Socket
Book a DemoInstallSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 3.7.1

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.3

We protect you from vulnerable and malicious packages

@yaoii-bails/yaoii-baileys

2.0.1

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

ldhemrdhs84006

1.250926.11416

by ongtrieuhau861.001

Live on npm

Blocked by Socket

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

web3js-wallet

1.0.1

by nchien1996

Removed from npm

Blocked by Socket

This file contains a backdoor that reads arbitrary local files (default: “./pk.txt”) via fs.promises.readFile and sends their contents as messages to an attacker-controlled Telegram chat. It issues HTTP POSTs to https://api[.]telegram[.]org/bot{hardcoded_token}/sendMessage with the file data in the text field, leveraging a hardcoded bot token and chat ID without any user consent or indication. This behavior is unauthorized data exfiltration of potentially sensitive wallet keys or other secrets.

Live on npm for 4 days, 5 hours and 43 minutes before removal. Socket users were protected even while the package was live.

context-hydrating

3.655.3

by hfst-tec

Removed from npm

Blocked by Socket

The code is likely intended for exfiltrating sensitive information from an environment based on certain conditions. The use of an obfuscated domain and Base64 encoding, combined with the targeted filtering and lack of legitimate functionality, suggests malicious intent.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

python

3.10.0-b1

by Python Software Foundation

Live on NuGet

Blocked by Socket

This module implements an unauthenticated network-accessible remote Python REPL / RCE backdoor. Any client able to connect can execute arbitrary Python code with the privileges of the running process, access files, spawn subprocesses, and exfiltrate data via the returned output. Treat this code as highly dangerous: do not run it in production or on sensitive hosts. If found in a dependency, remove or isolate it, rotate any credentials that may have been exposed, and investigate for abuse.

kteam

1.4.0

by kteam

Removed from npm

Blocked by Socket

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

bingo-log

1.0.1

by malarkey1992

Removed from npm

Blocked by Socket

Code exhibits suspicious behavior through detached process spawning and dynamic code execution via eval(). The spawned process runs independently and could persist after parent exits. While the eval'd code appears benign (just logging), the overall pattern suggests potential malicious intent or poor security practices.

Live on npm for 9 days, 18 hours and 39 minutes before removal. Socket users were protected even while the package was live.

update-requests

0.0.1

Removed from PyPI

Blocked by Socket

The code contains a high probability of malicious behavior. It attempts to download and execute a file from an external source in the background without the user's knowledge. The use of subprocess with shell=True and the writing of an executable to a system-like path are indicative of a supply chain attack.

Live on PyPI for 16 days, 6 hours and 27 minutes before removal. Socket users were protected even while the package was live.

thunderpy

1.0.0

Live on PyPI

Blocked by Socket

The file is a runtime loader/packer that decodes an embedded payload and executes it dynamically. Static evidence (open/read, unhexlify/decode, ''.join assembly, eval/exec, __import__, and function names implying execution/file operations) indicates high risk: the module is intentionally obfuscated and likely designed to execute unknown code at runtime. Treat as malicious/untrusted until the decoded payload is safely extracted and audited. Do NOT execute this code on production or non-isolated systems. Recommended next steps: extract and run the decode routine inside a fully-instrumented, network-isolated sandbox to capture the deobfuscated source and all runtime effects (file system, process execution, network connections), and then perform a detailed forensic review of the deobfuscated payload.

meutils

2024.11.28.17.32.9

Live on PyPI

Blocked by Socket

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

assert_cmd

0.10.1

by swaroop0416

Removed from npm

Blocked by Socket

The script is designed to send sensitive information from the local system to an external server, which is a serious security risk and indicative of malicious behavior.

Live on npm for 3 days, 9 hours and 37 minutes before removal. Socket users were protected even while the package was live.

colab-ssh

0.2.0

Live on PyPI

Blocked by Socket

This code intentionally installs and configures an SSH server, sets a root password provided as input, enables root/password SSH login, and opens a remote-access tunnel using ngrok with the provided authtoken. These actions create a high-risk remote backdoor and represent a significant supply-chain and operational security hazard (downloading and executing a remote binary without verification, changing system account credentials, and exposing port 22 to the internet). Even if the intended use is legitimate (remote development), the code is not safe and should not be executed in sensitive environments. Recommend not using this package or only running under tightly controlled, isolated, audited environments with trusted binaries and authtokens.

iproduce

26.0.3

by zakaria_zt

Removed from npm

Blocked by Socket

The code attempts to exfiltrate sensitive system information, including potentially sensitive data from the /etc/passwd file, to a remote endpoint. The use of 'rejectUnauthorized: false' and the construction of the endpoint URL using system variables adds to the suspicious nature of the code. Therefore, the security risk is high.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

fiinquant

0.8.1

Live on PyPI

Blocked by Socket

This code uses sophisticated obfuscation techniques (string reversal, base64 encoding, and zlib compression) to hide malicious functionality. The use of exec() to run dynamically generated code from an obfuscated payload is a clear security risk. This pattern is commonly used in malware to evade detection and execute harmful operations. The code should be considered malicious and should not be executed.

ve.zz

1.2.5

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

react-markdown-v7

1.3.9

Removed from npm

Blocked by Socket

This module performs immediate, unsolicited collection of local environment and package metadata and transmits it to a hard-coded external domain. The behavior is covert (silent error handling), executed on module load (no opt-in), and transmits potentially sensitive information. This is consistent with malicious or privacy-invasive telemetry/exfiltration. Treat the package as malicious/untrusted: remove it from environments, audit systems where it was installed, and rotate any credentials that may have been exposed. Block the indicated domain and investigate outbound connections.

Live on npm for 2 days, 7 hours and 53 minutes before removal. Socket users were protected even while the package was live.

techghoshal144

1.4.0

by aoneshoppa

Removed from npm

Blocked by Socket

This code is malicious malware performing unauthorized data theft and exfiltration of sensitive system information. It poses a severe security risk and should be considered dangerous. The code is not obfuscated but is clearly designed to steal and leak data to an attacker-controlled endpoint.

Live on npm for 4 hours and 51 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.883

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

plugin-svg-icons

1.0.1

by canadyankaya

Removed from npm

Blocked by Socket

The code contains a critical security vulnerability: dynamic execution of remotely fetched code via eval(), enabling arbitrary remote code execution. This behavior is highly suspicious and constitutes a severe supply chain security risk. The obfuscation and retry mechanisms further indicate potential malicious intent. The package should be considered dangerous and untrusted unless the remote code source is fully controlled and verified. Immediate remediation or removal is recommended.

Live on npm for 2 days, 15 hours and 57 minutes before removal. Socket users were protected even while the package was live.

bapy

0.2.187

Live on PyPI

Blocked by Socket

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

roam-runner-communication

1.4.13

by Jason Becker

Live on NuGet

Blocked by Socket

The code shows strong indicators of potential hidden payload delivery and runtime code execution via embedded resources and Python integration. While some parts may serve legitimate device communication, the presence of resource-driven decryption, dynamic Python execution, and extensive obfuscation constitutes a credible security risk and potential backdoor vector in a public package. This warrants caution, thorough integrity checks, and isolation/auditing of embedded resources and Python payloads before deploying or including this library in a dependency tree.

tintumon

3.1.1

Removed from PyPI

Blocked by Socket

This code uses encryption to obfuscate and hide its true functionality, then executes the hidden code. This is a classic pattern used in malware and malicious scripts to evade detection. The use of exec() on decrypted content is extremely dangerous as it allows arbitrary code execution. Without being able to inspect the decrypted payload, this code should be considered high risk and potentially malicious.

Live on PyPI for 6 days, 16 hours and 10 minutes before removal. Socket users were protected even while the package was live.

khankimagi

1.0.0

by pentestshawon

Removed from npm

Blocked by Socket

The script is designed to create a reverse shell to a remote server, which poses a significant security risk and is considered malware.

Live on npm for 1 hour and 41 minutes before removal. Socket users were protected even while the package was live.

babysploit

1.1.17

Live on PyPI

Blocked by Socket

This module is an exploit script that builds a classical buffer overflow payload (padding + controlled EIP + NOP sled + embedded shellcode) and transmits it to a target FTP server via the USER command on port 21. The code is offensive in nature and poses a high risk if present in a dependency. Do not run it against systems without explicit authorization; remove or isolate it and analyze the embedded shellcode in a controlled environment if necessary.

@yaoii-bails/yaoii-baileys

2.0.1

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

ldhemrdhs84006

1.250926.11416

by ongtrieuhau861.001

Live on npm

Blocked by Socket

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

web3js-wallet

1.0.1

by nchien1996

Removed from npm

Blocked by Socket

This file contains a backdoor that reads arbitrary local files (default: “./pk.txt”) via fs.promises.readFile and sends their contents as messages to an attacker-controlled Telegram chat. It issues HTTP POSTs to https://api[.]telegram[.]org/bot{hardcoded_token}/sendMessage with the file data in the text field, leveraging a hardcoded bot token and chat ID without any user consent or indication. This behavior is unauthorized data exfiltration of potentially sensitive wallet keys or other secrets.

Live on npm for 4 days, 5 hours and 43 minutes before removal. Socket users were protected even while the package was live.

context-hydrating

3.655.3

by hfst-tec

Removed from npm

Blocked by Socket

The code is likely intended for exfiltrating sensitive information from an environment based on certain conditions. The use of an obfuscated domain and Base64 encoding, combined with the targeted filtering and lack of legitimate functionality, suggests malicious intent.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

python

3.10.0-b1

by Python Software Foundation

Live on NuGet

Blocked by Socket

This module implements an unauthenticated network-accessible remote Python REPL / RCE backdoor. Any client able to connect can execute arbitrary Python code with the privileges of the running process, access files, spawn subprocesses, and exfiltrate data via the returned output. Treat this code as highly dangerous: do not run it in production or on sensitive hosts. If found in a dependency, remove or isolate it, rotate any credentials that may have been exposed, and investigate for abuse.

kteam

1.4.0

by kteam

Removed from npm

Blocked by Socket

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

bingo-log

1.0.1

by malarkey1992

Removed from npm

Blocked by Socket

Code exhibits suspicious behavior through detached process spawning and dynamic code execution via eval(). The spawned process runs independently and could persist after parent exits. While the eval'd code appears benign (just logging), the overall pattern suggests potential malicious intent or poor security practices.

Live on npm for 9 days, 18 hours and 39 minutes before removal. Socket users were protected even while the package was live.

update-requests

0.0.1

Removed from PyPI

Blocked by Socket

The code contains a high probability of malicious behavior. It attempts to download and execute a file from an external source in the background without the user's knowledge. The use of subprocess with shell=True and the writing of an executable to a system-like path are indicative of a supply chain attack.

Live on PyPI for 16 days, 6 hours and 27 minutes before removal. Socket users were protected even while the package was live.

thunderpy

1.0.0

Live on PyPI

Blocked by Socket

The file is a runtime loader/packer that decodes an embedded payload and executes it dynamically. Static evidence (open/read, unhexlify/decode, ''.join assembly, eval/exec, __import__, and function names implying execution/file operations) indicates high risk: the module is intentionally obfuscated and likely designed to execute unknown code at runtime. Treat as malicious/untrusted until the decoded payload is safely extracted and audited. Do NOT execute this code on production or non-isolated systems. Recommended next steps: extract and run the decode routine inside a fully-instrumented, network-isolated sandbox to capture the deobfuscated source and all runtime effects (file system, process execution, network connections), and then perform a detailed forensic review of the deobfuscated payload.

meutils

2024.11.28.17.32.9

Live on PyPI

Blocked by Socket

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

assert_cmd

0.10.1

by swaroop0416

Removed from npm

Blocked by Socket

The script is designed to send sensitive information from the local system to an external server, which is a serious security risk and indicative of malicious behavior.

Live on npm for 3 days, 9 hours and 37 minutes before removal. Socket users were protected even while the package was live.

colab-ssh

0.2.0

Live on PyPI

Blocked by Socket

This code intentionally installs and configures an SSH server, sets a root password provided as input, enables root/password SSH login, and opens a remote-access tunnel using ngrok with the provided authtoken. These actions create a high-risk remote backdoor and represent a significant supply-chain and operational security hazard (downloading and executing a remote binary without verification, changing system account credentials, and exposing port 22 to the internet). Even if the intended use is legitimate (remote development), the code is not safe and should not be executed in sensitive environments. Recommend not using this package or only running under tightly controlled, isolated, audited environments with trusted binaries and authtokens.

iproduce

26.0.3

by zakaria_zt

Removed from npm

Blocked by Socket

The code attempts to exfiltrate sensitive system information, including potentially sensitive data from the /etc/passwd file, to a remote endpoint. The use of 'rejectUnauthorized: false' and the construction of the endpoint URL using system variables adds to the suspicious nature of the code. Therefore, the security risk is high.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

fiinquant

0.8.1

Live on PyPI

Blocked by Socket

This code uses sophisticated obfuscation techniques (string reversal, base64 encoding, and zlib compression) to hide malicious functionality. The use of exec() to run dynamically generated code from an obfuscated payload is a clear security risk. This pattern is commonly used in malware to evade detection and execute harmful operations. The code should be considered malicious and should not be executed.

ve.zz

1.2.5

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

react-markdown-v7

1.3.9

Removed from npm

Blocked by Socket

This module performs immediate, unsolicited collection of local environment and package metadata and transmits it to a hard-coded external domain. The behavior is covert (silent error handling), executed on module load (no opt-in), and transmits potentially sensitive information. This is consistent with malicious or privacy-invasive telemetry/exfiltration. Treat the package as malicious/untrusted: remove it from environments, audit systems where it was installed, and rotate any credentials that may have been exposed. Block the indicated domain and investigate outbound connections.

Live on npm for 2 days, 7 hours and 53 minutes before removal. Socket users were protected even while the package was live.

techghoshal144

1.4.0

by aoneshoppa

Removed from npm

Blocked by Socket

This code is malicious malware performing unauthorized data theft and exfiltration of sensitive system information. It poses a severe security risk and should be considered dangerous. The code is not obfuscated but is clearly designed to steal and leak data to an attacker-controlled endpoint.

Live on npm for 4 hours and 51 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.883

Live on PyPI

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

plugin-svg-icons

1.0.1

by canadyankaya

Removed from npm

Blocked by Socket

The code contains a critical security vulnerability: dynamic execution of remotely fetched code via eval(), enabling arbitrary remote code execution. This behavior is highly suspicious and constitutes a severe supply chain security risk. The obfuscation and retry mechanisms further indicate potential malicious intent. The package should be considered dangerous and untrusted unless the remote code source is fully controlled and verified. Immediate remediation or removal is recommended.

Live on npm for 2 days, 15 hours and 57 minutes before removal. Socket users were protected even while the package was live.

bapy

0.2.187

Live on PyPI

Blocked by Socket

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

roam-runner-communication

1.4.13

by Jason Becker

Live on NuGet

Blocked by Socket

The code shows strong indicators of potential hidden payload delivery and runtime code execution via embedded resources and Python integration. While some parts may serve legitimate device communication, the presence of resource-driven decryption, dynamic Python execution, and extensive obfuscation constitutes a credible security risk and potential backdoor vector in a public package. This warrants caution, thorough integrity checks, and isolation/auditing of embedded resources and Python payloads before deploying or including this library in a dependency tree.

tintumon

3.1.1

Removed from PyPI

Blocked by Socket

This code uses encryption to obfuscate and hide its true functionality, then executes the hidden code. This is a classic pattern used in malware and malicious scripts to evade detection. The use of exec() on decrypted content is extremely dangerous as it allows arbitrary code execution. Without being able to inspect the decrypted payload, this code should be considered high risk and potentially malicious.

Live on PyPI for 6 days, 16 hours and 10 minutes before removal. Socket users were protected even while the package was live.

khankimagi

1.0.0

by pentestshawon

Removed from npm

Blocked by Socket

The script is designed to create a reverse shell to a remote server, which poses a significant security risk and is considered malware.

Live on npm for 1 hour and 41 minutes before removal. Socket users were protected even while the package was live.

babysploit

1.1.17

Live on PyPI

Blocked by Socket

This module is an exploit script that builds a classical buffer overflow payload (padding + controlled EIP + NOP sled + embedded shellcode) and transmits it to a target FTP server via the USER command on port 21. The code is offensive in nature and poses a high risk if present in a dependency. Do not run it against systems without explicit authorization; remove or isolate it and analyze the embedded shellcode in a controlled environment if necessary.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Suspicious Stars on GitHub

HTTP dependency

Git dependency

GitHub dependency

AI-detected potential malware

Obfuscated code

Telemetry

Protestware or potentially unwanted behavior

42 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoRead the blog

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles