Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

github-badge-bot

1.2.0

by kingtiger19990427

Live on npm

Blocked by Socket

The code logs into Discord accounts using provided tokens, enumerates guilds, obtains or creates persistent invite links, and sends those links to an external Telegram endpoint. This is a privacy-invasive behavior that can be used to exfiltrate server invite links and server names. The code is readable and not obfuscated, but its behavior is consistent with abusive or malicious use (harvesting and sharing guild invites). Recommend treating this module as high risk for misuse; inspect sendInviteToTelegram implementation and validate intent/consent before use. If tokens are not owned/authorized, do not run this code.

anuga

3.3.2

Live on pypi

Blocked by Socket

This module is primarily a file-based geometry/config ingestion utility, but it contains a critical arbitrary code execution primitive: Create_culvert_bridge_Operator uses eval(value) on text loaded from an external configuration file and then propagates the evaluated results into operator constructors. If culvert_bridge_file contents can be influenced (including via supply-chain/deployment tampering), an attacker can execute arbitrary Python code in the application's context. Other functions are comparatively lower risk aside from parsing/availability concerns and one undefined-variable bug.

on-taskgraph

2.49.0

by rackhd

Live on npm

Blocked by Socket

This module is a high-risk remote task runner/backdoor: it polls a remote server, downloads Python scripts over HTTP, writes them to disk and executes them with execfile, and posts results back. That design allows full remote code execution and arbitrary data exfiltration by the server operator. It should be considered malicious or at least extremely dangerous for use in production or as a dependency unless its use is explicitly trusted, authenticated, and sandboxed. Recommend removing or isolating this component, blocking its network access, and treating any deployment as compromised until proven otherwise.

ambar-src

2.8.99

by a_awerin

Removed from npm

Blocked by Socket

This package runs a local Node script during preinstall and hides its output. That behavior is inherently risky because install hooks can execute arbitrary code on the host system. You should treat this as suspicious: inspect the contents of index.js before installing (or remove/disable the preinstall script). If index.js performs network I/O, spawns shells, writes to sensitive files, or spawns background processes, consider the package malicious and do not install.

Live on npm for 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

ai-coding-shield/ai-coding-shield

62e75ad8eb556f2d500576194e50631d1549a87f

Live on actions

Blocked by Socket

This script is malicious and specifically designed to exfiltrate AWS credentials to an attacker-controlled server. Treat any repository or package containing this file as compromised. Do not execute the script. Perform incident response: remove the file, rotate any potentially exposed AWS credentials immediately, audit systems for further persistence, and investigate how the file was introduced into the supply chain.

@oliveira-andre/baileys-md

7.0.4

by oliveira-andre

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

github.com/sourcegraph/sourcegraph

v0.0.0-20210323073634-1ad647ad03a0

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

pkscreener

0.45.20240913.565

Live on pypi

Blocked by Socket

This module implements covert telemetry/exfiltration: it gathers local user identifiers and IP-derived location and pushes them to a hardcoded external GitHub repository, doing so silently and with trivial obfuscation. This is privacy-invasive and constitutes a supply-chain risk. Recommend treating this behavior as malicious or at minimum unacceptable telemetry: remove or disable this code, audit repository contents for sensitive data, and avoid running the package on sensitive hosts. Investigate any pushed commits and revoke compromised git credentials.

github.com/weaveworks/weave

v1.4.7-0.20160405203810-325487089963

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

github.com/sourcegraph/sourcegraph

v0.0.0-20201207131205-3a47fdb8484c

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

github.com/zer0blackhat/bhg

v0.0.0-20230731192434-7224fc480197

Live on go

Blocked by Socket

This fragment is a client-side keylogger that exfiltrates every keystroke to a remote WebSocket server. It should be treated as malicious: immediate removal and investigation are recommended if found in a dependency or served to users. The templated host and plaintext transport increase the risk of credential and data theft in supply-chain or runtime scenarios.

qtido

0.9.3

Live on pypi

Blocked by Socket

The fragment hides executable payload behind base64 and zlib compression and immediately executes it via exec. This is a strong indicator of obfuscated, potentially malicious behavior. While the exact actions of the inner payload are not visible without decoding, the pattern itself is a known tactic for backdoors or hidden malware in packages. Treat as high risk and require offline decoding/review of the inner payload, or removal from the package until a safe, reproducible, and auditable alternative is provided.

adk-cli

0.1.3

Live on npm

Blocked by Socket

The script collects terminal commands and environment metadata and attempts to POST them to a remote API endpoint. This constitutes sensitive data exfiltration and is high risk for leakage of credentials and private information. The implementation is stealthy (silent handlers, short timeout) and ships a hardcoded default endpoint. Unless this behavior is explicitly documented, consented to, and secured (HTTPS correctly used, opt-in, redaction, and clear privacy policy), the module should be considered malicious or at minimum unsuitable for use in untrusted or production environments.

okta-mfa-library

1.7227.0

by okta-mfa-library

Live on npm

Blocked by Socket

This module immediately collects detailed system and Node process information (including a JSON serialization of the process object) and transmits it to a hard-coded external analytics endpoint without user consent or filtering. That behavior constitutes a high privacy and supply-chain risk: it can leak environment variables, credentials, CI secrets, and other sensitive runtime data. While the code is not obfuscated and performs no destructive actions, the unconditional network exfiltration and deceptive endpoint naming are strong indicators of malicious or at least highly unsafe telemetry behavior. Do not use this package in sensitive environments; remove or sandbox it and verify author intent and provenance before permitting network access.

polaris-cli-tool

1.0.7

Removed from pypi

Blocked by Socket

This module programmatically elevates privileges, installs and enables OpenSSH on Windows, creates a local user with a plaintext password, opens firewall port 22, and exposes SSH via an ngrok tunnel. It persists credentials and system information to disk and attempts to synchronize that data via a SyncManager (possible exfiltration). The code greatly increases attack surface and can enable unauthorized remote access if misused. Review the implementations of SSHManager, NgrokManager, SyncManager, and UserManager before use, avoid running on sensitive machines, require SSH key-based auth or remove automatic user creation, and do not store or log plaintext credentials. Treat as high security risk until audited.

Live on pypi for 6 days, 15 hours and 31 minutes before removal. Socket users were protected even while the package was live.

github.com/malwaredllc/byob

v0.0.0-20220622191616-a6b4c7b0e206

Live on go

Blocked by Socket

This code downloads and executes a remote macOS binary without verifying integrity, disables TLS verification, removes macOS quarantine attributes, runs the binary and deletes it afterwards. Those actions allow arbitrary code execution from a network source and bypass platform protections — a high-risk supply-chain/execution pattern. Even if the target binary is legitimate (mas), the design is dangerous and could be abused to execute malicious payloads. Avoid running this code as-is; require signatures/hashes, enable TLS verification, and do not remove quarantine attributes or execute untrusted binaries.

imcodes

2026.4.987-dev.988

by imcodes

Live on npm

Blocked by Socket

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

gdriveexplorer

0.32

Live on pypi

Blocked by Socket

The code provides legitimate Drive utility functions but contains a built-in, covert telemetry/exfiltration mechanism: on object construction it captures the authenticated user's email and appends it to a file that is uploaded to a hard-coded remote Drive ID, then removes the local copy. This is privacy-invasive and likely malicious or at least abusive. Combined with full Drive read/write capabilities, this module should not be used in environments with sensitive credentials. Replace or remove the telemetry upload, avoid eval usage, and avoid performing network side-effects in __init__.

@shadow999/baileys

1.0.1

Removed from npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.3

Removed from pypi

Blocked by Socket

This module deliberately conceals executable code in a base64+zlib blob and executes it directly with exec(). That is a high-risk, obfuscation-first design and is commonly associated with malicious or at least non-transparent behaviour. Treat the package as untrusted until the decompressed payload is fully inspected in a safe, isolated environment. Do not run this code in production or on systems containing sensitive data.

Live on pypi for 3 days, 7 hours and 59 minutes before removal. Socket users were protected even while the package was live.

omnibus

0.0.15

Live on pypi

Blocked by Socket

This module intentionally exposes a full, unauthenticated interactive Python REPL over a Unix-domain socket. That design yields direct in-process arbitrary code execution and broad access to the host process globals and resources. It should be treated as a high security risk: avoid shipping or enabling this in production, restrict socket access with filesystem permissions, add authentication/authorization, or remove the feature. If discovered in a deployed system, treat it as a potential backdoor and investigate connections and created socket files.

toori

1.0.7

Live on pypi

Blocked by Socket

This module acts as a remote-controlled network sniffer/injector: it discovers the host's local IP, initializes a native capture/injection module with a filter, streams captured traffic to a remote Socket.IO server, and accepts remote instructions to inject packets. That behavior is consistent with a supply-chain backdoor that can exfiltrate sensitive network data and enable remote network manipulation. The most critical unknown is the native _toori implementation (not provided) — that component likely contains the highest-risk functionality. Recommend treating this package as dangerous: do not install or run it on production or sensitive hosts without full source review of the native extension and strong justification. If you see this in a dependency tree, investigate origin, maintainers, and purpose immediately.

@jdxcode/mise

2026.3.12

by GitHub Actions

Live on npm

Blocked by Socket

This package runs a locally included installArchSpecificPackage.js at preinstall time. Given that the package intentionally excludes the bin files from the published package and declares a bin entry, the installer likely downloads or generates platform-specific binaries during install. That behavior is a strong supply-chain risk: the install script can fetch and execute remote code, write executables, modify the system, and perform data exfiltration or install backdoors. You should inspect the contents of installArchSpecificPackage.js (and any network endpoints it contacts) before running npm install, and treat this package as high-risk until verified.

github.com/sourcegraph/sourcegraph

v0.0.0-20201215165007-2bdf5d67b979

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

github-badge-bot

1.2.0

by kingtiger19990427

Live on npm

Blocked by Socket

The code logs into Discord accounts using provided tokens, enumerates guilds, obtains or creates persistent invite links, and sends those links to an external Telegram endpoint. This is a privacy-invasive behavior that can be used to exfiltrate server invite links and server names. The code is readable and not obfuscated, but its behavior is consistent with abusive or malicious use (harvesting and sharing guild invites). Recommend treating this module as high risk for misuse; inspect sendInviteToTelegram implementation and validate intent/consent before use. If tokens are not owned/authorized, do not run this code.

anuga

3.3.2

Live on pypi

Blocked by Socket

This module is primarily a file-based geometry/config ingestion utility, but it contains a critical arbitrary code execution primitive: Create_culvert_bridge_Operator uses eval(value) on text loaded from an external configuration file and then propagates the evaluated results into operator constructors. If culvert_bridge_file contents can be influenced (including via supply-chain/deployment tampering), an attacker can execute arbitrary Python code in the application's context. Other functions are comparatively lower risk aside from parsing/availability concerns and one undefined-variable bug.

on-taskgraph

2.49.0

by rackhd

Live on npm

Blocked by Socket

This module is a high-risk remote task runner/backdoor: it polls a remote server, downloads Python scripts over HTTP, writes them to disk and executes them with execfile, and posts results back. That design allows full remote code execution and arbitrary data exfiltration by the server operator. It should be considered malicious or at least extremely dangerous for use in production or as a dependency unless its use is explicitly trusted, authenticated, and sandboxed. Recommend removing or isolating this component, blocking its network access, and treating any deployment as compromised until proven otherwise.

ambar-src

2.8.99

by a_awerin

Removed from npm

Blocked by Socket

This package runs a local Node script during preinstall and hides its output. That behavior is inherently risky because install hooks can execute arbitrary code on the host system. You should treat this as suspicious: inspect the contents of index.js before installing (or remove/disable the preinstall script). If index.js performs network I/O, spawns shells, writes to sensitive files, or spawns background processes, consider the package malicious and do not install.

Live on npm for 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

ai-coding-shield/ai-coding-shield

62e75ad8eb556f2d500576194e50631d1549a87f

Live on actions

Blocked by Socket

This script is malicious and specifically designed to exfiltrate AWS credentials to an attacker-controlled server. Treat any repository or package containing this file as compromised. Do not execute the script. Perform incident response: remove the file, rotate any potentially exposed AWS credentials immediately, audit systems for further persistence, and investigate how the file was introduced into the supply chain.

@oliveira-andre/baileys-md

7.0.4

by oliveira-andre

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

github.com/sourcegraph/sourcegraph

v0.0.0-20210323073634-1ad647ad03a0

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

pkscreener

0.45.20240913.565

Live on pypi

Blocked by Socket

This module implements covert telemetry/exfiltration: it gathers local user identifiers and IP-derived location and pushes them to a hardcoded external GitHub repository, doing so silently and with trivial obfuscation. This is privacy-invasive and constitutes a supply-chain risk. Recommend treating this behavior as malicious or at minimum unacceptable telemetry: remove or disable this code, audit repository contents for sensitive data, and avoid running the package on sensitive hosts. Investigate any pushed commits and revoke compromised git credentials.

github.com/weaveworks/weave

v1.4.7-0.20160405203810-325487089963

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

github.com/sourcegraph/sourcegraph

v0.0.0-20201207131205-3a47fdb8484c

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

github.com/zer0blackhat/bhg

v0.0.0-20230731192434-7224fc480197

Live on go

Blocked by Socket

This fragment is a client-side keylogger that exfiltrates every keystroke to a remote WebSocket server. It should be treated as malicious: immediate removal and investigation are recommended if found in a dependency or served to users. The templated host and plaintext transport increase the risk of credential and data theft in supply-chain or runtime scenarios.

qtido

0.9.3

Live on pypi

Blocked by Socket

The fragment hides executable payload behind base64 and zlib compression and immediately executes it via exec. This is a strong indicator of obfuscated, potentially malicious behavior. While the exact actions of the inner payload are not visible without decoding, the pattern itself is a known tactic for backdoors or hidden malware in packages. Treat as high risk and require offline decoding/review of the inner payload, or removal from the package until a safe, reproducible, and auditable alternative is provided.

adk-cli

0.1.3

Live on npm

Blocked by Socket

The script collects terminal commands and environment metadata and attempts to POST them to a remote API endpoint. This constitutes sensitive data exfiltration and is high risk for leakage of credentials and private information. The implementation is stealthy (silent handlers, short timeout) and ships a hardcoded default endpoint. Unless this behavior is explicitly documented, consented to, and secured (HTTPS correctly used, opt-in, redaction, and clear privacy policy), the module should be considered malicious or at minimum unsuitable for use in untrusted or production environments.

okta-mfa-library

1.7227.0

by okta-mfa-library

Live on npm

Blocked by Socket

This module immediately collects detailed system and Node process information (including a JSON serialization of the process object) and transmits it to a hard-coded external analytics endpoint without user consent or filtering. That behavior constitutes a high privacy and supply-chain risk: it can leak environment variables, credentials, CI secrets, and other sensitive runtime data. While the code is not obfuscated and performs no destructive actions, the unconditional network exfiltration and deceptive endpoint naming are strong indicators of malicious or at least highly unsafe telemetry behavior. Do not use this package in sensitive environments; remove or sandbox it and verify author intent and provenance before permitting network access.

polaris-cli-tool

1.0.7

Removed from pypi

Blocked by Socket

This module programmatically elevates privileges, installs and enables OpenSSH on Windows, creates a local user with a plaintext password, opens firewall port 22, and exposes SSH via an ngrok tunnel. It persists credentials and system information to disk and attempts to synchronize that data via a SyncManager (possible exfiltration). The code greatly increases attack surface and can enable unauthorized remote access if misused. Review the implementations of SSHManager, NgrokManager, SyncManager, and UserManager before use, avoid running on sensitive machines, require SSH key-based auth or remove automatic user creation, and do not store or log plaintext credentials. Treat as high security risk until audited.

Live on pypi for 6 days, 15 hours and 31 minutes before removal. Socket users were protected even while the package was live.

github.com/malwaredllc/byob

v0.0.0-20220622191616-a6b4c7b0e206

Live on go

Blocked by Socket

This code downloads and executes a remote macOS binary without verifying integrity, disables TLS verification, removes macOS quarantine attributes, runs the binary and deletes it afterwards. Those actions allow arbitrary code execution from a network source and bypass platform protections — a high-risk supply-chain/execution pattern. Even if the target binary is legitimate (mas), the design is dangerous and could be abused to execute malicious payloads. Avoid running this code as-is; require signatures/hashes, enable TLS verification, and do not remove quarantine attributes or execute untrusted binaries.

imcodes

2026.4.987-dev.988

by imcodes

Live on npm

Blocked by Socket

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

gdriveexplorer

0.32

Live on pypi

Blocked by Socket

The code provides legitimate Drive utility functions but contains a built-in, covert telemetry/exfiltration mechanism: on object construction it captures the authenticated user's email and appends it to a file that is uploaded to a hard-coded remote Drive ID, then removes the local copy. This is privacy-invasive and likely malicious or at least abusive. Combined with full Drive read/write capabilities, this module should not be used in environments with sensitive credentials. Replace or remove the telemetry upload, avoid eval usage, and avoid performing network side-effects in __init__.

@shadow999/baileys

1.0.1

Removed from npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.3

Removed from pypi

Blocked by Socket

This module deliberately conceals executable code in a base64+zlib blob and executes it directly with exec(). That is a high-risk, obfuscation-first design and is commonly associated with malicious or at least non-transparent behaviour. Treat the package as untrusted until the decompressed payload is fully inspected in a safe, isolated environment. Do not run this code in production or on systems containing sensitive data.

Live on pypi for 3 days, 7 hours and 59 minutes before removal. Socket users were protected even while the package was live.

omnibus

0.0.15

Live on pypi

Blocked by Socket

This module intentionally exposes a full, unauthenticated interactive Python REPL over a Unix-domain socket. That design yields direct in-process arbitrary code execution and broad access to the host process globals and resources. It should be treated as a high security risk: avoid shipping or enabling this in production, restrict socket access with filesystem permissions, add authentication/authorization, or remove the feature. If discovered in a deployed system, treat it as a potential backdoor and investigate connections and created socket files.

toori

1.0.7

Live on pypi

Blocked by Socket

This module acts as a remote-controlled network sniffer/injector: it discovers the host's local IP, initializes a native capture/injection module with a filter, streams captured traffic to a remote Socket.IO server, and accepts remote instructions to inject packets. That behavior is consistent with a supply-chain backdoor that can exfiltrate sensitive network data and enable remote network manipulation. The most critical unknown is the native _toori implementation (not provided) — that component likely contains the highest-risk functionality. Recommend treating this package as dangerous: do not install or run it on production or sensitive hosts without full source review of the native extension and strong justification. If you see this in a dependency tree, investigate origin, maintainers, and purpose immediately.

@jdxcode/mise

2026.3.12

by GitHub Actions

Live on npm

Blocked by Socket

This package runs a locally included installArchSpecificPackage.js at preinstall time. Given that the package intentionally excludes the bin files from the published package and declares a bin entry, the installer likely downloads or generates platform-specific binaries during install. That behavior is a strong supply-chain risk: the install script can fetch and execute remote code, write executables, modify the system, and perform data exfiltration or install backdoors. You should inspect the contents of installArchSpecificPackage.js (and any network endpoints it contacts) before running npm install, and treat this package as high-risk until verified.

github.com/sourcegraph/sourcegraph

v0.0.0-20201215165007-2bdf5d67b979

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles