Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
nexus-omni-agent
3.0.859
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
odaislib
1.11.11
Live on pypi
Blocked by Socket
This module is not a benign dependency. It implements multi-service credential login/account probing, extracts and returns sensitive authentication artifacts (cookies/access tokens) and even the supplied passwords, and contains a clear remote-code-execution staging mechanism (file upload to a paste service + generated Python script executing fetched remote content via exec). Treat as high-risk malware/tooling: avoid inclusion and assume it enables unauthorized access and weaponization.
nexus-omni-agent
3.0.952
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.581
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.588
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.947
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
gcpwn
0.5.1
Live on pypi
Blocked by Socket
This module is highly consistent with malicious exploitation/credential theft: it deploys a VM startup script that queries the GCE metadata server for service account token/scopes/email and exfiltrates them to an arbitrary external URL. It also supports deploying arbitrary attacker-provided startup scripts from local files to execute on VM boot. For supply-chain risk, treat this as dangerous and unsuitable for untrusted environments without strong authorization and sandboxing.
nexus-omni-agent
3.0.501
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.870
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.858
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
chai-use-test
1.2.8
by mwai2007
Live on npm
Blocked by Socket
In this fragment, the dominant security signal is architectural: it spawns a detached, stdio-ignored Node child process and forwards JSON-stringified runtime inputs to that child. There is no direct evidence of malware, exfiltration, or credential theft in the shown code, but the actual risk depends heavily on the unseen ./lib/caller.js implementation. The detached/hidden execution model is a notable supply-chain risk area and warrants thorough review of the child script and argument handling.
nexus-omni-agent
3.0.573
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.493
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
cloud-ide-cide
2.0.109
by cloudidesys
Live on npm
Blocked by Socket
This PHP module is a high-impact deployment/backdoor-like supply-chain component: it persists a bearer token, drops an authenticated upload/rollback PHP endpoint, accepts attacker-controlled ZIP archives, extracts them, and deploys their contents into the server root with aggressive cleanup. While it does not use direct code execution primitives, it enables remote code placement (and potentially RCE/webshell deployment) if the authorization token is exposed/compromised. It also uses self-deletion and lacks explicit validation of ZIP archive entries, which further increases risk.
gweb-build-system
50.50.70
by saif777
Live on npm
Blocked by Socket
This code is strongly indicative of credential-stealing malware in a supply-chain context: it harvests multiple sensitive environment variables (GitHub/AWS/NPM/GCP-related secrets) and exfiltrates them in full via an HTTPS POST to a hardcoded (Base64-obfuscated) external webhook, including host metadata. Immediate execution and suppressed errors further support malicious intent.
nexus-omni-agent
3.0.578
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.480
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
w-screenctl
1.0.0
by semisphere
Live on npm
Blocked by Socket
High-risk remote control/surveillance behavior: the code starts an HTTP server on 0.0.0.0 that allows a client to navigate a persistent browser, execute attacker-supplied code in the page (page.evaluate with request-provided script), and capture/return screenshots and drive host mouse/keyboard via xdotool/AutoHotkey. This strongly matches spyware/remote access tool functionality rather than a benign library.
nexus-omni-agent
3.0.896
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
@snomiao/slack
1.10.0
by GitHub Actions
Live on npm
Blocked by Socket
This module is more than a Slack API client: it includes a high-sensitivity credential import/decryption workflow targeting Slack Desktop local storage and (on macOS) the OS keychain to obtain and decrypt session cookie material, then persists tokens/cookies locally and uses them to perform broad Slack API operations (message retrieval, drafts, sending). Even if the destination is Slack’s API, the local credential-harvesting and persistence pattern is strongly consistent with malicious or takeover-adjacent behavior in a supply-chain context. Treat as high risk and require strict provenance review and sandboxing/permission controls before use.
nexus-omni-agent
3.0.916
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
dementor
1.0.0.dev22
Live on pypi
Blocked by Socket
This module is strongly consistent with intentional mDNS/DNS poisoning/spoofing: it joins mDNS multicast, parses incoming DNS questions, and—when configured filters allow and analysis mode is disabled—sends crafted A/AAAA responses with rdata set to configured IPv4/IPv6 addresses. Such behavior can redirect local name resolution and enable MITM or service redirection on the local network. No obfuscation or post-processing malware (e.g., exfiltration/backdoor) is evident in this fragment, but the implemented deception capability is itself a major security risk.
nexus-omni-agent
3.0.554
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.905
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.876
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.859
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
odaislib
1.11.11
Live on pypi
Blocked by Socket
This module is not a benign dependency. It implements multi-service credential login/account probing, extracts and returns sensitive authentication artifacts (cookies/access tokens) and even the supplied passwords, and contains a clear remote-code-execution staging mechanism (file upload to a paste service + generated Python script executing fetched remote content via exec). Treat as high-risk malware/tooling: avoid inclusion and assume it enables unauthorized access and weaponization.
nexus-omni-agent
3.0.952
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.581
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.588
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.947
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
gcpwn
0.5.1
Live on pypi
Blocked by Socket
This module is highly consistent with malicious exploitation/credential theft: it deploys a VM startup script that queries the GCE metadata server for service account token/scopes/email and exfiltrates them to an arbitrary external URL. It also supports deploying arbitrary attacker-provided startup scripts from local files to execute on VM boot. For supply-chain risk, treat this as dangerous and unsuitable for untrusted environments without strong authorization and sandboxing.
nexus-omni-agent
3.0.501
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.870
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.858
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
chai-use-test
1.2.8
by mwai2007
Live on npm
Blocked by Socket
In this fragment, the dominant security signal is architectural: it spawns a detached, stdio-ignored Node child process and forwards JSON-stringified runtime inputs to that child. There is no direct evidence of malware, exfiltration, or credential theft in the shown code, but the actual risk depends heavily on the unseen ./lib/caller.js implementation. The detached/hidden execution model is a notable supply-chain risk area and warrants thorough review of the child script and argument handling.
nexus-omni-agent
3.0.573
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.493
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
cloud-ide-cide
2.0.109
by cloudidesys
Live on npm
Blocked by Socket
This PHP module is a high-impact deployment/backdoor-like supply-chain component: it persists a bearer token, drops an authenticated upload/rollback PHP endpoint, accepts attacker-controlled ZIP archives, extracts them, and deploys their contents into the server root with aggressive cleanup. While it does not use direct code execution primitives, it enables remote code placement (and potentially RCE/webshell deployment) if the authorization token is exposed/compromised. It also uses self-deletion and lacks explicit validation of ZIP archive entries, which further increases risk.
gweb-build-system
50.50.70
by saif777
Live on npm
Blocked by Socket
This code is strongly indicative of credential-stealing malware in a supply-chain context: it harvests multiple sensitive environment variables (GitHub/AWS/NPM/GCP-related secrets) and exfiltrates them in full via an HTTPS POST to a hardcoded (Base64-obfuscated) external webhook, including host metadata. Immediate execution and suppressed errors further support malicious intent.
nexus-omni-agent
3.0.578
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.480
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
w-screenctl
1.0.0
by semisphere
Live on npm
Blocked by Socket
High-risk remote control/surveillance behavior: the code starts an HTTP server on 0.0.0.0 that allows a client to navigate a persistent browser, execute attacker-supplied code in the page (page.evaluate with request-provided script), and capture/return screenshots and drive host mouse/keyboard via xdotool/AutoHotkey. This strongly matches spyware/remote access tool functionality rather than a benign library.
nexus-omni-agent
3.0.896
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
@snomiao/slack
1.10.0
by GitHub Actions
Live on npm
Blocked by Socket
This module is more than a Slack API client: it includes a high-sensitivity credential import/decryption workflow targeting Slack Desktop local storage and (on macOS) the OS keychain to obtain and decrypt session cookie material, then persists tokens/cookies locally and uses them to perform broad Slack API operations (message retrieval, drafts, sending). Even if the destination is Slack’s API, the local credential-harvesting and persistence pattern is strongly consistent with malicious or takeover-adjacent behavior in a supply-chain context. Treat as high risk and require strict provenance review and sandboxing/permission controls before use.
nexus-omni-agent
3.0.916
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
dementor
1.0.0.dev22
Live on pypi
Blocked by Socket
This module is strongly consistent with intentional mDNS/DNS poisoning/spoofing: it joins mDNS multicast, parses incoming DNS questions, and—when configured filters allow and analysis mode is disabled—sends crafted A/AAAA responses with rdata set to configured IPv4/IPv6 addresses. Such behavior can redirect local name resolution and enable MITM or service redirection on the local network. No obfuscation or post-processing malware (e.g., exfiltration/backdoor) is evident in this fragment, but the implemented deception capability is itself a major security risk.
nexus-omni-agent
3.0.554
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.905
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
nexus-omni-agent
3.0.876
by baguscrypto321
Live on npm
Blocked by Socket
The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Non-permissive License
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.
Nat Friedman
CEO at GitHub
Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏
Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.
DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.
Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward
Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.
Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!
Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.
Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!
Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity
Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.
Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour
Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.
Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this
Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻
Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.
Research
/Security News
GitHub account BufferZoneCorp published sleeper packages that later added credential theft, GitHub Actions tampering, fake go wrappers, and SSH persistence.
Research
/Security News
Socket found a malicious Intercom PHP package on Packagist using Composer plugin execution to steal credentials and spread across ecosystems.
Research
/Security News
Compromised intercom-client@7.0.4 npm package is tied to the ongoing Mini Shai-Hulud worm attack targeting developer and CI/CD secrets.
