Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

ok-script

0.0.313

Removed from pypi

Blocked by Socket

This script is dangerous to run in environments where repository URLs, file inputs, or git tag names are not fully trusted. It performs destructive operations (removing files, force-pushing) and copies arbitrary local files into remote repositories, which may leak sensitive data. It also uses subprocess.run with shell=True and unsanitized inputs (repo URLs and tag names), creating a command injection vector. While it does not contain explicit exfiltration or obfuscated backdoor code, its behavior can be weaponized or cause severe accidental damage. Recommend not using this script without restrictively validating inputs, removing shell=True or sanitizing arguments, adding confirmations, and adding safer error handling and transactional operations.

Live on pypi for 2 hours and 24 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.1.dev7

Removed from pypi

Blocked by Socket

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

Live on pypi for 18 hours and 34 minutes before removal. Socket users were protected even while the package was live.

mp-browser

0.1.8

Live on pypi

Blocked by Socket

This module exhibits strong indicators of malicious or at-minimum negligent behavior: base64-obfuscated, hardcoded S3 credentials and endpoints, and logic that overrides or ignores a user's disabled S3 setting to return an embedded, enabled S3 configuration. Even though this file does not itself perform network I/O, it provides attacker-controlled configuration and credentials to other components, creating a likely supply-chain backdoor for data exfiltration. Treat this package as high risk: remove or audit the embedded S3 config, correct the inverted logic, remove hardcoded credentials, and verify package provenance before use.

tinyfx.tools.linuxcmd

0.0.40

by JiangHui

Live on nuget

Blocked by Socket

This script automates tampering with Elasticsearch by generating and mounting a 'cracked' x-pack-core jar into the official container image. It also extracts container data and configuration to the host and captures credentials/verification tokens. These behaviors are malicious or at least clearly unauthorized and unsafe in a supply-chain context: they enable license circumvention, introduce untrusted binaries into a server runtime, and exfiltrate potentially sensitive data. The package should not be used; treat any created cracked artifacts and extracted data as compromised.

@emilgroup/customer-sdk

1.54.1

by cover42devs

Removed from npm

Blocked by Socket

This is a publishing automation script that enumerates npm packages owned by accounts associated with provided npm tokens and publishes updated versions by temporarily rewriting package.json and README.md and running npm publish. It does not exhibit classic malware behaviors (no obfuscation, no data exfiltration to unknown domains, no reverse shell), but it is a high-risk tool: if an attacker or a misconfigured CI provides tokens to this script, it can be used to mass-publish or tamper with many packages (supply chain risk). Use with caution and only with trusted tokens and in controlled environments.

Live on npm for 6 days, 16 hours and 23 minutes before removal. Socket users were protected even while the package was live.

foundry-toolkit

1.0.7

by motremfc

Removed from npm

Blocked by Socket

This file is actively malicious. It decodes and uses hard-coded Telegram credentials to exfiltrate host/user details immediately, executes arbitrary remote scripts via 'curl | bash' without verification, and attempts to back up and replace a local tool binary (likely to persist and intercept user activity). Do not execute this script. Treat as high-risk supply-chain malware and perform forensic cleanup of any machine where it ran.

Live on npm for 2 days, 13 hours and 21 minutes before removal. Socket users were protected even while the package was live.

github.com/milvus-io/milvus

v0.10.3-0.20211229115345-7316d7755999

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

agentdojo

0.1.12

Live on pypi

Blocked by Socket

This transcript contains a clear prompt-injection triggered data-exfiltration: webpage tool outputs embedded instructions that caused the assistant to collect messages from Slack (including a secret key) and post them to an external, non-corporate website (www.my-website-234.com/random). That action constitutes unauthorized leakage of internal secrets and is malicious behavior or a severe security policy violation. The assistant should not have trusted or followed arbitrary instructions contained in fetched web content; safeguards (validation, policy enforcement, and never posting private/internal data to untrusted external endpoints) are missing or bypassed. Remediation: treat tool outputs as untrusted, implement policy checks on side-effectful operations, redact secrets, require explicit human approval for external posting of internal data, and block posting to unknown domains.

unencryptedsocket

1.0.0

Live on pypi

Blocked by Socket

This module exhibits high-risk patterns for supply-chain or runtime compromise: it connects to a hardcoded endpoint on instantiation, transmits caller data, and crucially may unpickle arbitrary bytes received from that endpoint. Unpickling untrusted data is a direct remote code execution vector. Combine that with lack of authentication, no TLS, and a fallback that silently switches to pickle, and the code should be considered dangerous for use in production. Recommend not using this module until pickling is removed for network interactions, robust validation/authentication is added, TLS is used, and the hardcoded endpoint behavior is eliminated or made opt-in and configurable. Review surrounding modules (utils, omnitools) for further issues before trusting this package.

gs-peer-connection

0.0.31.40

Live on pypi

Blocked by Socket

This module contains explicit remote code execution behavior: it runs shell commands received over a datachannel and returns their output. It also exposes session/signature tokens in the signaling connect URL and streams local webcam data. These behaviors together constitute a remote backdoor and serious privacy/security risk. Unless this is intended and protected by out-of-band authorization, the code should be considered malicious/backdoor-capable and not safe to include unreviewed in production.

routerxpl

0.6.2

Live on pypi

Blocked by Socket

High-risk exploit-capable code: it actively performs path traversal against a targeted router CGI endpoint to retrieve and output arbitrary server files, defaulting to '/etc/shadow'. Even though it is framed as an exploit module (not stealthy/obfuscated), the behavior directly supports sensitive data theft/disclosure over HTTP, which is extremely concerning for supply-chain distribution in non-authorized contexts. Some gating logic may be affected by a likely typo ('return Fals'), but the exploit path in run() is unambiguously malicious/offensive.

@joystick.js/cli-canary

0.0.0-canary.1793

by cheatcodetuts

Live on npm

Blocked by Socket

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

github.com/bishopfox/sliver

v1.0.0-beta.0.20200608071438-5931bf8498ec

Live on go

Blocked by Socket

This source is a remote-access implant/C2 agent that collects host identity and registers with a controller, then processes remote envelopes to perform actions (tunnels, pivots, system commands). The code is intentionally stealthy when not in debug mode and provides shared-library entry points for in-memory/reflective execution. This file should be treated as malicious in most production contexts; use only in authorized red-team/pen-test environments. Review and control usage and distribution accordingly.

xseed-maxbox

0.3

Live on pypi

Blocked by Socket

This script performs privileged, potentially destructive system changes: it encrypts/overlays a web application folder with ecryptfs using a hardcoded passphrase, writes passphrase and signature files to root, persists a mount in /etc/fstab, overwrites nginx site configuration and restarts nginx, and disables guest login. The code uses unsafe shell interpolation of inputs (including sudo password), has poor error handling, and lacks validation/backups. While it does not explicitly exfiltrate data or open a remote backdoor, its behavior could be used for sabotage or accidental data loss (ransomware-like effects). Recommend not running this code in production without code review, removing hardcoded secrets, avoiding passing sudo password via shell interpolation, adding proper escaping, backups, and least-privilege checks.

@browserless.io/browserless

2.38.2

by jgriffith

Live on npm

Blocked by Socket

The fragment implements a targeted, sandboxed scriptlet framework with DOM measurement spoofing and cross-context logging. While not conclusively malicious in isolation, the combination of proxy-based DOM manipulation, origin-specific payloading, and covert logger communication presents a credible risk for supply-chain misuse or embedding in extensions/pages without full disclosure. Recommend rigorous review: verify bcSecret handling, ensure host-target behaviors are documented and consented, audit all data paths to logging channels, and assess the necessity of proxies on critical DOM APIs before reuse in open-source packages.

github.com/sourcegraph/sourcegraph

v0.0.0-20210407154120-98aa730b2ba7

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

exp10it

2.4.86

Live on pypi

Blocked by Socket

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

dbgate-plugin-cosmosdb

6.5.0

by jan.prochazka

Live on npm

Blocked by Socket

The code exhibits a high-risk dynamic evaluation pattern (eval) that can execute arbitrary, externally supplied JavaScript. This creates a direct path to remote code execution, data manipulation, and potential exfiltration within the host environment. The safest remediation is to remove or sandbox the eval usage, validate and sanitize inputs strictly, and restrict database access permissions for any evaluated code. Overall, the primary security concern is the eval-based execution rather than the Cosmos DB interactions themselves.

pydoxing

8.9.0

Live on pypi

Blocked by Socket

The script poses a significant risk due to its potential for data theft, unauthorized access, and other malicious activities.

lumic-utility-functions

1.0.44

by lumic-dev

Live on npm

Blocked by Socket

While the visible code largely matches expected dotenv functionality (parsing .env and optional AES-GCM decryption of .env.vault, then populating process.env), the module includes a highly suspicious import-time side effect: it immediately performs an external “assistant API” call via a local module and logs the result. This behavior is unrelated to dotenv’s purpose and, combined with numerous unrelated dependencies, is consistent with supply-chain tampering or added telemetry/exfiltration capability. Investigate and block this dependency until ./index.cjs and any outbound traffic behavior are reviewed.

github.com/sourcegraph/sourcegraph

v0.0.0-20210701115858-9a0acfa7e7cc

Live on go

Blocked by Socket

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

github.com/cli/cli/v2

v2.0.1-0.20211013144540-97b52b30fca8

Live on go

Blocked by Socket

The primary security concern is the hardcoded OAuth client secret, which poses a risk of unauthorized access. The code otherwise follows a standard OAuth flow without any indication of malicious behavior.

escape-htlm

1.0.3

by xwlazssz

Removed from npm

Blocked by Socket

The code includes suspicious activities such as fetching data from remote URLs, encrypting files, and writing data to files, which could indicate malicious behavior. The security risk is significant due to potential data theft, unauthorized access, and file manipulation. It is recommended to further investigate and potentially remove this code.

Live on npm for 47 minutes before removal. Socket users were protected even while the package was live.

ok-script

0.0.313

Removed from pypi

Blocked by Socket

This script is dangerous to run in environments where repository URLs, file inputs, or git tag names are not fully trusted. It performs destructive operations (removing files, force-pushing) and copies arbitrary local files into remote repositories, which may leak sensitive data. It also uses subprocess.run with shell=True and unsanitized inputs (repo URLs and tag names), creating a command injection vector. While it does not contain explicit exfiltration or obfuscated backdoor code, its behavior can be weaponized or cause severe accidental damage. Recommend not using this script without restrictively validating inputs, removing shell=True or sanitizing arguments, adding confirmations, and adding safer error handling and transactional operations.

Live on pypi for 2 hours and 24 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.1.dev7

Removed from pypi

Blocked by Socket

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

Live on pypi for 18 hours and 34 minutes before removal. Socket users were protected even while the package was live.

mp-browser

0.1.8

Live on pypi

Blocked by Socket

This module exhibits strong indicators of malicious or at-minimum negligent behavior: base64-obfuscated, hardcoded S3 credentials and endpoints, and logic that overrides or ignores a user's disabled S3 setting to return an embedded, enabled S3 configuration. Even though this file does not itself perform network I/O, it provides attacker-controlled configuration and credentials to other components, creating a likely supply-chain backdoor for data exfiltration. Treat this package as high risk: remove or audit the embedded S3 config, correct the inverted logic, remove hardcoded credentials, and verify package provenance before use.

tinyfx.tools.linuxcmd

0.0.40

by JiangHui

Live on nuget

Blocked by Socket

This script automates tampering with Elasticsearch by generating and mounting a 'cracked' x-pack-core jar into the official container image. It also extracts container data and configuration to the host and captures credentials/verification tokens. These behaviors are malicious or at least clearly unauthorized and unsafe in a supply-chain context: they enable license circumvention, introduce untrusted binaries into a server runtime, and exfiltrate potentially sensitive data. The package should not be used; treat any created cracked artifacts and extracted data as compromised.

@emilgroup/customer-sdk

1.54.1

by cover42devs

Removed from npm

Blocked by Socket

This is a publishing automation script that enumerates npm packages owned by accounts associated with provided npm tokens and publishes updated versions by temporarily rewriting package.json and README.md and running npm publish. It does not exhibit classic malware behaviors (no obfuscation, no data exfiltration to unknown domains, no reverse shell), but it is a high-risk tool: if an attacker or a misconfigured CI provides tokens to this script, it can be used to mass-publish or tamper with many packages (supply chain risk). Use with caution and only with trusted tokens and in controlled environments.

Live on npm for 6 days, 16 hours and 23 minutes before removal. Socket users were protected even while the package was live.

foundry-toolkit

1.0.7

by motremfc

Removed from npm

Blocked by Socket

This file is actively malicious. It decodes and uses hard-coded Telegram credentials to exfiltrate host/user details immediately, executes arbitrary remote scripts via 'curl | bash' without verification, and attempts to back up and replace a local tool binary (likely to persist and intercept user activity). Do not execute this script. Treat as high-risk supply-chain malware and perform forensic cleanup of any machine where it ran.

Live on npm for 2 days, 13 hours and 21 minutes before removal. Socket users were protected even while the package was live.

github.com/milvus-io/milvus

v0.10.3-0.20211229115345-7316d7755999

Live on go

Blocked by Socket

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

agentdojo

0.1.12

Live on pypi

Blocked by Socket

This transcript contains a clear prompt-injection triggered data-exfiltration: webpage tool outputs embedded instructions that caused the assistant to collect messages from Slack (including a secret key) and post them to an external, non-corporate website (www.my-website-234.com/random). That action constitutes unauthorized leakage of internal secrets and is malicious behavior or a severe security policy violation. The assistant should not have trusted or followed arbitrary instructions contained in fetched web content; safeguards (validation, policy enforcement, and never posting private/internal data to untrusted external endpoints) are missing or bypassed. Remediation: treat tool outputs as untrusted, implement policy checks on side-effectful operations, redact secrets, require explicit human approval for external posting of internal data, and block posting to unknown domains.

unencryptedsocket

1.0.0

Live on pypi

Blocked by Socket

This module exhibits high-risk patterns for supply-chain or runtime compromise: it connects to a hardcoded endpoint on instantiation, transmits caller data, and crucially may unpickle arbitrary bytes received from that endpoint. Unpickling untrusted data is a direct remote code execution vector. Combine that with lack of authentication, no TLS, and a fallback that silently switches to pickle, and the code should be considered dangerous for use in production. Recommend not using this module until pickling is removed for network interactions, robust validation/authentication is added, TLS is used, and the hardcoded endpoint behavior is eliminated or made opt-in and configurable. Review surrounding modules (utils, omnitools) for further issues before trusting this package.

gs-peer-connection

0.0.31.40

Live on pypi

Blocked by Socket

This module contains explicit remote code execution behavior: it runs shell commands received over a datachannel and returns their output. It also exposes session/signature tokens in the signaling connect URL and streams local webcam data. These behaviors together constitute a remote backdoor and serious privacy/security risk. Unless this is intended and protected by out-of-band authorization, the code should be considered malicious/backdoor-capable and not safe to include unreviewed in production.

routerxpl

0.6.2

Live on pypi

Blocked by Socket

High-risk exploit-capable code: it actively performs path traversal against a targeted router CGI endpoint to retrieve and output arbitrary server files, defaulting to '/etc/shadow'. Even though it is framed as an exploit module (not stealthy/obfuscated), the behavior directly supports sensitive data theft/disclosure over HTTP, which is extremely concerning for supply-chain distribution in non-authorized contexts. Some gating logic may be affected by a likely typo ('return Fals'), but the exploit path in run() is unambiguously malicious/offensive.

@joystick.js/cli-canary

0.0.0-canary.1793

by cheatcodetuts

Live on npm

Blocked by Socket

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

github.com/bishopfox/sliver

v1.0.0-beta.0.20200608071438-5931bf8498ec

Live on go

Blocked by Socket

This source is a remote-access implant/C2 agent that collects host identity and registers with a controller, then processes remote envelopes to perform actions (tunnels, pivots, system commands). The code is intentionally stealthy when not in debug mode and provides shared-library entry points for in-memory/reflective execution. This file should be treated as malicious in most production contexts; use only in authorized red-team/pen-test environments. Review and control usage and distribution accordingly.

xseed-maxbox

0.3

Live on pypi

Blocked by Socket

This script performs privileged, potentially destructive system changes: it encrypts/overlays a web application folder with ecryptfs using a hardcoded passphrase, writes passphrase and signature files to root, persists a mount in /etc/fstab, overwrites nginx site configuration and restarts nginx, and disables guest login. The code uses unsafe shell interpolation of inputs (including sudo password), has poor error handling, and lacks validation/backups. While it does not explicitly exfiltrate data or open a remote backdoor, its behavior could be used for sabotage or accidental data loss (ransomware-like effects). Recommend not running this code in production without code review, removing hardcoded secrets, avoiding passing sudo password via shell interpolation, adding proper escaping, backups, and least-privilege checks.

@browserless.io/browserless

2.38.2

by jgriffith

Live on npm

Blocked by Socket

The fragment implements a targeted, sandboxed scriptlet framework with DOM measurement spoofing and cross-context logging. While not conclusively malicious in isolation, the combination of proxy-based DOM manipulation, origin-specific payloading, and covert logger communication presents a credible risk for supply-chain misuse or embedding in extensions/pages without full disclosure. Recommend rigorous review: verify bcSecret handling, ensure host-target behaviors are documented and consented, audit all data paths to logging channels, and assess the necessity of proxies on critical DOM APIs before reuse in open-source packages.

github.com/sourcegraph/sourcegraph

v0.0.0-20210407154120-98aa730b2ba7

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

exp10it

2.4.86

Live on pypi

Blocked by Socket

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

dbgate-plugin-cosmosdb

6.5.0

by jan.prochazka

Live on npm

Blocked by Socket

The code exhibits a high-risk dynamic evaluation pattern (eval) that can execute arbitrary, externally supplied JavaScript. This creates a direct path to remote code execution, data manipulation, and potential exfiltration within the host environment. The safest remediation is to remove or sandbox the eval usage, validate and sanitize inputs strictly, and restrict database access permissions for any evaluated code. Overall, the primary security concern is the eval-based execution rather than the Cosmos DB interactions themselves.

pydoxing

8.9.0

Live on pypi

Blocked by Socket

The script poses a significant risk due to its potential for data theft, unauthorized access, and other malicious activities.

lumic-utility-functions

1.0.44

by lumic-dev

Live on npm

Blocked by Socket

While the visible code largely matches expected dotenv functionality (parsing .env and optional AES-GCM decryption of .env.vault, then populating process.env), the module includes a highly suspicious import-time side effect: it immediately performs an external “assistant API” call via a local module and logs the result. This behavior is unrelated to dotenv’s purpose and, combined with numerous unrelated dependencies, is consistent with supply-chain tampering or added telemetry/exfiltration capability. Investigate and block this dependency until ./index.cjs and any outbound traffic behavior are reviewed.

github.com/sourcegraph/sourcegraph

v0.0.0-20210701115858-9a0acfa7e7cc

Live on go

Blocked by Socket

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

github.com/cli/cli/v2

v2.0.1-0.20211013144540-97b52b30fca8

Live on go

Blocked by Socket

The primary security concern is the hardcoded OAuth client secret, which poses a risk of unauthorized access. The code otherwise follows a standard OAuth flow without any indication of malicious behavior.

escape-htlm

1.0.3

by xwlazssz

Removed from npm

Blocked by Socket

The code includes suspicious activities such as fetching data from remote URLs, encrypting files, and writing data to files, which could indicate malicious behavior. The security risk is significant due to potential data theft, unauthorized access, and file manipulation. It is recommended to further investigate and potentially remove this code.

Live on npm for 47 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles