
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
Quickly evaluate the security and health of any open source package.
idcs-page-header
1.1.1
Removed from npm
Blocked by Socket
The script exhibits clear signs of malicious activity by exfiltrating sensitive system information to an external server and performing suspicious DNS queries. The use of encoding and compression techniques indicates an attempt to obfuscate the data being transmitted.
Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.
bigdl-orca
2.5.0b20240229
Live on PyPI
Blocked by Socket
The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.
omen-bamboo-mvj312
1.0.0
by afifaljafari112
Removed from npm
Blocked by Socket
The code imports several modules and calls an unusual method 'functame' on each. The combination of modules and the method names appear suspicious and potentially obfuscated, indicating that there may be hidden functionality not apparent from this code alone. Additional investigation into the referenced modules and their methods is required to determine if there is any malicious intent.
Live on npm for 56 days, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.
simbindingsdklib
0.0.3
by ayushm
Removed from npm
Blocked by Socket
The code contains multiple potential security risks, including unauthorized data exfiltration, data leak, and arbitrary code execution. It is crucial to review and mitigate these risks by implementing proper input validation and sanitization. The presence of 'eval' and the 'evilFunction' indicates potential malicious behavior or an attempt to obfuscate malicious code, posing significant security risks.
Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.
passagemath-msolve
10.5.1
Live on PyPI
Blocked by Socket
This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.
@jrmc/adonis-attachment
5.0.3-beta.1
by batosai
Live on npm
Blocked by Socket
The `Poppler` class itself does not contain overtly malicious code. However, its heavy reliance on executing external command-line tools (`pdftoppm`, `pdfinfo`) via `execa` presents a significant supply chain risk. The ability to dynamically set the paths to these executables (`setPdfToPpmPath`, `setPdfInfoPath`) is a critical vulnerability vector. If an attacker can control the arguments passed to these setters, they could potentially redirect the execution to malicious binaries, leading to arbitrary command execution and severe security implications, including malware deployment or data exfiltration.
artifact-lab-3-package-89883da3
0.3.2
Removed from PyPI
Blocked by Socket
The code is designed to create a reverse shell, which is a serious security risk. It allows unauthorized remote access and control over the system, representing a high security threat.
Live on PyPI for 18 minutes before removal. Socket users were protected even while the package was live.
vue-official-web
1.9.9
by dfhtre
Removed from npm
Blocked by Socket
This file contains malicious code that collects sensitive system information (IP address, hostname, username, and organization name) and exfiltrates it using DNS tunneling. The code first retrieves the system's registered organization using the 'systeminfo' command, obtains the public IP address from ipinfo[.]io, and collects the hostname and username from the system. It then combines this data, encodes it in hexadecimal, and splits it into parts to construct a domain name with the pattern '[encoded_data].3.560ba22e.log.nat.cloudns[.]ph'. Finally, it executes a ping command to this domain, which sends the encoded system information to a remote server through DNS queries.
Live on npm for 4 days, 8 hours and 17 minutes before removal. Socket users were protected even while the package was live.
synapseml-deep-learning
1.0.0
Live on PyPI
Blocked by Socket
This code performs covert collection of environment identifiers (hostname, username, cwd, home directory) and exfiltrates them in plaintext to a hardcoded external server, using evasion checks to skip analysis/cloud environments and forging request headers. The behavior is consistent with a malicious reconnaissance/backdoor component in a supply-chain attack. Treat as malicious code: remove, investigate repository integrity, and rotate any potentially exposed credentials or secrets.
cuckoo
2.0.1a1
Live on PyPI
Blocked by Socket
The code implements functionality that can exfiltrate arbitrary files and logs over the network without encryption or user consent. This behavior constitutes a significant security risk and matches malware patterns related to data theft. Although the code is not obfuscated and does not contain explicit malware payloads like backdoors or reverse shells, the potential for unauthorized data leakage is high. Use of this code in a supply chain context should be carefully controlled and audited.
call-with-safe-iteration-closing
99.10.13
by kbhdqynu
Removed from npm
Blocked by Socket
The code is designed to exfiltrate sensitive system and network information to an external server. The conditions in `isValid` and use of specific encoding functions suggest a deliberate attempt to hide the true nature and selectively activate this behavior, indicative of a malware-like payload.
Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.
networkx-match
0.1.1
Removed from PyPI
Blocked by Socket
A custom PostInstallCommand in the setup script opens a TCP connection to IP 123[.]56[.]142[.]180 on port 12345 and sends the message “Hello, Server!” during package installation. This unsolicited network activity is not required for normal operation and may serve as a covert channel or backdoor for data exfiltration.
Live on PyPI for 13 minutes before removal. Socket users were protected even while the package was live.
torchmonarch-nightly
2025.7.29
Live on PyPI
Blocked by Socket
This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.
styled-beautify-components
6.1.2
by jamesrodrigh1234
Removed from npm
Blocked by Socket
The code exhibits behavior associated with downloading and executing potentially malicious scripts, posing a high security risk.
Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.
habu
0.0.75
Live on PyPI
Blocked by Socket
This module is a straightforward Slowloris DoS tool. It intentionally opens and maintains many TCP connections and sends periodic partial headers to a target host to exhaust server resources. The code is not obfuscated and its malicious purpose is explicit. It should not be executed against systems without explicit authorization. Operational risks include legal exposure and local resource exhaustion. No signs of credential harvesting or stealthy backdoor behavior were found, but the package is nonetheless malicious in function.
uwd
0.2.0
Live on crates.io
Blocked by Socket
This Rust module contains code to build fake/controlled stack frames and locate ROP-style gadgets in system modules, then hand over a crafted Config to external native routines named Spoof/SpoofSynthetic to execute either arbitrary functions or syscalls stealthily. These behaviors are consistent with offensive techniques (syscall spoofing, evasion of user-mode hooks/monitoring) rather than benign functionality. The code uses low-level unsafe operations, direct TEB/stack inspection, gadget hunting, obfuscated strings and hashed API resolution, and randomization — all indicators of evasion and potential malicious intent. Without the external Spoof implementations, this module is a preparatory component for runtime stealthy execution and should be treated as high risk and likely malicious for supply-chain purposes.
bapy
0.2.273
Live on PyPI
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
yica-yirage
0.3.0
Removed from PyPI
Blocked by Socket
This module implements dynamic generation, compilation (nvcc), and loading of native CUDA code. That behavior is legitimate for a GPU JIT tool but is a significant supply-chain / local RCE risk: any attacker-controlled input that reaches result['code'], HARD_CODE, or influencable include paths (via YIRAGE_ROOT or DEPS) can result in arbitrary native code being compiled and executed in the host process. I found no evidence of built-in network exfiltration, hardcoded credentials, or obfuscated payloads in this fragment, but the presence of an appendable HARD_CODE and the compile/load execution flow are high-risk features. Recommend treating sources of generated code and HARD_CODE as fully untrusted until audited, restrict who can set YIRAGE_ROOT/DEPS, avoid persisting generated binaries in world-writable locations, and consider sandboxing compilation/load or validating generated code before compiling.
Live on PyPI for 2 hours and 20 minutes before removal. Socket users were protected even while the package was live.
pinaxai
1.0.0
Removed from PyPI
Blocked by Socket
This code deliberately provides capabilities to execute arbitrary Python code, write and run files, read directory contents/files, and install packages via pip. The module itself does not contain obfuscated or directly malicious payloads, nor hardcoded credentials, but it exposes powerful primitives that can be trivially abused for supply-chain attacks, remote code execution, data exfiltration, persistence, and system compromise if fed untrusted inputs or used in an insecure environment. Use only with trusted users and strong containment (sandboxing, restricted globals/locals, strict validation).
Live on PyPI for 11 hours and 8 minutes before removal. Socket users were protected even while the package was live.
ucs-list
8.99.99
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.
@sankhyalabs/sankhyablocks
10.1.0-dev.4
by leonardo.jorge
Live on npm
Blocked by Socket
The fragment contains a high-risk pattern of intercepting and exfiltrating data via XHR header manipulation. Overriding XMLHttpRequest to capture and transform request payloads and place them into a custom header (sktk) constitutes a covert data-leak channel and serious supply-chain risk, regardless of other legitimate GraphQL features present. Recommend removing the XHR override, validating all data-transform hooks (notably top.charcleaner.a), enforcing explicit opt-in/visibility, and adding instrumentation/tests to detect unauthorized header modifications.
i2x
0.0.5
Live on PyPI
Blocked by Socket
This batch fragment performs immediate, irreversible filesystem deletions via wildcard file removal and a silent recursive directory deletion. The code is dangerous and should be treated as high risk. If found inside a package or repository, it is a critical red flag: require human review, provenance verification, and either remove or isolate the script. Absent strong justification and safeguards, do not execute.
actions-detectenv
3.0.0
by newcase
Live on npm
Blocked by Socket
The script makes a network request to an external URL, which raises significant security concerns. The nature of the request and the destination URL suggest a high likelihood of malicious intent.
idcs-page-header
1.1.1
Removed from npm
Blocked by Socket
The script exhibits clear signs of malicious activity by exfiltrating sensitive system information to an external server and performing suspicious DNS queries. The use of encoding and compression techniques indicates an attempt to obfuscate the data being transmitted.
Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.
bigdl-orca
2.5.0b20240229
Live on PyPI
Blocked by Socket
The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.
omen-bamboo-mvj312
1.0.0
by afifaljafari112
Removed from npm
Blocked by Socket
The code imports several modules and calls an unusual method 'functame' on each. The combination of modules and the method names appear suspicious and potentially obfuscated, indicating that there may be hidden functionality not apparent from this code alone. Additional investigation into the referenced modules and their methods is required to determine if there is any malicious intent.
Live on npm for 56 days, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.
simbindingsdklib
0.0.3
by ayushm
Removed from npm
Blocked by Socket
The code contains multiple potential security risks, including unauthorized data exfiltration, data leak, and arbitrary code execution. It is crucial to review and mitigate these risks by implementing proper input validation and sanitization. The presence of 'eval' and the 'evilFunction' indicates potential malicious behavior or an attempt to obfuscate malicious code, posing significant security risks.
Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.
passagemath-msolve
10.5.1
Live on PyPI
Blocked by Socket
This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.
@jrmc/adonis-attachment
5.0.3-beta.1
by batosai
Live on npm
Blocked by Socket
The `Poppler` class itself does not contain overtly malicious code. However, its heavy reliance on executing external command-line tools (`pdftoppm`, `pdfinfo`) via `execa` presents a significant supply chain risk. The ability to dynamically set the paths to these executables (`setPdfToPpmPath`, `setPdfInfoPath`) is a critical vulnerability vector. If an attacker can control the arguments passed to these setters, they could potentially redirect the execution to malicious binaries, leading to arbitrary command execution and severe security implications, including malware deployment or data exfiltration.
artifact-lab-3-package-89883da3
0.3.2
Removed from PyPI
Blocked by Socket
The code is designed to create a reverse shell, which is a serious security risk. It allows unauthorized remote access and control over the system, representing a high security threat.
Live on PyPI for 18 minutes before removal. Socket users were protected even while the package was live.
vue-official-web
1.9.9
by dfhtre
Removed from npm
Blocked by Socket
This file contains malicious code that collects sensitive system information (IP address, hostname, username, and organization name) and exfiltrates it using DNS tunneling. The code first retrieves the system's registered organization using the 'systeminfo' command, obtains the public IP address from ipinfo[.]io, and collects the hostname and username from the system. It then combines this data, encodes it in hexadecimal, and splits it into parts to construct a domain name with the pattern '[encoded_data].3.560ba22e.log.nat.cloudns[.]ph'. Finally, it executes a ping command to this domain, which sends the encoded system information to a remote server through DNS queries.
Live on npm for 4 days, 8 hours and 17 minutes before removal. Socket users were protected even while the package was live.
synapseml-deep-learning
1.0.0
Live on PyPI
Blocked by Socket
This code performs covert collection of environment identifiers (hostname, username, cwd, home directory) and exfiltrates them in plaintext to a hardcoded external server, using evasion checks to skip analysis/cloud environments and forging request headers. The behavior is consistent with a malicious reconnaissance/backdoor component in a supply-chain attack. Treat as malicious code: remove, investigate repository integrity, and rotate any potentially exposed credentials or secrets.
cuckoo
2.0.1a1
Live on PyPI
Blocked by Socket
The code implements functionality that can exfiltrate arbitrary files and logs over the network without encryption or user consent. This behavior constitutes a significant security risk and matches malware patterns related to data theft. Although the code is not obfuscated and does not contain explicit malware payloads like backdoors or reverse shells, the potential for unauthorized data leakage is high. Use of this code in a supply chain context should be carefully controlled and audited.
call-with-safe-iteration-closing
99.10.13
by kbhdqynu
Removed from npm
Blocked by Socket
The code is designed to exfiltrate sensitive system and network information to an external server. The conditions in `isValid` and use of specific encoding functions suggest a deliberate attempt to hide the true nature and selectively activate this behavior, indicative of a malware-like payload.
Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.
networkx-match
0.1.1
Removed from PyPI
Blocked by Socket
A custom PostInstallCommand in the setup script opens a TCP connection to IP 123[.]56[.]142[.]180 on port 12345 and sends the message “Hello, Server!” during package installation. This unsolicited network activity is not required for normal operation and may serve as a covert channel or backdoor for data exfiltration.
Live on PyPI for 13 minutes before removal. Socket users were protected even while the package was live.
torchmonarch-nightly
2025.7.29
Live on PyPI
Blocked by Socket
This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.
styled-beautify-components
6.1.2
by jamesrodrigh1234
Removed from npm
Blocked by Socket
The code exhibits behavior associated with downloading and executing potentially malicious scripts, posing a high security risk.
Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.
habu
0.0.75
Live on PyPI
Blocked by Socket
This module is a straightforward Slowloris DoS tool. It intentionally opens and maintains many TCP connections and sends periodic partial headers to a target host to exhaust server resources. The code is not obfuscated and its malicious purpose is explicit. It should not be executed against systems without explicit authorization. Operational risks include legal exposure and local resource exhaustion. No signs of credential harvesting or stealthy backdoor behavior were found, but the package is nonetheless malicious in function.
uwd
0.2.0
Live on crates.io
Blocked by Socket
This Rust module contains code to build fake/controlled stack frames and locate ROP-style gadgets in system modules, then hand over a crafted Config to external native routines named Spoof/SpoofSynthetic to execute either arbitrary functions or syscalls stealthily. These behaviors are consistent with offensive techniques (syscall spoofing, evasion of user-mode hooks/monitoring) rather than benign functionality. The code uses low-level unsafe operations, direct TEB/stack inspection, gadget hunting, obfuscated strings and hashed API resolution, and randomization — all indicators of evasion and potential malicious intent. Without the external Spoof implementations, this module is a preparatory component for runtime stealthy execution and should be treated as high risk and likely malicious for supply-chain purposes.
bapy
0.2.273
Live on PyPI
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
yica-yirage
0.3.0
Removed from PyPI
Blocked by Socket
This module implements dynamic generation, compilation (nvcc), and loading of native CUDA code. That behavior is legitimate for a GPU JIT tool but is a significant supply-chain / local RCE risk: any attacker-controlled input that reaches result['code'], HARD_CODE, or influencable include paths (via YIRAGE_ROOT or DEPS) can result in arbitrary native code being compiled and executed in the host process. I found no evidence of built-in network exfiltration, hardcoded credentials, or obfuscated payloads in this fragment, but the presence of an appendable HARD_CODE and the compile/load execution flow are high-risk features. Recommend treating sources of generated code and HARD_CODE as fully untrusted until audited, restrict who can set YIRAGE_ROOT/DEPS, avoid persisting generated binaries in world-writable locations, and consider sandboxing compilation/load or validating generated code before compiling.
Live on PyPI for 2 hours and 20 minutes before removal. Socket users were protected even while the package was live.
pinaxai
1.0.0
Removed from PyPI
Blocked by Socket
This code deliberately provides capabilities to execute arbitrary Python code, write and run files, read directory contents/files, and install packages via pip. The module itself does not contain obfuscated or directly malicious payloads, nor hardcoded credentials, but it exposes powerful primitives that can be trivially abused for supply-chain attacks, remote code execution, data exfiltration, persistence, and system compromise if fed untrusted inputs or used in an insecure environment. Use only with trusted users and strong containment (sandboxing, restricted globals/locals, strict validation).
Live on PyPI for 11 hours and 8 minutes before removal. Socket users were protected even while the package was live.
ucs-list
8.99.99
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.
@sankhyalabs/sankhyablocks
10.1.0-dev.4
by leonardo.jorge
Live on npm
Blocked by Socket
The fragment contains a high-risk pattern of intercepting and exfiltrating data via XHR header manipulation. Overriding XMLHttpRequest to capture and transform request payloads and place them into a custom header (sktk) constitutes a covert data-leak channel and serious supply-chain risk, regardless of other legitimate GraphQL features present. Recommend removing the XHR override, validating all data-transform hooks (notably top.charcleaner.a), enforcing explicit opt-in/visibility, and adding instrumentation/tests to detect unauthorized header modifications.
i2x
0.0.5
Live on PyPI
Blocked by Socket
This batch fragment performs immediate, irreversible filesystem deletions via wildcard file removal and a silent recursive directory deletion. The code is dangerous and should be treated as high risk. If found inside a package or repository, it is a critical red flag: require human review, provenance verification, and either remove or isolate the script. Absent strong justification and safeguards, do not execute.
actions-detectenv
3.0.0
by newcase
Live on npm
Blocked by Socket
The script makes a network request to an external URL, which raises significant security concerns. The nature of the request and the destination URL suggest a high likelihood of malicious intent.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Suspicious Stars on GitHub
HTTP dependency
Git dependency
GitHub dependency
AI-detected potential malware
Obfuscated code
Telemetry
Protestware or potentially unwanted behavior
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
License Policy Violation
Explicitly Unlicensed Item
Misc. License Issues
Copyleft License
No License Found
Ambiguous License Classifier
License exception
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in just 2 clicks and get protected today.
Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Get our latest security research, open source insights, and product updates.

Security News
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.

Security News
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.

Security News
The planned feature introduces a review step before releases go live, following the Shai-Hulud attacks and a rocky migration off classic tokens that disrupted maintainer workflows.