
Product
Introducing Reachability for PHP
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
bonfire/recent-activity
4229534b62ffd7395622f9607fa9fc6fe731f333
Live on actions
Blocked by Socket
This module transmits both caller-supplied parameters and the entire process.env to a hard-coded external endpoint, resulting in high-risk exfiltration of secrets and sensitive runtime data. It also logs remote responses/errors to stdout and will execute a caller-supplied callback. Absent clear, documented, and explicit consent plus strict allowlisting/redaction of environment keys, this behavior should be treated as malicious or at minimum unacceptable telemetry for most projects. Immediate remediation: remove sending process.env; replace with an explicit allowlist of non-sensitive fields, make destination configurable and documented, avoid executing untrusted callbacks, and add size/timeout/error handling.
mtxcli
0.0.86
Live on pypi
Blocked by Socket
The provided code fragment contains high-risk, likely malicious behaviors: execution of shell commands including destructive rm -rdf, cloning, and creating a web-accessible PHP file that includes phpinfo() and an eval-based backdoor driven by an environment variable. The code is malformed/truncated and shows signs of tampering or obfuscation. Treat this module/package as suspicious: do not deploy it to production, audit the full repository history, and remove or replace any files that write web-accessible PHP with eval or phpinfo().
typescript-error-reporter-action
999.0.2
by cosliyu
Removed from npm
Blocked by Socket
The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk and aligns with malicious activity patterns.
Live on npm for 14 days, 21 hours and 4 minutes before removal. Socket users were protected even while the package was live.
ogo-utils
0.1.6
Live on pypi
Blocked by Socket
This script is a clear, simple file-encryption tool that encrypts and then deletes original files across a directory tree. Its behavior matches common ransomware patterns (encrypt-in-place, delete originals, no recovery mechanism). The code itself is not obfuscated and contains no network exfiltration, but it is highly destructive if executed. Treat this as malicious or high-risk code; do not run on systems with valuable data. If discovered in a dependency, consider it a severe supply-chain incident and remove or quarantine the package, and investigate where it was introduced.
unicorn-lotus-mxj449
1.0.0
by afifaljafari112
Removed from npm
Blocked by Socket
The provided code imports multiple modules with unusual names and executes a function from each. The names and function calls are unconventional, and the modules' behaviors are not visible from this snippet, which raises suspicion but does not directly indicate malicious behavior.
Live on npm for 57 days and 21 minutes before removal. Socket users were protected even while the package was live.
agent-messenger
2.3.0
by devxoul
Live on npm
Blocked by Socket
This module is a highly capable local credential/session harvesting component. It enumerates browser profiles, copies and queries sensitive cookie databases, decrypts Instagram authentication cookies using OS key material (DPAPI and Keychain) or platform derivation, validates the decrypted session tokens, and returns them for downstream use. Even without visible exfiltration in the snippet, its end-to-end functionality strongly aligns with stealer/account-takeover tooling. Supply-chain consumers should treat it as high risk and investigate usage and caller context before allowing installation.
ec-cube2/ec-cube2
2.13.5.x-dev
Live on composer
Blocked by Socket
The fragment is a suspicious, self-contained destructive shell snippet that deletes php.ini files under an html directory via a command substitution pattern. This constitutes potential sabotage or supply-chain risk if introduced into a build or deployment script. It demonstrates obfuscated-like behavior and a malicious pattern (file deletion without confirmation). Mitigation should treat it as a high-risk artifact requiring removal or strict access controls and logging.
imagecomponents.aspforms.imaging
4.0.1.1
by Image Components
Live on nuget
Blocked by Socket
The analyzed code fragment demonstrates strong indicators of obfuscation and weaponization potential, including dynamic code loading, native interop for memory manipulation, and embedded encrypted payloads. While a definitive malicious payload is not evident in this excerpt, the combination of techniques is characteristic of loaders/backdoors and poses substantial supply-chain risk. Thorough offline, isolated analysis and remediation are required; consider replacing with a clearly documented, open-source alternative or applying strict build-time and runtime checks to prevent hidden payload execution.
wix-perf-measure
2.999.999
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.
monolith-twirp-elm-actions
1.5.0
by Nick Quaranto
Live on rubygems
Blocked by Socket
This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.
nolimit-x
1.0.101
by nolimitaworkspace
Live on npm
Blocked by Socket
This module appears to be malicious (or at least an offensive attack tool) rather than a benign dependency. It forges DKIM signatures (including weak/deprecated RSA-SHA1), orchestrates direct/replay/hybrid attack flows, reads private key material, and performs/assists replay-attack setup. It also includes HTML smuggling behavior and uses heavy runtime string obfuscation, which is a strong concealment indicator. Overall: likely sabotage/attack capability centered on email authentication bypass.
github.com/sourcegraph/sourcegraph
v0.0.0-20210115203426-c0c69fb07433
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
whaileyss
6.12.48
by borutowaileyssss
Live on npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
@azure-tests/perf-ai-text-analytics
99.10.9
Removed from npm
Blocked by Socket
The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.
Live on npm for 7 hours and 33 minutes before removal. Socket users were protected even while the package was live.
checkmate5
4.1.0.dev33
Removed from pypi
Blocked by Socket
Functionally, this module implements expected dill-based module dump/load helpers. The dominant security risk is the inherent unsafety of unpickling untrusted data: Unpickler.load and find_class can execute arbitrary code and imports. The module additionally mutates sys.modules during load which may be useful functionally but increases the attack surface for crafted pickles. There are no direct signs of malware, remote exfiltration, or hard-coded credentials. However a clear functional anomaly ('del nam') will raise NameError at import and should be corrected. Treat any pickle loaded with these functions as completely untrusted; only load pickles from trusted sources, or use safer serialization formats.
Live on pypi for 5 hours and 36 minutes before removal. Socket users were protected even while the package was live.
n8n-nodes-zalo-crm-test
0.6.0
by chuloi
Live on npm
Blocked by Socket
This code contains a likely malicious or at least highly suspicious data-exfiltration behavior: when a Zalo login yields credential data, the code attempts to create credentials on an n8n API (using an n8n API key obtained from this.getCredentials), and then sends the created credential ID along with the n8n API key and user_id to two hardcoded external domains (apizalov2.salesdy.com and apizalov3.salesdy.com). This transmits sensitive secrets (n8n API key and credential identifiers) to third parties without user consent. Combined with verbose logging of sensitive data, this constitutes credential harvesting/exfiltration and should be treated as malicious. I recommend not using this package, auditing for similar occurrences, and rotating any exposed API keys.
dana
0.6.0.2.post1
Live on pypi
Blocked by Socket
This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.
ui-common-components-angular
1.1.1
by raytheon1337
Removed from npm
Blocked by Socket
This script is attempting to exfiltrate sensitive data (contents of /etc/passwd) to a remote server. This behavior is highly suspicious and poses a significant security risk.
Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.
worki
1.0.0
by h0x1-test
Removed from npm
Blocked by Socket
The module actively exfiltrates environment variables to a specific remote DNS resolver by encoding Brotli-compressed JSON of selected environment variables into DNS query hostnames. The hard-coded, octal-encoded resolver address and empty callbacks indicate deliberate covert behavior. This constitutes a high-risk supply-chain backdoor and should be treated as malicious: remove the module, block the destination IP, and rotate any potentially exposed secrets from affected environments.
Live on npm for 3 days, 4 hours and 2 minutes before removal. Socket users were protected even while the package was live.
354766/popmechanic/vibes-cli/sell/
4b9471abd9b6bc29648b4ec048488b626758cf15
Live on socket
Blocked by Socket
[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The 2 reports cohere into a plausible, policy-aligned workflow for SaaS assembly with Clerk authentication and Cloudflare deployment. However, the process introduces elevated secret-handling risk due to credential collection, embedding into deployment artifacts, and reliance on external scripts. Treat as SUSPICIOUS-to-BENIGN: secure secret management and strict access controls are required, with confirmable watchdogs (logs, secret-scoping, least-privilege deployment) before production use. LLM verification: The SKILL.md is functionally aligned with its stated purpose (transforming a Vibes app into a multi-tenant SaaS). However, it requires collecting sensitive Clerk credentials and instructs users to run bundled assembly/deploy scripts (assemble-sell.js, deploy-cloudflare.js, resolve-workers-url.js) located under a plugin root. Because those scripts are not provided for inspection, there is a non-trivial supply-chain risk: if the scripts are malicious or compromised they could exfiltrate credential
ezs
8.0.2
by touv
Live on npm
Blocked by Socket
This module is structurally high-risk because it implements a client-controlled “command and environment” protocol over HTTP headers and uses those values to build a dynamic processing/execution pipeline (ezs.pipeline(commands, environment)) without any authentication or allowlisting within the module. While the exact maliciousness depends on how ezs.pipeline/Parameter functions interpret commands, the control/data flow strongly matches remote orchestration/backdoor/RCE-like patterns. Additionally, it reflects encoded error text back to the client via X-Error, increasing information leakage risk.
raikia/fiercephish
dev-dev
Live on composer
Blocked by Socket
The composer.json is a manifest for a Laravel project explicitly labeled as a phishing framework. While the file itself contains no encoded payloads or hardcoded secrets, it enables risky behaviors: auto-creating .env and running Laravel artisan commands during install, which will execute application code. Combined with the explicit malicious intent in the package description, this makes the package high risk. Do not install or run this package in trusted or production environments. If analysis or use is required, review all application source code offline in an isolated sandbox before executing any composer scripts, and avoid running composer lifecycle scripts that execute PHP code on install.
akenoai
1.5.6
Live on pypi
Blocked by Socket
This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.
coupa-common-js
1.774.365
by h1_coupa
Removed from npm
Blocked by Socket
The code is clearly malicious as it exfiltrates environment variables to an external server ('pipedream.net'). The heavy obfuscation further indicates an attempt to hide this behavior. This poses a significant security risk.
Live on npm for 1 hour and 58 minutes before removal. Socket users were protected even while the package was live.
neoagent
2.1.18-beta.83
by neo_original_
Live on npm
Blocked by Socket
Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.
bonfire/recent-activity
4229534b62ffd7395622f9607fa9fc6fe731f333
Live on actions
Blocked by Socket
This module transmits both caller-supplied parameters and the entire process.env to a hard-coded external endpoint, resulting in high-risk exfiltration of secrets and sensitive runtime data. It also logs remote responses/errors to stdout and will execute a caller-supplied callback. Absent clear, documented, and explicit consent plus strict allowlisting/redaction of environment keys, this behavior should be treated as malicious or at minimum unacceptable telemetry for most projects. Immediate remediation: remove sending process.env; replace with an explicit allowlist of non-sensitive fields, make destination configurable and documented, avoid executing untrusted callbacks, and add size/timeout/error handling.
mtxcli
0.0.86
Live on pypi
Blocked by Socket
The provided code fragment contains high-risk, likely malicious behaviors: execution of shell commands including destructive rm -rdf, cloning, and creating a web-accessible PHP file that includes phpinfo() and an eval-based backdoor driven by an environment variable. The code is malformed/truncated and shows signs of tampering or obfuscation. Treat this module/package as suspicious: do not deploy it to production, audit the full repository history, and remove or replace any files that write web-accessible PHP with eval or phpinfo().
typescript-error-reporter-action
999.0.2
by cosliyu
Removed from npm
Blocked by Socket
The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk and aligns with malicious activity patterns.
Live on npm for 14 days, 21 hours and 4 minutes before removal. Socket users were protected even while the package was live.
ogo-utils
0.1.6
Live on pypi
Blocked by Socket
This script is a clear, simple file-encryption tool that encrypts and then deletes original files across a directory tree. Its behavior matches common ransomware patterns (encrypt-in-place, delete originals, no recovery mechanism). The code itself is not obfuscated and contains no network exfiltration, but it is highly destructive if executed. Treat this as malicious or high-risk code; do not run on systems with valuable data. If discovered in a dependency, consider it a severe supply-chain incident and remove or quarantine the package, and investigate where it was introduced.
unicorn-lotus-mxj449
1.0.0
by afifaljafari112
Removed from npm
Blocked by Socket
The provided code imports multiple modules with unusual names and executes a function from each. The names and function calls are unconventional, and the modules' behaviors are not visible from this snippet, which raises suspicion but does not directly indicate malicious behavior.
Live on npm for 57 days and 21 minutes before removal. Socket users were protected even while the package was live.
agent-messenger
2.3.0
by devxoul
Live on npm
Blocked by Socket
This module is a highly capable local credential/session harvesting component. It enumerates browser profiles, copies and queries sensitive cookie databases, decrypts Instagram authentication cookies using OS key material (DPAPI and Keychain) or platform derivation, validates the decrypted session tokens, and returns them for downstream use. Even without visible exfiltration in the snippet, its end-to-end functionality strongly aligns with stealer/account-takeover tooling. Supply-chain consumers should treat it as high risk and investigate usage and caller context before allowing installation.
ec-cube2/ec-cube2
2.13.5.x-dev
Live on composer
Blocked by Socket
The fragment is a suspicious, self-contained destructive shell snippet that deletes php.ini files under an html directory via a command substitution pattern. This constitutes potential sabotage or supply-chain risk if introduced into a build or deployment script. It demonstrates obfuscated-like behavior and a malicious pattern (file deletion without confirmation). Mitigation should treat it as a high-risk artifact requiring removal or strict access controls and logging.
imagecomponents.aspforms.imaging
4.0.1.1
by Image Components
Live on nuget
Blocked by Socket
The analyzed code fragment demonstrates strong indicators of obfuscation and weaponization potential, including dynamic code loading, native interop for memory manipulation, and embedded encrypted payloads. While a definitive malicious payload is not evident in this excerpt, the combination of techniques is characteristic of loaders/backdoors and poses substantial supply-chain risk. Thorough offline, isolated analysis and remediation are required; consider replacing with a clearly documented, open-source alternative or applying strict build-time and runtime checks to prevent hidden payload execution.
wix-perf-measure
2.999.999
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.
monolith-twirp-elm-actions
1.5.0
by Nick Quaranto
Live on rubygems
Blocked by Socket
This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.
nolimit-x
1.0.101
by nolimitaworkspace
Live on npm
Blocked by Socket
This module appears to be malicious (or at least an offensive attack tool) rather than a benign dependency. It forges DKIM signatures (including weak/deprecated RSA-SHA1), orchestrates direct/replay/hybrid attack flows, reads private key material, and performs/assists replay-attack setup. It also includes HTML smuggling behavior and uses heavy runtime string obfuscation, which is a strong concealment indicator. Overall: likely sabotage/attack capability centered on email authentication bypass.
github.com/sourcegraph/sourcegraph
v0.0.0-20210115203426-c0c69fb07433
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
whaileyss
6.12.48
by borutowaileyssss
Live on npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
@azure-tests/perf-ai-text-analytics
99.10.9
Removed from npm
Blocked by Socket
The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.
Live on npm for 7 hours and 33 minutes before removal. Socket users were protected even while the package was live.
checkmate5
4.1.0.dev33
Removed from pypi
Blocked by Socket
Functionally, this module implements expected dill-based module dump/load helpers. The dominant security risk is the inherent unsafety of unpickling untrusted data: Unpickler.load and find_class can execute arbitrary code and imports. The module additionally mutates sys.modules during load which may be useful functionally but increases the attack surface for crafted pickles. There are no direct signs of malware, remote exfiltration, or hard-coded credentials. However a clear functional anomaly ('del nam') will raise NameError at import and should be corrected. Treat any pickle loaded with these functions as completely untrusted; only load pickles from trusted sources, or use safer serialization formats.
Live on pypi for 5 hours and 36 minutes before removal. Socket users were protected even while the package was live.
n8n-nodes-zalo-crm-test
0.6.0
by chuloi
Live on npm
Blocked by Socket
This code contains a likely malicious or at least highly suspicious data-exfiltration behavior: when a Zalo login yields credential data, the code attempts to create credentials on an n8n API (using an n8n API key obtained from this.getCredentials), and then sends the created credential ID along with the n8n API key and user_id to two hardcoded external domains (apizalov2.salesdy.com and apizalov3.salesdy.com). This transmits sensitive secrets (n8n API key and credential identifiers) to third parties without user consent. Combined with verbose logging of sensitive data, this constitutes credential harvesting/exfiltration and should be treated as malicious. I recommend not using this package, auditing for similar occurrences, and rotating any exposed API keys.
dana
0.6.0.2.post1
Live on pypi
Blocked by Socket
This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.
ui-common-components-angular
1.1.1
by raytheon1337
Removed from npm
Blocked by Socket
This script is attempting to exfiltrate sensitive data (contents of /etc/passwd) to a remote server. This behavior is highly suspicious and poses a significant security risk.
Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.
worki
1.0.0
by h0x1-test
Removed from npm
Blocked by Socket
The module actively exfiltrates environment variables to a specific remote DNS resolver by encoding Brotli-compressed JSON of selected environment variables into DNS query hostnames. The hard-coded, octal-encoded resolver address and empty callbacks indicate deliberate covert behavior. This constitutes a high-risk supply-chain backdoor and should be treated as malicious: remove the module, block the destination IP, and rotate any potentially exposed secrets from affected environments.
Live on npm for 3 days, 4 hours and 2 minutes before removal. Socket users were protected even while the package was live.
354766/popmechanic/vibes-cli/sell/
4b9471abd9b6bc29648b4ec048488b626758cf15
Live on socket
Blocked by Socket
[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The 2 reports cohere into a plausible, policy-aligned workflow for SaaS assembly with Clerk authentication and Cloudflare deployment. However, the process introduces elevated secret-handling risk due to credential collection, embedding into deployment artifacts, and reliance on external scripts. Treat as SUSPICIOUS-to-BENIGN: secure secret management and strict access controls are required, with confirmable watchdogs (logs, secret-scoping, least-privilege deployment) before production use. LLM verification: The SKILL.md is functionally aligned with its stated purpose (transforming a Vibes app into a multi-tenant SaaS). However, it requires collecting sensitive Clerk credentials and instructs users to run bundled assembly/deploy scripts (assemble-sell.js, deploy-cloudflare.js, resolve-workers-url.js) located under a plugin root. Because those scripts are not provided for inspection, there is a non-trivial supply-chain risk: if the scripts are malicious or compromised they could exfiltrate credential
ezs
8.0.2
by touv
Live on npm
Blocked by Socket
This module is structurally high-risk because it implements a client-controlled “command and environment” protocol over HTTP headers and uses those values to build a dynamic processing/execution pipeline (ezs.pipeline(commands, environment)) without any authentication or allowlisting within the module. While the exact maliciousness depends on how ezs.pipeline/Parameter functions interpret commands, the control/data flow strongly matches remote orchestration/backdoor/RCE-like patterns. Additionally, it reflects encoded error text back to the client via X-Error, increasing information leakage risk.
raikia/fiercephish
dev-dev
Live on composer
Blocked by Socket
The composer.json is a manifest for a Laravel project explicitly labeled as a phishing framework. While the file itself contains no encoded payloads or hardcoded secrets, it enables risky behaviors: auto-creating .env and running Laravel artisan commands during install, which will execute application code. Combined with the explicit malicious intent in the package description, this makes the package high risk. Do not install or run this package in trusted or production environments. If analysis or use is required, review all application source code offline in an isolated sandbox before executing any composer scripts, and avoid running composer lifecycle scripts that execute PHP code on install.
akenoai
1.5.6
Live on pypi
Blocked by Socket
This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.
coupa-common-js
1.774.365
by h1_coupa
Removed from npm
Blocked by Socket
The code is clearly malicious as it exfiltrates environment variables to an external server ('pipedream.net'). The heavy obfuscation further indicates an attempt to hide this behavior. This poses a significant security risk.
Live on npm for 1 hour and 58 minutes before removal. Socket users were protected even while the package was live.
neoagent
2.1.18-beta.83
by neo_original_
Live on npm
Blocked by Socket
Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.