
Research
/Security News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
sdp-transform-grammar
2.10.0
by jpdhackerone06
Removed from npm
Blocked by Socket
This source code is malicious. It performs stealthy data exfiltration of sensitive system and environment information to a suspicious hardcoded IP address. The evasion techniques and randomized network behavior indicate intentional concealment. This represents a serious security and privacy risk and should be flagged as high severity malware.
Live on npm for 7 hours and 43 minutes before removal. Socket users were protected even while the package was live.
tinyfx.tools.linuxcmd
0.0.44
by JiangHui
Live on nuget
Blocked by Socket
This script is intentionally crafted to bypass Elasticsearch x-pack license verification and produce a redistributed 'crack' jar. It constitutes supply-chain tampering and is malicious in intent. While it does not itself contain data exfiltration or backdoor network code, the produced artifact disables license enforcement and could be used to deploy unauthorized software; moreover, the script's uncontrolled fetching of remote source without integrity checks creates a broader risk for arbitrary code injection. Do not run or distribute this script; treat any artifacts produced by it as compromised.
richie
2.28.2.dev17
Removed from pypi
Blocked by Socket
This code is a standard transpiled React frontend bundle for a purchase/sale tunnel with expected API interactions, lazy-loaded payment providers, analytics events and download handling. I found no indicators of supply-chain malware, backdoors, or network exfiltration to suspicious domains. The primary security concern is the use of dangerouslySetInnerHTML for product.instructions — if that HTML is not sanitized by the server (or sanitized before being passed to the component) it introduces an XSS vulnerability. Other than that, the code performs normal application flows (order creation, payment submission, polling, downloads). Recommend reviewing server-side sanitization for product.instructions and confirming rate limits for polling and authorization checks on API endpoints.
Live on pypi for 17 minutes before removal. Socket users were protected even while the package was live.
visitor-ui-component-library
1.9.0
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.
vmactions/openbsd-vm
18d7ab5c6e968c89fce47424ba114e1c60f37140
Live on actions
Blocked by Socket
This script contains high-risk supply-chain behaviors. It downloads and executes remote artifacts without integrity verification, sources remote config, and writes a downloaded private key into the user's SSH directory, enabling possible persistent unauthorized access. It also modifies host SSH configuration (setting StrictModes no) and reloads the daemon, weakening host security. The script can move CI workspace data into the VM and run arbitrary hooks both locally and on the VM. These are typical patterns that could be abused to install backdoors or exfiltrate data if the remote URLs or repository hooks are malicious. Recommend treating this code as dangerous unless all remote sources and hooks are strictly controlled, and add strong integrity checks, avoid writing keys from untrusted downloads, and do not modify system SSH settings automatically.
api-demo-sample-lib1
1.0.0
by cyberexploit
Removed from npm
Blocked by Socket
This file exfiltrates sensitive system and user data (e.g., home directory, hostname, username, DNS servers) to a remote domain at j7roiirbycqq2h1feopg7nz67xdo1ep3[.]oastify[.]com via HTTPS POST requests without user knowledge or consent, indicating malicious intent and a significant security risk.
Live on npm for 34 days, 10 hours and 24 minutes before removal. Socket users were protected even while the package was live.
sbcli-pr244
0.0.1
Live on pypi
Blocked by Socket
The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.
jingyun-cli
0.3.1
Live on pypi
Blocked by Socket
This module intentionally fetches SSH key material from a remote storage endpoint and installs it into the user's SSH configuration, overwriting private keys and appending a public key to authorized_keys. This effectively enables whoever controls the key material or the endpoint (or an active network MITM) to gain SSH access to the host. No integrity, authenticity, or secure transport is enforced. Treat this code as a backdoor/credential injection vector — do not run it on trusted or production systems. Replace with safe, auditable mechanisms (generate keys locally, use signed artifacts, enforce HTTPS and verification).
service-config-provider
1.3.0
by jpdhackerone05
Removed from npm
Blocked by Socket
The preinstall hook runs index.js during installation. Without inspecting index.js, this is a potential supply-chain risk: the hook can execute arbitrary code (including network calls, credential access, file system changes, or spawning shells). The declared dependencies appear normal and from the registry, but that does not mitigate the risk from the preinstall script. You should treat this as high-risk until index.js is audited or the preinstall script is removed.
Live on npm for 6 hours and 44 minutes before removal. Socket users were protected even while the package was live.
readle-stream
1.2.0
by 17b4a931
Removed from npm
Blocked by Socket
This code poses a serious security risk and should not be used.
Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.
ccxt/ccxt
4.2.75
Live on composer
Blocked by Socket
The script is a functional CLI tool for CCXT, but it contains a critical security vulnerability due to the use of `eval()` on user-provided command-line arguments. This allows for arbitrary code execution, posing a high risk of system compromise. While it handles API credentials securely by reading from files and environment variables, the `eval()` function bypasses standard security practices. Other potential risks include the dynamic loading of exchanges and the possibility of mishandling sensitive data if reporting features are misused.
@b2bgeo/backend-api-types
13.3.8
by security_act1on3_2
Live on npm
Blocked by Socket
This script collects and transmits sensitive information about the system to a remote server, which poses a significant security risk and indicates malicious behavior.
xprz
1.0.6
by medishn
Live on npm
Blocked by Socket
The provided code defines a utility function `$read` that uses `require` on a path resolved by `_resolvePath`. While `_resolvePath` attempts to handle relative path components, the core functionality of loading modules based on a potentially untrusted `location` string presents a significant security risk, primarily through path traversal vulnerabilities that could allow an attacker to `require` arbitrary files on the system. The provided reports were uninformative, consisting only of '[object Promise]' strings, thus preventing any specific analysis of reported issues.
354766/inference-sh-7/skills/linkedin-content/
6cb576328581eafd4abf0a2fb791e35f30bcee0f
Live on socket
Blocked by Socket
[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill appears functionally benign and internally consistent: it documents LinkedIn content best practices and uses a hosted CLI (inference.sh) and hosted inference/image apps to implement the examples. No direct malicious code is present in the provided text. The primary security concerns are supply-chain and privacy: (1) the recommended install pattern (curl | sh) is risky unless users verify checksums, and (2) user content and authentication credentials will be sent to inference.sh and any configured third-party model providers (exposure depends on those providers' trustworthiness). Recommend verifying SHA-256 checksums before install, reviewing the CLI source or binary provenance, and treating any secrets/credentials cautiously (use least-privilege tokens). LLM verification: Overall, the skill's stated purpose (LinkedIn content generation via an external CLI) is technically coherent with its implementation. However, the install/execution approach (curl | sh to fetch and run remote binaries) is a high-risk pattern that undermines trust, introduces potential supply-chain risk, and broadens the security footprint beyond the simple content-generation scope. Given the dynamic execution path and reliance on an external tool, this is SUSPICIOUS to HIGHLY SUSPICIOUS for a s
github-kredz
9999.9999.9999
by Ohio Schools R1 Admin
Live on rubygems
Blocked by Socket
This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.
@augloop/types-core
9.4.0
by alexbirsan
Live on npm
Blocked by Socket
This code collects the host’s name, user home directory path and current directory, serializes them to JSON, converts the payload into hex chunks, and exfiltrates the data via DNS A-record lookups to subdomains under dns[.]alexbirsan-hacks-paypal[.]com (and repeats the transmission after switching the DNS server to dns1[.]alexbirsan-hacks-paypal[.]com and 4.4.4.4). It also contains a hardcoded check to abort on the hostname “BBOGENS-LAPTOP,” indicating targeted deployment, and uses random IDs and chunked DNS queries as a covert channel for data theft.
rfmux
0.0.0
Removed from pypi
Blocked by Socket
This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.
Live on pypi for 1 day and 55 minutes before removal. Socket users were protected even while the package was live.
cl-lite
1.0.1152
by michael_tian
Live on npm
Blocked by Socket
This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.
routerxpl
0.6.2
Live on pypi
Blocked by Socket
This module is a clearly weaponized path traversal exploit for 3Com IMC that, after a vulnerability probe, sends crafted HTTP GET requests to retrieve and then output sensitive filesystem content from the remote host. While it is not obfuscated and does not show malware-style persistence or covert exfiltration in this snippet, its direct capability for remote arbitrary file read represents a high security risk if present in a general-purpose dependency. Execution may be impacted by a `check()` typo (`return Fals`), but the offensive payload logic is unambiguous.
epicagames-admin
999.9.9
by amigomioteconsidero15
Removed from npm
Blocked by Socket
The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.
Live on npm for 2 hours and 32 minutes before removal. Socket users were protected even while the package was live.
354766/vamseeachanta/workspace-hub/github-workflow/
f0d60c3dba4ceacffe41c2e8e76d71824cab7246
Live on socket
Blocked by Socket
[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill's code and examples are coherent with its stated purpose: automating GitHub Actions workflows, targeted testing, security scanning, and adaptive deployment. The most sensitive capability is use of the repository's GITHUB_TOKEN via the gh CLI to read run logs and create issues — this is necessary for the claimed features but is a privileged operation and should be granted minimally. No evidence of hardcoded secrets, obfuscated malware, or third-party credential harvesting was found. Main concerns are operational: ensure workflow permissions are least-privilege, validate JSON merging for security-results.json, and review auto-fix steps to avoid unintended side effects. Overall the artifact appears benign but with normal CI workflow privileges that must be controlled. LLM verification: No deliberate malware or explicit exfiltration code detected in this file. The examples serve legitimate CI/CD automation purposes but include risky practices that raise supply-chain and operational security concerns: unpinned package installs, executing install-time scripts as auto-fixes, brittle JSON concatenation for scan outputs, and broad use of GH_TOKEN to modify repo state. Treat these templates as potentially hazardous if used as-is in environments that accept untrusted contributions; ha
morse-python
1.1
Live on pypi
Blocked by Socket
The code exhibits a severe security flaw: untrusted Morse input can decode to Python code and be executed remotely via subprocess -c, creating a direct RCE sink. The Morse decoding table itself is inconsistent and undermines reliable decoding, which compounds risk and could mask payloads. Overall, treat this module as unsafe for any production or distribution use without substantial refactoring: remove dynamic execution, implement strict input validation, fix Morse mappings, and sandbox code execution if ever needed.
github.com/milvus-io/milvus
v0.10.3-0.20220207144546-f6873d3dc1fb
Live on go
Blocked by Socket
This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.
sdp-transform-grammar
2.10.0
by jpdhackerone06
Removed from npm
Blocked by Socket
This source code is malicious. It performs stealthy data exfiltration of sensitive system and environment information to a suspicious hardcoded IP address. The evasion techniques and randomized network behavior indicate intentional concealment. This represents a serious security and privacy risk and should be flagged as high severity malware.
Live on npm for 7 hours and 43 minutes before removal. Socket users were protected even while the package was live.
tinyfx.tools.linuxcmd
0.0.44
by JiangHui
Live on nuget
Blocked by Socket
This script is intentionally crafted to bypass Elasticsearch x-pack license verification and produce a redistributed 'crack' jar. It constitutes supply-chain tampering and is malicious in intent. While it does not itself contain data exfiltration or backdoor network code, the produced artifact disables license enforcement and could be used to deploy unauthorized software; moreover, the script's uncontrolled fetching of remote source without integrity checks creates a broader risk for arbitrary code injection. Do not run or distribute this script; treat any artifacts produced by it as compromised.
richie
2.28.2.dev17
Removed from pypi
Blocked by Socket
This code is a standard transpiled React frontend bundle for a purchase/sale tunnel with expected API interactions, lazy-loaded payment providers, analytics events and download handling. I found no indicators of supply-chain malware, backdoors, or network exfiltration to suspicious domains. The primary security concern is the use of dangerouslySetInnerHTML for product.instructions — if that HTML is not sanitized by the server (or sanitized before being passed to the component) it introduces an XSS vulnerability. Other than that, the code performs normal application flows (order creation, payment submission, polling, downloads). Recommend reviewing server-side sanitization for product.instructions and confirming rate limits for polling and authorization checks on API endpoints.
Live on pypi for 17 minutes before removal. Socket users were protected even while the package was live.
visitor-ui-component-library
1.9.0
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.
vmactions/openbsd-vm
18d7ab5c6e968c89fce47424ba114e1c60f37140
Live on actions
Blocked by Socket
This script contains high-risk supply-chain behaviors. It downloads and executes remote artifacts without integrity verification, sources remote config, and writes a downloaded private key into the user's SSH directory, enabling possible persistent unauthorized access. It also modifies host SSH configuration (setting StrictModes no) and reloads the daemon, weakening host security. The script can move CI workspace data into the VM and run arbitrary hooks both locally and on the VM. These are typical patterns that could be abused to install backdoors or exfiltrate data if the remote URLs or repository hooks are malicious. Recommend treating this code as dangerous unless all remote sources and hooks are strictly controlled, and add strong integrity checks, avoid writing keys from untrusted downloads, and do not modify system SSH settings automatically.
api-demo-sample-lib1
1.0.0
by cyberexploit
Removed from npm
Blocked by Socket
This file exfiltrates sensitive system and user data (e.g., home directory, hostname, username, DNS servers) to a remote domain at j7roiirbycqq2h1feopg7nz67xdo1ep3[.]oastify[.]com via HTTPS POST requests without user knowledge or consent, indicating malicious intent and a significant security risk.
Live on npm for 34 days, 10 hours and 24 minutes before removal. Socket users were protected even while the package was live.
sbcli-pr244
0.0.1
Live on pypi
Blocked by Socket
The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.
jingyun-cli
0.3.1
Live on pypi
Blocked by Socket
This module intentionally fetches SSH key material from a remote storage endpoint and installs it into the user's SSH configuration, overwriting private keys and appending a public key to authorized_keys. This effectively enables whoever controls the key material or the endpoint (or an active network MITM) to gain SSH access to the host. No integrity, authenticity, or secure transport is enforced. Treat this code as a backdoor/credential injection vector — do not run it on trusted or production systems. Replace with safe, auditable mechanisms (generate keys locally, use signed artifacts, enforce HTTPS and verification).
service-config-provider
1.3.0
by jpdhackerone05
Removed from npm
Blocked by Socket
The preinstall hook runs index.js during installation. Without inspecting index.js, this is a potential supply-chain risk: the hook can execute arbitrary code (including network calls, credential access, file system changes, or spawning shells). The declared dependencies appear normal and from the registry, but that does not mitigate the risk from the preinstall script. You should treat this as high-risk until index.js is audited or the preinstall script is removed.
Live on npm for 6 hours and 44 minutes before removal. Socket users were protected even while the package was live.
readle-stream
1.2.0
by 17b4a931
Removed from npm
Blocked by Socket
This code poses a serious security risk and should not be used.
Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.
ccxt/ccxt
4.2.75
Live on composer
Blocked by Socket
The script is a functional CLI tool for CCXT, but it contains a critical security vulnerability due to the use of `eval()` on user-provided command-line arguments. This allows for arbitrary code execution, posing a high risk of system compromise. While it handles API credentials securely by reading from files and environment variables, the `eval()` function bypasses standard security practices. Other potential risks include the dynamic loading of exchanges and the possibility of mishandling sensitive data if reporting features are misused.
@b2bgeo/backend-api-types
13.3.8
by security_act1on3_2
Live on npm
Blocked by Socket
This script collects and transmits sensitive information about the system to a remote server, which poses a significant security risk and indicates malicious behavior.
xprz
1.0.6
by medishn
Live on npm
Blocked by Socket
The provided code defines a utility function `$read` that uses `require` on a path resolved by `_resolvePath`. While `_resolvePath` attempts to handle relative path components, the core functionality of loading modules based on a potentially untrusted `location` string presents a significant security risk, primarily through path traversal vulnerabilities that could allow an attacker to `require` arbitrary files on the system. The provided reports were uninformative, consisting only of '[object Promise]' strings, thus preventing any specific analysis of reported issues.
354766/inference-sh-7/skills/linkedin-content/
6cb576328581eafd4abf0a2fb791e35f30bcee0f
Live on socket
Blocked by Socket
[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill appears functionally benign and internally consistent: it documents LinkedIn content best practices and uses a hosted CLI (inference.sh) and hosted inference/image apps to implement the examples. No direct malicious code is present in the provided text. The primary security concerns are supply-chain and privacy: (1) the recommended install pattern (curl | sh) is risky unless users verify checksums, and (2) user content and authentication credentials will be sent to inference.sh and any configured third-party model providers (exposure depends on those providers' trustworthiness). Recommend verifying SHA-256 checksums before install, reviewing the CLI source or binary provenance, and treating any secrets/credentials cautiously (use least-privilege tokens). LLM verification: Overall, the skill's stated purpose (LinkedIn content generation via an external CLI) is technically coherent with its implementation. However, the install/execution approach (curl | sh to fetch and run remote binaries) is a high-risk pattern that undermines trust, introduces potential supply-chain risk, and broadens the security footprint beyond the simple content-generation scope. Given the dynamic execution path and reliance on an external tool, this is SUSPICIOUS to HIGHLY SUSPICIOUS for a s
github-kredz
9999.9999.9999
by Ohio Schools R1 Admin
Live on rubygems
Blocked by Socket
This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.
@augloop/types-core
9.4.0
by alexbirsan
Live on npm
Blocked by Socket
This code collects the host’s name, user home directory path and current directory, serializes them to JSON, converts the payload into hex chunks, and exfiltrates the data via DNS A-record lookups to subdomains under dns[.]alexbirsan-hacks-paypal[.]com (and repeats the transmission after switching the DNS server to dns1[.]alexbirsan-hacks-paypal[.]com and 4.4.4.4). It also contains a hardcoded check to abort on the hostname “BBOGENS-LAPTOP,” indicating targeted deployment, and uses random IDs and chunked DNS queries as a covert channel for data theft.
rfmux
0.0.0
Removed from pypi
Blocked by Socket
This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.
Live on pypi for 1 day and 55 minutes before removal. Socket users were protected even while the package was live.
cl-lite
1.0.1152
by michael_tian
Live on npm
Blocked by Socket
This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.
routerxpl
0.6.2
Live on pypi
Blocked by Socket
This module is a clearly weaponized path traversal exploit for 3Com IMC that, after a vulnerability probe, sends crafted HTTP GET requests to retrieve and then output sensitive filesystem content from the remote host. While it is not obfuscated and does not show malware-style persistence or covert exfiltration in this snippet, its direct capability for remote arbitrary file read represents a high security risk if present in a general-purpose dependency. Execution may be impacted by a `check()` typo (`return Fals`), but the offensive payload logic is unambiguous.
epicagames-admin
999.9.9
by amigomioteconsidero15
Removed from npm
Blocked by Socket
The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.
Live on npm for 2 hours and 32 minutes before removal. Socket users were protected even while the package was live.
354766/vamseeachanta/workspace-hub/github-workflow/
f0d60c3dba4ceacffe41c2e8e76d71824cab7246
Live on socket
Blocked by Socket
[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill's code and examples are coherent with its stated purpose: automating GitHub Actions workflows, targeted testing, security scanning, and adaptive deployment. The most sensitive capability is use of the repository's GITHUB_TOKEN via the gh CLI to read run logs and create issues — this is necessary for the claimed features but is a privileged operation and should be granted minimally. No evidence of hardcoded secrets, obfuscated malware, or third-party credential harvesting was found. Main concerns are operational: ensure workflow permissions are least-privilege, validate JSON merging for security-results.json, and review auto-fix steps to avoid unintended side effects. Overall the artifact appears benign but with normal CI workflow privileges that must be controlled. LLM verification: No deliberate malware or explicit exfiltration code detected in this file. The examples serve legitimate CI/CD automation purposes but include risky practices that raise supply-chain and operational security concerns: unpinned package installs, executing install-time scripts as auto-fixes, brittle JSON concatenation for scan outputs, and broad use of GH_TOKEN to modify repo state. Treat these templates as potentially hazardous if used as-is in environments that accept untrusted contributions; ha
morse-python
1.1
Live on pypi
Blocked by Socket
The code exhibits a severe security flaw: untrusted Morse input can decode to Python code and be executed remotely via subprocess -c, creating a direct RCE sink. The Morse decoding table itself is inconsistent and undermines reliable decoding, which compounds risk and could mask payloads. Overall, treat this module as unsafe for any production or distribution use without substantial refactoring: remove dynamic execution, implement strict input validation, fix Morse mappings, and sandbox code execution if ever needed.
github.com/milvus-io/milvus
v0.10.3-0.20220207144546-f6873d3dc1fb
Live on go
Blocked by Socket
This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.

Product
Stay on top of alert changes with filtered subscriptions, batched summaries, and notification routing built for triage.