
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
Quickly evaluate the security and health of any open source package.
achilles
0.0.168
Live on PyPI
Blocked by Socket
This code provides a remote-execution agent: it deserializes cloudpickled objects from the network and executes a received callable via multiprocessing.Pool.map, and it exfiltrates host metadata. Without authentication, integrity protection, or transport encryption, this pattern is a high-severity security risk and effectively provides remote code execution/backdoor capabilities. Treat the code as dangerous unless used only in fully trusted, isolated environments with additional external protections.
@spider-mesh/core
1.0.23
by duongvanba
Live on npm
Blocked by Socket
The code appears to be a legitimate part of the SpiderMesh library, but it has potential security risks and unusual patterns that should be further reviewed and analyzed.
mtxp
0.0.91
Live on PyPI
Blocked by Socket
This settings module contains multiple insecure configurations and several hardcoded secrets and keys that create a substantial supply‑chain and operational security risk if this repository is public or shared. There is no direct evidence of active malware in the code fragment itself, but the committed secrets and permissive production flags (DEBUG, ALLOWED_HOSTS, CORS allow all) materially increase risk of compromise and misuse. Treat this as high security risk: remove secrets from source control, rotate exposed credentials, tighten hosts/CORS/DEBUG, and audit dependent apps and configured endpoints.
doughnuts
3.5.2
Live on PyPI
Blocked by Socket
This module functions as an active webshell probe/exploitation helper: it reads target entries from 'webshell.log', crafts a known-output payload ('print(md5(1));'), optionally applies configurable encoders, and sends the payload to remote URLs to detect execution. The behavior is consistent with offensive tooling that can verify and interact with webshell backdoors. Treat as high-risk if present in general-purpose packages; acceptable only in controlled, authorized security testing contexts.
@netoaxi/nexicube-cli
1.0.0
by netoaxi
Live on npm
Blocked by Socket
The analyzed code is highly suspicious and likely malicious. It exfiltrates configuration or system data to an external server, uses cryptographic operations to conceal data, writes files locally with encrypted content, and terminates the process abruptly. The heavy obfuscation is intended to evade detection and analysis. This code poses a high security risk and should be treated as malware or a backdoor. Usage of this package or code should be avoided.
lazylognet
1.0.7
by RyzeYang
Live on NuGet
Blocked by Socket
This assembly contains a highly obfuscated module that performs embedded-payload decryption, native memory allocation, direct process memory writes (including /proc/self/mem), CLR/JIT runtime pointer patching, and execution of unpacked code. Those behaviors are consistent with a loader/backdoor and are not appropriate for a logging library. I assess this as malicious and a high supply-chain risk — the package should not be used and existing installations should be considered compromised until fully audited.
yandex-logger-std
1.3.37
by act1on3-test
Removed from npm
Blocked by Socket
This script is using the 'curl' command to send data to a remote server. The data being sent includes the hostname, username, and password. This behavior is considered suspicious and potentially malicious as it could be used to exfiltrate sensitive information from the system.
Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.
doe
1.1.43
Live on crates.io
Blocked by Socket
This module implements system-wide keyboard capture (on Windows via a low-level hook) and persists keystrokes to local files, then forwards them to callbacks — behavior that constitutes a local keylogger. It also provides APIs to synthesize key events across platforms. There is no network exfiltration in the provided code, but the local logging of keystrokes and the global capture capability are high-risk and can be abused to steal sensitive input (passwords, tokens) if used maliciously or without explicit user consent. Reviewers should treat this package as potentially dangerous; ensure the 'keyboard' feature is only enabled intentionally, audit who receives callbacks, and remove/disable file logging if not strictly required.
snow-flow
8.4.12
by groeimetai
Live on npm
Blocked by Socket
This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.
passagemath-msolve
10.5.19
Live on PyPI
Blocked by Socket
This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.
pyforce01
1.0.3
Live on PyPI
Blocked by Socket
This file implements a focused brute-force credential-guessing tool targeting destiny.district833.org for a supplied username. It uses keyboard emulation + Selenium to automate login attempts, persists tried passwords locally, and is configured to auto-run with a specific username and driver path. The code is weaponized for unauthorized access and poses a high security risk. It should be treated as malicious and removed from any supply chain; systems containing it should be investigated for compromise and sensitive persisted files (trynots.dat) considered exposed.
akenoai
1.6.8
Live on PyPI
Blocked by Socket
This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.
com.meta.xr.sdk.avatars
25.0.0
by jpdhackerone03
Removed from npm
Blocked by Socket
The source code exhibits behavior consistent with data exfiltration malware. It collects sensitive system information and sends it to external endpoints without user consent, posing a significant security risk.
Live on npm for 36 days, 11 hours and 43 minutes before removal. Socket users were protected even while the package was live.
agentmake
0.0.72
Live on PyPI
Blocked by Socket
This module intentionally executes refined user-supplied Python code using exec(), creating a high potential for arbitrary code execution and data exposure. The most critical risks: (1) executing attacker-controlled code via magic(code,...), (2) reliance on an external fineTunePythonCode() whose behavior is opaque and could introduce malicious code, and (3) lack of sandboxing, validation, and safeguards. Recommend: do not run this in production or anywhere with sensitive data; if needed, restrict inputs, replace exec with a safe execution environment (restricted interpreter, container, or subprocess with capability limits), add allowlisting/AST validation, and audit the fineTunePythonCode implementation.
rgwml
0.0.211
Live on PyPI
Blocked by Socket
This module contains explicit data-exfiltration behavior: it loads Telegram bot credentials from a config file in user directories and posts sensitive data (including user auth tokens and error messages) to that Telegram bot. That is a clear and high-risk privacy/security violation. The code also has poor error handling that can amplify leaks and contains multiple bugs and inconsistent variable scope. Treat this package as malicious/untrusted and do not use it in production; remove it and rotate any possibly exposed tokens.
func-logger
1.3.1
by ibrahim00123
Live on npm
Blocked by Socket
Code exhibits suspicious behavior through detached process spawning and dynamic code execution via eval(). The spawned process runs independently and could persist after parent exits. While the eval'd code appears benign (just logging), the overall pattern suggests potential malicious intent or poor security practices.
producer-journey
1.0.3
by darkvenomanonymous
Removed from npm
Blocked by Socket
The code exhibits potentially malicious behavior by sending sensitive tracking data to an external server without clear user consent. It poses a security risk due to data leakage and potential privacy violations.
Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.
github.com/milvus-io/milvus
v0.10.3-0.20211001123136-05ad242bc0b4
Live on Go Modules
Blocked by Socket
This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.
vger
0.0.5
Live on PyPI
Blocked by Socket
This module implements explicit offensive capabilities against Jupyter notebook sessions: code injection (remote code execution), backdoor installation (starting a Jupyter server bound to 0.0.0.0 with provided token), shell command execution, snooping on kernel activity, file upload/deletion, and discovery/exfiltration of model files. It should be considered malicious/offensive by design and poses a high security risk if present in environments where it can be executed. Use only in controlled, authorized testing environments. If found in a dependency unexpectedly, treat as compromised/malicious and remove or further investigate the upstream source.
grpc-web-devtools
0.1.0
by anshjha
Removed from npm
Blocked by Socket
The code collects and sends tracking data to an external server without user consent, which could be considered a privacy violation. The code also poses a risk of supply chain attacks, as the external server could be controlled by an attacker to distribute malicious code. The code sanitizes the data to prevent injection attacks. Overall, the code poses a moderate security risk.
Live on npm for 2 hours and 33 minutes before removal. Socket users were protected even while the package was live.
microviewsharedwidgets
1.0.0
by baby123
Removed from npm
Blocked by Socket
The code is malicious, performing covert data exfiltration of sensitive system and package information to an attacker-controlled server. It poses a high security risk and should be removed from any software supply chain or dependency list. The code is not obfuscated but is clearly designed to steal data without user knowledge.
Live on npm for 3 days, 9 hours and 22 minutes before removal. Socket users were protected even while the package was live.
roboidai
1.1.17
Live on PyPI
Blocked by Socket
This file is intentionally obfuscated and assembles/executes a hidden base64 payload at runtime (rot13 + base64 + eval/compile/exec). That behavior is strongly indicative of malicious or at-minimum highly suspicious behavior in a package. Do not import or run this module in a production environment. Decode and fully inspect the assembled payload in a safe sandbox before any use.
solana-pump-test
2.5.3
Live on npm
Blocked by Socket
This module is a credential/config harvesting tool: it recursively scans host files for likely secrets, filters candidates using filename and regex heuristics, and exfiltrates matched files to a remote HTTP server using worker threads. The use of heavy obfuscation and dynamic eval for workers, combined with explicit secret-detection regexes and network exfiltration, classifies it as malicious. Remove and treat as a supply-chain backdoor; assume compromise of secrets accessed by the agent and rotate credentials where appropriate.
@everymatrix/casino-tournaments-limited-controller
0.0.333
by raul.vasile
Live on npm
Blocked by Socket
This code contains a clear malicious/unauthorized insertion: within the EventSource polyfill there is a timed callback that, for clients whose timezone matches a hard-coded list, displays a political message using alert() and opens an external change.org URL. This is unrelated to the library's purpose, constitutes supply-chain sabotage/defacement targeting specific locales, and should be considered malicious. Remove or replace the package and audit upstream sources. The rest of the bundle appears to be legitimate application and polyfill code.
achilles
0.0.168
Live on PyPI
Blocked by Socket
This code provides a remote-execution agent: it deserializes cloudpickled objects from the network and executes a received callable via multiprocessing.Pool.map, and it exfiltrates host metadata. Without authentication, integrity protection, or transport encryption, this pattern is a high-severity security risk and effectively provides remote code execution/backdoor capabilities. Treat the code as dangerous unless used only in fully trusted, isolated environments with additional external protections.
@spider-mesh/core
1.0.23
by duongvanba
Live on npm
Blocked by Socket
The code appears to be a legitimate part of the SpiderMesh library, but it has potential security risks and unusual patterns that should be further reviewed and analyzed.
mtxp
0.0.91
Live on PyPI
Blocked by Socket
This settings module contains multiple insecure configurations and several hardcoded secrets and keys that create a substantial supply‑chain and operational security risk if this repository is public or shared. There is no direct evidence of active malware in the code fragment itself, but the committed secrets and permissive production flags (DEBUG, ALLOWED_HOSTS, CORS allow all) materially increase risk of compromise and misuse. Treat this as high security risk: remove secrets from source control, rotate exposed credentials, tighten hosts/CORS/DEBUG, and audit dependent apps and configured endpoints.
doughnuts
3.5.2
Live on PyPI
Blocked by Socket
This module functions as an active webshell probe/exploitation helper: it reads target entries from 'webshell.log', crafts a known-output payload ('print(md5(1));'), optionally applies configurable encoders, and sends the payload to remote URLs to detect execution. The behavior is consistent with offensive tooling that can verify and interact with webshell backdoors. Treat as high-risk if present in general-purpose packages; acceptable only in controlled, authorized security testing contexts.
@netoaxi/nexicube-cli
1.0.0
by netoaxi
Live on npm
Blocked by Socket
The analyzed code is highly suspicious and likely malicious. It exfiltrates configuration or system data to an external server, uses cryptographic operations to conceal data, writes files locally with encrypted content, and terminates the process abruptly. The heavy obfuscation is intended to evade detection and analysis. This code poses a high security risk and should be treated as malware or a backdoor. Usage of this package or code should be avoided.
lazylognet
1.0.7
by RyzeYang
Live on NuGet
Blocked by Socket
This assembly contains a highly obfuscated module that performs embedded-payload decryption, native memory allocation, direct process memory writes (including /proc/self/mem), CLR/JIT runtime pointer patching, and execution of unpacked code. Those behaviors are consistent with a loader/backdoor and are not appropriate for a logging library. I assess this as malicious and a high supply-chain risk — the package should not be used and existing installations should be considered compromised until fully audited.
yandex-logger-std
1.3.37
by act1on3-test
Removed from npm
Blocked by Socket
This script is using the 'curl' command to send data to a remote server. The data being sent includes the hostname, username, and password. This behavior is considered suspicious and potentially malicious as it could be used to exfiltrate sensitive information from the system.
Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.
doe
1.1.43
Live on crates.io
Blocked by Socket
This module implements system-wide keyboard capture (on Windows via a low-level hook) and persists keystrokes to local files, then forwards them to callbacks — behavior that constitutes a local keylogger. It also provides APIs to synthesize key events across platforms. There is no network exfiltration in the provided code, but the local logging of keystrokes and the global capture capability are high-risk and can be abused to steal sensitive input (passwords, tokens) if used maliciously or without explicit user consent. Reviewers should treat this package as potentially dangerous; ensure the 'keyboard' feature is only enabled intentionally, audit who receives callbacks, and remove/disable file logging if not strictly required.
snow-flow
8.4.12
by groeimetai
Live on npm
Blocked by Socket
This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.
passagemath-msolve
10.5.19
Live on PyPI
Blocked by Socket
This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.
pyforce01
1.0.3
Live on PyPI
Blocked by Socket
This file implements a focused brute-force credential-guessing tool targeting destiny.district833.org for a supplied username. It uses keyboard emulation + Selenium to automate login attempts, persists tried passwords locally, and is configured to auto-run with a specific username and driver path. The code is weaponized for unauthorized access and poses a high security risk. It should be treated as malicious and removed from any supply chain; systems containing it should be investigated for compromise and sensitive persisted files (trynots.dat) considered exposed.
akenoai
1.6.8
Live on PyPI
Blocked by Socket
This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.
com.meta.xr.sdk.avatars
25.0.0
by jpdhackerone03
Removed from npm
Blocked by Socket
The source code exhibits behavior consistent with data exfiltration malware. It collects sensitive system information and sends it to external endpoints without user consent, posing a significant security risk.
Live on npm for 36 days, 11 hours and 43 minutes before removal. Socket users were protected even while the package was live.
agentmake
0.0.72
Live on PyPI
Blocked by Socket
This module intentionally executes refined user-supplied Python code using exec(), creating a high potential for arbitrary code execution and data exposure. The most critical risks: (1) executing attacker-controlled code via magic(code,...), (2) reliance on an external fineTunePythonCode() whose behavior is opaque and could introduce malicious code, and (3) lack of sandboxing, validation, and safeguards. Recommend: do not run this in production or anywhere with sensitive data; if needed, restrict inputs, replace exec with a safe execution environment (restricted interpreter, container, or subprocess with capability limits), add allowlisting/AST validation, and audit the fineTunePythonCode implementation.
rgwml
0.0.211
Live on PyPI
Blocked by Socket
This module contains explicit data-exfiltration behavior: it loads Telegram bot credentials from a config file in user directories and posts sensitive data (including user auth tokens and error messages) to that Telegram bot. That is a clear and high-risk privacy/security violation. The code also has poor error handling that can amplify leaks and contains multiple bugs and inconsistent variable scope. Treat this package as malicious/untrusted and do not use it in production; remove it and rotate any possibly exposed tokens.
func-logger
1.3.1
by ibrahim00123
Live on npm
Blocked by Socket
Code exhibits suspicious behavior through detached process spawning and dynamic code execution via eval(). The spawned process runs independently and could persist after parent exits. While the eval'd code appears benign (just logging), the overall pattern suggests potential malicious intent or poor security practices.
producer-journey
1.0.3
by darkvenomanonymous
Removed from npm
Blocked by Socket
The code exhibits potentially malicious behavior by sending sensitive tracking data to an external server without clear user consent. It poses a security risk due to data leakage and potential privacy violations.
Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.
github.com/milvus-io/milvus
v0.10.3-0.20211001123136-05ad242bc0b4
Live on Go Modules
Blocked by Socket
This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.
vger
0.0.5
Live on PyPI
Blocked by Socket
This module implements explicit offensive capabilities against Jupyter notebook sessions: code injection (remote code execution), backdoor installation (starting a Jupyter server bound to 0.0.0.0 with provided token), shell command execution, snooping on kernel activity, file upload/deletion, and discovery/exfiltration of model files. It should be considered malicious/offensive by design and poses a high security risk if present in environments where it can be executed. Use only in controlled, authorized testing environments. If found in a dependency unexpectedly, treat as compromised/malicious and remove or further investigate the upstream source.
grpc-web-devtools
0.1.0
by anshjha
Removed from npm
Blocked by Socket
The code collects and sends tracking data to an external server without user consent, which could be considered a privacy violation. The code also poses a risk of supply chain attacks, as the external server could be controlled by an attacker to distribute malicious code. The code sanitizes the data to prevent injection attacks. Overall, the code poses a moderate security risk.
Live on npm for 2 hours and 33 minutes before removal. Socket users were protected even while the package was live.
microviewsharedwidgets
1.0.0
by baby123
Removed from npm
Blocked by Socket
The code is malicious, performing covert data exfiltration of sensitive system and package information to an attacker-controlled server. It poses a high security risk and should be removed from any software supply chain or dependency list. The code is not obfuscated but is clearly designed to steal data without user knowledge.
Live on npm for 3 days, 9 hours and 22 minutes before removal. Socket users were protected even while the package was live.
roboidai
1.1.17
Live on PyPI
Blocked by Socket
This file is intentionally obfuscated and assembles/executes a hidden base64 payload at runtime (rot13 + base64 + eval/compile/exec). That behavior is strongly indicative of malicious or at-minimum highly suspicious behavior in a package. Do not import or run this module in a production environment. Decode and fully inspect the assembled payload in a safe sandbox before any use.
solana-pump-test
2.5.3
Live on npm
Blocked by Socket
This module is a credential/config harvesting tool: it recursively scans host files for likely secrets, filters candidates using filename and regex heuristics, and exfiltrates matched files to a remote HTTP server using worker threads. The use of heavy obfuscation and dynamic eval for workers, combined with explicit secret-detection regexes and network exfiltration, classifies it as malicious. Remove and treat as a supply-chain backdoor; assume compromise of secrets accessed by the agent and rotate credentials where appropriate.
@everymatrix/casino-tournaments-limited-controller
0.0.333
by raul.vasile
Live on npm
Blocked by Socket
This code contains a clear malicious/unauthorized insertion: within the EventSource polyfill there is a timed callback that, for clients whose timezone matches a hard-coded list, displays a political message using alert() and opens an external change.org URL. This is unrelated to the library's purpose, constitutes supply-chain sabotage/defacement targeting specific locales, and should be considered malicious. Remove or replace the package and audit upstream sources. The rest of the bundle appears to be legitimate application and polyfill code.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Suspicious Stars on GitHub
HTTP dependency
Git dependency
GitHub dependency
AI-detected potential malware
Obfuscated code
Telemetry
Protestware or potentially unwanted behavior
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
License Policy Violation
Explicitly Unlicensed Item
Misc. License Issues
Copyleft License
No License Found
Ambiguous License Classifier
License exception
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in just 2 clicks and get protected today.
Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Get our latest security research, open source insights, and product updates.

Security News
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.

Security News
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.

Security News
The planned feature introduces a review step before releases go live, following the Shai-Hulud attacks and a rocky migration off classic tokens that disrupted maintainer workflows.