
Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
Quickly evaluate the security and health of any open source package.
billpay-mobile
1.0.0
Removed from npm
Blocked by Socket
This code is designed to gather system information and directory contents and send them to a remote server. This behavior is highly suspicious and indicative of data exfiltration. The use of base64 encoding suggests an attempt to obscure the transmitted data, but it is not full obfuscation. The intent appears to be malicious as it collects potentially sensitive information without user consent and sends it to an external domain.
Live on npm for 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.
centurylink
4.1.1
by darkvenomanonymous
Removed from npm
Blocked by Socket
The script is designed to collect sensitive information from the host system and send it to a potentially malicious server, indicating a high likelihood of malicious intent.
Live on npm for 1 hour and 40 minutes before removal. Socket users were protected even while the package was live.
array-length-validator
1.0.1
Live on npm
Blocked by Socket
The code is heavily obfuscated, making it difficult to ascertain its true purpose. However, the presence of file system and network operations, combined with obfuscation, suggests a potential risk of data exfiltration or unauthorized actions. Further deobfuscation and analysis are necessary to confirm any malicious intent.
social-previews
1.0.0
by k4r1it0
Removed from npm
Blocked by Socket
The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.
Live on npm for 2 days, 3 hours and 11 minutes before removal. Socket users were protected even while the package was live.
isite
1.14.90
by absunstar
Live on npm
Blocked by Socket
This module contains remote code execution capabilities: it writes JavaScript received over WebSocket to a temp file and require()s it, and it maintains an outbound WebSocket to an obfuscated remote URL from which similar code is received and executed. The presence of string obfuscation (____0.f1), lack of any authentication or integrity checks, and the ability for remote parties to push and execute arbitrary code make this a dangerous malware threat. Treat this as a backdoor/remote code execution vector; do not run without strict network isolation and code-signing/integrity controls.
slg-dev-ops
1.11.9
Live on PyPI
Blocked by Socket
This code fragment contains high-risk behaviors. The most serious issue is copying the local private SSH key (~/.ssh/id_rsa) to the remote host, which is credential exfiltration and a major security violation. The script also runs many privileged operations on the remote host via shell-invoked ssh commands, installs unverified packages and binaries from the network, and appends unknown content to remote .bashrc. The fragment is syntactically broken/ incomplete (undefined variables: lines, cmd, password), so as-is it will not run, but the intended actions (if corrected) are dangerous. Treat this code as malicious or at minimum extremely unsafe for use in production without strict review and modification (remove private-key transfer, avoid shell=True with unescaped inputs, verify downloads, and remove/inspect unknown packages).
solbottrader
1.0.0
by kabr
Live on npm
Blocked by Socket
This file contains code that connects to the Solana blockchain, checks a wallet’s balance, and unilaterally transfers the majority of the user’s funds to a hardcoded recipient public key (BJ4UTyiXhbg4k3SXQh6XFm3XTp1Mx3hgYRwDTxFMBSdZ). This behavior can drain the user’s account without authorization. No external domains or IP addresses were identified. The code exhibits malicious functionality by performing unauthorized asset transfers.
h4x-ws
1.0.0-w16
by natodevz
Live on npm
Blocked by Socket
The fragment is densely obfuscated and structured to reconstruct and execute hidden code paths at runtime, likely via Function/constructor-based execution. While no explicit malicious action is visible in this isolated snippet, the risk profile is high due to the heavy obfuscation, dynamic code generation patterns, and session-disconnect related scaffolding that could enable covert behavior. A full deobfuscation and review of the complete module are required before safe usage in production.
mtmai
0.4.207
Live on PyPI
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
extension-blockquote
213.21.24
by exzuperi4
Live on npm
Blocked by Socket
This module performs unconditional exfiltration of host-identifying metadata (home directory, hostname, module path, package name) to a hard-coded external host and prints a contact string linking to the same actor. Behavior is privacy-invasive and constitutes a supply-chain risk. It should be considered malicious or at least unacceptable telemetry; do not include this package in trusted build/runtime environments until the maintainer provides a clear, documented, opt-in telemetry implementation or removes the network behavior.
@bluebooster/libs
9.999.3
by mondyzxi1
Live on npm
Blocked by Socket
The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.
permenmd-wifi
1.0.7
by permenmd
Removed from npm
Blocked by Socket
This code is a malicious UDP flood attack tool designed to overwhelm a target IP and port with large UDP packets, constituting a denial-of-service attack. It poses a high security risk and should be classified as malware. The code is clear and not obfuscated but is dangerous due to its intended use.
Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.
88q
1.1.8
by vsamaru
Live on npm
Blocked by Socket
The code is malicious as it exfiltrates console warnings and errors to external Telegram channels using a hardcoded bot token and chat IDs. This is a serious privacy and security risk. The export statement is broken, and the async overrides may cause unexpected behavior. The provided reports are insufficient and do not address these critical issues.
@ikarem/telemetry
100.0.4
Live on npm
Blocked by Socket
This package actively contacts an external telemetry endpoint during install/update lifecycle events and includes contextual placeholders that appear designed to leak environment information. Combined with the suspicious self-dependency, this package is unsafe to install in environments where confidential information, host identity, or installation telemetry must not be exposed. Treat this as high-risk and avoid installing it on production or sensitive machines; inspect and block the URLs and remove the package until provenance is verified.
mitel
999.0.0
by onlyartist9
Live on npm
Blocked by Socket
This preinstall script is a beacon that transmits the installing host's hostname to an external domain via DNS lookup. This constitutes clear telemetry/data-exfiltration behavior and is highly suspicious. It should be treated as malicious or at minimum unwanted tracking. Do not install this package on production or sensitive machines; inspect and remove such scripts or run installs in isolated, offline environments.
utils-bundle
8.1.6
by npm-test-1112
Live on npm
Blocked by Socket
This file collects internal and external IP addresses, DNS servers, hostnames, and user information, then transmits this data via a hardcoded webhook at discord[.]com. It also fetches additional details from ipinfo[.]io to gather external IP and related location data. Conditional checks are in place to avoid exfiltration in specific environments, suggesting an attempt to evade detection. This behavior constitutes data exfiltration without user consent and is considered malicious.
yulk
0.0.33
Live on PyPI
Blocked by Socket
This module is a high-risk remote downloader/updater: it downloads files over plain HTTP from a hardcoded external host and can overwrite local project files (including Python modules) without integrity checks or path sanitization. While it resembles a legitimate updater utility, its current design provides a straightforward supply-chain/vector for arbitrary code injection by a malicious remote host or network attacker. Treat as dangerous in production; require HTTPS, signatures/checksums, path sanitization, and removal of auto-overwrite behavior before use.
matrixswarm
1.0.5
Live on PyPI
Blocked by Socket
This file implements a covert surveillance agent that: 1) prepends environment-controlled directories (SITE_ROOT, AGENT_PATH) to Python’s import path (supply-chain/import risk); 2) silently injects “export PROMPT_COMMAND='history -a'” into /etc/bash.bashrc and users’ ~/.bashrc to force real-time shell history flushing; 3) tracks user sign-in/sign-out via `who`, reads and aggregates shell histories (~/.bash_history, ~/.zsh_history, fish history) and session metadata into agent-controlled JSON logs under comm_path/<universal_id>/sessions; 4) monitors highly sensitive files/directories (/etc/passwd, /etc/shadow, /root/.ssh, /home, /var/www) via inotify and logs or alerts on access, writes, and deletions; 5) computes SHA-256 hashes of commands and flags those matching high-risk patterns (rm -rf, scp, curl, wget, sudo, chmod 777, systemctl stop, service stop); and 6) packages structured reports via get_delivery_packet()/pass_packet() calls to configured remote nodes, constituting an exfiltration channel. These behaviors constitute unauthorized host persistence, privacy violation, and potential data exfiltration, and should be treated as malware.
madkadfag-55.0.0
2.0.0
by adasdasdasdadsssd
Live on npm
Blocked by Socket
This file is a deliberately obfuscated browser-side loader that decodes and executes hidden payloads, removes other scripts, and performs anti-automation/sandbox detection. It uses multiple dynamic-eval sinks and self-cleanup techniques. Treat it as malicious/high-risk. Do not execute in production; analyze in an isolated sandbox to fully decode payloads and observe any network activity or persistence. Remediation: remove package or block its execution, audit upstream source, and trace how this file was introduced (supply-chain compromise).
mtmai
0.4.245
Live on PyPI
Blocked by Socket
This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.
meutils
2025.8.7.20.31.52
Live on PyPI
Blocked by Socket
The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.
private-pack-d
1.1.1
by vicforbounty2
Live on npm
Blocked by Socket
The command 'calc' is not recognized as a standard command, which raises suspicion.
billpay-mobile
1.0.0
Removed from npm
Blocked by Socket
This code is designed to gather system information and directory contents and send them to a remote server. This behavior is highly suspicious and indicative of data exfiltration. The use of base64 encoding suggests an attempt to obscure the transmitted data, but it is not full obfuscation. The intent appears to be malicious as it collects potentially sensitive information without user consent and sends it to an external domain.
Live on npm for 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.
centurylink
4.1.1
by darkvenomanonymous
Removed from npm
Blocked by Socket
The script is designed to collect sensitive information from the host system and send it to a potentially malicious server, indicating a high likelihood of malicious intent.
Live on npm for 1 hour and 40 minutes before removal. Socket users were protected even while the package was live.
array-length-validator
1.0.1
Live on npm
Blocked by Socket
The code is heavily obfuscated, making it difficult to ascertain its true purpose. However, the presence of file system and network operations, combined with obfuscation, suggests a potential risk of data exfiltration or unauthorized actions. Further deobfuscation and analysis are necessary to confirm any malicious intent.
social-previews
1.0.0
by k4r1it0
Removed from npm
Blocked by Socket
The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.
Live on npm for 2 days, 3 hours and 11 minutes before removal. Socket users were protected even while the package was live.
isite
1.14.90
by absunstar
Live on npm
Blocked by Socket
This module contains remote code execution capabilities: it writes JavaScript received over WebSocket to a temp file and require()s it, and it maintains an outbound WebSocket to an obfuscated remote URL from which similar code is received and executed. The presence of string obfuscation (____0.f1), lack of any authentication or integrity checks, and the ability for remote parties to push and execute arbitrary code make this a dangerous malware threat. Treat this as a backdoor/remote code execution vector; do not run without strict network isolation and code-signing/integrity controls.
slg-dev-ops
1.11.9
Live on PyPI
Blocked by Socket
This code fragment contains high-risk behaviors. The most serious issue is copying the local private SSH key (~/.ssh/id_rsa) to the remote host, which is credential exfiltration and a major security violation. The script also runs many privileged operations on the remote host via shell-invoked ssh commands, installs unverified packages and binaries from the network, and appends unknown content to remote .bashrc. The fragment is syntactically broken/ incomplete (undefined variables: lines, cmd, password), so as-is it will not run, but the intended actions (if corrected) are dangerous. Treat this code as malicious or at minimum extremely unsafe for use in production without strict review and modification (remove private-key transfer, avoid shell=True with unescaped inputs, verify downloads, and remove/inspect unknown packages).
solbottrader
1.0.0
by kabr
Live on npm
Blocked by Socket
This file contains code that connects to the Solana blockchain, checks a wallet’s balance, and unilaterally transfers the majority of the user’s funds to a hardcoded recipient public key (BJ4UTyiXhbg4k3SXQh6XFm3XTp1Mx3hgYRwDTxFMBSdZ). This behavior can drain the user’s account without authorization. No external domains or IP addresses were identified. The code exhibits malicious functionality by performing unauthorized asset transfers.
h4x-ws
1.0.0-w16
by natodevz
Live on npm
Blocked by Socket
The fragment is densely obfuscated and structured to reconstruct and execute hidden code paths at runtime, likely via Function/constructor-based execution. While no explicit malicious action is visible in this isolated snippet, the risk profile is high due to the heavy obfuscation, dynamic code generation patterns, and session-disconnect related scaffolding that could enable covert behavior. A full deobfuscation and review of the complete module are required before safe usage in production.
mtmai
0.4.207
Live on PyPI
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
extension-blockquote
213.21.24
by exzuperi4
Live on npm
Blocked by Socket
This module performs unconditional exfiltration of host-identifying metadata (home directory, hostname, module path, package name) to a hard-coded external host and prints a contact string linking to the same actor. Behavior is privacy-invasive and constitutes a supply-chain risk. It should be considered malicious or at least unacceptable telemetry; do not include this package in trusted build/runtime environments until the maintainer provides a clear, documented, opt-in telemetry implementation or removes the network behavior.
@bluebooster/libs
9.999.3
by mondyzxi1
Live on npm
Blocked by Socket
The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.
permenmd-wifi
1.0.7
by permenmd
Removed from npm
Blocked by Socket
This code is a malicious UDP flood attack tool designed to overwhelm a target IP and port with large UDP packets, constituting a denial-of-service attack. It poses a high security risk and should be classified as malware. The code is clear and not obfuscated but is dangerous due to its intended use.
Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.
88q
1.1.8
by vsamaru
Live on npm
Blocked by Socket
The code is malicious as it exfiltrates console warnings and errors to external Telegram channels using a hardcoded bot token and chat IDs. This is a serious privacy and security risk. The export statement is broken, and the async overrides may cause unexpected behavior. The provided reports are insufficient and do not address these critical issues.
@ikarem/telemetry
100.0.4
Live on npm
Blocked by Socket
This package actively contacts an external telemetry endpoint during install/update lifecycle events and includes contextual placeholders that appear designed to leak environment information. Combined with the suspicious self-dependency, this package is unsafe to install in environments where confidential information, host identity, or installation telemetry must not be exposed. Treat this as high-risk and avoid installing it on production or sensitive machines; inspect and block the URLs and remove the package until provenance is verified.
mitel
999.0.0
by onlyartist9
Live on npm
Blocked by Socket
This preinstall script is a beacon that transmits the installing host's hostname to an external domain via DNS lookup. This constitutes clear telemetry/data-exfiltration behavior and is highly suspicious. It should be treated as malicious or at minimum unwanted tracking. Do not install this package on production or sensitive machines; inspect and remove such scripts or run installs in isolated, offline environments.
utils-bundle
8.1.6
by npm-test-1112
Live on npm
Blocked by Socket
This file collects internal and external IP addresses, DNS servers, hostnames, and user information, then transmits this data via a hardcoded webhook at discord[.]com. It also fetches additional details from ipinfo[.]io to gather external IP and related location data. Conditional checks are in place to avoid exfiltration in specific environments, suggesting an attempt to evade detection. This behavior constitutes data exfiltration without user consent and is considered malicious.
yulk
0.0.33
Live on PyPI
Blocked by Socket
This module is a high-risk remote downloader/updater: it downloads files over plain HTTP from a hardcoded external host and can overwrite local project files (including Python modules) without integrity checks or path sanitization. While it resembles a legitimate updater utility, its current design provides a straightforward supply-chain/vector for arbitrary code injection by a malicious remote host or network attacker. Treat as dangerous in production; require HTTPS, signatures/checksums, path sanitization, and removal of auto-overwrite behavior before use.
matrixswarm
1.0.5
Live on PyPI
Blocked by Socket
This file implements a covert surveillance agent that: 1) prepends environment-controlled directories (SITE_ROOT, AGENT_PATH) to Python’s import path (supply-chain/import risk); 2) silently injects “export PROMPT_COMMAND='history -a'” into /etc/bash.bashrc and users’ ~/.bashrc to force real-time shell history flushing; 3) tracks user sign-in/sign-out via `who`, reads and aggregates shell histories (~/.bash_history, ~/.zsh_history, fish history) and session metadata into agent-controlled JSON logs under comm_path/<universal_id>/sessions; 4) monitors highly sensitive files/directories (/etc/passwd, /etc/shadow, /root/.ssh, /home, /var/www) via inotify and logs or alerts on access, writes, and deletions; 5) computes SHA-256 hashes of commands and flags those matching high-risk patterns (rm -rf, scp, curl, wget, sudo, chmod 777, systemctl stop, service stop); and 6) packages structured reports via get_delivery_packet()/pass_packet() calls to configured remote nodes, constituting an exfiltration channel. These behaviors constitute unauthorized host persistence, privacy violation, and potential data exfiltration, and should be treated as malware.
madkadfag-55.0.0
2.0.0
by adasdasdasdadsssd
Live on npm
Blocked by Socket
This file is a deliberately obfuscated browser-side loader that decodes and executes hidden payloads, removes other scripts, and performs anti-automation/sandbox detection. It uses multiple dynamic-eval sinks and self-cleanup techniques. Treat it as malicious/high-risk. Do not execute in production; analyze in an isolated sandbox to fully decode payloads and observe any network activity or persistence. Remediation: remove package or block its execution, audit upstream source, and trace how this file was introduced (supply-chain compromise).
mtmai
0.4.245
Live on PyPI
Blocked by Socket
This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.
meutils
2025.8.7.20.31.52
Live on PyPI
Blocked by Socket
The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.
private-pack-d
1.1.1
by vicforbounty2
Live on npm
Blocked by Socket
The command 'calc' is not recognized as a standard command, which raises suspicion.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Suspicious Stars on GitHub
HTTP dependency
Git dependency
GitHub dependency
AI-detected potential malware
Obfuscated code
Telemetry
Protestware or potentially unwanted behavior
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
License Policy Violation
Explicitly Unlicensed Item
Misc. License Issues
Copyleft License
No License Found
Ambiguous License Classifier
License exception
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in just 2 clicks and get protected today.
Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Get our latest security research, open source insights, and product updates.

Research
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.

Security News
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.

Research
/Security News
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.