Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

@tpblock/client

0.23.14

by pinelliaw

Live on npm

Blocked by Socket

This file contains a sophisticated supply chain attack that masquerades as a legitimate Web3 library while systematically compromising critical security components. The malware overrides standard secp256k1 cryptographic functions (ecdsaSign and ecdsaRecover) with custom implementations using different crypto APIs, potentially weakening signature security or enabling signature manipulation. It disables ENS resolution by setting the registry address to '0000000000000000000000000000000000000000', which could redirect domain queries. The code implements a wrap_async_func mechanism that systematically modifies all Web3 module functions by adding synchronous versions, creating potential interception points for transaction data. Additionally, it uses a custom HTTP provider instead of the standard Web3 provider, enabling network traffic interception and potential data exfiltration. The malware maintains API compatibility to avoid detection while compromising cryptocurrency transactions and stealing sensitive blockchain-related data.

load-dynamic-module

1.0.48

by frudman

Live on npm

Blocked by Socket

This fragment implements a highly permissive in-browser dynamic module loader that can fetch remote resources over HTTP(S) and execute downloaded JavaScript using dynamically constructed AsyncFunction (plus a CommonJS-like path), inject CSS into the DOM, parse JSON, and write loaded exports to the global window namespace. The absence of visible origin allowlists, integrity verification, or sandboxing makes it a substantial supply-chain security risk: if an attacker can influence dependency specifiers/URLs or the remote endpoints, they can achieve arbitrary code execution in the consuming page.

mollie-design-system

991.0.1

by bugbounty.click

Removed from npm

Blocked by Socket

The script is malicious as it collects sensitive system and user information without consent and sends it to an external server. It also bypasses Node's TLS security checks, posing a risk for man-in-the-middle attacks. The recipient domain 'bugbounty.click' is not recognized or well-known, further raising security concerns.

mtmai

0.5.42

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

github.com/weaveworks/weave

v1.5.1-0.20160503122004-fb3ed9c1a684

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

imcodes

2026.4.1149

by imcodes

Live on npm

Blocked by Socket

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

regscale-cli

6.19.0.0

Live on pypi

Blocked by Socket

This obfuscated Python module prompts for a user password, generates or loads a symmetric Fernet key into a hidden directory, and then encrypts or decrypts files in-place based on their extensions. All string constants (file paths, commands, extensions) are built via indexing into a single alphabet string to thwart analysis. It writes key and token files to disk, calls os.system under specific OS checks, and uses sys.exit to abort on failed validation. There are no network calls, but the script will irreversibly overwrite user files with ciphertext until the correct password is supplied—matching ransomware-like behavior and posing a severe risk to data integrity if executed without isolation.

bluelamp-ai

1.0.2

Live on pypi

Blocked by Socket

This file is a highly suspicious loader that conceals a Python payload via base64 + zlib and executes it with exec(). Treat it as untrusted: do not run this in production or on sensitive systems. Decode and inspect the inner payload in a safe, isolated environment before any execution. The pattern is consistent with obfuscated malicious modules and represents a significant supply-chain/security risk.

tfjs-core

9.3.0

by jpdtestjpd

Live on npm

Blocked by Socket

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.

vigilinux

0.8.0

Removed from pypi

Blocked by Socket

This module is not explicitly obfuscated or directly embedding malware, but it presents a high-risk pattern: it executes AI-generated shell commands with shell=True and no safety enforcement. The imported safety check (is_command_safe) is not used. That design allows arbitrary command execution, privilege escalation suggestions, and automated retries — all of which could be abused to run destructive or exfiltrative operations. Fixes should include enforcing command safety checks, prompting the user for explicit approval before executing AI-generated commands, avoiding shell=True where possible, limiting retries, and validating the API key usage bug. Treat this package as high-risk for runtime command execution until mitigations are added.

Live on pypi for 19 hours and 39 minutes before removal. Socket users were protected even while the package was live.

@ftapi/secuauth

0.1.0

by mahmoud0x00-h1

Live on npm

Blocked by Socket

The script runs 'extract.js' in the background, but without further context or inspection of the script itself, it is difficult to assess its safety. This could potentially lead to untrusted code execution.

@kingspartan/baileys

1.1.0

by kingspartan

Removed from npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 4 days, 8 hours and 14 minutes before removal. Socket users were protected even while the package was live.

@softeria/ms-365-mcp-server

0.21.1

Live on npm

Blocked by Socket

There is a clear anomalous pattern: the code forcibly redirects the generated client’s import from a legitimate core library to a local module hack.js. This constitutes a backdoor/vector for malicious behavior if hack.js is untrusted. Without integrity checks or vetting of hack.js, this practice introduces high security risk in a supply-chain context and should be halted or strictly audited.

exp10it

2.4.39

Live on pypi

Blocked by Socket

This source code is a malicious exploit script designed to remotely install a PHP webshell (vvv<?php eval($_POST[zzz]);?>) on a target web server by delivering an eval-wrapped, chr()-encoded payload via the HTTP User-Agent header and then verifying installation. Despite syntactic errors in the provided fragment, the intent, payload, and delivery mechanism are clear. Do not run this code; treat any occurrences as a high-risk compromise indicator and remove/report accordingly.

snow-flow

7.5.3

Live on npm

Blocked by Socket

This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.

dawidd6/action-ansible-playbook

009b88e9b8894bd8838475d799b7dca5024e91d5

Live on actions

Blocked by Socket

This workflow contains highly suspicious and dangerous behavior: a hard-coded private SSH key and public key are embedded in the workflow and the job writes the public key to /etc/ssh/authorized_keys and restarts sshd, effectively enabling remote SSH access to the runner. The workflow also passes multiple plaintext credentials and the SSH private key into a local action (uses: ./), creating a high risk of secret exfiltration or backdoor access. Treat this as malicious or severely misconfigured; remove the embedded keys and credentials, avoid enabling SSH on runners, and inspect or avoid the local action until its code is audited. Immediate remediation: revoke the exposed key(s), secrets, and any credentials, and assume compromise of any systems the keys touched.

@fdfe/era-cellar

0.0.2

by dhasifg

Live on npm

Blocked by Socket

The script is likely used for malicious purposes, collecting sensitive data and sending it to specific IPs, which can be interpreted as a data exfiltration attempt. The usage of obfuscated code and hardcoded IP addresses further supports the suspicion of malicious intent.

page-blocks

1.1.1

Removed from npm

Blocked by Socket

The script is clearly performing malicious actions by exfiltrating environment variables to an external IP address via DNS queries. This poses a significant security risk as it can lead to the exposure of sensitive information.

xuiniadb

1.4

Live on pypi

Blocked by Socket

This code is intentionally malicious and designed to sabotage Windows hosts. When called with the literal 'CRASH' it probabilistically either attempts to cause a kernel-level crash (BSOD) via direct ntdll calls or issues an immediate shutdown command. It also calls an external module with obscene naming that represents an additional supply-chain risk. Do not run this code; mark the package as malicious, remove/quarantine it from systems and the supply chain, and audit any dependencies (especially HuiPornoAscii) and other versions.

gr-tradinggame

0.1.5

Live on pypi

Blocked by Socket

The provided fragment is highly risky: it enables untrusted data to trigger arbitrary code execution through unpickling (cloudpickle) or by evaluating user-provided source code inside an IPython shell. This is a classic dangerous pattern that can lead to remote code execution, data exfiltration, or system compromise if exposed to external inputs. No safeguards (sandboxing, input validation, restricted execution) are present. Recommend treating as high-risk, isolating from any production dependencies, and implementing strict input validation, sandboxing, or eliminating untrusted payload support.

irspdf

0.0.1

Live on pypi

Blocked by Socket

High risk due to untrusted deserialization via pickle.load from a path supplied externally (sys.argv[1]). The pattern can enable remote code execution if a crafted payload is supplied. The subsequent BM25 call on the untrusted object is suspicious but secondary to the deserialization risk. The syntax error should be resolved, but the core vulnerability remains and warrants removal of pickle-based loading or strict validation/sandboxing.

tx.geometric

1.1.5.1

by TianTeng

Live on nuget

Blocked by Socket

This assembly contains a legitimate-looking geometry API surface, but also incorporates a heavily obfuscated protector/loader that performs resource extraction, cryptographic verification/decryption, native memory allocation/WriteProcessMemory/VirtualProtect, runtime code generation and delegate/function pointer creation. Those capabilities enable in-memory loading and execution of arbitrary payloads and process memory manipulation. In a supply-chain context this is high risk: even if originally intended as a licensing/protection stub, it provides all primitives needed for stealthy code execution/injection and would be considered unacceptable for most libraries intended for reuse. I recommend not using this package in production until the embedded payload and the protector's exact purpose are verified by the maintainer and source is deobfuscated/inspected. If you must use it, run it in a strictly controlled environment, and audit the embedded resources and any network behavior of the payload before permitting it in sensitive systems.

@assaabloy/amarr-wc-book-sitecheck-appointment

5.4.0

by yadamska

Live on npm

Blocked by Socket

The provided JavaScript bundle file has several potential security concerns, including the use of eval() function, hardcoded URLs, and innerHTML which can lead to XSS attacks. It is recommended to properly sanitize and validate any user input to prevent these types of attacks.

@tpblock/client

0.23.14

by pinelliaw

Live on npm

Blocked by Socket

This file contains a sophisticated supply chain attack that masquerades as a legitimate Web3 library while systematically compromising critical security components. The malware overrides standard secp256k1 cryptographic functions (ecdsaSign and ecdsaRecover) with custom implementations using different crypto APIs, potentially weakening signature security or enabling signature manipulation. It disables ENS resolution by setting the registry address to '0000000000000000000000000000000000000000', which could redirect domain queries. The code implements a wrap_async_func mechanism that systematically modifies all Web3 module functions by adding synchronous versions, creating potential interception points for transaction data. Additionally, it uses a custom HTTP provider instead of the standard Web3 provider, enabling network traffic interception and potential data exfiltration. The malware maintains API compatibility to avoid detection while compromising cryptocurrency transactions and stealing sensitive blockchain-related data.

load-dynamic-module

1.0.48

by frudman

Live on npm

Blocked by Socket

This fragment implements a highly permissive in-browser dynamic module loader that can fetch remote resources over HTTP(S) and execute downloaded JavaScript using dynamically constructed AsyncFunction (plus a CommonJS-like path), inject CSS into the DOM, parse JSON, and write loaded exports to the global window namespace. The absence of visible origin allowlists, integrity verification, or sandboxing makes it a substantial supply-chain security risk: if an attacker can influence dependency specifiers/URLs or the remote endpoints, they can achieve arbitrary code execution in the consuming page.

mollie-design-system

991.0.1

by bugbounty.click

Removed from npm

Blocked by Socket

The script is malicious as it collects sensitive system and user information without consent and sends it to an external server. It also bypasses Node's TLS security checks, posing a risk for man-in-the-middle attacks. The recipient domain 'bugbounty.click' is not recognized or well-known, further raising security concerns.

mtmai

0.5.42

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

github.com/weaveworks/weave

v1.5.1-0.20160503122004-fb3ed9c1a684

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

imcodes

2026.4.1149

by imcodes

Live on npm

Blocked by Socket

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

regscale-cli

6.19.0.0

Live on pypi

Blocked by Socket

This obfuscated Python module prompts for a user password, generates or loads a symmetric Fernet key into a hidden directory, and then encrypts or decrypts files in-place based on their extensions. All string constants (file paths, commands, extensions) are built via indexing into a single alphabet string to thwart analysis. It writes key and token files to disk, calls os.system under specific OS checks, and uses sys.exit to abort on failed validation. There are no network calls, but the script will irreversibly overwrite user files with ciphertext until the correct password is supplied—matching ransomware-like behavior and posing a severe risk to data integrity if executed without isolation.

bluelamp-ai

1.0.2

Live on pypi

Blocked by Socket

This file is a highly suspicious loader that conceals a Python payload via base64 + zlib and executes it with exec(). Treat it as untrusted: do not run this in production or on sensitive systems. Decode and inspect the inner payload in a safe, isolated environment before any execution. The pattern is consistent with obfuscated malicious modules and represents a significant supply-chain/security risk.

tfjs-core

9.3.0

by jpdtestjpd

Live on npm

Blocked by Socket

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.

vigilinux

0.8.0

Removed from pypi

Blocked by Socket

This module is not explicitly obfuscated or directly embedding malware, but it presents a high-risk pattern: it executes AI-generated shell commands with shell=True and no safety enforcement. The imported safety check (is_command_safe) is not used. That design allows arbitrary command execution, privilege escalation suggestions, and automated retries — all of which could be abused to run destructive or exfiltrative operations. Fixes should include enforcing command safety checks, prompting the user for explicit approval before executing AI-generated commands, avoiding shell=True where possible, limiting retries, and validating the API key usage bug. Treat this package as high-risk for runtime command execution until mitigations are added.

Live on pypi for 19 hours and 39 minutes before removal. Socket users were protected even while the package was live.

@ftapi/secuauth

0.1.0

by mahmoud0x00-h1

Live on npm

Blocked by Socket

The script runs 'extract.js' in the background, but without further context or inspection of the script itself, it is difficult to assess its safety. This could potentially lead to untrusted code execution.

@kingspartan/baileys

1.1.0

by kingspartan

Removed from npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 4 days, 8 hours and 14 minutes before removal. Socket users were protected even while the package was live.

@softeria/ms-365-mcp-server

0.21.1

Live on npm

Blocked by Socket

There is a clear anomalous pattern: the code forcibly redirects the generated client’s import from a legitimate core library to a local module hack.js. This constitutes a backdoor/vector for malicious behavior if hack.js is untrusted. Without integrity checks or vetting of hack.js, this practice introduces high security risk in a supply-chain context and should be halted or strictly audited.

exp10it

2.4.39

Live on pypi

Blocked by Socket

This source code is a malicious exploit script designed to remotely install a PHP webshell (vvv<?php eval($_POST[zzz]);?>) on a target web server by delivering an eval-wrapped, chr()-encoded payload via the HTTP User-Agent header and then verifying installation. Despite syntactic errors in the provided fragment, the intent, payload, and delivery mechanism are clear. Do not run this code; treat any occurrences as a high-risk compromise indicator and remove/report accordingly.

snow-flow

7.5.3

Live on npm

Blocked by Socket

This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.

dawidd6/action-ansible-playbook

009b88e9b8894bd8838475d799b7dca5024e91d5

Live on actions

Blocked by Socket

This workflow contains highly suspicious and dangerous behavior: a hard-coded private SSH key and public key are embedded in the workflow and the job writes the public key to /etc/ssh/authorized_keys and restarts sshd, effectively enabling remote SSH access to the runner. The workflow also passes multiple plaintext credentials and the SSH private key into a local action (uses: ./), creating a high risk of secret exfiltration or backdoor access. Treat this as malicious or severely misconfigured; remove the embedded keys and credentials, avoid enabling SSH on runners, and inspect or avoid the local action until its code is audited. Immediate remediation: revoke the exposed key(s), secrets, and any credentials, and assume compromise of any systems the keys touched.

@fdfe/era-cellar

0.0.2

by dhasifg

Live on npm

Blocked by Socket

The script is likely used for malicious purposes, collecting sensitive data and sending it to specific IPs, which can be interpreted as a data exfiltration attempt. The usage of obfuscated code and hardcoded IP addresses further supports the suspicion of malicious intent.

page-blocks

1.1.1

Removed from npm

Blocked by Socket

The script is clearly performing malicious actions by exfiltrating environment variables to an external IP address via DNS queries. This poses a significant security risk as it can lead to the exposure of sensitive information.

xuiniadb

1.4

Live on pypi

Blocked by Socket

This code is intentionally malicious and designed to sabotage Windows hosts. When called with the literal 'CRASH' it probabilistically either attempts to cause a kernel-level crash (BSOD) via direct ntdll calls or issues an immediate shutdown command. It also calls an external module with obscene naming that represents an additional supply-chain risk. Do not run this code; mark the package as malicious, remove/quarantine it from systems and the supply chain, and audit any dependencies (especially HuiPornoAscii) and other versions.

gr-tradinggame

0.1.5

Live on pypi

Blocked by Socket

The provided fragment is highly risky: it enables untrusted data to trigger arbitrary code execution through unpickling (cloudpickle) or by evaluating user-provided source code inside an IPython shell. This is a classic dangerous pattern that can lead to remote code execution, data exfiltration, or system compromise if exposed to external inputs. No safeguards (sandboxing, input validation, restricted execution) are present. Recommend treating as high-risk, isolating from any production dependencies, and implementing strict input validation, sandboxing, or eliminating untrusted payload support.

irspdf

0.0.1

Live on pypi

Blocked by Socket

High risk due to untrusted deserialization via pickle.load from a path supplied externally (sys.argv[1]). The pattern can enable remote code execution if a crafted payload is supplied. The subsequent BM25 call on the untrusted object is suspicious but secondary to the deserialization risk. The syntax error should be resolved, but the core vulnerability remains and warrants removal of pickle-based loading or strict validation/sandboxing.

tx.geometric

1.1.5.1

by TianTeng

Live on nuget

Blocked by Socket

This assembly contains a legitimate-looking geometry API surface, but also incorporates a heavily obfuscated protector/loader that performs resource extraction, cryptographic verification/decryption, native memory allocation/WriteProcessMemory/VirtualProtect, runtime code generation and delegate/function pointer creation. Those capabilities enable in-memory loading and execution of arbitrary payloads and process memory manipulation. In a supply-chain context this is high risk: even if originally intended as a licensing/protection stub, it provides all primitives needed for stealthy code execution/injection and would be considered unacceptable for most libraries intended for reuse. I recommend not using this package in production until the embedded payload and the protector's exact purpose are verified by the maintainer and source is deobfuscated/inspected. If you must use it, run it in a strictly controlled environment, and audit the embedded resources and any network behavior of the payload before permitting it in sensitive systems.

@assaabloy/amarr-wc-book-sitecheck-appointment

5.4.0

by yadamska

Live on npm

Blocked by Socket

The provided JavaScript bundle file has several potential security concerns, including the use of eval() function, hardcoded URLs, and innerHTML which can lead to XSS attacks. It is recommended to properly sanitize and validate any user input to prevent these types of attacks.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles