Socket
Book a DemoInstallSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 3.7.1

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.3

We protect you from vulnerable and malicious packages

socketxio

2.0

Live on PyPI

Blocked by Socket

This code is malicious: it is a credential/token stealer that locates Discord client LevelDB storage, extracts authentication tokens using regex, and exfiltrates them to a hard-coded Discord webhook. Do not run or import this code. If executed on a system, treat Discord sessions as compromised: revoke tokens, change account passwords, inspect for additional malware or persistence, and consider rebuilding the host if other indicators are present.

org.gov4j.govway:govway-monitor-ui-api

20251023

Live on Maven Central

Blocked by Socket

The code exhibits high-risk, dynamic code execution paths that can be triggered by untrusted input. The reliance on script injection and eval-based transformation of event handlers makes it unsuitable for a secure JSON parsing utility. Replace with a standards-compliant, strictly JSON.parse-based flow, remove dynamic evaluation, and prohibit transforming strings into executable code. In a supply-chain context, this code poses significant security risk and should be deprecated or heavily sandboxed.

ajpack

1.21.0

Live on PyPI

Blocked by Socket

This module contains high‑risk functionality: capturing webcam images and screenshots and extracting plaintext Windows Wi‑Fi passwords. These are classic spyware behaviors. While the fragment doesn't explicitly exfiltrate the harvested images or passwords, it exposes them to callers and also contacts an external IP‑lookup service, enabling correlation of collected data. The use of shell=True with interpolated profile names and broad exception suppression increases the risk profile. Treat this code as malicious or extremely dangerous in a supply‑chain context; it should be removed or sandboxed and audited thoroughly before use.

userread_ca-paypal

1.0.0

by jpdtest

Removed from npm

Blocked by Socket

The code collects and transmits sensitive system information to external endpoints without user consent, posing a significant privacy and security risk. The use of hardcoded IP addresses and fallback mechanisms for data transmission further exacerbates the risk.

Live on npm for 10 days, 22 hours and 38 minutes before removal. Socket users were protected even while the package was live.

@hiber3d/engine

1.68.0

by hiberbot

Live on npm

Blocked by Socket

This code exhibits extreme obfuscation techniques that go far beyond normal minification practices. The deliberate attempts to hide functionality, combined with unusual encoding patterns and binary-like data structures, strongly suggest malicious intent. The code should be considered highly suspicious and potentially dangerous. Without deobfuscation and dynamic analysis in a controlled environment, it's impossible to determine the exact functionality, but the obfuscation techniques alone warrant treating this code as potentially malicious.

sbcli-dev

6.2.7

Live on PyPI

Blocked by Socket

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

mtmai

0.3.990

Live on PyPI

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

kfsd

0.0.190

Live on PyPI

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

mtmai

0.3.1076

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

sbcli-lvol-ha

0.4.8

Live on PyPI

Blocked by Socket

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

idsyn.mvc

1.4.12

by idsyn.Mvc

Live on NuGet

Blocked by Socket

The analyzed fragment contains explicit high-risk patterns: a remote code execution vector via dynamic loading of assemblies from base64 payloads provided by input, and a potential backdoor/back-doors through the UE endpoint that can run arbitrary code. The presence of a time-based kill switch further elevates risk. While not all code paths are necessarily malicious in isolation, the combination of dynamic execution from untrusted input and the ability to spawn external processes constitutes a major security threat and a strong likelihood of malicious use in supply-chain contexts if deployed in public packages. Recommended actions include removing dynamic code execution paths, sandboxing or validating any loaded assemblies, eliminating hard-coded defaults, and performing a thorough threat-model and supply-chain audit before any reuse.

tiny-model-update

1.15.1

by kingtiger19990427

Live on npm

Blocked by Socket

This module functions as a credential harvesting/exfiltration component: it collects Discord tokens (and optional metadata and host identifiers) and sends them in plaintext to an external Telegram chat using credentials retrieved from a local module. Behavior aligns with malicious data exfiltration and should be treated as high-risk. Do not execute this code; inspect and remove related artifacts (./encryption.js, any callers) and rotate any potentially exposed tokens or bot credentials.

kaia-brainbox

0.0.7

Live on PyPI

Blocked by Socket

This script performs untrusted deserialization (pickle.load) of a file specified via command-line and immediately executes the deserialized object. Combined with deleting the input file, this is a high-risk pattern for arbitrary code execution, backdoors, or supply-chain abuse. Do not use or run this code with untrusted inputs. The provided fragment also contains a likely typo/truncation ('rais'), so the sample may be incomplete or altered.

carditem.stories

1.0.0

by raushan51

Removed from npm

Blocked by Socket

The script gathers information such as package name, directories, hostname, username, DNS servers, and package JSON data, and sends it to a remote server.

Live on npm for 2 hours and 22 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.1164

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

ailever

0.2.714

Live on PyPI

Blocked by Socket

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

abstract-database

0.0.0.48

Live on PyPI

Blocked by Socket

The code in the flagged file explicitly reads a local file from a fixed system path (/home/joben/Desktop/testsol/abstract_it.py) and transmits its contents via an HTTP request to a Discord webhook. The target URL is hardcoded as https://discordapp[.]com/api/webhooks/1278595755812327424/3xvzS30Bx8bOhooNJeY9gnYj2KjFb2-ZfV2rHpBdkS71tuibNeu56_mRFE38MrmQRa_j, with the embedded token included in the URL. This behavior is characteristic of malware designed for data exfiltration, as it automatically sends potentially sensitive file content to an external service without user consent.

cl-lite

1.0.826

by michael_tian

Live on npm

Blocked by Socket

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

themeone-utils

71.71.73

by elprofessors

Live on npm

Blocked by Socket

The module performs silent host enumeration (including username, paths, and detailed system command outputs) and transmits that data to a hardcoded external collector. In the context of a third-party dependency this is a high-risk supply-chain backdoor/exfiltration behavior. Block or remove this code unless explicitly required and made opt-in and auditable.

cl-lite

1.0.944

by michael_tian

Live on npm

Blocked by Socket

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

mtmai

0.3.1315

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

pykubegrader

0.2.21

Live on PyPI

Blocked by Socket

This module constructs a JSON payload containing a provided token and the JUPYTERHUB_USER environment value and sends it to a hard-coded external HTTPS endpoint using embedded Basic Auth credentials. That behavior constitutes secret exfiltration and is high risk for supply-chain or privacy abuse. Immediate mitigations: do not use this code in untrusted environments; remove hard-coded credentials and endpoint; require explicit configuration and consent; avoid printing sensitive responses; add robust error handling and input validation. The source file also contains a syntax error that prevents execution until fixed.

passagemath-msolve

10.5.6

Live on PyPI

Blocked by Socket

This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.

socketxio

2.0

Live on PyPI

Blocked by Socket

This code is malicious: it is a credential/token stealer that locates Discord client LevelDB storage, extracts authentication tokens using regex, and exfiltrates them to a hard-coded Discord webhook. Do not run or import this code. If executed on a system, treat Discord sessions as compromised: revoke tokens, change account passwords, inspect for additional malware or persistence, and consider rebuilding the host if other indicators are present.

org.gov4j.govway:govway-monitor-ui-api

20251023

Live on Maven Central

Blocked by Socket

The code exhibits high-risk, dynamic code execution paths that can be triggered by untrusted input. The reliance on script injection and eval-based transformation of event handlers makes it unsuitable for a secure JSON parsing utility. Replace with a standards-compliant, strictly JSON.parse-based flow, remove dynamic evaluation, and prohibit transforming strings into executable code. In a supply-chain context, this code poses significant security risk and should be deprecated or heavily sandboxed.

ajpack

1.21.0

Live on PyPI

Blocked by Socket

This module contains high‑risk functionality: capturing webcam images and screenshots and extracting plaintext Windows Wi‑Fi passwords. These are classic spyware behaviors. While the fragment doesn't explicitly exfiltrate the harvested images or passwords, it exposes them to callers and also contacts an external IP‑lookup service, enabling correlation of collected data. The use of shell=True with interpolated profile names and broad exception suppression increases the risk profile. Treat this code as malicious or extremely dangerous in a supply‑chain context; it should be removed or sandboxed and audited thoroughly before use.

userread_ca-paypal

1.0.0

by jpdtest

Removed from npm

Blocked by Socket

The code collects and transmits sensitive system information to external endpoints without user consent, posing a significant privacy and security risk. The use of hardcoded IP addresses and fallback mechanisms for data transmission further exacerbates the risk.

Live on npm for 10 days, 22 hours and 38 minutes before removal. Socket users were protected even while the package was live.

@hiber3d/engine

1.68.0

by hiberbot

Live on npm

Blocked by Socket

This code exhibits extreme obfuscation techniques that go far beyond normal minification practices. The deliberate attempts to hide functionality, combined with unusual encoding patterns and binary-like data structures, strongly suggest malicious intent. The code should be considered highly suspicious and potentially dangerous. Without deobfuscation and dynamic analysis in a controlled environment, it's impossible to determine the exact functionality, but the obfuscation techniques alone warrant treating this code as potentially malicious.

sbcli-dev

6.2.7

Live on PyPI

Blocked by Socket

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

mtmai

0.3.990

Live on PyPI

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

kfsd

0.0.190

Live on PyPI

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

mtmai

0.3.1076

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

sbcli-lvol-ha

0.4.8

Live on PyPI

Blocked by Socket

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

idsyn.mvc

1.4.12

by idsyn.Mvc

Live on NuGet

Blocked by Socket

The analyzed fragment contains explicit high-risk patterns: a remote code execution vector via dynamic loading of assemblies from base64 payloads provided by input, and a potential backdoor/back-doors through the UE endpoint that can run arbitrary code. The presence of a time-based kill switch further elevates risk. While not all code paths are necessarily malicious in isolation, the combination of dynamic execution from untrusted input and the ability to spawn external processes constitutes a major security threat and a strong likelihood of malicious use in supply-chain contexts if deployed in public packages. Recommended actions include removing dynamic code execution paths, sandboxing or validating any loaded assemblies, eliminating hard-coded defaults, and performing a thorough threat-model and supply-chain audit before any reuse.

tiny-model-update

1.15.1

by kingtiger19990427

Live on npm

Blocked by Socket

This module functions as a credential harvesting/exfiltration component: it collects Discord tokens (and optional metadata and host identifiers) and sends them in plaintext to an external Telegram chat using credentials retrieved from a local module. Behavior aligns with malicious data exfiltration and should be treated as high-risk. Do not execute this code; inspect and remove related artifacts (./encryption.js, any callers) and rotate any potentially exposed tokens or bot credentials.

kaia-brainbox

0.0.7

Live on PyPI

Blocked by Socket

This script performs untrusted deserialization (pickle.load) of a file specified via command-line and immediately executes the deserialized object. Combined with deleting the input file, this is a high-risk pattern for arbitrary code execution, backdoors, or supply-chain abuse. Do not use or run this code with untrusted inputs. The provided fragment also contains a likely typo/truncation ('rais'), so the sample may be incomplete or altered.

carditem.stories

1.0.0

by raushan51

Removed from npm

Blocked by Socket

The script gathers information such as package name, directories, hostname, username, DNS servers, and package JSON data, and sends it to a remote server.

Live on npm for 2 hours and 22 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.1164

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

ailever

0.2.714

Live on PyPI

Blocked by Socket

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

abstract-database

0.0.0.48

Live on PyPI

Blocked by Socket

The code in the flagged file explicitly reads a local file from a fixed system path (/home/joben/Desktop/testsol/abstract_it.py) and transmits its contents via an HTTP request to a Discord webhook. The target URL is hardcoded as https://discordapp[.]com/api/webhooks/1278595755812327424/3xvzS30Bx8bOhooNJeY9gnYj2KjFb2-ZfV2rHpBdkS71tuibNeu56_mRFE38MrmQRa_j, with the embedded token included in the URL. This behavior is characteristic of malware designed for data exfiltration, as it automatically sends potentially sensitive file content to an external service without user consent.

cl-lite

1.0.826

by michael_tian

Live on npm

Blocked by Socket

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

themeone-utils

71.71.73

by elprofessors

Live on npm

Blocked by Socket

The module performs silent host enumeration (including username, paths, and detailed system command outputs) and transmits that data to a hardcoded external collector. In the context of a third-party dependency this is a high-risk supply-chain backdoor/exfiltration behavior. Block or remove this code unless explicitly required and made opt-in and auditable.

cl-lite

1.0.944

by michael_tian

Live on npm

Blocked by Socket

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

mtmai

0.3.1315

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

pykubegrader

0.2.21

Live on PyPI

Blocked by Socket

This module constructs a JSON payload containing a provided token and the JUPYTERHUB_USER environment value and sends it to a hard-coded external HTTPS endpoint using embedded Basic Auth credentials. That behavior constitutes secret exfiltration and is high risk for supply-chain or privacy abuse. Immediate mitigations: do not use this code in untrusted environments; remove hard-coded credentials and endpoint; require explicit configuration and consent; avoid printing sensitive responses; add robust error handling and input validation. The source file also contains a syntax error that prevents execution until fixed.

passagemath-msolve

10.5.6

Live on PyPI

Blocked by Socket

This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Suspicious Stars on GitHub

HTTP dependency

Git dependency

GitHub dependency

AI-detected potential malware

Obfuscated code

Telemetry

Protestware or potentially unwanted behavior

42 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoRead the blog

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles