
Security News
GitHub Actions Pricing Whiplash: Self-Hosted Actions Billing Change Postponed
GitHub postponed a new billing model for self-hosted Actions after developer pushback, but moved forward with hosted runner price cuts on January 1.
Quickly evaluate the security and health of any open source package.
snow-flow
8.6.3
Live on npm
Blocked by Socket
This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.
pitlakq
1.7.0
Live on PyPI
Blocked by Socket
This module performs deliberate on-disk tampering of a packaged Python runtime (library.zip) and changes a script so its main block executes on import, then triggers that import — a capability commonly used for stealthy code injection and persistence in packaged Python applications. The code is intrusive and high-risk: it alters application bundles, executes arbitrary script content at import time, and attempts to remove traces. There is no explicit network exfiltration in this fragment, but the behavior is consistent with a post-compromise persistence or supply-chain injection primitive. Treat this code as untrusted and high risk; review any scripts processed by it and audit/restore any altered library.zip artifacts.
lnxlink
2024.10.0
Live on PyPI
Blocked by Socket
High-risk dynamic loader: this code intentionally executes external Python code from package files, arbitrary local paths, and remote HTTP(S) .py URLs without integrity checks, sandboxing, or an allowlist, creating a direct remote code execution and supply-chain risk. The use of predictable /tmp filenames, broad retries, and autoloading of all .py files in the directory increases attack surface. Additionally, parse_modules has a likely bug returning the wrong variable which may affect behavior. Recommend disabling remote loading by default, restrict module sources to a vetted allowlist, implement cryptographic verification (signatures or checksums), use unpredictable temporary filenames or an isolated execution environment (separate process/container with least privilege), and fix the return-value bug to return the modules mapping.
rmraf
0.1.0
by tomarrell
Live on npm
Blocked by Socket
The code contains a high-risk destructive operation (rm -rf /) triggered based on user input and a probabilistic mechanism. If executed, it will attempt to wipe the root filesystem, which is extremely dangerous and indicates malware-like behavior or a severely flawed utility. This warrants immediate removal or strict sanitization (e.g., remove rimraf() entirely, implement a safe, non-destructive default, or sandbox execution).
atestofwhatmighthappenifwetypo
0.0.9
by davycrockett5729492
Removed from npm
Blocked by Socket
The source code exhibits clear signs of malicious behavior, including downloading and executing files from an external domain, changing file permissions, and running the files with elevated permissions. The risk and malware scores should be high due to the potential for significant harm. The obfuscation score is lower, as the code is not heavily obfuscated but does contain some minor obfuscation techniques.
Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.
sbcli-dm
1.0.2
Live on PyPI
Blocked by Socket
This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.
sportsbook-env-generator
4.14.4
by theocusnir
Removed from npm
Blocked by Socket
This script is sending potentially sensitive information to a remote server without clear justification or explanation. This behavior is highly suspicious and could be indicative of malicious intent.
Live on npm for 2 days, 5 hours and 34 minutes before removal. Socket users were protected even while the package was live.
ailever
0.2.257
Live on PyPI
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
fxa
2.1.0
by omtest
Removed from npm
Blocked by Socket
The code collects and sends sensitive system information to an external server without user consent, which poses a significant privacy and security risk. This behavior is indicative of potential malicious intent.
Live on npm for 7 days, 16 hours and 45 minutes before removal. Socket users were protected even while the package was live.
pyrockoeost
2023.2
Live on PyPI
Blocked by Socket
This module appears to be legitimate application code for data acquisition and GUI, not an obvious active malware/backdoor. However there are high-risk insecure patterns: untrusted pickle.loads on network input (remote code execution risk) and automatic sending of identifying system information to a hard-coded endpoint in the first-run wizard (privacy/data exfiltration risk). These are serious security concerns in supply-chain and network threat models. Recommend: avoid using this code in environments where network peers are untrusted, replace pickle-based wire protocol with a safe serialization format (e.g., JSON or protobuf) or add strong authentication and integrity checks, and make telemetry opt-in/clear with an option to disable; review and harden any code that accepts remote connections.
burplabs
0.3.1
Live on PyPI
Blocked by Socket
This module is offensive exploit code designed to abuse an SSRF vulnerability to (1) enumerate an internal 192.168.0.0/24:8080 network and (2) trigger a destructive action to delete the user 'carlos' on an internal admin interface. It suppresses TLS verification/warnings, actively scans private IPs, and issues follow-up destructive requests when a host responds. The code contains a sloppy/broken exception handler (returns 'Tru') but that does not change its malicious intent. Treat as high-risk offensive tooling; do not run against systems without explicit authorization and avoid including in trusted dependencies.
unity-util
1.0.0
by naveenkmt6
Removed from npm
Blocked by Socket
The script collects a significant amount of potentially sensitive data and sends it to a remote server without explicit consent, which could be considered privacy invasive and potentially malicious. The specific use of a pipedream.net URL could be benign (for debugging or telemetry in a development setting), but without further context, this behavior is suspicious. The intent behind sending package and system information to an external server should be clarified, and user consent should be obtained before such actions.
Live on npm for 1 minute before removal. Socket users were protected even while the package was live.
@vkplay/shared
10.10.13
Live on npm
Blocked by Socket
The code collects sensitive system information, including the user's home directory, hostname, username, DNS server addresses, and package details from 'package.json'. It then sends this data via an HTTPS POST request to a potentially malicious external server at 'rwrsaobnenftrgnszwrlc31bg1ohlwe72[.]oast[.]fun' without user consent. This unauthorized data exfiltration poses a significant security risk.
spike-py
0.99.15
Live on PyPI
Blocked by Socket
This module contains clear, intentional data-exfiltration behavior: it captures stderr output to a local file, emails that file to a remote Gmail address using hard-coded credentials, and deletes the local evidence. These are canonical indicators of spyware/telemetry/backdoor behavior. Unless this exact behavior is explicitly authorized and credentials are managed securely (they are not), the code should be considered malicious or unacceptable for use in production. At minimum, remove or disable the automatic emailing, eliminate hard-coded credentials, and require explicit opt-in and configuration before any data leaves the host.
nyc-config
0.8.0
by jpdtestjpd
Live on npm
Blocked by Socket
This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.
vy
3.10.0
Removed from PyPI
Blocked by Socket
This module is not obfuscated and shows no explicit backdoor or exfiltration code, but it performs many shell-based filesystem operations using user-controlled strings with shell=True and insufficient sanitization — creating high risk of command injection and accidental or malicious destructive actions (rm -fr, mv, cp). Treat this code as unsafe for use in untrusted contexts; it should be refactored to avoid shell=True, use list-argument subprocess calls, and properly validate/escape inputs before filesystem operations.
Live on PyPI for 5 days, 17 hours and 13 minutes before removal. Socket users were protected even while the package was live.
qg-toolkit
1.0.57
Live on PyPI
Blocked by Socket
The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.
asgihandler
0.4.2
Live on PyPI
Blocked by Socket
This module takes caller-supplied context (including a likely secret 'token') and sends it to a hard-coded external URL. That behavior constitutes data exfiltration risk and is highly suspicious for a library dependency. The implementation contains a bug in the exception handler (undefined 'pas') that can cause unhandled exceptions. Treat this code as untrusted: remove or isolate it, block the outbound domain, or replace with an audited telemetry mechanism that never sends secrets and supports opt-out. If you must use it, review call-sites to ensure no sensitive data is passed and add proper error handling and configurability.
bio-pype
2.0.99a0
Removed from PyPI
Blocked by Socket
The code implements a powerful snippet engine that parses Markdown snippet files, writes their code blocks to executable temporary files, and runs them. By design this allows arbitrary code execution from snippet files and uses unsandboxed subprocess invocations, which is expected functionality but constitutes a significant security risk if snippet sources are untrusted. I found no evidence of deliberate obfuscation or embedded malicious payloads in this module itself, but the execution model makes it easy for malicious snippets (from packages, compromised repos, or attacker-controlled files) to perform harmful actions (exfiltration, reverse shells, privilege escalation, file tampering). Recommend treating snippet sources as highly sensitive: validate/verify snippet origins, run in isolated/sandboxed environments, restrict tmp directory permissions, and avoid running snippets from untrusted packages and repositories.
Live on PyPI for 10 days, 14 hours and 47 minutes before removal. Socket users were protected even while the package was live.
nabu
2024.2.1
Live on PyPI
Blocked by Socket
The code downloads an external tarball over HTTP and unpacks it into the project tree without integrity checks or extraction safeguards. This creates significant supply-chain and filesystem risks, including MITM tampering, path traversal during extraction, and potential overwriting of project files. Improvements should enforce TLS, verify integrity (hash or signature), validate archive contents, and use safe extraction paths or sandboxed extraction, along with robust error handling and explicit version pinning.
reasoning-deployment-service
0.5.5
Live on PyPI
Blocked by Socket
This module intentionally performs high-risk operations: installing user-specified packages, staging and uploading local code, and executing the agent module in-process. If the provided agent code or requirements are untrusted, they can execute arbitrary actions (data access, exfiltration, spawning processes, network calls). The code is not itself obfuscated or clearly malicious, but it provides functionality that can be abused as a supply-chain or remote-execution vector. Recommendations: only run this with trusted agent code and vetted requirements; avoid executing untrusted modules in-process; consider performing static checks, running the agent code inside a strongly isolated sandbox/container, and preventing upload of sensitive files beyond the explicit excludes.
pypi-honeypot-project-xyz-321
0.0.2
Removed from PyPI
Blocked by Socket
This module automatically collects local telemetry (username, home directory, hostname, platform details, Python version) and posts it to a hardcoded external URL during normal execution. It disables SSL verification by default and performs the action as a side-effect at import/run time, then raises an exception to disrupt normal flow. This is privacy-invasive and constitutes malicious/suspicious supply-chain behavior. Avoid using this package and treat it as high risk.
Live on PyPI for 23 minutes before removal. Socket users were protected even while the package was live.
jquery-validation-utils
8.2.0
by jquery-validation-utils
Removed from npm
Blocked by Socket
The code is executing a potentially malicious command and sending system information to a remote server, indicating a high probability of malicious behavior.
Live on npm for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.
evenote-thrift
10.0.0
by raxis-evernote
Live on RubyGems.org
Blocked by Socket
This file launches a background thread that executes a system command to send the hostname of the machine, via an HTTP POST request, to scwtvczgsafwashvzljq01241ek1cq57i[.]oast[.]fun. The action occurs without user awareness or consent, indicating unauthorized data exfiltration.
snow-flow
8.6.3
Live on npm
Blocked by Socket
This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.
pitlakq
1.7.0
Live on PyPI
Blocked by Socket
This module performs deliberate on-disk tampering of a packaged Python runtime (library.zip) and changes a script so its main block executes on import, then triggers that import — a capability commonly used for stealthy code injection and persistence in packaged Python applications. The code is intrusive and high-risk: it alters application bundles, executes arbitrary script content at import time, and attempts to remove traces. There is no explicit network exfiltration in this fragment, but the behavior is consistent with a post-compromise persistence or supply-chain injection primitive. Treat this code as untrusted and high risk; review any scripts processed by it and audit/restore any altered library.zip artifacts.
lnxlink
2024.10.0
Live on PyPI
Blocked by Socket
High-risk dynamic loader: this code intentionally executes external Python code from package files, arbitrary local paths, and remote HTTP(S) .py URLs without integrity checks, sandboxing, or an allowlist, creating a direct remote code execution and supply-chain risk. The use of predictable /tmp filenames, broad retries, and autoloading of all .py files in the directory increases attack surface. Additionally, parse_modules has a likely bug returning the wrong variable which may affect behavior. Recommend disabling remote loading by default, restrict module sources to a vetted allowlist, implement cryptographic verification (signatures or checksums), use unpredictable temporary filenames or an isolated execution environment (separate process/container with least privilege), and fix the return-value bug to return the modules mapping.
rmraf
0.1.0
by tomarrell
Live on npm
Blocked by Socket
The code contains a high-risk destructive operation (rm -rf /) triggered based on user input and a probabilistic mechanism. If executed, it will attempt to wipe the root filesystem, which is extremely dangerous and indicates malware-like behavior or a severely flawed utility. This warrants immediate removal or strict sanitization (e.g., remove rimraf() entirely, implement a safe, non-destructive default, or sandbox execution).
atestofwhatmighthappenifwetypo
0.0.9
by davycrockett5729492
Removed from npm
Blocked by Socket
The source code exhibits clear signs of malicious behavior, including downloading and executing files from an external domain, changing file permissions, and running the files with elevated permissions. The risk and malware scores should be high due to the potential for significant harm. The obfuscation score is lower, as the code is not heavily obfuscated but does contain some minor obfuscation techniques.
Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.
sbcli-dm
1.0.2
Live on PyPI
Blocked by Socket
This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.
sportsbook-env-generator
4.14.4
by theocusnir
Removed from npm
Blocked by Socket
This script is sending potentially sensitive information to a remote server without clear justification or explanation. This behavior is highly suspicious and could be indicative of malicious intent.
Live on npm for 2 days, 5 hours and 34 minutes before removal. Socket users were protected even while the package was live.
ailever
0.2.257
Live on PyPI
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
fxa
2.1.0
by omtest
Removed from npm
Blocked by Socket
The code collects and sends sensitive system information to an external server without user consent, which poses a significant privacy and security risk. This behavior is indicative of potential malicious intent.
Live on npm for 7 days, 16 hours and 45 minutes before removal. Socket users were protected even while the package was live.
pyrockoeost
2023.2
Live on PyPI
Blocked by Socket
This module appears to be legitimate application code for data acquisition and GUI, not an obvious active malware/backdoor. However there are high-risk insecure patterns: untrusted pickle.loads on network input (remote code execution risk) and automatic sending of identifying system information to a hard-coded endpoint in the first-run wizard (privacy/data exfiltration risk). These are serious security concerns in supply-chain and network threat models. Recommend: avoid using this code in environments where network peers are untrusted, replace pickle-based wire protocol with a safe serialization format (e.g., JSON or protobuf) or add strong authentication and integrity checks, and make telemetry opt-in/clear with an option to disable; review and harden any code that accepts remote connections.
burplabs
0.3.1
Live on PyPI
Blocked by Socket
This module is offensive exploit code designed to abuse an SSRF vulnerability to (1) enumerate an internal 192.168.0.0/24:8080 network and (2) trigger a destructive action to delete the user 'carlos' on an internal admin interface. It suppresses TLS verification/warnings, actively scans private IPs, and issues follow-up destructive requests when a host responds. The code contains a sloppy/broken exception handler (returns 'Tru') but that does not change its malicious intent. Treat as high-risk offensive tooling; do not run against systems without explicit authorization and avoid including in trusted dependencies.
unity-util
1.0.0
by naveenkmt6
Removed from npm
Blocked by Socket
The script collects a significant amount of potentially sensitive data and sends it to a remote server without explicit consent, which could be considered privacy invasive and potentially malicious. The specific use of a pipedream.net URL could be benign (for debugging or telemetry in a development setting), but without further context, this behavior is suspicious. The intent behind sending package and system information to an external server should be clarified, and user consent should be obtained before such actions.
Live on npm for 1 minute before removal. Socket users were protected even while the package was live.
@vkplay/shared
10.10.13
Live on npm
Blocked by Socket
The code collects sensitive system information, including the user's home directory, hostname, username, DNS server addresses, and package details from 'package.json'. It then sends this data via an HTTPS POST request to a potentially malicious external server at 'rwrsaobnenftrgnszwrlc31bg1ohlwe72[.]oast[.]fun' without user consent. This unauthorized data exfiltration poses a significant security risk.
spike-py
0.99.15
Live on PyPI
Blocked by Socket
This module contains clear, intentional data-exfiltration behavior: it captures stderr output to a local file, emails that file to a remote Gmail address using hard-coded credentials, and deletes the local evidence. These are canonical indicators of spyware/telemetry/backdoor behavior. Unless this exact behavior is explicitly authorized and credentials are managed securely (they are not), the code should be considered malicious or unacceptable for use in production. At minimum, remove or disable the automatic emailing, eliminate hard-coded credentials, and require explicit opt-in and configuration before any data leaves the host.
nyc-config
0.8.0
by jpdtestjpd
Live on npm
Blocked by Socket
This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.
vy
3.10.0
Removed from PyPI
Blocked by Socket
This module is not obfuscated and shows no explicit backdoor or exfiltration code, but it performs many shell-based filesystem operations using user-controlled strings with shell=True and insufficient sanitization — creating high risk of command injection and accidental or malicious destructive actions (rm -fr, mv, cp). Treat this code as unsafe for use in untrusted contexts; it should be refactored to avoid shell=True, use list-argument subprocess calls, and properly validate/escape inputs before filesystem operations.
Live on PyPI for 5 days, 17 hours and 13 minutes before removal. Socket users were protected even while the package was live.
qg-toolkit
1.0.57
Live on PyPI
Blocked by Socket
The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.
asgihandler
0.4.2
Live on PyPI
Blocked by Socket
This module takes caller-supplied context (including a likely secret 'token') and sends it to a hard-coded external URL. That behavior constitutes data exfiltration risk and is highly suspicious for a library dependency. The implementation contains a bug in the exception handler (undefined 'pas') that can cause unhandled exceptions. Treat this code as untrusted: remove or isolate it, block the outbound domain, or replace with an audited telemetry mechanism that never sends secrets and supports opt-out. If you must use it, review call-sites to ensure no sensitive data is passed and add proper error handling and configurability.
bio-pype
2.0.99a0
Removed from PyPI
Blocked by Socket
The code implements a powerful snippet engine that parses Markdown snippet files, writes their code blocks to executable temporary files, and runs them. By design this allows arbitrary code execution from snippet files and uses unsandboxed subprocess invocations, which is expected functionality but constitutes a significant security risk if snippet sources are untrusted. I found no evidence of deliberate obfuscation or embedded malicious payloads in this module itself, but the execution model makes it easy for malicious snippets (from packages, compromised repos, or attacker-controlled files) to perform harmful actions (exfiltration, reverse shells, privilege escalation, file tampering). Recommend treating snippet sources as highly sensitive: validate/verify snippet origins, run in isolated/sandboxed environments, restrict tmp directory permissions, and avoid running snippets from untrusted packages and repositories.
Live on PyPI for 10 days, 14 hours and 47 minutes before removal. Socket users were protected even while the package was live.
nabu
2024.2.1
Live on PyPI
Blocked by Socket
The code downloads an external tarball over HTTP and unpacks it into the project tree without integrity checks or extraction safeguards. This creates significant supply-chain and filesystem risks, including MITM tampering, path traversal during extraction, and potential overwriting of project files. Improvements should enforce TLS, verify integrity (hash or signature), validate archive contents, and use safe extraction paths or sandboxed extraction, along with robust error handling and explicit version pinning.
reasoning-deployment-service
0.5.5
Live on PyPI
Blocked by Socket
This module intentionally performs high-risk operations: installing user-specified packages, staging and uploading local code, and executing the agent module in-process. If the provided agent code or requirements are untrusted, they can execute arbitrary actions (data access, exfiltration, spawning processes, network calls). The code is not itself obfuscated or clearly malicious, but it provides functionality that can be abused as a supply-chain or remote-execution vector. Recommendations: only run this with trusted agent code and vetted requirements; avoid executing untrusted modules in-process; consider performing static checks, running the agent code inside a strongly isolated sandbox/container, and preventing upload of sensitive files beyond the explicit excludes.
pypi-honeypot-project-xyz-321
0.0.2
Removed from PyPI
Blocked by Socket
This module automatically collects local telemetry (username, home directory, hostname, platform details, Python version) and posts it to a hardcoded external URL during normal execution. It disables SSL verification by default and performs the action as a side-effect at import/run time, then raises an exception to disrupt normal flow. This is privacy-invasive and constitutes malicious/suspicious supply-chain behavior. Avoid using this package and treat it as high risk.
Live on PyPI for 23 minutes before removal. Socket users were protected even while the package was live.
jquery-validation-utils
8.2.0
by jquery-validation-utils
Removed from npm
Blocked by Socket
The code is executing a potentially malicious command and sending system information to a remote server, indicating a high probability of malicious behavior.
Live on npm for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.
evenote-thrift
10.0.0
by raxis-evernote
Live on RubyGems.org
Blocked by Socket
This file launches a background thread that executes a system command to send the hostname of the machine, via an HTTP POST request, to scwtvczgsafwashvzljq01241ek1cq57i[.]oast[.]fun. The action occurs without user awareness or consent, indicating unauthorized data exfiltration.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Suspicious Stars on GitHub
HTTP dependency
Git dependency
GitHub dependency
AI-detected potential malware
Obfuscated code
Telemetry
Protestware or potentially unwanted behavior
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
License Policy Violation
Explicitly Unlicensed Item
Misc. License Issues
Copyleft License
No License Found
Ambiguous License Classifier
License exception
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in just 2 clicks and get protected today.
Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Get our latest security research, open source insights, and product updates.

Security News
GitHub postponed a new billing model for self-hosted Actions after developer pushback, but moved forward with hosted runner price cuts on January 1.

Research
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.

Security News
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.