
Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
Quickly evaluate the security and health of any open source package.
meutils
2024.9.13.18.37.7
Live on PyPI
Blocked by Socket
The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.
enclose-eslint
99.99.1
by mux0x
Live on npm
Blocked by Socket
The preinstall script makes an outbound network request (ping) to an external OAST domain during npm install. This is high-risk behavior consistent with telemetry, beaconing, or potential exfiltration and should be treated as malicious or at least highly suspicious. Do not install in production or on sensitive machines without further investigation.
mtmai
0.3.803
Live on PyPI
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
coone-annotation-tool
0.1.71
by mede
Live on npm
Blocked by Socket
The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.
cl-lite
1.0.780
by michael_tian
Live on npm
Blocked by Socket
This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.
fsd
0.0.282
Removed from PyPI
Blocked by Socket
This module contains high-risk functionality: it executes shell commands (subprocess.Popen with shell=True) and writes to files based on external inputs without validation or sanitization. There is no evidence of built-in exfiltration or backdoor behavior in the provided fragment, but the presence of arbitrary shell execution and unrestricted filesystem writes means this code could be abused as a supply-chain execution vector if steps_json or interactive inputs are controlled by an attacker. Recommendation: treat this as dangerous when running in untrusted environments — enforce strict allowlists for commands, validate and normalize file paths, avoid shell=True (use list of args), run commands in a sandbox/limited environment, and sanitize any content derived from stderr before using it as a command.
Live on PyPI for 5 days, 3 hours and 50 minutes before removal. Socket users were protected even while the package was live.
pyrit
0.5.1
Live on PyPI
Blocked by Socket
This file contains a prompt template that implements a nested jailbreak attack against AI systems. The template describes a fictional scenario in which a student experiences a dream and is prompted to supply detailed, step-by-step instructions on how to accomplish a task specified by a parameter. The template deliberately isolates the harmful instruction set by instructing the model to return only the second paragraph of the generated text. A reference is made to academic research (see https://arx[.]iv/abs/23111[.]08268) that documents this bypass method. Although it does not function as traditional malware, its purpose is malicious: to compromise AI safety measures and induce the production of dangerous or unethical outputs when processed.
meutils
2024.12.5.15.58.45
Live on PyPI
Blocked by Socket
The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.
baileys-york
6.7.60
by baileys-york
Live on npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
alita-sdk
0.3.108
Live on PyPI
Blocked by Socket
The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.
meshcentral
0.2.8-w
by ysainthilaire
Live on npm
Blocked by Socket
The code fragment exhibits high-risk patterns: a broad AMT tooling surface combined with a WebSocket relay proxy that can forward to arbitrary destinations, plus a large opaque payload and insecure TLS handling. This strongly indicates potential malicious activity or backdoor-like capabilities if deployed as part of a library. Recommend treating as suspicious, performing thorough audit, removing the TLS verification bypass, constraining allowed destinations, enforcing authentication, and isolating any embedded payload with a verifiable origin. In a supply-chain context, this warrants at least a medium-high security risk assessment and caution in adoption.
servextools
0.1.14
Live on PyPI
Blocked by Socket
The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.
discord.js-sound
1.0.3
by discord-app-764
Removed from npm
Blocked by Socket
The code exhibits clear signs of malicious behavior, including downloading executables from the internet and executing them without verification. The use of Discord CDN for hosting the executable file and the lack of any form of integrity check or error handling suggest a high risk of this script being used for malicious purposes.
Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.
ailever
0.3.170
Live on PyPI
Blocked by Socket
The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).
exp10it
2.4.44
Live on PyPI
Blocked by Socket
This source code is a malicious exploit script designed to remotely install a PHP webshell (vvv<?php eval($_POST[zzz]);?>) on a target web server by delivering an eval-wrapped, chr()-encoded payload via the HTTP User-Agent header and then verifying installation. Despite syntactic errors in the provided fragment, the intent, payload, and delivery mechanism are clear. Do not run this code; treat any occurrences as a high-risk compromise indicator and remove/report accordingly.
botbooster
0.0.3
Live on PyPI
Blocked by Socket
The snippet implements explicit credential exfiltration: it reads a TOKEN from a local settings.json and transmits it to a hardcoded Discord webhook. This is malicious behavior and constitutes a severe supply-chain and credential-theft risk. If present in a dependency, assume compromise, remove the package, rotate any affected tokens, and investigate distribution and invocation paths.
github.com/bishopfox/sliver
v1.5.40-0.20240418175459-6bccd353186f
Live on Go Modules
Blocked by Socket
This code is part of an offensive implant framework (Sliver). It intentionally reads alias manifests and payload binaries from disk, registers CLI commands, and forwards raw payload bytes, arguments and evasive flags to remote implants via RPC (ExecuteAssembly, SpawnDll, Sideload). There is no evidence of obfuscation or hidden backdoors beyond the tool's explicit purpose. From a supply-chain/security perspective, this module is high-risk: it enables distribution and remote execution of arbitrary binaries on compromised hosts and includes flags to bypass defenses. Use with caution and only within a legitimate, authorized testing environment.
@webprotocol/nwep
0.1.3
Live on npm
Blocked by Socket
Conclusion: The fragment is an unreadable binary/encoded payload with likely obfuscation. There is insufficient evidence to assert specific malicious behavior from the fragment alone. However, the presence of such binary data in a distribution artifact warrants caution: verify provenance, obtain a decoded/unpacked version, and perform dynamic analysis in a controlled environment before trusting or integrating the artifact.
triple
1.1.0
Live on PyPI
Blocked by Socket
This setup.py strongly indicates a malicious or abusive package. Explicit 'malware' and related keywords, the installation of automation/input-capture dependencies, and console_scripts entry points create a high-risk packaging configuration for a remote access trojan/stealer/backdoor. The file itself does not contain payload code, but it facilitates installation and execution of code that likely implements malicious behavior. Do not install or run this package without thorough, isolated analysis of the package modules (especially triple._cmd_ and any networking or persistence code).
systoring
0.1.1
Removed from PyPI
Blocked by Socket
The code is designed to collect and exfiltrate sensitive data from a Windows system without user consent. It uses hardcoded credentials and bypasses SSL verification, indicating potential malicious intent. The script exhibits behaviors typical of spyware or data-stealing malware.
Live on PyPI for 1 day, 7 hours and 28 minutes before removal. Socket users were protected even while the package was live.
@glodon-aiot/dataset-annotation
0.0.0-snapshot-20250729094444
by gaiot-arn
Live on npm
Blocked by Socket
Conclusion: Among the three reports, Report 1 presents the most credible, high-risk indicators for malicious or covert activity within a JavaScript dependency. The presence of heavy obfuscation, numerous base64 payloads, data URLs, and dynamic execution paths strongly suggests a loader/backdoor style mechanism that could exfiltrate data or modify behavior at runtime. It warrants urgent, in-depth dynamic analysis in a controlled environment, deobfuscation efforts, and likely removal or replacement with audited alternatives. A formal security advisory should be raised with the maintainers, requesting a source-level deobfuscation and a thorough disclosure of intended behavior.
node-sbx
2.0.8
by eooce
Live on npm
Blocked by Socket
This script is high-risk and exhibits likely malicious or unauthorized remote-access behavior. It downloads and executes unsigned remote binaries, configures and runs multiple proxy/tunneling services, generates/uses cryptographic keys, registers the host to remote management/agent infrastructure (Nezha/Argo-like), and exfiltrates node/subscription information to external endpoints and Telegram. Even if intended for benign proxy provisioning, the lack of integrity checks, execution of arbitrary remote code, embedded keys, and automated publishing/exposure of host endpoints make it unsafe to run. Treat as malicious or potentially backdoor-capable — do not run on trusted systems.
meutils
2024.9.13.18.37.7
Live on PyPI
Blocked by Socket
The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.
enclose-eslint
99.99.1
by mux0x
Live on npm
Blocked by Socket
The preinstall script makes an outbound network request (ping) to an external OAST domain during npm install. This is high-risk behavior consistent with telemetry, beaconing, or potential exfiltration and should be treated as malicious or at least highly suspicious. Do not install in production or on sensitive machines without further investigation.
mtmai
0.3.803
Live on PyPI
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
coone-annotation-tool
0.1.71
by mede
Live on npm
Blocked by Socket
The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.
cl-lite
1.0.780
by michael_tian
Live on npm
Blocked by Socket
This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.
fsd
0.0.282
Removed from PyPI
Blocked by Socket
This module contains high-risk functionality: it executes shell commands (subprocess.Popen with shell=True) and writes to files based on external inputs without validation or sanitization. There is no evidence of built-in exfiltration or backdoor behavior in the provided fragment, but the presence of arbitrary shell execution and unrestricted filesystem writes means this code could be abused as a supply-chain execution vector if steps_json or interactive inputs are controlled by an attacker. Recommendation: treat this as dangerous when running in untrusted environments — enforce strict allowlists for commands, validate and normalize file paths, avoid shell=True (use list of args), run commands in a sandbox/limited environment, and sanitize any content derived from stderr before using it as a command.
Live on PyPI for 5 days, 3 hours and 50 minutes before removal. Socket users were protected even while the package was live.
pyrit
0.5.1
Live on PyPI
Blocked by Socket
This file contains a prompt template that implements a nested jailbreak attack against AI systems. The template describes a fictional scenario in which a student experiences a dream and is prompted to supply detailed, step-by-step instructions on how to accomplish a task specified by a parameter. The template deliberately isolates the harmful instruction set by instructing the model to return only the second paragraph of the generated text. A reference is made to academic research (see https://arx[.]iv/abs/23111[.]08268) that documents this bypass method. Although it does not function as traditional malware, its purpose is malicious: to compromise AI safety measures and induce the production of dangerous or unethical outputs when processed.
meutils
2024.12.5.15.58.45
Live on PyPI
Blocked by Socket
The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.
baileys-york
6.7.60
by baileys-york
Live on npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
alita-sdk
0.3.108
Live on PyPI
Blocked by Socket
The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.
meshcentral
0.2.8-w
by ysainthilaire
Live on npm
Blocked by Socket
The code fragment exhibits high-risk patterns: a broad AMT tooling surface combined with a WebSocket relay proxy that can forward to arbitrary destinations, plus a large opaque payload and insecure TLS handling. This strongly indicates potential malicious activity or backdoor-like capabilities if deployed as part of a library. Recommend treating as suspicious, performing thorough audit, removing the TLS verification bypass, constraining allowed destinations, enforcing authentication, and isolating any embedded payload with a verifiable origin. In a supply-chain context, this warrants at least a medium-high security risk assessment and caution in adoption.
servextools
0.1.14
Live on PyPI
Blocked by Socket
The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.
discord.js-sound
1.0.3
by discord-app-764
Removed from npm
Blocked by Socket
The code exhibits clear signs of malicious behavior, including downloading executables from the internet and executing them without verification. The use of Discord CDN for hosting the executable file and the lack of any form of integrity check or error handling suggest a high risk of this script being used for malicious purposes.
Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.
ailever
0.3.170
Live on PyPI
Blocked by Socket
The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).
exp10it
2.4.44
Live on PyPI
Blocked by Socket
This source code is a malicious exploit script designed to remotely install a PHP webshell (vvv<?php eval($_POST[zzz]);?>) on a target web server by delivering an eval-wrapped, chr()-encoded payload via the HTTP User-Agent header and then verifying installation. Despite syntactic errors in the provided fragment, the intent, payload, and delivery mechanism are clear. Do not run this code; treat any occurrences as a high-risk compromise indicator and remove/report accordingly.
botbooster
0.0.3
Live on PyPI
Blocked by Socket
The snippet implements explicit credential exfiltration: it reads a TOKEN from a local settings.json and transmits it to a hardcoded Discord webhook. This is malicious behavior and constitutes a severe supply-chain and credential-theft risk. If present in a dependency, assume compromise, remove the package, rotate any affected tokens, and investigate distribution and invocation paths.
github.com/bishopfox/sliver
v1.5.40-0.20240418175459-6bccd353186f
Live on Go Modules
Blocked by Socket
This code is part of an offensive implant framework (Sliver). It intentionally reads alias manifests and payload binaries from disk, registers CLI commands, and forwards raw payload bytes, arguments and evasive flags to remote implants via RPC (ExecuteAssembly, SpawnDll, Sideload). There is no evidence of obfuscation or hidden backdoors beyond the tool's explicit purpose. From a supply-chain/security perspective, this module is high-risk: it enables distribution and remote execution of arbitrary binaries on compromised hosts and includes flags to bypass defenses. Use with caution and only within a legitimate, authorized testing environment.
@webprotocol/nwep
0.1.3
Live on npm
Blocked by Socket
Conclusion: The fragment is an unreadable binary/encoded payload with likely obfuscation. There is insufficient evidence to assert specific malicious behavior from the fragment alone. However, the presence of such binary data in a distribution artifact warrants caution: verify provenance, obtain a decoded/unpacked version, and perform dynamic analysis in a controlled environment before trusting or integrating the artifact.
triple
1.1.0
Live on PyPI
Blocked by Socket
This setup.py strongly indicates a malicious or abusive package. Explicit 'malware' and related keywords, the installation of automation/input-capture dependencies, and console_scripts entry points create a high-risk packaging configuration for a remote access trojan/stealer/backdoor. The file itself does not contain payload code, but it facilitates installation and execution of code that likely implements malicious behavior. Do not install or run this package without thorough, isolated analysis of the package modules (especially triple._cmd_ and any networking or persistence code).
systoring
0.1.1
Removed from PyPI
Blocked by Socket
The code is designed to collect and exfiltrate sensitive data from a Windows system without user consent. It uses hardcoded credentials and bypasses SSL verification, indicating potential malicious intent. The script exhibits behaviors typical of spyware or data-stealing malware.
Live on PyPI for 1 day, 7 hours and 28 minutes before removal. Socket users were protected even while the package was live.
@glodon-aiot/dataset-annotation
0.0.0-snapshot-20250729094444
by gaiot-arn
Live on npm
Blocked by Socket
Conclusion: Among the three reports, Report 1 presents the most credible, high-risk indicators for malicious or covert activity within a JavaScript dependency. The presence of heavy obfuscation, numerous base64 payloads, data URLs, and dynamic execution paths strongly suggests a loader/backdoor style mechanism that could exfiltrate data or modify behavior at runtime. It warrants urgent, in-depth dynamic analysis in a controlled environment, deobfuscation efforts, and likely removal or replacement with audited alternatives. A formal security advisory should be raised with the maintainers, requesting a source-level deobfuscation and a thorough disclosure of intended behavior.
node-sbx
2.0.8
by eooce
Live on npm
Blocked by Socket
This script is high-risk and exhibits likely malicious or unauthorized remote-access behavior. It downloads and executes unsigned remote binaries, configures and runs multiple proxy/tunneling services, generates/uses cryptographic keys, registers the host to remote management/agent infrastructure (Nezha/Argo-like), and exfiltrates node/subscription information to external endpoints and Telegram. Even if intended for benign proxy provisioning, the lack of integrity checks, execution of arbitrary remote code, embedded keys, and automated publishing/exposure of host endpoints make it unsafe to run. Treat as malicious or potentially backdoor-capable — do not run on trusted systems.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Suspicious Stars on GitHub
HTTP dependency
Git dependency
GitHub dependency
AI-detected potential malware
Obfuscated code
Telemetry
Protestware or potentially unwanted behavior
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
License Policy Violation
Explicitly Unlicensed Item
Misc. License Issues
Copyleft License
No License Found
Ambiguous License Classifier
License exception
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in just 2 clicks and get protected today.
Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Get our latest security research, open source insights, and product updates.

Security News
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.

Security News
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.

Security News
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.