Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

javanile/vtiger-core

5.4.0

Live on composer

Blocked by Socket

The fragment shows a local network call followed by a log write. While not conclusively malicious, the pattern resembles beaconing or data extraction vectors when used with a placeholder port and a local endpoint. Treat as suspicious in a supply-chain context; verify APACHEPORT value, the intended purpose of SendReminder.php, and whether this behavior is documented in the project. Enforce least-privilege, validate provenance, and consider restricting local network egress for build/runtime environments.

alea-launcher

0.1.107

by verbal-torment

Removed from npm

Blocked by Socket

This module implements a high-impact installer/launcher pipeline: it downloads a remote ZIP from a fixed CDN, unzips it locally, and then executes an installer executable via execFile. In this code, there is no visible integrity/signature/hash verification of the downloaded archive before extraction/execution, which is a significant supply-chain/RCE risk if the artifact or hosting is compromised. Additionally, the Electron window is configured with nodeIntegration:true and webSecurity:false, increasing the blast radius of any renderer compromise, and several privileged IPC handlers can trigger the download/unzip/execute workflow. The 'Game.SendLogs' functionality may also expose or export diagnostic information to the desktop.

Live on npm for 1 day, 11 hours and 51 minutes before removal. Socket users were protected even while the package was live.

meshcentral

1.1.38

by ysainthilaire

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

upstartadmindashboard-

99.99.1

by realvivek07

Removed from npm

Blocked by Socket

This package will execute postinstall.js on install. Executing a package-provided script is a normal practice for setup tasks, but it is a common vector for malicious behavior (telemetry, data exfiltration, adding hooks, installing additional packages, starting background processes, or opening network connections). You should inspect the contents of postinstall.js before installing. Absent that inspection, treat this as a moderate security risk.

Live on npm for 1 day, 19 hours and 7 minutes before removal. Socket users were protected even while the package was live.

imcodes

2026.4.1049-dev.1065

by GitHub Actions

Live on npm

Blocked by Socket

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

fsd

0.1.490

Removed from pypi

Blocked by Socket

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 3 minutes before removal. Socket users were protected even while the package was live.

hwpwings

0.4.2

Live on pypi

Blocked by Socket

The module performs an automatic, side-effectful installation: if a specific HKCU registry value is missing it downloads a DLL from a hardcoded remote URL and writes it to C:\Temp\Temp2, then records the path in the registry under HKCU\\Software\\HNC\\HwpAutomation\\Modules. This behavior is dangerous: it persists a native binary without validation and can enable execution by other HWP automation components. Coupled with malformed/truncated code later in the file, the fragment is suspicious and should not be trusted. Recommend blocking execution, obtaining the DLL from a verified source, and requiring explicit, audited installation steps (with signatures/checksums) before allowing such behavior.

github.com/apache/trafficcontrol

v1.1.4-0.20170109040459-940d621a03a7

Live on go

Blocked by Socket

This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.

@merajah/baileys

2.0.5

by dwi-merajah

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

github-badge-bot

1.12.2

Live on npm

Blocked by Socket

High risk. The package runs an extract-tokens script automatically on install (postinstall) and provides tooling that can harvest tokens and send invites. Combined with screen-capture capability and the suspicious self-dependency, this package is likely to perform credential theft and unsolicited account actions. Do not install on any machine with credentials or sensitive data; inspect the referenced scripts (bin/extract-tokens.js, bin/preinstall.js, bin/start-bot.js, etc.) in a safe, offline environment before considering use.

discordd.jss

1.6.2

by xfixxy311

Removed from npm

Blocked by Socket

The code runs an executable file when the module is loaded. It uses the 'exec' function to execute a command, which could be a security risk if untrusted data is passed to it. The hard-coded executable file name is also an anomaly that could be a security risk if the file is malicious.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

drsploitberg

0.1a1

Live on pypi

Blocked by Socket

The provided module is a clear denial-of-service (HTTP GET flood) implementation: multithreaded sockets repeatedly connect to and send requests to a target host and port with no safeguards. It is malicious by purpose and poses a high supply-chain/security risk. Do not include or execute this code in trusted environments. Treat packages containing this code as malicious or severely dangerous.

evo-web

100.0.5

by 0xnullsec

Removed from npm

Blocked by Socket

This preinstall script is malicious: it collects and transmits sensitive system information (including /etc/shadow) to an external endpoint during npm install. Installing this package will leak credentials and system data and should be considered high-risk. Do not install or run on any system with sensitive data; investigate and remove any exposure if already executed.

Live on npm for 3 hours and 9 minutes before removal. Socket users were protected even while the package was live.

ing-feat-malware-detection

99.99.99

by bate5a

Live on npm

Blocked by Socket

This code performs targeted local reconnaissance and exfiltrates environment and user data (including the presence of company-related entries in shell histories and directory listings) to a hardcoded external OAST domain over unencrypted HTTP. The behavior is clearly malicious or at minimum privacy-invasive and unsuitable for a dependency. Treat this package as a supply-chain compromise: remove it, block the endpoint, and investigate systems where it executed for potential data exposure.

vigilinux

1.0.1

Removed from pypi

Blocked by Socket

The code is not overtly malicious but contains high-risk deserialization patterns: dynamic, data-driven class import and reconstruction of objects (AbstractFileSystem.from_dict and constructor calls) combined with default inclusion of passwords. If untrusted JSON can reach FilesystemJSONDecoder, an attacker could cause arbitrary imports and trigger side effects or credential disclosure. Treat this module as unsafe for untrusted input unless mitigations (allowlist, disable password emission, input validation) are applied. The fragment appears incomplete which lowers full-confidence assessment.

Live on pypi for 3 hours and 4 minutes before removal. Socket users were protected even while the package was live.

github.com/An0nUD4Y/Modlishka

v0.0.0-20190127195609-8d01c8592400

Live on go

Blocked by Socket

This module is a reverse proxy designed to enable phishing: it strips security headers, downgrades cookie security, injects JavaScript payloads, rewrites URLs to a phishing domain, logs cookies and session identifiers, and accepts invalid TLS certificates. These behaviors constitute active malicious functionality for credential/session capture and user tracking. The code should be considered dangerous and unsuitable for use in normal applications. Use only with explicit authorization in controlled environments.

atlasctf-21-prod-08

99.99.99.1

Live on pypi

Blocked by Socket

This setup.py contains explicit, malicious data-exfiltration behavior executed during package installation. It reads a likely sensitive file (/flag.txt) and posts its contents to a hardcoded external webhook, while suppressing errors to remain stealthy. Treat this package as malicious: do not install it, remove it from affected systems, and investigate any environments where it was installed for leaked secrets or further compromise.

@douinfe/semi-animation-styled

9.3.5

by mtdev008742

Removed from npm

Blocked by Socket

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

Live on npm for 19 hours and 17 minutes before removal. Socket users were protected even while the package was live.

qumra-ui

0.0.107

by khalidwalid00

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

data-layer-v8

9999.99.99

by explotme

Removed from npm

Blocked by Socket

The code performs data collection and transmission to a potentially malicious server, which makes it highly suspicious. The code uses a hardcoded suspicious domain, collects user information without consent, and sends the data to an external server. This can lead to severe privacy violation and data leak issues.

Live on npm for 1 day, 9 hours and 18 minutes before removal. Socket users were protected even while the package was live.

uniquebible

0.1.62

Live on pypi

Blocked by Socket

This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.

agentgui

1.0.860

by lanmower

Live on npm

Blocked by Socket

This module exposes an extremely high-risk remote control surface: it can spawn an interactive shell (PTY with fallback), accept client-provided base64 input to that shell, and stream the resulting output back to the client over WebSocket—creating a bidirectional remote command execution channel. It also exposes PM2 administrative operations and log retrieval/flush using client-controlled parameters. If strong authorization and auditing are not enforced elsewhere, this is consistent with backdoor/RCE capability and represents a severe supply-chain security concern.

sparrow-python

0.2.7.1

Live on pypi

Blocked by Socket

The code contains dynamic URL alterations and uses 'os.system' with user inputs, posing a security risk. It is recommended to review the code for safer alternatives.

github.com/sourcegraph/sourcegraph

v0.0.0-20210603123949-9e1e62ecef67

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

javanile/vtiger-core

5.4.0

Live on composer

Blocked by Socket

The fragment shows a local network call followed by a log write. While not conclusively malicious, the pattern resembles beaconing or data extraction vectors when used with a placeholder port and a local endpoint. Treat as suspicious in a supply-chain context; verify APACHEPORT value, the intended purpose of SendReminder.php, and whether this behavior is documented in the project. Enforce least-privilege, validate provenance, and consider restricting local network egress for build/runtime environments.

alea-launcher

0.1.107

by verbal-torment

Removed from npm

Blocked by Socket

This module implements a high-impact installer/launcher pipeline: it downloads a remote ZIP from a fixed CDN, unzips it locally, and then executes an installer executable via execFile. In this code, there is no visible integrity/signature/hash verification of the downloaded archive before extraction/execution, which is a significant supply-chain/RCE risk if the artifact or hosting is compromised. Additionally, the Electron window is configured with nodeIntegration:true and webSecurity:false, increasing the blast radius of any renderer compromise, and several privileged IPC handlers can trigger the download/unzip/execute workflow. The 'Game.SendLogs' functionality may also expose or export diagnostic information to the desktop.

Live on npm for 1 day, 11 hours and 51 minutes before removal. Socket users were protected even while the package was live.

meshcentral

1.1.38

by ysainthilaire

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

upstartadmindashboard-

99.99.1

by realvivek07

Removed from npm

Blocked by Socket

This package will execute postinstall.js on install. Executing a package-provided script is a normal practice for setup tasks, but it is a common vector for malicious behavior (telemetry, data exfiltration, adding hooks, installing additional packages, starting background processes, or opening network connections). You should inspect the contents of postinstall.js before installing. Absent that inspection, treat this as a moderate security risk.

Live on npm for 1 day, 19 hours and 7 minutes before removal. Socket users were protected even while the package was live.

imcodes

2026.4.1049-dev.1065

by GitHub Actions

Live on npm

Blocked by Socket

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

fsd

0.1.490

Removed from pypi

Blocked by Socket

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 3 minutes before removal. Socket users were protected even while the package was live.

hwpwings

0.4.2

Live on pypi

Blocked by Socket

The module performs an automatic, side-effectful installation: if a specific HKCU registry value is missing it downloads a DLL from a hardcoded remote URL and writes it to C:\Temp\Temp2, then records the path in the registry under HKCU\\Software\\HNC\\HwpAutomation\\Modules. This behavior is dangerous: it persists a native binary without validation and can enable execution by other HWP automation components. Coupled with malformed/truncated code later in the file, the fragment is suspicious and should not be trusted. Recommend blocking execution, obtaining the DLL from a verified source, and requiring explicit, audited installation steps (with signatures/checksums) before allowing such behavior.

github.com/apache/trafficcontrol

v1.1.4-0.20170109040459-940d621a03a7

Live on go

Blocked by Socket

This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.

@merajah/baileys

2.0.5

by dwi-merajah

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

github-badge-bot

1.12.2

Live on npm

Blocked by Socket

High risk. The package runs an extract-tokens script automatically on install (postinstall) and provides tooling that can harvest tokens and send invites. Combined with screen-capture capability and the suspicious self-dependency, this package is likely to perform credential theft and unsolicited account actions. Do not install on any machine with credentials or sensitive data; inspect the referenced scripts (bin/extract-tokens.js, bin/preinstall.js, bin/start-bot.js, etc.) in a safe, offline environment before considering use.

discordd.jss

1.6.2

by xfixxy311

Removed from npm

Blocked by Socket

The code runs an executable file when the module is loaded. It uses the 'exec' function to execute a command, which could be a security risk if untrusted data is passed to it. The hard-coded executable file name is also an anomaly that could be a security risk if the file is malicious.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

drsploitberg

0.1a1

Live on pypi

Blocked by Socket

The provided module is a clear denial-of-service (HTTP GET flood) implementation: multithreaded sockets repeatedly connect to and send requests to a target host and port with no safeguards. It is malicious by purpose and poses a high supply-chain/security risk. Do not include or execute this code in trusted environments. Treat packages containing this code as malicious or severely dangerous.

evo-web

100.0.5

by 0xnullsec

Removed from npm

Blocked by Socket

This preinstall script is malicious: it collects and transmits sensitive system information (including /etc/shadow) to an external endpoint during npm install. Installing this package will leak credentials and system data and should be considered high-risk. Do not install or run on any system with sensitive data; investigate and remove any exposure if already executed.

Live on npm for 3 hours and 9 minutes before removal. Socket users were protected even while the package was live.

ing-feat-malware-detection

99.99.99

by bate5a

Live on npm

Blocked by Socket

This code performs targeted local reconnaissance and exfiltrates environment and user data (including the presence of company-related entries in shell histories and directory listings) to a hardcoded external OAST domain over unencrypted HTTP. The behavior is clearly malicious or at minimum privacy-invasive and unsuitable for a dependency. Treat this package as a supply-chain compromise: remove it, block the endpoint, and investigate systems where it executed for potential data exposure.

vigilinux

1.0.1

Removed from pypi

Blocked by Socket

The code is not overtly malicious but contains high-risk deserialization patterns: dynamic, data-driven class import and reconstruction of objects (AbstractFileSystem.from_dict and constructor calls) combined with default inclusion of passwords. If untrusted JSON can reach FilesystemJSONDecoder, an attacker could cause arbitrary imports and trigger side effects or credential disclosure. Treat this module as unsafe for untrusted input unless mitigations (allowlist, disable password emission, input validation) are applied. The fragment appears incomplete which lowers full-confidence assessment.

Live on pypi for 3 hours and 4 minutes before removal. Socket users were protected even while the package was live.

github.com/An0nUD4Y/Modlishka

v0.0.0-20190127195609-8d01c8592400

Live on go

Blocked by Socket

This module is a reverse proxy designed to enable phishing: it strips security headers, downgrades cookie security, injects JavaScript payloads, rewrites URLs to a phishing domain, logs cookies and session identifiers, and accepts invalid TLS certificates. These behaviors constitute active malicious functionality for credential/session capture and user tracking. The code should be considered dangerous and unsuitable for use in normal applications. Use only with explicit authorization in controlled environments.

atlasctf-21-prod-08

99.99.99.1

Live on pypi

Blocked by Socket

This setup.py contains explicit, malicious data-exfiltration behavior executed during package installation. It reads a likely sensitive file (/flag.txt) and posts its contents to a hardcoded external webhook, while suppressing errors to remain stealthy. Treat this package as malicious: do not install it, remove it from affected systems, and investigate any environments where it was installed for leaked secrets or further compromise.

@douinfe/semi-animation-styled

9.3.5

by mtdev008742

Removed from npm

Blocked by Socket

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

Live on npm for 19 hours and 17 minutes before removal. Socket users were protected even while the package was live.

qumra-ui

0.0.107

by khalidwalid00

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

data-layer-v8

9999.99.99

by explotme

Removed from npm

Blocked by Socket

The code performs data collection and transmission to a potentially malicious server, which makes it highly suspicious. The code uses a hardcoded suspicious domain, collects user information without consent, and sends the data to an external server. This can lead to severe privacy violation and data leak issues.

Live on npm for 1 day, 9 hours and 18 minutes before removal. Socket users were protected even while the package was live.

uniquebible

0.1.62

Live on pypi

Blocked by Socket

This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.

agentgui

1.0.860

by lanmower

Live on npm

Blocked by Socket

This module exposes an extremely high-risk remote control surface: it can spawn an interactive shell (PTY with fallback), accept client-provided base64 input to that shell, and stream the resulting output back to the client over WebSocket—creating a bidirectional remote command execution channel. It also exposes PM2 administrative operations and log retrieval/flush using client-controlled parameters. If strong authorization and auditing are not enforced elsewhere, this is consistent with backdoor/RCE capability and represents a severe supply-chain security concern.

sparrow-python

0.2.7.1

Live on pypi

Blocked by Socket

The code contains dynamic URL alterations and uses 'os.system' with user inputs, posing a security risk. It is recommended to review the code for safer alternatives.

github.com/sourcegraph/sourcegraph

v0.0.0-20210603123949-9e1e62ecef67

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles