
Security News
GitHub Actions Pricing Whiplash: Self-Hosted Actions Billing Change Postponed
GitHub postponed a new billing model for self-hosted Actions after developer pushback, but moved forward with hosted runner price cuts on January 1.
Quickly evaluate the security and health of any open source package.
mtxp
0.0.163
Live on PyPI
Blocked by Socket
The script creates a persistent, predictable remote access vector by adding a user with a hardcoded password and by replacing SSH configuration to enable password and root logins and forwarding. This behavior is high-risk and consistent with a backdoor/persistence implant; treat any occurrence as malicious unless used in a tightly controlled, ephemeral testing environment with compensating controls. Do not run this script on production systems; if it has run, assume compromise, remove the user, restore secure SSH configuration, and rotate credentials.
thisisourgoal
1.3.4
by urfali007
Removed from npm
Blocked by Socket
This script is attempting to exfiltrate sensitive information by sending a POST request to a remote server. It poses a high security risk and should be considered malicious.
Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.
sap-abstract
0.9.1
by abdallaeg2
Removed from npm
Blocked by Socket
The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.
Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.
coverage-v8
9.9.9
by 3kali182
Removed from npm
Blocked by Socket
This source code is definitively malicious. It performs extensive data exfiltration of sensitive system, user, and project information to a suspicious external server. The code reads sensitive files, executes system commands, and scans local ports, all without user consent. There is no obfuscation, but the intent and actions clearly indicate malware designed for reconnaissance and data theft. The security risk is extremely high, and this package should not be used under any circumstances.
Live on npm for 5 days, 5 hours and 30 minutes before removal. Socket users were protected even while the package was live.
ldhpgemrdhs92007
1.250724.11109
by ongtrieuhau861.001
Live on npm
Blocked by Socket
This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.
mtxp
0.0.167
Live on PyPI
Blocked by Socket
The script creates a persistent, predictable remote access vector by adding a user with a hardcoded password and by replacing SSH configuration to enable password and root logins and forwarding. This behavior is high-risk and consistent with a backdoor/persistence implant; treat any occurrence as malicious unless used in a tightly controlled, ephemeral testing environment with compensating controls. Do not run this script on production systems; if it has run, assume compromise, remove the user, restore secure SSH configuration, and rotate credentials.
dh-test-cafe-automation-library
2.1.68
by delight732k
Removed from npm
Blocked by Socket
The code is susceptible to SQL injection due to the direct use of rawQuery in the query execution without any sanitization. It doesn't appear to have any intentionally malicious behavior, such as data theft or unauthorized system access, but it poses a high security risk due to the potential for SQL injection.
Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.
kfsd
0.0.12
Live on PyPI
Blocked by Socket
This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.
stakwork.staklink
0.2.19
Live on Open VSX
Blocked by Socket
The analyzed fragment reveals a VSCode/OpenVSX extension with extensive capabilities to manage a local proxy, coordinate multiple AI providers, handle API keys, and perform system-level operations (process management, port checks, host commands). While some functionality could be legitimate (local services, data processing, UI integration), the combination of launching/killing processes, starting a local proxy, interacting with PM2, and accessing host resources without clear, restricted scope constitutes a non-trivial security risk. The presence of sensitive operations (secret storage, API keys, local version checks, and system command execution) in a VSCode extension increases the potential impact if abused or compromised. High caution is advised before including or distributing this package; a thorough security review, restricted permissions, and explicit user consent workflows are recommended.
tx-engine
0.3.4
Live on PyPI
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
vy
3.3.1
Removed from PyPI
Blocked by Socket
This code is not obviously a deliberate malware implant, but it contains serious supply-chain/security risks: multiple direct interpolations of untrusted UI input into shell commands with shell=True allow command injection and arbitrary filesystem manipulation. Treat this module as unsafe to use without remediation (sanitize/escape inputs or use safe stdlib calls).
Live on PyPI for 5 days, 18 hours and 13 minutes before removal. Socket users were protected even while the package was live.
fiinquant
0.10.12
Live on PyPI
Blocked by Socket
The code is highly obfuscated and uses dynamic execution via exec, indicating an attempt to conceal harmful functionality. It reverses a Base64-encoded, zlib-compressed payload and then executes it, which could enable arbitrary malicious actions. No specific URLs, domains, or IP addresses were identified in the code.
ailever
0.2.725
Live on PyPI
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
mythic-container
0.2.8rc1
Live on PyPI
Blocked by Socket
The code presents several potential security risks and suggests the intent of managing a C2 server, which could be used for malicious purposes. Specifically, the handling of subprocesses with shell=True, the lack of proper input validation, and the exposure of sensitive file operations could facilitate unauthorized actions and access to sensitive data. Therefore, this code should be treated with caution and likely indicates malicious intent in its context.
qyrm-pipinject3
1.0
Live on PyPI
Blocked by Socket
This setup.py contains an explicit malicious side-effect: it executes os.system("cat /flag") at import/installation time, reading a local file and writing its contents to stdout/stderr. That creates a straightforward data-exfiltration vector (installer/CI logs, terminal). The rest of the file is packaging boilerplate. Do not install or run this package; treat it as a supply-chain backdoor.
elf-stats-shimmering-icicle-214
1.0.0
by lirada
Live on npm
Blocked by Socket
This module implements explicit data collection from /opt and unconditional exfiltration to a hardcoded external HTTPS endpoint. The behavior matches a data-exfiltration backdoor. Treat this code as malicious/untrusted: remove or isolate the package, do not execute it in production, and investigate systems where it has run for potential data exposure. If secrets may have been present under /opt, rotate them and review outbound network logs for the indicated webhook.host and UUID path.
serviceplatformshare
1.0.1
by caobin, Abigail
Live on NuGet
Blocked by Socket
The code contains a large obfuscated module that performs resource decryption, dynamic code generation, native memory allocation/writing, and JIT/native hooking. Those behaviors enable runtime loading/execution of arbitrary code and process memory manipulation. Combined with heavy obfuscation and embedded encrypted payloads, this is consistent with a malicious loader/backdoor or supply-chain compromise. The rest of the file contains normal framework/service interfaces, but the obfuscated module represents a high-risk component and should be treated as malicious until a benign justification is provided and validated.
ytdlp-nodejs
2.0.5
by rashed_iqbal
Live on npm
Blocked by Socket
The script conditionally runs a package-defined 'download' script during installation into another project. That behavior can be legitimate (fetching required assets) but is also a vector for untrusted code execution, downloads, and persistence. Inspect the package.json 'download' script and any files it calls (or network endpoints it contacts) before trusting this package.
smartchart
6.9.9.8.1
Live on PyPI
Blocked by Socket
This source is highly suspicious and follows a classic staged loader/backdoor pattern: hard-coded compressed payload(s) -> decode/decompress -> exec -> runtime-defined functions invoked with further blobs. Even though the exact behavior of the hidden payloads is not visible here, the code provides arbitrary code execution on import and should be treated as malicious. Do not run this module; remove it from production systems and investigate installations where it may have executed.
tz.smartgateway2
2.0.0.11
by IEUser
Live on NuGet
Blocked by Socket
This assembly contains a static initializer that performs an immediate outbound HTTPS request to a hardcoded, suspicious domain. The behavior is unexpected for a normal library, lacks configuration or consent, and resembles beaconing or telemetry that could be used for presence checking or exfiltration. Treat this package as highly suspicious: avoid using it in production until the author documents and justifies the network behavior or removes it. If discovered in a dependency tree, consider removing or blocking its network access and auditing dependent packages.
mtmai
0.4.168
Live on PyPI
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
sbcli-lvol-ha
0.9.8
Live on PyPI
Blocked by Socket
No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.
ksm-action
21.0.1
by devgo369
Removed from npm
Blocked by Socket
This module does not execute any code or perform any actual operations, but it contains a suspicious message.
Live on npm for 28 days, 9 hours and 48 minutes before removal. Socket users were protected even while the package was live.
mtxp
0.0.163
Live on PyPI
Blocked by Socket
The script creates a persistent, predictable remote access vector by adding a user with a hardcoded password and by replacing SSH configuration to enable password and root logins and forwarding. This behavior is high-risk and consistent with a backdoor/persistence implant; treat any occurrence as malicious unless used in a tightly controlled, ephemeral testing environment with compensating controls. Do not run this script on production systems; if it has run, assume compromise, remove the user, restore secure SSH configuration, and rotate credentials.
thisisourgoal
1.3.4
by urfali007
Removed from npm
Blocked by Socket
This script is attempting to exfiltrate sensitive information by sending a POST request to a remote server. It poses a high security risk and should be considered malicious.
Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.
sap-abstract
0.9.1
by abdallaeg2
Removed from npm
Blocked by Socket
The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.
Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.
coverage-v8
9.9.9
by 3kali182
Removed from npm
Blocked by Socket
This source code is definitively malicious. It performs extensive data exfiltration of sensitive system, user, and project information to a suspicious external server. The code reads sensitive files, executes system commands, and scans local ports, all without user consent. There is no obfuscation, but the intent and actions clearly indicate malware designed for reconnaissance and data theft. The security risk is extremely high, and this package should not be used under any circumstances.
Live on npm for 5 days, 5 hours and 30 minutes before removal. Socket users were protected even while the package was live.
ldhpgemrdhs92007
1.250724.11109
by ongtrieuhau861.001
Live on npm
Blocked by Socket
This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.
mtxp
0.0.167
Live on PyPI
Blocked by Socket
The script creates a persistent, predictable remote access vector by adding a user with a hardcoded password and by replacing SSH configuration to enable password and root logins and forwarding. This behavior is high-risk and consistent with a backdoor/persistence implant; treat any occurrence as malicious unless used in a tightly controlled, ephemeral testing environment with compensating controls. Do not run this script on production systems; if it has run, assume compromise, remove the user, restore secure SSH configuration, and rotate credentials.
dh-test-cafe-automation-library
2.1.68
by delight732k
Removed from npm
Blocked by Socket
The code is susceptible to SQL injection due to the direct use of rawQuery in the query execution without any sanitization. It doesn't appear to have any intentionally malicious behavior, such as data theft or unauthorized system access, but it poses a high security risk due to the potential for SQL injection.
Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.
kfsd
0.0.12
Live on PyPI
Blocked by Socket
This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.
stakwork.staklink
0.2.19
Live on Open VSX
Blocked by Socket
The analyzed fragment reveals a VSCode/OpenVSX extension with extensive capabilities to manage a local proxy, coordinate multiple AI providers, handle API keys, and perform system-level operations (process management, port checks, host commands). While some functionality could be legitimate (local services, data processing, UI integration), the combination of launching/killing processes, starting a local proxy, interacting with PM2, and accessing host resources without clear, restricted scope constitutes a non-trivial security risk. The presence of sensitive operations (secret storage, API keys, local version checks, and system command execution) in a VSCode extension increases the potential impact if abused or compromised. High caution is advised before including or distributing this package; a thorough security review, restricted permissions, and explicit user consent workflows are recommended.
tx-engine
0.3.4
Live on PyPI
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
vy
3.3.1
Removed from PyPI
Blocked by Socket
This code is not obviously a deliberate malware implant, but it contains serious supply-chain/security risks: multiple direct interpolations of untrusted UI input into shell commands with shell=True allow command injection and arbitrary filesystem manipulation. Treat this module as unsafe to use without remediation (sanitize/escape inputs or use safe stdlib calls).
Live on PyPI for 5 days, 18 hours and 13 minutes before removal. Socket users were protected even while the package was live.
fiinquant
0.10.12
Live on PyPI
Blocked by Socket
The code is highly obfuscated and uses dynamic execution via exec, indicating an attempt to conceal harmful functionality. It reverses a Base64-encoded, zlib-compressed payload and then executes it, which could enable arbitrary malicious actions. No specific URLs, domains, or IP addresses were identified in the code.
ailever
0.2.725
Live on PyPI
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
mythic-container
0.2.8rc1
Live on PyPI
Blocked by Socket
The code presents several potential security risks and suggests the intent of managing a C2 server, which could be used for malicious purposes. Specifically, the handling of subprocesses with shell=True, the lack of proper input validation, and the exposure of sensitive file operations could facilitate unauthorized actions and access to sensitive data. Therefore, this code should be treated with caution and likely indicates malicious intent in its context.
qyrm-pipinject3
1.0
Live on PyPI
Blocked by Socket
This setup.py contains an explicit malicious side-effect: it executes os.system("cat /flag") at import/installation time, reading a local file and writing its contents to stdout/stderr. That creates a straightforward data-exfiltration vector (installer/CI logs, terminal). The rest of the file is packaging boilerplate. Do not install or run this package; treat it as a supply-chain backdoor.
elf-stats-shimmering-icicle-214
1.0.0
by lirada
Live on npm
Blocked by Socket
This module implements explicit data collection from /opt and unconditional exfiltration to a hardcoded external HTTPS endpoint. The behavior matches a data-exfiltration backdoor. Treat this code as malicious/untrusted: remove or isolate the package, do not execute it in production, and investigate systems where it has run for potential data exposure. If secrets may have been present under /opt, rotate them and review outbound network logs for the indicated webhook.host and UUID path.
serviceplatformshare
1.0.1
by caobin, Abigail
Live on NuGet
Blocked by Socket
The code contains a large obfuscated module that performs resource decryption, dynamic code generation, native memory allocation/writing, and JIT/native hooking. Those behaviors enable runtime loading/execution of arbitrary code and process memory manipulation. Combined with heavy obfuscation and embedded encrypted payloads, this is consistent with a malicious loader/backdoor or supply-chain compromise. The rest of the file contains normal framework/service interfaces, but the obfuscated module represents a high-risk component and should be treated as malicious until a benign justification is provided and validated.
ytdlp-nodejs
2.0.5
by rashed_iqbal
Live on npm
Blocked by Socket
The script conditionally runs a package-defined 'download' script during installation into another project. That behavior can be legitimate (fetching required assets) but is also a vector for untrusted code execution, downloads, and persistence. Inspect the package.json 'download' script and any files it calls (or network endpoints it contacts) before trusting this package.
smartchart
6.9.9.8.1
Live on PyPI
Blocked by Socket
This source is highly suspicious and follows a classic staged loader/backdoor pattern: hard-coded compressed payload(s) -> decode/decompress -> exec -> runtime-defined functions invoked with further blobs. Even though the exact behavior of the hidden payloads is not visible here, the code provides arbitrary code execution on import and should be treated as malicious. Do not run this module; remove it from production systems and investigate installations where it may have executed.
tz.smartgateway2
2.0.0.11
by IEUser
Live on NuGet
Blocked by Socket
This assembly contains a static initializer that performs an immediate outbound HTTPS request to a hardcoded, suspicious domain. The behavior is unexpected for a normal library, lacks configuration or consent, and resembles beaconing or telemetry that could be used for presence checking or exfiltration. Treat this package as highly suspicious: avoid using it in production until the author documents and justifies the network behavior or removes it. If discovered in a dependency tree, consider removing or blocking its network access and auditing dependent packages.
mtmai
0.4.168
Live on PyPI
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
sbcli-lvol-ha
0.9.8
Live on PyPI
Blocked by Socket
No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.
ksm-action
21.0.1
by devgo369
Removed from npm
Blocked by Socket
This module does not execute any code or perform any actual operations, but it contains a suspicious message.
Live on npm for 28 days, 9 hours and 48 minutes before removal. Socket users were protected even while the package was live.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Suspicious Stars on GitHub
HTTP dependency
Git dependency
GitHub dependency
AI-detected potential malware
Obfuscated code
Telemetry
Protestware or potentially unwanted behavior
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
License Policy Violation
Explicitly Unlicensed Item
Misc. License Issues
Copyleft License
No License Found
Ambiguous License Classifier
License exception
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in just 2 clicks and get protected today.
Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Get our latest security research, open source insights, and product updates.

Security News
GitHub postponed a new billing model for self-hosted Actions after developer pushback, but moved forward with hosted runner price cuts on January 1.

Research
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.

Security News
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.