Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

clselove

1.30

Live on pypi

Blocked by Socket

Malicious automation/exfiltration script that controls a running Chromium/Kiwi browser via Chrome DevTools Protocol (connects to http://localhost:9222/json and the tab’s webSocketDebuggerUrl) to inject JavaScript for navigation, DOM interaction, cookie manipulation, and page data extraction. It automates Google account sign-in and recovery flows (accounts.google[.]com, mail.google[.]com), including entering credentials/recovery email and attempting password changes, while reporting statuses and (in some branches) passwords to a remote backend via HTTP requests (requests.patch/requests.post) using an externally-defined server base URL (imported as link_sms). Data theft/exfiltration: on Android, it runs adb commands and uses root (su -c) to copy the browser profile directory /data/user/0/com.kiwibrowser.browser/app_chrome to /sdcard/, zips the collected profile, and uploads the ZIP to the remote server (link_sms/.../upload/...). This directory likely contains cookies/session tokens and other sensitive browser data. Remote code execution/stager: the embedded JS payload under key 'si' includes a command string that retrieves code from https://runcode-d24f5-default-rtdb.firebaseio[.]com/run[.]json, writes it to code.py, and runs "python3 code.py" (download-and-execute behavior). Overall severity is high: combines device/browser control (adb, DevTools websocket), credential/account takeover automation, sensitive profile theft, external exfiltration, and a remote code download/execute mechanism.

naas-drivers

0.121.4

Live on pypi

Blocked by Socket

This module performs LinkedIn interactions but also repeatedly sends LinkedIn session cookies (li_at and JSESSIONID) as JSON to a hardcoded external API endpoint (https://3hz1hdpnlf.execute-api.eu-west-1.amazonaws.com/prod). That constitutes a high-risk behavior (credential harvesting / data exfiltration). Unless the external endpoint is trusted and intended as a secure proxy maintained by the same project/organization (which should be verified out-of-band), this package should be treated as unsafe. I recommend not using this package or removing/rewriting any calls that transmit session cookies to third-party domains. Also audit any accounts where these credentials may have been used and rotate session tokens/cookies.

npcpy

1.4.18

Live on pypi

Blocked by Socket

This module is primarily an LLM/image/video wrapper that forwards user-controlled prompts/media and resolved provider credentials to external services. The most significant security concern is an explicit LLM-to-bash command generation workflow (execute_llm_command) that is designed for downstream automation and could enable command injection/RCE if executed without strict validation/sandboxing. Additionally, gen_image(save=True) performs filesystem writes using an unsanitized, caller-influenced filename fragment, creating potential path manipulation/overwrite risk. No direct malicious payload or direct subprocess execution is present in the shown fragment, but the agentic command-generation pattern makes this a high-risk component in a supply-chain context.

mtmai

0.4.69

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

chain-promised-await

1.3.5

by desop51805

Live on npm

Blocked by Socket

The fragment demonstrates a high-risk remote code execution backdoor pattern: it fetches code from an external URL and executes it without validation, with potential access to require and the runtime environment. This should be treated as extremely dangerous in any library or dependency context. Implement robust safeguards, remove dynamic execution of untrusted payloads, and replace with strict code signing, integrity checks, or sandboxed evaluation if ever necessary.

stormancer.server.node

9.1.2.28-pre

by Stormancer

Live on nuget

Blocked by Socket

The analyzed code shows clear indicators of credential leakage and outbound data transmission via Git hooks, coupled with environment-based tokens and verbose tracing. The presence of a hardcoded credential helper and a push-exfiltration hook constitutes strong security and supply-chain abuse signals. Overall, this pattern represents a high-risk scenario that should be remediated before deployment: remove hardcoded credentials, restrict/validate hook contents, ensure tokens are never embedded in scripts, and audit environment-variable handling and external endpoints.

mooho-base-admin-plus

2.10.1

by aliaskim

Live on npm

Blocked by Socket

This code mostly contains standard libraries and application logic, but includes clearly malicious/unwanted behavior: a locale-and-host-targeted payload that, after a delay, disables page interactions and auto-plays an externally-hosted audio file (hardcoded URL). It also injects a script tag loading code from http://localhost:8000 which can execute arbitrary code. These behaviors are unexpected for a UI library and constitute a supply-chain/backdoor risk. Remove or disable the geo-targeted delayed audio injection and avoid unconditional injection of remote scripts (especially via plain HTTP). Review package source and provenance immediately.

fiji-core-framework

4.999.0

by officeathand

Removed from npm

Blocked by Socket

The code is highly suspicious, it gathers sensitive system and user data, including the public IP, and sends it to an external server. Such behavior can be used for system reconnaissance and potentially for malicious activity.

Live on npm for 18 days, 20 hours and 2 minutes before removal. Socket users were protected even while the package was live.

@builder.io/sdk-qwik

0.16.23

by builderio-bot

Live on npm

Blocked by Socket

The code permits runtime evaluation and loading of scripts discovered within its content, a capability that can be legitimate for dynamic features but poses strong security risks in supply chain contexts. Without sanitization, validation, or sandboxing, this pattern enables arbitrary code execution from untrusted input, increasing the risk of data leakage, unauthorized actions, and potential compromise of the host page.

varsnap

0.8.3

Live on pypi

Blocked by Socket

This module contains high-risk behavior: it serializes and transmits module globals and function inputs/outputs to external VarSnap endpoints and — critically — it deserializes (pickle.loads) remote data and injects it into the running process globals before executing code. Untrusted pickle deserialization plus globals injection is a remote code execution vector; serializing globals is a significant data-exfiltration risk. Treat this package as dangerous for use in untrusted or production environments unless you fully control and audit the remote VarSnap service and the environment variables. The code as written should be considered insecure and potentially malicious in a supply-chain context.

sbcli-dev

17.4.49

Live on pypi

Blocked by Socket

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

sauruslord-baileys

1.1.4

by sauruslord

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

coffin-codes-net2

7.0

Live on pypi

Blocked by Socket

This code contains clear malicious behavior. It establishes unauthorized communication channels, uses hardcoded credentials, and sends system information to external email addresses. It appears to be setting up a backdoor through a TCP tunnel that could allow remote access to the local system.

ailever

0.3.114

Live on pypi

Blocked by Socket

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

@bootstrap-base-nabtrade-design/components

3.999.999

Live on npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

rank4222wun

1.0.70

Removed from npm

Blocked by Socket

This package runs a local Node script at install time (both preinstall and postinstall). That behavior is potentially dangerous because preinstall.js will execute arbitrary code with the installer's privileges. You should inspect the contents of preinstall.js before installing. Treat this as suspicious until proven benign.

Live on npm for 10 hours and 33 minutes before removal. Socket users were protected even while the package was live.

shineout-mobile

2.0.3

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 59 minutes before removal. Socket users were protected even while the package was live.

skk

2025.4.14.1

Removed from pypi

Blocked by Socket

The code contains a dangerous deserialization/execution pattern: it will exec Python source strings stored in MongoDB documents and then call functions created from them. If an attacker can write or modify documents in the database this code reads, they can achieve arbitrary code execution in the running process. There are no explicit hardcoded backdoors or network exfiltration strings in the fragment, but the exec-on-DB-content pattern is a high-risk operation and effectively enables arbitrary malicious behavior. Additionally, there is a clear bug in mpy._serialize_func (a malformed re.search call). Recommendation: treat this as high security risk unless you can guarantee all database writers are fully trusted; remove or sandbox the exec path and validate/cryptographically sign serialized functions.

Live on pypi for 4 days, 22 hours and 44 minutes before removal. Socket users were protected even while the package was live.

luisenmarroquin/gh-pages-publish

0b4dc5fd3cacf0feb29a56284de5aa301cd060a6

Live on actions

Blocked by Socket

The code performs clear, immediate destructive filesystem actions that delete SSH- and Git-related configuration files in the module directory. This behavior is consistent with supply-chain sabotage: removing credentials/configuration without user consent. Even though there is no network exfiltration, the deletion of .ssh and .gitconfig can cause credential loss and workflow breakage. Treat this module as malicious/untrusted and do not run or install it; restore affected files from backups and audit systems where it ran.

cl-lite

1.0.1314

by michael_tian

Live on npm

Blocked by Socket

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

@blocklet/pages-kit

0.5.10

by wangshijun

Live on npm

Blocked by Socket

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

mzgantt

2024.7.12

by hubosoft

Live on npm

Blocked by Socket

The analyzed code is heavily obfuscated and uses eval() to execute dynamically generated code, which manipulates the DOM and suppresses console output. While no explicit malicious actions like network communication or data theft are clearly visible, the obfuscation, eval usage, and dynamic DOM manipulation strongly indicate a high security risk and potential malicious intent. The lack of meaningful reports and the complexity of the code prevent definitive classification, but caution is strongly advised.

sbcli-dev2

99.0.1

Live on pypi

Blocked by Socket

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

@vividcortex/multiplexer

2.567.13

by hvvd-cortx

Live on npm

Blocked by Socket

This file checks system environment variables against predefined filters and, if no match is found, exfiltrates the variables to a suspicious, obfuscated domain (e.g., eo3v2hvho25[.]bp53[.]m[.]pip[.]edr[.]eam[.]net). The environment data is base64-encoded before transmission, suggesting an attempt to avoid detection. This behavior constitutes data theft and poses a serious security risk.

clselove

1.30

Live on pypi

Blocked by Socket

Malicious automation/exfiltration script that controls a running Chromium/Kiwi browser via Chrome DevTools Protocol (connects to http://localhost:9222/json and the tab’s webSocketDebuggerUrl) to inject JavaScript for navigation, DOM interaction, cookie manipulation, and page data extraction. It automates Google account sign-in and recovery flows (accounts.google[.]com, mail.google[.]com), including entering credentials/recovery email and attempting password changes, while reporting statuses and (in some branches) passwords to a remote backend via HTTP requests (requests.patch/requests.post) using an externally-defined server base URL (imported as link_sms). Data theft/exfiltration: on Android, it runs adb commands and uses root (su -c) to copy the browser profile directory /data/user/0/com.kiwibrowser.browser/app_chrome to /sdcard/, zips the collected profile, and uploads the ZIP to the remote server (link_sms/.../upload/...). This directory likely contains cookies/session tokens and other sensitive browser data. Remote code execution/stager: the embedded JS payload under key 'si' includes a command string that retrieves code from https://runcode-d24f5-default-rtdb.firebaseio[.]com/run[.]json, writes it to code.py, and runs "python3 code.py" (download-and-execute behavior). Overall severity is high: combines device/browser control (adb, DevTools websocket), credential/account takeover automation, sensitive profile theft, external exfiltration, and a remote code download/execute mechanism.

naas-drivers

0.121.4

Live on pypi

Blocked by Socket

This module performs LinkedIn interactions but also repeatedly sends LinkedIn session cookies (li_at and JSESSIONID) as JSON to a hardcoded external API endpoint (https://3hz1hdpnlf.execute-api.eu-west-1.amazonaws.com/prod). That constitutes a high-risk behavior (credential harvesting / data exfiltration). Unless the external endpoint is trusted and intended as a secure proxy maintained by the same project/organization (which should be verified out-of-band), this package should be treated as unsafe. I recommend not using this package or removing/rewriting any calls that transmit session cookies to third-party domains. Also audit any accounts where these credentials may have been used and rotate session tokens/cookies.

npcpy

1.4.18

Live on pypi

Blocked by Socket

This module is primarily an LLM/image/video wrapper that forwards user-controlled prompts/media and resolved provider credentials to external services. The most significant security concern is an explicit LLM-to-bash command generation workflow (execute_llm_command) that is designed for downstream automation and could enable command injection/RCE if executed without strict validation/sandboxing. Additionally, gen_image(save=True) performs filesystem writes using an unsanitized, caller-influenced filename fragment, creating potential path manipulation/overwrite risk. No direct malicious payload or direct subprocess execution is present in the shown fragment, but the agentic command-generation pattern makes this a high-risk component in a supply-chain context.

mtmai

0.4.69

Live on pypi

Blocked by Socket

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

chain-promised-await

1.3.5

by desop51805

Live on npm

Blocked by Socket

The fragment demonstrates a high-risk remote code execution backdoor pattern: it fetches code from an external URL and executes it without validation, with potential access to require and the runtime environment. This should be treated as extremely dangerous in any library or dependency context. Implement robust safeguards, remove dynamic execution of untrusted payloads, and replace with strict code signing, integrity checks, or sandboxed evaluation if ever necessary.

stormancer.server.node

9.1.2.28-pre

by Stormancer

Live on nuget

Blocked by Socket

The analyzed code shows clear indicators of credential leakage and outbound data transmission via Git hooks, coupled with environment-based tokens and verbose tracing. The presence of a hardcoded credential helper and a push-exfiltration hook constitutes strong security and supply-chain abuse signals. Overall, this pattern represents a high-risk scenario that should be remediated before deployment: remove hardcoded credentials, restrict/validate hook contents, ensure tokens are never embedded in scripts, and audit environment-variable handling and external endpoints.

mooho-base-admin-plus

2.10.1

by aliaskim

Live on npm

Blocked by Socket

This code mostly contains standard libraries and application logic, but includes clearly malicious/unwanted behavior: a locale-and-host-targeted payload that, after a delay, disables page interactions and auto-plays an externally-hosted audio file (hardcoded URL). It also injects a script tag loading code from http://localhost:8000 which can execute arbitrary code. These behaviors are unexpected for a UI library and constitute a supply-chain/backdoor risk. Remove or disable the geo-targeted delayed audio injection and avoid unconditional injection of remote scripts (especially via plain HTTP). Review package source and provenance immediately.

fiji-core-framework

4.999.0

by officeathand

Removed from npm

Blocked by Socket

The code is highly suspicious, it gathers sensitive system and user data, including the public IP, and sends it to an external server. Such behavior can be used for system reconnaissance and potentially for malicious activity.

Live on npm for 18 days, 20 hours and 2 minutes before removal. Socket users were protected even while the package was live.

@builder.io/sdk-qwik

0.16.23

by builderio-bot

Live on npm

Blocked by Socket

The code permits runtime evaluation and loading of scripts discovered within its content, a capability that can be legitimate for dynamic features but poses strong security risks in supply chain contexts. Without sanitization, validation, or sandboxing, this pattern enables arbitrary code execution from untrusted input, increasing the risk of data leakage, unauthorized actions, and potential compromise of the host page.

varsnap

0.8.3

Live on pypi

Blocked by Socket

This module contains high-risk behavior: it serializes and transmits module globals and function inputs/outputs to external VarSnap endpoints and — critically — it deserializes (pickle.loads) remote data and injects it into the running process globals before executing code. Untrusted pickle deserialization plus globals injection is a remote code execution vector; serializing globals is a significant data-exfiltration risk. Treat this package as dangerous for use in untrusted or production environments unless you fully control and audit the remote VarSnap service and the environment variables. The code as written should be considered insecure and potentially malicious in a supply-chain context.

sbcli-dev

17.4.49

Live on pypi

Blocked by Socket

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

sauruslord-baileys

1.1.4

by sauruslord

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

coffin-codes-net2

7.0

Live on pypi

Blocked by Socket

This code contains clear malicious behavior. It establishes unauthorized communication channels, uses hardcoded credentials, and sends system information to external email addresses. It appears to be setting up a backdoor through a TCP tunnel that could allow remote access to the local system.

ailever

0.3.114

Live on pypi

Blocked by Socket

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

@bootstrap-base-nabtrade-design/components

3.999.999

Live on npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

rank4222wun

1.0.70

Removed from npm

Blocked by Socket

This package runs a local Node script at install time (both preinstall and postinstall). That behavior is potentially dangerous because preinstall.js will execute arbitrary code with the installer's privileges. You should inspect the contents of preinstall.js before installing. Treat this as suspicious until proven benign.

Live on npm for 10 hours and 33 minutes before removal. Socket users were protected even while the package was live.

shineout-mobile

2.0.3

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 59 minutes before removal. Socket users were protected even while the package was live.

skk

2025.4.14.1

Removed from pypi

Blocked by Socket

The code contains a dangerous deserialization/execution pattern: it will exec Python source strings stored in MongoDB documents and then call functions created from them. If an attacker can write or modify documents in the database this code reads, they can achieve arbitrary code execution in the running process. There are no explicit hardcoded backdoors or network exfiltration strings in the fragment, but the exec-on-DB-content pattern is a high-risk operation and effectively enables arbitrary malicious behavior. Additionally, there is a clear bug in mpy._serialize_func (a malformed re.search call). Recommendation: treat this as high security risk unless you can guarantee all database writers are fully trusted; remove or sandbox the exec path and validate/cryptographically sign serialized functions.

Live on pypi for 4 days, 22 hours and 44 minutes before removal. Socket users were protected even while the package was live.

luisenmarroquin/gh-pages-publish

0b4dc5fd3cacf0feb29a56284de5aa301cd060a6

Live on actions

Blocked by Socket

The code performs clear, immediate destructive filesystem actions that delete SSH- and Git-related configuration files in the module directory. This behavior is consistent with supply-chain sabotage: removing credentials/configuration without user consent. Even though there is no network exfiltration, the deletion of .ssh and .gitconfig can cause credential loss and workflow breakage. Treat this module as malicious/untrusted and do not run or install it; restore affected files from backups and audit systems where it ran.

cl-lite

1.0.1314

by michael_tian

Live on npm

Blocked by Socket

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

@blocklet/pages-kit

0.5.10

by wangshijun

Live on npm

Blocked by Socket

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

mzgantt

2024.7.12

by hubosoft

Live on npm

Blocked by Socket

The analyzed code is heavily obfuscated and uses eval() to execute dynamically generated code, which manipulates the DOM and suppresses console output. While no explicit malicious actions like network communication or data theft are clearly visible, the obfuscation, eval usage, and dynamic DOM manipulation strongly indicate a high security risk and potential malicious intent. The lack of meaningful reports and the complexity of the code prevent definitive classification, but caution is strongly advised.

sbcli-dev2

99.0.1

Live on pypi

Blocked by Socket

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

@vividcortex/multiplexer

2.567.13

by hvvd-cortx

Live on npm

Blocked by Socket

This file checks system environment variables against predefined filters and, if no match is found, exfiltrates the variables to a suspicious, obfuscated domain (e.g., eo3v2hvho25[.]bp53[.]m[.]pip[.]edr[.]eam[.]net). The environment data is base64-encoded before transmission, suggesting an attempt to avoid detection. This behavior constitutes data theft and poses a serious security risk.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles