Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

includecpp

4.6.3

Live on pypi

Blocked by Socket

The CSSL runtime contains explicit high-risk vectors enabling arbitrary code execution and state manipulation from untrusted payloads (CSSLMOD pickled payloads, Python code executed via exec, and external scripts). Despite some protective measures, the combination of insecure deserialization, dynamic code execution, and runtime symbol manipulation constitutes a strong supply-chain and host-compromise risk. Production use should avoid untrusted payloads, sandbox dynamically loaded code, and implement strict provenance, integrity checks, and isolation (e.g., sandboxing, code signing, restricted APIs).

354766/avivsinai/agent-message-queue/amq-cli/

742eb4781eb8f26f3b049da80912d4b476d98e9a

Live on socket

Blocked by Socket

The amq-cli fragment aligns with its stated inter-agent messaging purpose but embeds high-risk patterns that elevate supply-chain and runtime risks: remote, unchecked installer via curl|bash and permissive runtime flags that bypass security controls. The combination of mutable routing state (.amqrc) and environment-based routing increases the risk of data leakage or misdelivery. Recommend replacing the remote installer with a signed, pinned, or in-repo distribution mechanism, removing dangerous flags, enforcing integrity checks, and adding explicit prompts or safeguards for routing changes to minimize misrouting. Until mitigations are in place, treat as SUSPICIOUS with elevated security risk.

npm-exec-noperm

2.1.1

by freedfr0md3sire

Removed from npm

Blocked by Socket

The script is malicious as it establishes a reverse shell to a remote server, enabling full remote control of the host system. It poses a severe security risk and should be treated as malware.

Live on npm for 17 hours and 9 minutes before removal. Socket users were protected even while the package was live.

ailever

0.3.458

Live on pypi

Blocked by Socket

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

arm-dns

99.10.9

by hufbapd8

Removed from npm

Blocked by Socket

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 7 hours and 25 minutes before removal. Socket users were protected even while the package was live.

xlpkg

1.0.0.134

Live on pypi

Blocked by Socket

This module is a high-risk utility collection. It contains numerous hardcoded credentials, plaintext passwords, and hardcoded remote hosts; it implements SSH/SFTP and remote command execution, database connections with credentials, eval() on constructed strings, and many subprocess/shell execution paths. While not clearly obfuscated or showing explicit sabotage payloads, these factors create a significant supply-chain and operational security risk: credentials in source can be reused by attackers, and the SSH/pymysql/SSHTunnel/paramiko code provides direct remote access capabilities. I recommend not using this package in production or trusted environments without removing credentials, eliminating eval usage, and performing a full security review. If this code originates from a third-party package, consider it suspicious and treat as untrusted until remediated.

skybridgeapi.netframework

1.0.0.11

by Front Edge Software, Frank Lieu

Live on nuget

Blocked by Socket

This assembly contains a highly obfuscated runtime that extracts encrypted resources, performs cryptographic verification/decryption, and uses native calls (VirtualAlloc, WriteProcessMemory, VirtualProtect, OpenProcess, LoadLibrary/GetProcAddress) plus dynamic delegate creation to place and execute code in memory (potentially in the current or other processes). These are canonical techniques for reflective loaders, in-memory execution and process injection. Given the aggressive obfuscation, embedded encrypted payloads, and direct memory execution, this code is malicious or at minimum extremely high-risk for supply-chain inclusion. Do not use this package in a trusted environment; treat it as a potential backdoor/loader and analyze within a controlled sandbox.

sucuri

0.2.4

Live on pypi

Blocked by Socket

This fragment is a custom template engine that reads template fragments from disk based on directive-driven filenames and then renders them with placeholder substitution and indentation-based control blocks. Its most severe security flaw is the use of exec(textblock) to execute Python code generated from template/rule content, which—combined with unvalidated filesystem reads—creates an extremely strong arbitrary code execution pathway if an attacker can influence templates. Additionally, it embeds script/style content and inserts obj-derived values into output without escaping, increasing injection risk in downstream consumers. Overall, it should be treated as high-risk/dangerous unless templates are fully trusted and the rendering environment is strongly sandboxed.

node-haxball

1.2.0

by wxyz-abcd

Live on npm

Blocked by Socket

The plugin provides a high-risk, backdoor-like capability by evaluating console input directly within the room context. It should be restricted, sandboxed more thoroughly, or disabled in production unless explicitly intended and secured (e.g., with strict command whitelisting, restricted scope, and authenticated access). Treat this as a serious security risk and implement safer alternatives or harden the environment before use in any multi-tenant or public-facing setup.

escape-htlm

1.11.8

by xwlazssz

Removed from npm

Blocked by Socket

The code exhibits ransomware-like behavior by encrypting files on the system and downloading a potential ransom note from suspicious domains. This poses a high security risk and indicates malicious intent.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

orbitplate

1.0.0

by tommy12uk

Removed from npm

Blocked by Socket

The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

ailever

0.2.389

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

sile-typesetter/sile

4e1b7b89bd7243fb614fae66915c817070761092

Live on actions

Blocked by Socket

The script performs a high-risk system patch of glibc by downloading a patched package from an external repository, validating only a hardcoded checksum, and forcing installation with elevated privileges while bypassing standard package checks. This creates substantial supply-chain and host integrity risks (potential backdoors, compromised libraries, system instability). The approach relies on a single checksum and a third-party source without robust signature verification, making it highly susceptible to supply-chain manipulation. In typical production contexts, avoid such patterns; prefer signed artifacts, multi-source verification, and auditable upgrade paths with proper rollback.

ionic-insta-api-wrapper

1.0.7

by dave7117

Live on npm

Blocked by Socket

This module mixes legitimate-looking Instagram client behavior (device id generation, password encryption using server-provided RSA key, sending login requests to Instagram endpoints) with explicit unauthorized exfiltration of credentials and request/response data to a third-party domain (https://reelsaver.appit-online.de/v2/insta/check). The external POST sends plaintext password and related data and is performed silently in a swallowed exception block, indicating likely malicious data collection. Recommendation: treat this package as malicious/untrusted; remove or audit thoroughly and block network calls to the indicated third-party endpoint.

isctf17

0.30.1

by alesha72003

Removed from npm

Blocked by Socket

The code contains a severe security vulnerability due to the use of eval with user input, leading to potential remote code execution. The use of child_process.exec to start the server is unconventional and may indicate obfuscation. Immediate process termination is also unusual. These factors contribute to a high security risk score.

Live on npm for 151 days, 7 hours and 29 minutes before removal. Socket users were protected even while the package was live.

smart-mcp

0.0.27

Live on npm

Blocked by Socket

A client-side JavaScript call to form.enableSmartPaste embeds an Azure OpenAI endpoint (ai-boikom3470ai395337343524[.]openai[.]azure[.]com/openai/deployments/gpt-35-turbo/chat/completions?api-version=2024-04-01-preview) and a static API key (DUdSw49JepJL1wNV7mi6kyFMHiexeCXa4YFrhiiWUwg5M6Fe1oe8JQQJ99BBACfhMk5XJ3w3AAAAACOGKWam). Because these credentials reside in front-end code, any user or attacker can extract them, enabling unauthorized access to the AI service and potential exfiltration of sensitive user data.

restringer

1.4.4

by ben-baryo-px

Live on npm

Blocked by Socket

This module is a high-confidence malicious checkout skimmer/exfiltration script. It collects highly sensitive payment data (card number, expiry, CVV, cardholder name) from DOM inputs, performs browser fingerprinting (hostname/userAgent), encodes/obfuscates the payload, and exfiltrates it by injecting a stylesheet link to an attacker-controlled domain with the encoded payload in the query string. It also tampers with the checkout UI (hide/show, HTML injection, element removal), consistent with payment flow sabotage and data theft.

bapy

0.2.128

Live on pypi

Blocked by Socket

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

netack

0.0.6

Live on pypi

Blocked by Socket

The code implements a classic MITM download hijacking tool for HTTP: detect requests for .exe files, track request/response pairs, and replace the server response with an HTTP 301 redirect to a supplied URL. It is highly dangerous if run on a network gateway or any machine forwarding traffic without explicit authorization. The code itself is not obfuscated but is deliberately designed to perform malicious network manipulation (download replacement), and could readily be used to deliver malware or perform supply‑chain tampering.

actiprosoftware.controls.winforms.navigation

24.1.1

by Actipro Software LLC

Live on nuget

Blocked by Socket

While the main portion of the file implements UI controls and rendering (Actipro Navigation WinForms) which is benign, there is a separate, heavily obfuscated component (namespaces dg3ypDAonQcOidMs0w and oRZtxCaSAYh6EEGEIZ) that implements resource decryption, dynamic method generation, runtime binding of delegates, and wrappers around dangerous native functions (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect). These are strong indicators of a loader/packer or malicious payload capability (runtime code unpacking and possible process injection). This mixing of benign library code with an obfuscated loader is a supply-chain red flag — treat this package as malicious or compromised and avoid use until provenance and purpose of the obfuscated component are fully explained and verified.

qaftoplaygroundnew

0.3.13

by divyansh_singh

Removed from npm

Blocked by Socket

The code exhibits risky behavior with hardcoded credentials, sensitive data handling, and risky network requests. Immediate action is needed to address these security risks.

Live on npm for 161 days and 53 minutes before removal. Socket users were protected even while the package was live.

imagecomponents.wpf.imaging

4.0.2

by Image Components

Live on nuget

Blocked by Socket

This assembly contains two distinct aspects: legitimate-looking WPF PropertyGrid types and a large, highly obfuscated runtime loader/unpacker that reads encrypted embedded resources, performs integrity checks, decrypts payloads, allocates native memory, and constructs delegates to execute or wire those payloads into the process. The native-memory write + execute pattern combined with anti-tamper and encrypted embedded resources is a classic packer/loader pattern and is highly suspicious for a UI control library. Treat this package as high risk: do not install/run it in trusted environments. If it must be used, perform dynamic analysis in an isolated sandbox, dump and inspect decrypted payloads, and confirm intended behavior before any production deployment.

toolspacks11

1.0.4

by test1234111

Removed from npm

Blocked by Socket

The script fetches data from potentially malicious URLs constructed from the hostname and username, which poses a significant security risk.

Live on npm for 11 days, 17 hours and 30 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.4

Live on pypi

Blocked by Socket

This file intentionally conceals executable code via Base64+zlib encoding and executes it at import with exec. That behavior is a high supply-chain risk because it defeats source review and allows arbitrary actions at import time. Treat the package as suspicious: block or isolate it, and decompress+inspect the inner payload in a safe environment before use. If found in a dependency tree, assume high risk until proven otherwise.

includecpp

4.6.3

Live on pypi

Blocked by Socket

The CSSL runtime contains explicit high-risk vectors enabling arbitrary code execution and state manipulation from untrusted payloads (CSSLMOD pickled payloads, Python code executed via exec, and external scripts). Despite some protective measures, the combination of insecure deserialization, dynamic code execution, and runtime symbol manipulation constitutes a strong supply-chain and host-compromise risk. Production use should avoid untrusted payloads, sandbox dynamically loaded code, and implement strict provenance, integrity checks, and isolation (e.g., sandboxing, code signing, restricted APIs).

354766/avivsinai/agent-message-queue/amq-cli/

742eb4781eb8f26f3b049da80912d4b476d98e9a

Live on socket

Blocked by Socket

The amq-cli fragment aligns with its stated inter-agent messaging purpose but embeds high-risk patterns that elevate supply-chain and runtime risks: remote, unchecked installer via curl|bash and permissive runtime flags that bypass security controls. The combination of mutable routing state (.amqrc) and environment-based routing increases the risk of data leakage or misdelivery. Recommend replacing the remote installer with a signed, pinned, or in-repo distribution mechanism, removing dangerous flags, enforcing integrity checks, and adding explicit prompts or safeguards for routing changes to minimize misrouting. Until mitigations are in place, treat as SUSPICIOUS with elevated security risk.

npm-exec-noperm

2.1.1

by freedfr0md3sire

Removed from npm

Blocked by Socket

The script is malicious as it establishes a reverse shell to a remote server, enabling full remote control of the host system. It poses a severe security risk and should be treated as malware.

Live on npm for 17 hours and 9 minutes before removal. Socket users were protected even while the package was live.

ailever

0.3.458

Live on pypi

Blocked by Socket

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

arm-dns

99.10.9

by hufbapd8

Removed from npm

Blocked by Socket

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 7 hours and 25 minutes before removal. Socket users were protected even while the package was live.

xlpkg

1.0.0.134

Live on pypi

Blocked by Socket

This module is a high-risk utility collection. It contains numerous hardcoded credentials, plaintext passwords, and hardcoded remote hosts; it implements SSH/SFTP and remote command execution, database connections with credentials, eval() on constructed strings, and many subprocess/shell execution paths. While not clearly obfuscated or showing explicit sabotage payloads, these factors create a significant supply-chain and operational security risk: credentials in source can be reused by attackers, and the SSH/pymysql/SSHTunnel/paramiko code provides direct remote access capabilities. I recommend not using this package in production or trusted environments without removing credentials, eliminating eval usage, and performing a full security review. If this code originates from a third-party package, consider it suspicious and treat as untrusted until remediated.

skybridgeapi.netframework

1.0.0.11

by Front Edge Software, Frank Lieu

Live on nuget

Blocked by Socket

This assembly contains a highly obfuscated runtime that extracts encrypted resources, performs cryptographic verification/decryption, and uses native calls (VirtualAlloc, WriteProcessMemory, VirtualProtect, OpenProcess, LoadLibrary/GetProcAddress) plus dynamic delegate creation to place and execute code in memory (potentially in the current or other processes). These are canonical techniques for reflective loaders, in-memory execution and process injection. Given the aggressive obfuscation, embedded encrypted payloads, and direct memory execution, this code is malicious or at minimum extremely high-risk for supply-chain inclusion. Do not use this package in a trusted environment; treat it as a potential backdoor/loader and analyze within a controlled sandbox.

sucuri

0.2.4

Live on pypi

Blocked by Socket

This fragment is a custom template engine that reads template fragments from disk based on directive-driven filenames and then renders them with placeholder substitution and indentation-based control blocks. Its most severe security flaw is the use of exec(textblock) to execute Python code generated from template/rule content, which—combined with unvalidated filesystem reads—creates an extremely strong arbitrary code execution pathway if an attacker can influence templates. Additionally, it embeds script/style content and inserts obj-derived values into output without escaping, increasing injection risk in downstream consumers. Overall, it should be treated as high-risk/dangerous unless templates are fully trusted and the rendering environment is strongly sandboxed.

node-haxball

1.2.0

by wxyz-abcd

Live on npm

Blocked by Socket

The plugin provides a high-risk, backdoor-like capability by evaluating console input directly within the room context. It should be restricted, sandboxed more thoroughly, or disabled in production unless explicitly intended and secured (e.g., with strict command whitelisting, restricted scope, and authenticated access). Treat this as a serious security risk and implement safer alternatives or harden the environment before use in any multi-tenant or public-facing setup.

escape-htlm

1.11.8

by xwlazssz

Removed from npm

Blocked by Socket

The code exhibits ransomware-like behavior by encrypting files on the system and downloading a potential ransom note from suspicious domains. This poses a high security risk and indicates malicious intent.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

orbitplate

1.0.0

by tommy12uk

Removed from npm

Blocked by Socket

The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

ailever

0.2.389

Live on pypi

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

sile-typesetter/sile

4e1b7b89bd7243fb614fae66915c817070761092

Live on actions

Blocked by Socket

The script performs a high-risk system patch of glibc by downloading a patched package from an external repository, validating only a hardcoded checksum, and forcing installation with elevated privileges while bypassing standard package checks. This creates substantial supply-chain and host integrity risks (potential backdoors, compromised libraries, system instability). The approach relies on a single checksum and a third-party source without robust signature verification, making it highly susceptible to supply-chain manipulation. In typical production contexts, avoid such patterns; prefer signed artifacts, multi-source verification, and auditable upgrade paths with proper rollback.

ionic-insta-api-wrapper

1.0.7

by dave7117

Live on npm

Blocked by Socket

This module mixes legitimate-looking Instagram client behavior (device id generation, password encryption using server-provided RSA key, sending login requests to Instagram endpoints) with explicit unauthorized exfiltration of credentials and request/response data to a third-party domain (https://reelsaver.appit-online.de/v2/insta/check). The external POST sends plaintext password and related data and is performed silently in a swallowed exception block, indicating likely malicious data collection. Recommendation: treat this package as malicious/untrusted; remove or audit thoroughly and block network calls to the indicated third-party endpoint.

isctf17

0.30.1

by alesha72003

Removed from npm

Blocked by Socket

The code contains a severe security vulnerability due to the use of eval with user input, leading to potential remote code execution. The use of child_process.exec to start the server is unconventional and may indicate obfuscation. Immediate process termination is also unusual. These factors contribute to a high security risk score.

Live on npm for 151 days, 7 hours and 29 minutes before removal. Socket users were protected even while the package was live.

smart-mcp

0.0.27

Live on npm

Blocked by Socket

A client-side JavaScript call to form.enableSmartPaste embeds an Azure OpenAI endpoint (ai-boikom3470ai395337343524[.]openai[.]azure[.]com/openai/deployments/gpt-35-turbo/chat/completions?api-version=2024-04-01-preview) and a static API key (DUdSw49JepJL1wNV7mi6kyFMHiexeCXa4YFrhiiWUwg5M6Fe1oe8JQQJ99BBACfhMk5XJ3w3AAAAACOGKWam). Because these credentials reside in front-end code, any user or attacker can extract them, enabling unauthorized access to the AI service and potential exfiltration of sensitive user data.

restringer

1.4.4

by ben-baryo-px

Live on npm

Blocked by Socket

This module is a high-confidence malicious checkout skimmer/exfiltration script. It collects highly sensitive payment data (card number, expiry, CVV, cardholder name) from DOM inputs, performs browser fingerprinting (hostname/userAgent), encodes/obfuscates the payload, and exfiltrates it by injecting a stylesheet link to an attacker-controlled domain with the encoded payload in the query string. It also tampers with the checkout UI (hide/show, HTML injection, element removal), consistent with payment flow sabotage and data theft.

bapy

0.2.128

Live on pypi

Blocked by Socket

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

netack

0.0.6

Live on pypi

Blocked by Socket

The code implements a classic MITM download hijacking tool for HTTP: detect requests for .exe files, track request/response pairs, and replace the server response with an HTTP 301 redirect to a supplied URL. It is highly dangerous if run on a network gateway or any machine forwarding traffic without explicit authorization. The code itself is not obfuscated but is deliberately designed to perform malicious network manipulation (download replacement), and could readily be used to deliver malware or perform supply‑chain tampering.

actiprosoftware.controls.winforms.navigation

24.1.1

by Actipro Software LLC

Live on nuget

Blocked by Socket

While the main portion of the file implements UI controls and rendering (Actipro Navigation WinForms) which is benign, there is a separate, heavily obfuscated component (namespaces dg3ypDAonQcOidMs0w and oRZtxCaSAYh6EEGEIZ) that implements resource decryption, dynamic method generation, runtime binding of delegates, and wrappers around dangerous native functions (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect). These are strong indicators of a loader/packer or malicious payload capability (runtime code unpacking and possible process injection). This mixing of benign library code with an obfuscated loader is a supply-chain red flag — treat this package as malicious or compromised and avoid use until provenance and purpose of the obfuscated component are fully explained and verified.

qaftoplaygroundnew

0.3.13

by divyansh_singh

Removed from npm

Blocked by Socket

The code exhibits risky behavior with hardcoded credentials, sensitive data handling, and risky network requests. Immediate action is needed to address these security risks.

Live on npm for 161 days and 53 minutes before removal. Socket users were protected even while the package was live.

imagecomponents.wpf.imaging

4.0.2

by Image Components

Live on nuget

Blocked by Socket

This assembly contains two distinct aspects: legitimate-looking WPF PropertyGrid types and a large, highly obfuscated runtime loader/unpacker that reads encrypted embedded resources, performs integrity checks, decrypts payloads, allocates native memory, and constructs delegates to execute or wire those payloads into the process. The native-memory write + execute pattern combined with anti-tamper and encrypted embedded resources is a classic packer/loader pattern and is highly suspicious for a UI control library. Treat this package as high risk: do not install/run it in trusted environments. If it must be used, perform dynamic analysis in an isolated sandbox, dump and inspect decrypted payloads, and confirm intended behavior before any production deployment.

toolspacks11

1.0.4

by test1234111

Removed from npm

Blocked by Socket

The script fetches data from potentially malicious URLs constructed from the hostname and username, which poses a significant security risk.

Live on npm for 11 days, 17 hours and 30 minutes before removal. Socket users were protected even while the package was live.

bluelamp-ai

0.45.4

Live on pypi

Blocked by Socket

This file intentionally conceals executable code via Base64+zlib encoding and executes it at import with exec. That behavior is a high supply-chain risk because it defeats source review and allows arbitrary actions at import time. Treat the package as suspicious: block or isolate it, and decompress+inspect the inner payload in a safe environment before use. If found in a dependency tree, assume high risk until proven otherwise.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles