Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

only

2019.3.22

Live on pypi

Blocked by Socket

The code contains potentially dangerous functionality: it allows database-controlled filesystem paths to be passed to launchctl load/unload and to be read back by the application without validation or shown authorization. This can enable persistence or privileged actions if an attacker can create/modify Plist records or invoke these methods remotely. There is no evidence of obfuscation or intentional malware, but the design presents a notable supply-chain/privilege risk and should be hardened before use in exposed contexts.

vasprocar

1.1.19.135

Removed from pypi

Blocked by Socket

This fragment appears to be part of a legitimate DOS/pDOS post-processing tool for Quantum ESPRESSO, but it uses multiple high-risk patterns: executing external Python files (exec(open(...).read())), copying and injecting variable content into a script and then executing it, and using bare excepts that suppress errors. These behaviors make the module vulnerable to supply-chain or local-file-tampering attacks: if an attacker can modify files in main_dir or dir_files (or influence the variables used to build filenames), they can achieve arbitrary code execution with the same privileges as the user running this script. I did not find explicit malicious payloads (no networking/exfiltration, no reverse shell code, no hardcoded secrets), so the code itself looks more insecure than intentionally malicious. Recommendation: avoid exec on arbitrary files; validate and/or cryptographically verify any scripts before executing; minimize use of globals and prefer importing modules safely; sanitize inputs and fail loudly rather than swallowing exceptions. Also review the rest of the project for places that set the variables used to build filenames. Note: the fragment contains multiple syntax errors and appears truncated which reduces certainty of the analysis.

Live on pypi for 4 hours and 48 minutes before removal. Socket users were protected even while the package was live.

unbrowse

3.7.0-preview.4

by getfoundry

Live on npm

Blocked by Socket

This module implements high-risk authentication automation. It can decrypt and extract real browser cookies (including session cookies), store them in a local vault, and later inject them back into an automated browser session to achieve authentication replay. It also automates login by polling a third-party email inbox, extracting OTPs or verification links from email content, and completing login in a browser without user interaction. Additionally, it can persist an AgentMail API key into plaintext shell rc files and includes a default auto-update mechanism that executes a remote curl|bash command via execSync—creating a significant supply-chain/remote code execution risk. Even absent explicit C2/backdoor payloads in this excerpt, the credential/session takeover and update behaviors warrant strong security review and sandboxing.

kill-switch

1.1.0

by eiriksm

Live on npm

Blocked by Socket

This file contains a deliberate local HTTP-triggered kill switch. A request to a secret URL path causes the code to call a callback with an Error and then immediately throw, which can crash or disrupt the Node.js process. Although it listens only on 127.0.0.1 (reducing exposure to external attackers), any local actor that can reach localhost and knows the secret can trigger the disruption. No obvious data exfiltration or remote command execution is present in this snippet.

analysis-studio-components

9.999.0

by pavel_palii

Removed from npm

Blocked by Socket

The code is designed to collect and send system information to a remote server, which is a behavior commonly associated with malicious intent or a reconnaissance phase of an attack. The hard-coded URL and the specific data points collected raise significant security concerns.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

@usps/uninstall

476.4.18

by neversummer.69

Live on npm

Blocked by Socket

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

github.com/sourcegraph/sourcegraph

v0.0.0-20210527182654-fb0d769df2b5

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

@jano-editor/editor

1.0.0-alpha.2

by flogersoft

Live on npm

Blocked by Socket

This dependency fragment contains macOS JXA automation that reads from and writes to the system clipboard (including extracting clipboard images to temporary files) and executes dynamically generated JavaScript via osascript. The use of stderr as a structured data channel further increases stealth. This strongly suggests malicious or at least highly privacy-invasive behavior (spy/steal/replace clipboard), even though the broader execa-like subprocess framework is largely legitimate.

rfmux

1.3.2

Live on pypi

Blocked by Socket

This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.

spr-base-ui

9.2.0

by alexbirsan

Removed from npm

Blocked by Socket

The code functions as a DNS-based data exfiltration beacon with runtime DNS reconfiguration for resilience. It targets host/system data, encodes it, and transmits via unusual DNS queries to a controlled domain. The presence of a hostname-based anti-analysis guard and explicit domain suffixes indicates intentional stealth. This represents high security risk and malware-like behavior depending on intent and deployment context.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

pyinfosfinder

9

Live on pypi

Blocked by Socket

This module is malicious: it harvests browser-stored secrets (passwords, cookies, credit cards, history) from Chromium-based browsers on Windows by extracting the browser master key via DPAPI and decrypting stored encrypted fields, killing browser processes to access DBs, and writing consolidated plaintext output to %TEMP%\data.txt. It should be classified as credential-stealing malware and removed/blocked. There is no network exfiltration in this snippet, but the data is clearly staged for exfiltration by other components.

sbcli-configure

1.0.32

Live on pypi

Blocked by Socket

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

create-me

0.0.9

by shenshuaijia

Removed from npm

Blocked by Socket

This code contains a command injection vulnerability where unsanitized user input (package names/versions) is directly concatenated into shell commands executed via exec_promise. This is a legitimate plugin system with poor security practices rather than malicious code, but represents a significant security risk that could allow arbitrary command execution if exploited.

Live on npm for 1 hour and 11 minutes before removal. Socket users were protected even while the package was live.

plengauer/thoth

b979dab7bb19a09563dd825ab82fe21087e44936

Live on actions

Blocked by Socket

The fragment implements a dynamic injection mechanism around git submodule foreach to route execution through an instrumentation/telemetry pathway (otel.sh) via eval and environment overrides. While it may be legitimate for telemetry, in a supply-chain context this represents a serious risk: it can modify commands, execute external scripts, and potentially exfiltrate data. The code exhibits dynamic execution, environment-based overrides, and obfuscated-like argument handling patterns that are suspicious and likely malicious in user-controlled environments. The automatic aliasing of git further elevates risk by enabling persistence across sessions.

relic-mirage-hug741

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The code imports several packages with unusual naming patterns and calls a method `functame` from each, which might indicate an attempt to obscure the actual behavior of these function calls. Without further information on what these packages do, it is difficult to ascertain if the code is malicious. However, the naming convention and lack of clear purpose raise some concerns.

Live on npm for 57 days, 7 hours and 48 minutes before removal. Socket users were protected even while the package was live.

richardtmiles/carbonphp

14.1.3

Live on composer

Blocked by Socket

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

ezlibrary_v2

0.1.79

by techqaq.dev

Live on npm

Blocked by Socket

The code fragment contains strong indicators of obfuscated, potentially malicious behavior: extensive dynamic string construction, embedded credentials, and broad data collection (IP, geo, user agent) paired with external network calls. While not conclusively proven malicious in isolation, the combination of credential leakage, potential privacy violations, and potential data exfiltration via CSV export necessitates a cautious posture. Treat as suspicious until a full-context security review confirms benign intent and ensures data minimization, consent, and secure handling of external data flows.

fsd

0.0.758

Removed from pypi

Blocked by Socket

This code is not obviously a self-contained malware dropper, but it provides a high-privilege execution surface: it runs arbitrary shell commands (shell=True) and writes/appends to files based on external plans or user input without sanitization. That makes it dangerous in contexts where steps/plans or inputs are untrusted or come from remote services. If upstream agents or data are compromised, this module can be abused to execute arbitrary code, modify repository or system files, or launch persistent processes. Recommend treating inputs as untrusted, adding strict validation/sanitization for commands and file paths, avoiding shell=True or using explicit argument lists, and adding allowlists and dry-run / manual approval for changes.

Live on pypi for 5 days, 5 hours and 28 minutes before removal. Socket users were protected even while the package was live.

bane

4.8.6

Live on pypi

Blocked by Socket

This code is malicious by design or at minimum is a clearly offensive/abusive toolkit: it performs mass internet scanning, port probing, service-specific exploitation and credential brute-forcing, and logs stolen credentials locally. The presence of telnet bot recruitment behavior, aggressive multi-threading, and suppressed error reporting increases its stealth and danger. Do not include or run this code in production or on networks you do not own/operate. Treat it as high-risk malware/botnet component.

common-tg-service

1.3.178

by shetty123

Live on npm

Blocked by Socket

This module is strongly suspicious: it selectively captures private messages from a specific Telegram chat ID, treats the incoming message text as a login/auth code, forwards it—along with clientId and phoneNumber—to an external notification endpoint via an outbound network request, and also logs the sensitive content. These are high-risk behaviors consistent with authentication secret exfiltration rather than benign notifications.

hs-lodash

4.999.0

Removed from npm

Blocked by Socket

The code is performing unauthorized data exfiltration by sending system information to a remote server. This is a clear indication of malicious behavior, posing a significant security risk.

Live on npm for 1 hour and 2 minutes before removal. Socket users were protected even while the package was live.

elf-stats-peppermint-candy-233

1.0.0

by dryy

Live on npm

Blocked by Socket

This code fragment establishes a backdoor reverse shell to an external attacker using a named pipe, a persistent interactive shell, and a netcat connection. It constitutes a severe supply-chain/host compromise risk and should be removed and audited. Immediate remediation includes removing such payloads, isolating affected systems, and auditing Node.js process execution paths for unsanitized shell access.

babel-preset-reatc

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

mtmai

0.3.1152

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

only

2019.3.22

Live on pypi

Blocked by Socket

The code contains potentially dangerous functionality: it allows database-controlled filesystem paths to be passed to launchctl load/unload and to be read back by the application without validation or shown authorization. This can enable persistence or privileged actions if an attacker can create/modify Plist records or invoke these methods remotely. There is no evidence of obfuscation or intentional malware, but the design presents a notable supply-chain/privilege risk and should be hardened before use in exposed contexts.

vasprocar

1.1.19.135

Removed from pypi

Blocked by Socket

This fragment appears to be part of a legitimate DOS/pDOS post-processing tool for Quantum ESPRESSO, but it uses multiple high-risk patterns: executing external Python files (exec(open(...).read())), copying and injecting variable content into a script and then executing it, and using bare excepts that suppress errors. These behaviors make the module vulnerable to supply-chain or local-file-tampering attacks: if an attacker can modify files in main_dir or dir_files (or influence the variables used to build filenames), they can achieve arbitrary code execution with the same privileges as the user running this script. I did not find explicit malicious payloads (no networking/exfiltration, no reverse shell code, no hardcoded secrets), so the code itself looks more insecure than intentionally malicious. Recommendation: avoid exec on arbitrary files; validate and/or cryptographically verify any scripts before executing; minimize use of globals and prefer importing modules safely; sanitize inputs and fail loudly rather than swallowing exceptions. Also review the rest of the project for places that set the variables used to build filenames. Note: the fragment contains multiple syntax errors and appears truncated which reduces certainty of the analysis.

Live on pypi for 4 hours and 48 minutes before removal. Socket users were protected even while the package was live.

unbrowse

3.7.0-preview.4

by getfoundry

Live on npm

Blocked by Socket

This module implements high-risk authentication automation. It can decrypt and extract real browser cookies (including session cookies), store them in a local vault, and later inject them back into an automated browser session to achieve authentication replay. It also automates login by polling a third-party email inbox, extracting OTPs or verification links from email content, and completing login in a browser without user interaction. Additionally, it can persist an AgentMail API key into plaintext shell rc files and includes a default auto-update mechanism that executes a remote curl|bash command via execSync—creating a significant supply-chain/remote code execution risk. Even absent explicit C2/backdoor payloads in this excerpt, the credential/session takeover and update behaviors warrant strong security review and sandboxing.

kill-switch

1.1.0

by eiriksm

Live on npm

Blocked by Socket

This file contains a deliberate local HTTP-triggered kill switch. A request to a secret URL path causes the code to call a callback with an Error and then immediately throw, which can crash or disrupt the Node.js process. Although it listens only on 127.0.0.1 (reducing exposure to external attackers), any local actor that can reach localhost and knows the secret can trigger the disruption. No obvious data exfiltration or remote command execution is present in this snippet.

analysis-studio-components

9.999.0

by pavel_palii

Removed from npm

Blocked by Socket

The code is designed to collect and send system information to a remote server, which is a behavior commonly associated with malicious intent or a reconnaissance phase of an attack. The hard-coded URL and the specific data points collected raise significant security concerns.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

@usps/uninstall

476.4.18

by neversummer.69

Live on npm

Blocked by Socket

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

github.com/sourcegraph/sourcegraph

v0.0.0-20210527182654-fb0d769df2b5

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

@jano-editor/editor

1.0.0-alpha.2

by flogersoft

Live on npm

Blocked by Socket

This dependency fragment contains macOS JXA automation that reads from and writes to the system clipboard (including extracting clipboard images to temporary files) and executes dynamically generated JavaScript via osascript. The use of stderr as a structured data channel further increases stealth. This strongly suggests malicious or at least highly privacy-invasive behavior (spy/steal/replace clipboard), even though the broader execa-like subprocess framework is largely legitimate.

rfmux

1.3.2

Live on pypi

Blocked by Socket

This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.

spr-base-ui

9.2.0

by alexbirsan

Removed from npm

Blocked by Socket

The code functions as a DNS-based data exfiltration beacon with runtime DNS reconfiguration for resilience. It targets host/system data, encodes it, and transmits via unusual DNS queries to a controlled domain. The presence of a hostname-based anti-analysis guard and explicit domain suffixes indicates intentional stealth. This represents high security risk and malware-like behavior depending on intent and deployment context.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

pyinfosfinder

9

Live on pypi

Blocked by Socket

This module is malicious: it harvests browser-stored secrets (passwords, cookies, credit cards, history) from Chromium-based browsers on Windows by extracting the browser master key via DPAPI and decrypting stored encrypted fields, killing browser processes to access DBs, and writing consolidated plaintext output to %TEMP%\data.txt. It should be classified as credential-stealing malware and removed/blocked. There is no network exfiltration in this snippet, but the data is clearly staged for exfiltration by other components.

sbcli-configure

1.0.32

Live on pypi

Blocked by Socket

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

create-me

0.0.9

by shenshuaijia

Removed from npm

Blocked by Socket

This code contains a command injection vulnerability where unsanitized user input (package names/versions) is directly concatenated into shell commands executed via exec_promise. This is a legitimate plugin system with poor security practices rather than malicious code, but represents a significant security risk that could allow arbitrary command execution if exploited.

Live on npm for 1 hour and 11 minutes before removal. Socket users were protected even while the package was live.

plengauer/thoth

b979dab7bb19a09563dd825ab82fe21087e44936

Live on actions

Blocked by Socket

The fragment implements a dynamic injection mechanism around git submodule foreach to route execution through an instrumentation/telemetry pathway (otel.sh) via eval and environment overrides. While it may be legitimate for telemetry, in a supply-chain context this represents a serious risk: it can modify commands, execute external scripts, and potentially exfiltrate data. The code exhibits dynamic execution, environment-based overrides, and obfuscated-like argument handling patterns that are suspicious and likely malicious in user-controlled environments. The automatic aliasing of git further elevates risk by enabling persistence across sessions.

relic-mirage-hug741

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The code imports several packages with unusual naming patterns and calls a method `functame` from each, which might indicate an attempt to obscure the actual behavior of these function calls. Without further information on what these packages do, it is difficult to ascertain if the code is malicious. However, the naming convention and lack of clear purpose raise some concerns.

Live on npm for 57 days, 7 hours and 48 minutes before removal. Socket users were protected even while the package was live.

richardtmiles/carbonphp

14.1.3

Live on composer

Blocked by Socket

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

ezlibrary_v2

0.1.79

by techqaq.dev

Live on npm

Blocked by Socket

The code fragment contains strong indicators of obfuscated, potentially malicious behavior: extensive dynamic string construction, embedded credentials, and broad data collection (IP, geo, user agent) paired with external network calls. While not conclusively proven malicious in isolation, the combination of credential leakage, potential privacy violations, and potential data exfiltration via CSV export necessitates a cautious posture. Treat as suspicious until a full-context security review confirms benign intent and ensures data minimization, consent, and secure handling of external data flows.

fsd

0.0.758

Removed from pypi

Blocked by Socket

This code is not obviously a self-contained malware dropper, but it provides a high-privilege execution surface: it runs arbitrary shell commands (shell=True) and writes/appends to files based on external plans or user input without sanitization. That makes it dangerous in contexts where steps/plans or inputs are untrusted or come from remote services. If upstream agents or data are compromised, this module can be abused to execute arbitrary code, modify repository or system files, or launch persistent processes. Recommend treating inputs as untrusted, adding strict validation/sanitization for commands and file paths, avoiding shell=True or using explicit argument lists, and adding allowlists and dry-run / manual approval for changes.

Live on pypi for 5 days, 5 hours and 28 minutes before removal. Socket users were protected even while the package was live.

bane

4.8.6

Live on pypi

Blocked by Socket

This code is malicious by design or at minimum is a clearly offensive/abusive toolkit: it performs mass internet scanning, port probing, service-specific exploitation and credential brute-forcing, and logs stolen credentials locally. The presence of telnet bot recruitment behavior, aggressive multi-threading, and suppressed error reporting increases its stealth and danger. Do not include or run this code in production or on networks you do not own/operate. Treat it as high-risk malware/botnet component.

common-tg-service

1.3.178

by shetty123

Live on npm

Blocked by Socket

This module is strongly suspicious: it selectively captures private messages from a specific Telegram chat ID, treats the incoming message text as a login/auth code, forwards it—along with clientId and phoneNumber—to an external notification endpoint via an outbound network request, and also logs the sensitive content. These are high-risk behaviors consistent with authentication secret exfiltration rather than benign notifications.

hs-lodash

4.999.0

Removed from npm

Blocked by Socket

The code is performing unauthorized data exfiltration by sending system information to a remote server. This is a clear indication of malicious behavior, posing a significant security risk.

Live on npm for 1 hour and 2 minutes before removal. Socket users were protected even while the package was live.

elf-stats-peppermint-candy-233

1.0.0

by dryy

Live on npm

Blocked by Socket

This code fragment establishes a backdoor reverse shell to an external attacker using a named pipe, a persistent interactive shell, and a netcat connection. It constitutes a severe supply-chain/host compromise risk and should be removed and audited. Immediate remediation includes removing such payloads, isolating affected systems, and auditing Node.js process execution paths for unsanitized shell access.

babel-preset-reatc

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

mtmai

0.3.1152

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles