourcegraph

v0.0.0-20210630185832-867df51fe47e

Live on go

Blocked by Socket

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

imagecomponents.wpf.imaging

4.0.0

by Image Components

Live on nuget

Blocked by Socket

This assembly contains a heavily obfuscated runtime loader/unpacker that reads encrypted embedded resources, performs cryptographic verification, allocates executable memory or writes into the process image (including /proc/self/mem), patches CLR/runtime method pointers and executes native payloads. Those behaviors are not consistent with a harmless WPF utilities package and match in-memory code-injection/loader/backdoor patterns. Treat this component as malicious or high-risk: do not include it in trusted supply chains until the maintainer provides a full, auditable justification and source-level transparency (preferably removing/isolating the loader).

@payvo/sdk-eos

1.1.19

by faustbrian

Live on npm

Blocked by Socket

This code contains a critical supply chain attack. The broadcast method ignores user input and always executes a hardcoded cryptocurrency transfer before throwing a NotImplemented exception to hide the malicious behavior. Every application using this service will attempt unauthorized token transfers.

patientenapp

6.19.1563

Removed from npm

Blocked by Socket

The code is malicious as it collects and sends system information to a remote server. It is heavily obfuscated to hide its true intent, which is indicative of malware.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

ikjbot

0.0.2

Live on pypi

Blocked by Socket

The code exhibits remote-configurable bot control with privilege management and persistence mechanisms, which together create meaningful abuse potential and supply-chain-like risk if tampered or deployed in uncontrolled environments. While some functionality aligns with legitimate automation, the remote admin/password flow and ability to alter party state remotely constitute a backdoor-like capability. Treat as high-risk; require strict authentication, remove remote password provisioning, harden admin management, audit external endpoints, and limit self-restart behaviors. A thorough code audit and containment in a trusted build process are recommended.

hs-lodash

4.6.999

Removed from npm

Blocked by Socket

The code is malicious as it exfiltrates sensitive system information to an external domain using DNS queries. This poses a significant security risk.

Live on npm for 2 hours and 31 minutes before removal. Socket users were protected even while the package was live.

yrodevgit/codetazer

v9.0.7

Live on composer

Blocked by Socket

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

cl-lite

1.0.1270

by michael_tian

Live on npm

Blocked by Socket

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

agentry-community

1.0.6

Live on pypi

Blocked by Socket

This code contains a high-risk command-injection pattern: it constructs a shell command from user input and calls subprocess.run with shell=True. While there is no direct sign of obfuscation, embedded backdoors, or built-in network exfiltration, the unsafe execution pattern is sufficient to enable arbitrary command execution, data theft, or destruction if an attacker can supply the 'command' or 'working_directory' values. Remediation is required: avoid shell=True, parse/validate inputs, constrain working_directory, and avoid returning raw command outputs to untrusted callers.

admin10001

1.0.220

by rank121

Removed from npm

Blocked by Socket

This package runs a preinstall step that fetches Google Cloud instance metadata and immediately posts it to an external domain. That behavior is direct data exfiltration of sensitive cloud metadata and is highly malicious. Do not install this package in any environment (especially cloud instances). Investigate any exposure of credentials and revoke affected service account keys or tokens.

Live on npm for 20 hours and 47 minutes before removal. Socket users were protected even while the package was live.

utility2

2019.11.24

by kaizhu

Live on npm

Blocked by Socket

This fragment is a mixed bundle: most visible logic is CSS parsing/linting, but it also contains explicit high-privilege capabilities—RCE via vm.runInThisContext on a raw CLI argument, destructive deletion via spawnSync('rm','-rf', dir), and arbitrary filesystem writes (with mkdir fallback). Even without proof of invocation, the presence of these primitives in a dependency creates a serious supply-chain security concern. Verify package entrypoints/public APIs, confirm whether these helpers are reachable in typical usage, and restrict/disable dangerous functionality where possible.

passagemath-standard

10.4.5

Removed from pypi

Blocked by Socket

The code offers convenient completion helpers but contains a high-risk pattern: using eval() on a substring derived from a user-controlled completion string with an attacker-controlled or broad globals mapping. This enables arbitrary code execution and information disclosure of objects available in 'globs'. The fragment is not evidently malicious or obfuscated, but it represents a moderate-to-high security risk in any context where 's' or 'globs' can be influenced by untrusted parties. Recommend removing eval and implementing a safe dotted-name resolution and tightening what globals are exposed.

Live on pypi for 1 day, 7 hours and 50 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles