Socket
Book a DemoInstallSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 3.7.1

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.3

We protect you from vulnerable and malicious packages

github-action-benchmark

0.0.1

Removed from npm

Blocked by Socket

The script is malicious in nature, as it is designed to exfiltrate sensitive system information to an external server. The use of base64 encoding is a weak attempt to obfuscate the data being sent. The script poses a high security risk due to the potential for data breaches and further attacks.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

mega-sparks

92.6

Removed from PyPI

Blocked by Socket

The code exhibits malicious behavior by collecting sensitive system information and sending it to suspicious external URLs without user consent. This poses a significant security risk.

Live on PyPI for 3 hours and 22 minutes before removal. Socket users were protected even while the package was live.

n8n-nodes-twenty-dynamic

0.10.1-beta.9

by syhc

Live on npm

Blocked by Socket

Overall this package looks like a normal n8n node module, but there are two notable risks: (1) the use of npx in the 'preinstall' step can trigger remote code execution if the resolved package is compromised or replaced, and (2) 'n8n-workflow' appears in multiple dependency sections with a non-specific version ('*'), which matches the critical dependency rule and raises a high supply-chain manipulation risk. The 'files' restriction to only 'dist' makes auditing runtime code harder. Recommend inspecting the published 'dist' artifacts, verifying the 'only-allow' package integrity (or replacing the preinstall check with a safer enforcement), and ensuring that 'n8n-workflow' resolution is intentional and comes from the registry (not git/http).

pegleg_heart

0.0.11

by pigikic272

Removed from npm

Blocked by Socket

The code is exfiltrating sensitive system information, including directory listings, environment variables, and cgroup information, to an external server. This behavior is indicative of malicious intent and poses a significant security risk.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

artifact-lab-3-package-7e532784

0.1.8

Live on PyPI

Blocked by Socket

This file implements a classic reverse shell/backdoor that connects to a hardcoded external endpoint and attaches a local interactive shell to that connection. It is malicious in intent and high risk: running it grants remote shell access with no authentication. Do not run; remove and treat any system that executed it as compromised (conduct incident response, network and host forensics, credential rotation).

sticker-convert

2.11.0

Live on PyPI

Blocked by Socket

The code is designed to extract Discord authentication tokens by utilizing Chrome Remote Debugging to execute JavaScript within the browser context to retrieve the token. This poses a significant security risk as it allows unauthorized access to Discord accounts without user consent. The extracted tokens could be used to hijack user accounts or perform other malicious activities.

gatsby-ppc-theme

1.1.113

by gigmedia

Live on npm

Blocked by Socket

This browser module conditionally injects external scripts from cdn[.]by[.]wonderpush[.]com, cdnjs[.]cloudflare[.]com, and dev[.]visualwebsiteoptimizer[.]com, then—in “CLOAKER” mode—hides the entire page, loads jQuery and a timezone library, collects headers via XHR.getAllResponseHeaders(), cookies, referrer, URL, query strings and timezone, and POSTs them to a remote endpoint (CLOAKER_URL). The AJAX success handler passes the server’s response directly into eval(), allowing arbitrary remote-controlled code execution in every client. These behaviors constitute a client-side backdoor/data-exfiltration mechanism. Avoid using or bundling this code without a full security audit and removal of the eval(remoteResponse) path.

imagecomponents.blazor.ui

4.0.4.2

by Image Components

Live on NuGet

Blocked by Socket

This assembly mixes normal imaging API types and controller endpoints with a large, intentionally obfuscated native/managed loader and anti-tamper functionality. The obfuscated helper performs resource decryption, native memory allocation, runtime/JIT manipulation and dynamic execution of code/data. Those operations are high-risk: they enable in-memory code execution, modification of runtime structures, and process memory writes. If this package comes from an untrusted source or is not audited, treat it as suspicious. Even if the developer intended protection/DRM, those techniques constitute a significant supply-chain and runtime execution risk for server-side deployment. Recommend: do not deploy this package in sensitive environments without deeper provenance verification and a full audit of the decryption payload and executed code.

meutils

2025.6.24.14.6.6

Live on PyPI

Blocked by Socket

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

mene-base

0.0.14

by meneprojects

Removed from npm

Blocked by Socket

The script performs a recursive copy of all files to a higher directory, which could be risky as it may overwrite important files and lead to unintended consequences.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

hackerman

0.10.2

Live on PyPI

Blocked by Socket

This module is an ARP spoofing / MITM tool: it actively forges ARP replies to poison ARP caches, enables IP forwarding on the host, and thus can intercept or manipulate network traffic between victim and gateway. It is potentially malicious when used without authorization. Use only in authorized testing environments. There is no obfuscation or hidden payload, but functionality directly facilitates network-level attacks.

hackingtools

3.0.0.93

Live on PyPI

Blocked by Socket

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

bapy

0.2.219

Live on PyPI

Blocked by Socket

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

botcity-documents

0.4.0

Live on PyPI

Blocked by Socket

This module is highly suspicious: it hides executable code in a compressed, base64-encoded string and executes it immediately at import. Treat the package as untrusted until the embedded payload is decoded and audited. Do not import or run this module on production or sensitive systems. Perform offline decoding and thorough static + dynamic analysis in a controlled sandbox before any use.

lgblkb-tools

0.2.84

Live on PyPI

Blocked by Socket

This module contains clear capability to read an arbitrary local file (hardcoded path in main) and upload it to a remote Telegram chat using an embedded bot token and chat id. The embedded credential and automatic upload constitute a high risk of data exfiltration if the code is run or distributed. Treat the token as compromised, revoke it, and remediate by removing hardcoded secrets and adding authentication/confirmation and secure secret management before trusting or publishing this code.

ethersscan-api

0.0.1

by richard_dev

Removed from npm

Blocked by Socket

The code is likely malicious, with behaviors indicative of data theft and unauthorized access to sensitive information. It is heavily obfuscated, which is a common tactic to hide malicious intent.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

gapminder-offline

5.0.0

by gonzx

Removed from npm

Blocked by Socket

This script sends a request to an external URL, which could potentially be used for data exfiltration or telemetry purposes. The nature of the request and the destination URL should be further investigated.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

orderbook-backend

1337.1.0

by research13377

Live on npm

Blocked by Socket

This package executes commands during installation that collect and exfiltrate sensitive system information to an external server. The preinstall, preupdate, and test scripts use curl to send the hostname, current username, and working directory (all base64-encoded) to tergeiiqpuqpgzsencajoqbb38f415y0z[.]oast[.]fun. This unauthorized collection and transmission of system information occurs automatically during package installation without user consent. While the package description claims this is for research purposes, the behavior constitutes unauthorized telemetry that could be used for reconnaissance or tracking purposes.

ailever

1.0.14

Live on PyPI

Blocked by Socket

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

cliche

0.10.112

by PascalVKooten

Live on PyPI

Blocked by Socket

The code contains a suspicious command that sends system information to a remote server, and it modifies user's system files without explicit consent. This behavior could be indicative of malicious intent or poor security practices.

struct-logger

1.0.7

by cristoper52

Removed from npm

Blocked by Socket

The code is malicious and poses a severe security risk. It leaks sensitive environment variables to a remote server and executes arbitrary code from that server, enabling full system compromise. The obfuscation attempts to hide this behavior but is easily reversible. The provided reports fail to identify or analyze these critical issues. Immediate removal and investigation of this dependency are strongly recommended.

Live on npm for 27 days, 23 hours and 47 minutes before removal. Socket users were protected even while the package was live.

hirosystems.clarity-lsp

1.7.2

Live on Open VSX

Blocked by Socket

The fragment demonstrates automatic discovery and execution of an external binary named 'clarinet' via PATH, with stdio inherited, enabling potential data flow and external control without explicit user consent. This constitutes a high-risk capability (possible backdoor/vector) that should be disabled or gated behind deliberate user opt-in, input validation, and strict auditing. In typical OpenVSX contexts, such behavior is unacceptable without justification and safeguards.

github-action-benchmark

0.0.1

Removed from npm

Blocked by Socket

The script is malicious in nature, as it is designed to exfiltrate sensitive system information to an external server. The use of base64 encoding is a weak attempt to obfuscate the data being sent. The script poses a high security risk due to the potential for data breaches and further attacks.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

mega-sparks

92.6

Removed from PyPI

Blocked by Socket

The code exhibits malicious behavior by collecting sensitive system information and sending it to suspicious external URLs without user consent. This poses a significant security risk.

Live on PyPI for 3 hours and 22 minutes before removal. Socket users were protected even while the package was live.

n8n-nodes-twenty-dynamic

0.10.1-beta.9

by syhc

Live on npm

Blocked by Socket

Overall this package looks like a normal n8n node module, but there are two notable risks: (1) the use of npx in the 'preinstall' step can trigger remote code execution if the resolved package is compromised or replaced, and (2) 'n8n-workflow' appears in multiple dependency sections with a non-specific version ('*'), which matches the critical dependency rule and raises a high supply-chain manipulation risk. The 'files' restriction to only 'dist' makes auditing runtime code harder. Recommend inspecting the published 'dist' artifacts, verifying the 'only-allow' package integrity (or replacing the preinstall check with a safer enforcement), and ensuring that 'n8n-workflow' resolution is intentional and comes from the registry (not git/http).

pegleg_heart

0.0.11

by pigikic272

Removed from npm

Blocked by Socket

The code is exfiltrating sensitive system information, including directory listings, environment variables, and cgroup information, to an external server. This behavior is indicative of malicious intent and poses a significant security risk.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

artifact-lab-3-package-7e532784

0.1.8

Live on PyPI

Blocked by Socket

This file implements a classic reverse shell/backdoor that connects to a hardcoded external endpoint and attaches a local interactive shell to that connection. It is malicious in intent and high risk: running it grants remote shell access with no authentication. Do not run; remove and treat any system that executed it as compromised (conduct incident response, network and host forensics, credential rotation).

sticker-convert

2.11.0

Live on PyPI

Blocked by Socket

The code is designed to extract Discord authentication tokens by utilizing Chrome Remote Debugging to execute JavaScript within the browser context to retrieve the token. This poses a significant security risk as it allows unauthorized access to Discord accounts without user consent. The extracted tokens could be used to hijack user accounts or perform other malicious activities.

gatsby-ppc-theme

1.1.113

by gigmedia

Live on npm

Blocked by Socket

This browser module conditionally injects external scripts from cdn[.]by[.]wonderpush[.]com, cdnjs[.]cloudflare[.]com, and dev[.]visualwebsiteoptimizer[.]com, then—in “CLOAKER” mode—hides the entire page, loads jQuery and a timezone library, collects headers via XHR.getAllResponseHeaders(), cookies, referrer, URL, query strings and timezone, and POSTs them to a remote endpoint (CLOAKER_URL). The AJAX success handler passes the server’s response directly into eval(), allowing arbitrary remote-controlled code execution in every client. These behaviors constitute a client-side backdoor/data-exfiltration mechanism. Avoid using or bundling this code without a full security audit and removal of the eval(remoteResponse) path.

imagecomponents.blazor.ui

4.0.4.2

by Image Components

Live on NuGet

Blocked by Socket

This assembly mixes normal imaging API types and controller endpoints with a large, intentionally obfuscated native/managed loader and anti-tamper functionality. The obfuscated helper performs resource decryption, native memory allocation, runtime/JIT manipulation and dynamic execution of code/data. Those operations are high-risk: they enable in-memory code execution, modification of runtime structures, and process memory writes. If this package comes from an untrusted source or is not audited, treat it as suspicious. Even if the developer intended protection/DRM, those techniques constitute a significant supply-chain and runtime execution risk for server-side deployment. Recommend: do not deploy this package in sensitive environments without deeper provenance verification and a full audit of the decryption payload and executed code.

meutils

2025.6.24.14.6.6

Live on PyPI

Blocked by Socket

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

mene-base

0.0.14

by meneprojects

Removed from npm

Blocked by Socket

The script performs a recursive copy of all files to a higher directory, which could be risky as it may overwrite important files and lead to unintended consequences.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

hackerman

0.10.2

Live on PyPI

Blocked by Socket

This module is an ARP spoofing / MITM tool: it actively forges ARP replies to poison ARP caches, enables IP forwarding on the host, and thus can intercept or manipulate network traffic between victim and gateway. It is potentially malicious when used without authorization. Use only in authorized testing environments. There is no obfuscation or hidden payload, but functionality directly facilitates network-level attacks.

hackingtools

3.0.0.93

Live on PyPI

Blocked by Socket

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

bapy

0.2.219

Live on PyPI

Blocked by Socket

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

botcity-documents

0.4.0

Live on PyPI

Blocked by Socket

This module is highly suspicious: it hides executable code in a compressed, base64-encoded string and executes it immediately at import. Treat the package as untrusted until the embedded payload is decoded and audited. Do not import or run this module on production or sensitive systems. Perform offline decoding and thorough static + dynamic analysis in a controlled sandbox before any use.

lgblkb-tools

0.2.84

Live on PyPI

Blocked by Socket

This module contains clear capability to read an arbitrary local file (hardcoded path in main) and upload it to a remote Telegram chat using an embedded bot token and chat id. The embedded credential and automatic upload constitute a high risk of data exfiltration if the code is run or distributed. Treat the token as compromised, revoke it, and remediate by removing hardcoded secrets and adding authentication/confirmation and secure secret management before trusting or publishing this code.

ethersscan-api

0.0.1

by richard_dev

Removed from npm

Blocked by Socket

The code is likely malicious, with behaviors indicative of data theft and unauthorized access to sensitive information. It is heavily obfuscated, which is a common tactic to hide malicious intent.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

gapminder-offline

5.0.0

by gonzx

Removed from npm

Blocked by Socket

This script sends a request to an external URL, which could potentially be used for data exfiltration or telemetry purposes. The nature of the request and the destination URL should be further investigated.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

orderbook-backend

1337.1.0

by research13377

Live on npm

Blocked by Socket

This package executes commands during installation that collect and exfiltrate sensitive system information to an external server. The preinstall, preupdate, and test scripts use curl to send the hostname, current username, and working directory (all base64-encoded) to tergeiiqpuqpgzsencajoqbb38f415y0z[.]oast[.]fun. This unauthorized collection and transmission of system information occurs automatically during package installation without user consent. While the package description claims this is for research purposes, the behavior constitutes unauthorized telemetry that could be used for reconnaissance or tracking purposes.

ailever

1.0.14

Live on PyPI

Blocked by Socket

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

cliche

0.10.112

by PascalVKooten

Live on PyPI

Blocked by Socket

The code contains a suspicious command that sends system information to a remote server, and it modifies user's system files without explicit consent. This behavior could be indicative of malicious intent or poor security practices.

struct-logger

1.0.7

by cristoper52

Removed from npm

Blocked by Socket

The code is malicious and poses a severe security risk. It leaks sensitive environment variables to a remote server and executes arbitrary code from that server, enabling full system compromise. The obfuscation attempts to hide this behavior but is easily reversible. The provided reports fail to identify or analyze these critical issues. Immediate removal and investigation of this dependency are strongly recommended.

Live on npm for 27 days, 23 hours and 47 minutes before removal. Socket users were protected even while the package was live.

hirosystems.clarity-lsp

1.7.2

Live on Open VSX

Blocked by Socket

The fragment demonstrates automatic discovery and execution of an external binary named 'clarinet' via PATH, with stdio inherited, enabling potential data flow and external control without explicit user consent. This constitutes a high-risk capability (possible backdoor/vector) that should be disabled or gated behind deliberate user opt-in, input validation, and strict auditing. In typical OpenVSX contexts, such behavior is unacceptable without justification and safeguards.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Suspicious Stars on GitHub

HTTP dependency

Git dependency

GitHub dependency

AI-detected potential malware

Obfuscated code

Telemetry

Protestware or potentially unwanted behavior

42 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoRead the blog

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles