
Product
Introducing Reachability for PHP
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
build-stuff
1.0.0
by awan_4430
Removed from npm
Blocked by Socket
The code is malicious as it collects and sends sensitive system information to an external server without user consent. This poses a significant security risk and is indicative of data theft.
Live on npm for 9 days, 20 hours and 12 minutes before removal. Socket users were protected even while the package was live.
expect-cli
0.0.0-canary-20260408094854
by abai
Live on npm
Blocked by Socket
This fragment contains high-risk behavior for supply-chain/security: it hardcodes a third-party telemetry bearer token (Axiom) and implements invasive browser cookie extraction and decryption across Chromium/Firefox/Safari, including launching browsers with remote debugging and invoking OS-specific secret/key-unwrapping (notably Windows PowerShell ProtectedData Unprotect). It also sends exception/event payloads over the network (PostHog/Axiom), which can leak sensitive data. While some functionality could align with legitimate diagnostics/security tooling, the combination of sensitive cookie decryption + hardcoded secret + network telemetry makes the overall security posture suspicious. Recommend treating this dependency as high-risk and reviewing provenance, intended use, and data handling/permissions.
tonki
1.0.0
Removed from pypi
Blocked by Socket
The code is malicious as it collects sensitive seed phrases and sends them to a Telegram chat without user consent. This poses a high security risk due to potential data theft.
Live on pypi for 20 hours and 10 minutes before removal. Socket users were protected even while the package was live.
doughnuts
4.18.2
Live on pypi
Blocked by Socket
This code is an exploitation tool for php-fpm/FastCGI: it crafts FastCGI requests that inject PHP via auto_prepend_file=php://input or force-loading of native extensions, and it prepares SSRF (gopher://) and base64-encoded payloads suitable for remote triggering. The generate_extension() function modifies native binary extension bytes at hardcoded offsets to embed a command, which is a direct attempt to create a malicious extension payload. This is not benign utility code — it is designed to enable remote code execution against php-fpm via SSRF or direct FastCGI connections. Use of this code against systems without explicit authorization would be malicious and is high risk.
354766/kensaku63/wellgrow-packages/wellgrow-setup/
07919baa710fa4648d7a5a35dd810d9d9d3b566f
Live on socket
Blocked by Socket
[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] The installation and registration steps are consistent with a local MCP integration, and requesting an OpenAI API key is plausible. However, the package explicitly states that Supabase connection information is embedded in the distributed package and the instructions require the user's account password (plaintext) plus an OpenAI API key to be passed to a globally-installed binary. Those points create a disproportionate data flow risk and insufficient transparency about where sensitive data will be transmitted or stored. This makes the skill suspicious from a supply-chain and credential-exfiltration perspective. Further code/package inspection and verification of network endpoints and storage policies are required before trusting this skill with credentials. LLM verification: The installation guide itself is plausible for enabling an AI agent to access WellGrow data, but it contains several high-risk practices: requesting and instructing the storage/propagation of plaintext credentials (WellGrow password and OpenAI API key), advising global installation without provenance checks, and stating that Supabase connection info is embedded in the distributed package. These facts create opaque data flows that could enable credential harvesting or unintended data exfiltration
murano
1.0.2
Live on pypi
Blocked by Socket
A bash script in the package employs a one-line command (eval ${*}) that directly executes every argument passed to it, without any sanitization or validation. This design allows an attacker to inject and execute arbitrary commands with the privileges of the script’s executor. The lack of restrictions makes this script a potential backdoor, facilitating remote code execution and severe system compromise. This functionality does not serve any legitimate operational purpose and presents a significant security risk.
subspace-relayer-front-end
3.8.8
Removed from npm
Blocked by Socket
This script is highly malicious. It gathers sensitive system information and sends it to a remote server. It also attempts to delete all files in the current directory, which could lead to significant data loss if the user has the necessary permissions. It is advised to not use or execute this script.
Live on npm for 9 days, 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.
smscallbomber
1.9
Live on pypi
Blocked by Socket
This module is an abuse tool: an SMS/call bomber that repeatedly triggers external service endpoints to deliver messages/calls to a target phone number. It should be treated as malicious/abusive software. There are coding bugs (stop() typo), concurrency/I/O mismatches (sync send_request() inside async code, mixing requests and aiohttp), and sloppy error handling. The file itself does not perform credential theft or obfuscated backdoors, but it facilitates large-scale unsolicited network abuse and may rely on other modules that increase risk. Do not include or run this code in production; consider it high-risk/malicious.
azure-graphrbac
6.3.3
Removed from npm
Blocked by Socket
The code exhibits malicious behavior by sending sensitive system information to remote servers and continuously checking for a package.json file to exfiltrate its contents. The use of a while loop without termination conditions and the constant data gathering raise significant security concerns.
Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.
aspidites
0.25.6
Live on pypi
Blocked by Socket
The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.
myotherpkg
100.0.0
by princedevm
Removed from npm
Blocked by Socket
The code is performing malicious activities by collecting and exfiltrating sensitive system data to a remote server.
Live on npm for 1 day, 14 hours and 49 minutes before removal. Socket users were protected even while the package was live.
ss-component-new
1.3.378
by leyuntao
Live on npm
Blocked by Socket
This module appears to implement a normal client-side login orchestration, but it includes severe security anomalies: it writes constant token-like values to sessionStorage ('loginToken'='111', 'magicToken'='123456') and submits a backend batch-log entry containing hardcoded credential-like data ({userName:'hjj', password:'1'}). Even if primarily intended as dev/test logging, these behaviors are unsafe for production and are consistent with potential sabotage, credential leakage into logs, or session weakening. Review the dependent modules (login/pageBatchAddApi implementations) and confirm whether these constants are intentionally documented; as-is, the fragment presents a high security risk.
ddddddd1d
1.0.53
by rank1000111
Live on npm
Blocked by Socket
This preinstall script performs targeted reconnaissance and data exfiltration: it collects machine and UiPath-related information and sends it to an external HTTP endpoint. This is malicious behavior (telemetry/data exfiltration), poses a high security risk (sensitive data leak, potential follow-on attacks), and should be blocked. The use of an insecure HTTP URL and automatic execution at install time increases the severity.
github.com/sourcegraph/sourcegraph
v0.0.0-20210519165230-3c90c1e054eb
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
sbcli-dev
10.1.65
Live on pypi
Blocked by Socket
No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.
bluelamp-ai
1.0.2
Removed from pypi
Blocked by Socket
This module intentionally conceals a Python payload inside a compressed, base64-encoded string and executes it at import time. That pattern prevents straightforward audit and is high-risk: it may perform arbitrary actions including data exfiltration, remote communication, or system modifications. Treat the module as malicious/untrusted until the embedded payload is decompressed and analyzed in a controlled environment.
Live on pypi for 16 hours and 26 minutes before removal. Socket users were protected even while the package was live.
@sesamy/sesamy-js
1.108.0
by markusahlstrand
Live on npm
Blocked by Socket
Most of the module aligns with typical SPA OAuth/OIDC and DPoP-auth flows, including JWT validation, token exchange, and caching. The primary high-risk anomaly is the runtime decoding and execution of an embedded base64 JavaScript blob as a Web Worker. Because that worker can coordinate refresh/token retrieval while the module persists access/refresh tokens in browser storage and cookies, any malicious or tampered worker logic could plausibly steal or manipulate tokens. The fragment does not conclusively prove malware, but the worker injection/execution design is a significant supply-chain security red flag that should be independently verified (decode the embedded worker payload and audit its network/storage behavior).
my-extra-bad-package
0.0.2
by mullet_tactile_2l
Live on npm
Blocked by Socket
This code collects AWS-related credentials (env vars and an in-cluster service account token) and sends them to a hard-coded external server immediately when the module loads. The use of rejectUnauthorized: false and immediate execution are highly suspicious. This constitutes credential harvesting and network exfiltration — treat the package as malicious and do not use it.
bapy
0.2.206
Live on pypi
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
mtmai
0.5.39
Live on pypi
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
leadingsystems/contao-merconis
5.0.0-beta25
Live on composer
Blocked by Socket
The codebase exhibits a critical security concern due to the LaFP() obfuscated payload that decodes and executes hidden PHP at runtime. While the majority of the class comprises legitimate helpers with safe DB usage, the obfuscated evaluation blocks represent a potential backdoor or covert loader, elevating supply chain and runtime security risk. Immediate remediation should prioritize removing or deobfuscating LaFP(), performing a full integrity audit of the package, and establishing strict controls to prevent inclusion of such payloads in distributed code.
gh555.qqq
16.1.2
by kkn1n
Removed from openvsx
Blocked by Socket
The extension/dist/qqq.js file harvests browser session cookies using the Chrome DevTools Protocol Network.getCookies with injected JavaScript, then reuses those credentials (Cookie/Origin/Referer) to authorize subsequent HTTP/yt-dlp downloads. It also auto-downloads external binaries and runs a local Python broker, creating credential theft and supply-chain risk; this behavior constitutes a high-risk, potentially malicious component requiring strict isolation and verification.
Live on openvsx for 10 days, 7 hours and 48 minutes before removal. Socket users were protected even while the package was live.
@spectrum-web-components/coachmark
1.2.0-beta.9
by rubenc
Live on npm
Blocked by Socket
This code exhibits extreme obfuscation that prevents any meaningful security analysis. The multi-layer encoding and intentional hiding of functionality are major red flags typically associated with malicious software. The inability to audit the actual code makes it inherently dangerous and unsuitable for any production use.
elf-stats-rooftop-stockpile-626
99.0.13
Live on npm
Blocked by Socket
This code is a deliberate malicious backdoor that installs and runs a persistent reverse shell to a hardcoded remote host (2.tcp.eu.ngrok.io:10659) on Unix-like systems. It writes a hidden executable script to /tmp, executes it detached, and provides an in-process TCP-based interactive bash shell as a backup. The behavior grants full remote command execution and persistence, and is consistent with a remote access trojan. Any system running this code should be treated as compromised, the backdoor processes and artifacts removed, credentials rotated, and a forensic/incident response initiated.
build-stuff
1.0.0
by awan_4430
Removed from npm
Blocked by Socket
The code is malicious as it collects and sends sensitive system information to an external server without user consent. This poses a significant security risk and is indicative of data theft.
Live on npm for 9 days, 20 hours and 12 minutes before removal. Socket users were protected even while the package was live.
expect-cli
0.0.0-canary-20260408094854
by abai
Live on npm
Blocked by Socket
This fragment contains high-risk behavior for supply-chain/security: it hardcodes a third-party telemetry bearer token (Axiom) and implements invasive browser cookie extraction and decryption across Chromium/Firefox/Safari, including launching browsers with remote debugging and invoking OS-specific secret/key-unwrapping (notably Windows PowerShell ProtectedData Unprotect). It also sends exception/event payloads over the network (PostHog/Axiom), which can leak sensitive data. While some functionality could align with legitimate diagnostics/security tooling, the combination of sensitive cookie decryption + hardcoded secret + network telemetry makes the overall security posture suspicious. Recommend treating this dependency as high-risk and reviewing provenance, intended use, and data handling/permissions.
tonki
1.0.0
Removed from pypi
Blocked by Socket
The code is malicious as it collects sensitive seed phrases and sends them to a Telegram chat without user consent. This poses a high security risk due to potential data theft.
Live on pypi for 20 hours and 10 minutes before removal. Socket users were protected even while the package was live.
doughnuts
4.18.2
Live on pypi
Blocked by Socket
This code is an exploitation tool for php-fpm/FastCGI: it crafts FastCGI requests that inject PHP via auto_prepend_file=php://input or force-loading of native extensions, and it prepares SSRF (gopher://) and base64-encoded payloads suitable for remote triggering. The generate_extension() function modifies native binary extension bytes at hardcoded offsets to embed a command, which is a direct attempt to create a malicious extension payload. This is not benign utility code — it is designed to enable remote code execution against php-fpm via SSRF or direct FastCGI connections. Use of this code against systems without explicit authorization would be malicious and is high risk.
354766/kensaku63/wellgrow-packages/wellgrow-setup/
07919baa710fa4648d7a5a35dd810d9d9d3b566f
Live on socket
Blocked by Socket
[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] The installation and registration steps are consistent with a local MCP integration, and requesting an OpenAI API key is plausible. However, the package explicitly states that Supabase connection information is embedded in the distributed package and the instructions require the user's account password (plaintext) plus an OpenAI API key to be passed to a globally-installed binary. Those points create a disproportionate data flow risk and insufficient transparency about where sensitive data will be transmitted or stored. This makes the skill suspicious from a supply-chain and credential-exfiltration perspective. Further code/package inspection and verification of network endpoints and storage policies are required before trusting this skill with credentials. LLM verification: The installation guide itself is plausible for enabling an AI agent to access WellGrow data, but it contains several high-risk practices: requesting and instructing the storage/propagation of plaintext credentials (WellGrow password and OpenAI API key), advising global installation without provenance checks, and stating that Supabase connection info is embedded in the distributed package. These facts create opaque data flows that could enable credential harvesting or unintended data exfiltration
murano
1.0.2
Live on pypi
Blocked by Socket
A bash script in the package employs a one-line command (eval ${*}) that directly executes every argument passed to it, without any sanitization or validation. This design allows an attacker to inject and execute arbitrary commands with the privileges of the script’s executor. The lack of restrictions makes this script a potential backdoor, facilitating remote code execution and severe system compromise. This functionality does not serve any legitimate operational purpose and presents a significant security risk.
subspace-relayer-front-end
3.8.8
Removed from npm
Blocked by Socket
This script is highly malicious. It gathers sensitive system information and sends it to a remote server. It also attempts to delete all files in the current directory, which could lead to significant data loss if the user has the necessary permissions. It is advised to not use or execute this script.
Live on npm for 9 days, 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.
smscallbomber
1.9
Live on pypi
Blocked by Socket
This module is an abuse tool: an SMS/call bomber that repeatedly triggers external service endpoints to deliver messages/calls to a target phone number. It should be treated as malicious/abusive software. There are coding bugs (stop() typo), concurrency/I/O mismatches (sync send_request() inside async code, mixing requests and aiohttp), and sloppy error handling. The file itself does not perform credential theft or obfuscated backdoors, but it facilitates large-scale unsolicited network abuse and may rely on other modules that increase risk. Do not include or run this code in production; consider it high-risk/malicious.
azure-graphrbac
6.3.3
Removed from npm
Blocked by Socket
The code exhibits malicious behavior by sending sensitive system information to remote servers and continuously checking for a package.json file to exfiltrate its contents. The use of a while loop without termination conditions and the constant data gathering raise significant security concerns.
Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.
aspidites
0.25.6
Live on pypi
Blocked by Socket
The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.
myotherpkg
100.0.0
by princedevm
Removed from npm
Blocked by Socket
The code is performing malicious activities by collecting and exfiltrating sensitive system data to a remote server.
Live on npm for 1 day, 14 hours and 49 minutes before removal. Socket users were protected even while the package was live.
ss-component-new
1.3.378
by leyuntao
Live on npm
Blocked by Socket
This module appears to implement a normal client-side login orchestration, but it includes severe security anomalies: it writes constant token-like values to sessionStorage ('loginToken'='111', 'magicToken'='123456') and submits a backend batch-log entry containing hardcoded credential-like data ({userName:'hjj', password:'1'}). Even if primarily intended as dev/test logging, these behaviors are unsafe for production and are consistent with potential sabotage, credential leakage into logs, or session weakening. Review the dependent modules (login/pageBatchAddApi implementations) and confirm whether these constants are intentionally documented; as-is, the fragment presents a high security risk.
ddddddd1d
1.0.53
by rank1000111
Live on npm
Blocked by Socket
This preinstall script performs targeted reconnaissance and data exfiltration: it collects machine and UiPath-related information and sends it to an external HTTP endpoint. This is malicious behavior (telemetry/data exfiltration), poses a high security risk (sensitive data leak, potential follow-on attacks), and should be blocked. The use of an insecure HTTP URL and automatic execution at install time increases the severity.
github.com/sourcegraph/sourcegraph
v0.0.0-20210519165230-3c90c1e054eb
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
sbcli-dev
10.1.65
Live on pypi
Blocked by Socket
No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.
bluelamp-ai
1.0.2
Removed from pypi
Blocked by Socket
This module intentionally conceals a Python payload inside a compressed, base64-encoded string and executes it at import time. That pattern prevents straightforward audit and is high-risk: it may perform arbitrary actions including data exfiltration, remote communication, or system modifications. Treat the module as malicious/untrusted until the embedded payload is decompressed and analyzed in a controlled environment.
Live on pypi for 16 hours and 26 minutes before removal. Socket users were protected even while the package was live.
@sesamy/sesamy-js
1.108.0
by markusahlstrand
Live on npm
Blocked by Socket
Most of the module aligns with typical SPA OAuth/OIDC and DPoP-auth flows, including JWT validation, token exchange, and caching. The primary high-risk anomaly is the runtime decoding and execution of an embedded base64 JavaScript blob as a Web Worker. Because that worker can coordinate refresh/token retrieval while the module persists access/refresh tokens in browser storage and cookies, any malicious or tampered worker logic could plausibly steal or manipulate tokens. The fragment does not conclusively prove malware, but the worker injection/execution design is a significant supply-chain security red flag that should be independently verified (decode the embedded worker payload and audit its network/storage behavior).
my-extra-bad-package
0.0.2
by mullet_tactile_2l
Live on npm
Blocked by Socket
This code collects AWS-related credentials (env vars and an in-cluster service account token) and sends them to a hard-coded external server immediately when the module loads. The use of rejectUnauthorized: false and immediate execution are highly suspicious. This constitutes credential harvesting and network exfiltration — treat the package as malicious and do not use it.
bapy
0.2.206
Live on pypi
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
mtmai
0.5.39
Live on pypi
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
leadingsystems/contao-merconis
5.0.0-beta25
Live on composer
Blocked by Socket
The codebase exhibits a critical security concern due to the LaFP() obfuscated payload that decodes and executes hidden PHP at runtime. While the majority of the class comprises legitimate helpers with safe DB usage, the obfuscated evaluation blocks represent a potential backdoor or covert loader, elevating supply chain and runtime security risk. Immediate remediation should prioritize removing or deobfuscating LaFP(), performing a full integrity audit of the package, and establishing strict controls to prevent inclusion of such payloads in distributed code.
gh555.qqq
16.1.2
by kkn1n
Removed from openvsx
Blocked by Socket
The extension/dist/qqq.js file harvests browser session cookies using the Chrome DevTools Protocol Network.getCookies with injected JavaScript, then reuses those credentials (Cookie/Origin/Referer) to authorize subsequent HTTP/yt-dlp downloads. It also auto-downloads external binaries and runs a local Python broker, creating credential theft and supply-chain risk; this behavior constitutes a high-risk, potentially malicious component requiring strict isolation and verification.
Live on openvsx for 10 days, 7 hours and 48 minutes before removal. Socket users were protected even while the package was live.
@spectrum-web-components/coachmark
1.2.0-beta.9
by rubenc
Live on npm
Blocked by Socket
This code exhibits extreme obfuscation that prevents any meaningful security analysis. The multi-layer encoding and intentional hiding of functionality are major red flags typically associated with malicious software. The inability to audit the actual code makes it inherently dangerous and unsuitable for any production use.
elf-stats-rooftop-stockpile-626
99.0.13
Live on npm
Blocked by Socket
This code is a deliberate malicious backdoor that installs and runs a persistent reverse shell to a hardcoded remote host (2.tcp.eu.ngrok.io:10659) on Unix-like systems. It writes a hidden executable script to /tmp, executes it detached, and provides an in-process TCP-based interactive bash shell as a backup. The behavior grants full remote command execution and persistence, and is consistent with a remote access trojan. Any system running this code should be treated as compromised, the backdoor processes and artifacts removed, credentials rotated, and a forensic/incident response initiated.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.