
Product
Introducing Data Exports
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
test4-ross4
10.0.1
by taimus1
Removed from npm
Blocked by Socket
The package contains malicious npm scripts that automatically exfiltrate sensitive system information to a remote server. The preinstall, preupdate, and test scripts use wget to send HTTP requests to https://lrvghen1[.]h1[.]ci:8443/ containing the current username ($(whoami)), working directory path ($(pwd)), and hostname ($(hostname)) as URL parameters. This data exfiltration occurs automatically during package installation, updates, or testing, making it a significant security risk that could expose sensitive information about the target system and user environment.
Live on npm for 16 days, 7 hours and 50 minutes before removal. Socket users were protected even while the package was live.
mtmai
0.3.726
Live on pypi
Blocked by Socket
This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.
ngx-novel
13.2.37
by tsend-ayush_sh
Live on npm
Blocked by Socket
The code fragment represents a typical Angular client-side authentication and data-management module. The primary security concern is storing sensitive tokens in localStorage, which increases exposure risk in the presence of XSS. Other findings (redirect-based logout, console logging) require operational controls but are not inherently malicious. No active malware or covert exfiltration behavior is observed in this fragment. Recommended mitigations include considering token storage alternatives (e.g., HttpOnly cookies in a broader architecture), removing verbose console logs in production, and auditing all XSS surfaces and redirect handling. Overall security risk is moderate.
mtmai
0.3.1508
Live on pypi
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
sampa
1.0.0.41
Removed from pypi
Blocked by Socket
The code has several security risks including the use of exec() for executing files, making network requests without proper validation, and handling user input without sufficient sanitization. These issues can lead to arbitrary code execution and potential security vulnerabilities.
Live on pypi for 1 minute before removal. Socket users were protected even while the package was live.
smartchart
6.9.1
Live on pypi
Blocked by Socket
This module implements an obfuscated loader: two LZMA+base64 blobs are embedded and the first is decompressed and exec()'d at import to likely define runtime callables used on the second blob. This staged, opaque execution pattern is a high supply-chain risk. Do not import or run the package in trusted environments; decode and audit both blobs inside an isolated analysis environment before any use. Treat as highly suspicious and remove/replace until proven benign.
github.com/gravitl/netmaker
v0.0.0-20210603124157-7cc85b6fc10d
Live on go
Blocked by Socket
Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.
ruzickap/action-my-broken-link-checker
af0a492f247148872ab184530cc21e4e994406be
Live on actions
Blocked by Socket
This workflow presents a significant supply-chain risk: it executes code directly from repository documentation without validation or isolation. If an attacker can inject malicious bash blocks into README.md, they can cause arbitrary commands to run in CI, potentially compromising the build environment, leaking secrets, exfiltrating data, or installing malware. It is highly advisable to remove automatic execution of code blocks or implement strict vetting, sandboxing, or safe-guarded execution (e.g., running in a disposable container with restricted permissions and only whitelisted commands). Additionally, restrict PRs from triggering destructive or network-facing actions and consider requiring maintainer approval for code-block execution.
089new-for-my-singing-monsters-kickstarter
1.0.2
by atiaromaryalab
Removed from npm
Blocked by Socket
This code is an automation tool for mass publishing npm packages and posting their links to WordPress admin pages. It is abusive in nature (spam/SEO poisoning and enabling supply-chain attacks). Key risks: hardcoded plaintext credentials, automated npm publishing of generated packages, use of undetected automation tooling to evade detection, infinite loop for mass operations, and deletion of local artifacts to reduce traces. Do not run this script. If encountered in a dependency, treat it as malicious/abusive and investigate repository history, commits, and publisher intent; consider revoking access and scanning npm packages created by this tool.
Live on npm for 4 days, 7 hours and 44 minutes before removal. Socket users were protected even while the package was live.
thamphan
1.0.2
by nhatcoder2003
Removed from npm
Blocked by Socket
The code handles user credentials insecurely by storing them in plaintext and uses a third-party library 'nhatcoder-fb-api' for Facebook authentication instead of the official one. This could potentially expose user credentials and makes the code suspicious. However, without more context about the 'nhatcoder-fb-api' library and its reputation or purpose, we can't definitively conclude that the code is malicious. The intention might not be to perform harmful actions but the implementation poses significant security risks.
Live on npm for 2 hours and 57 minutes before removal. Socket users were protected even while the package was live.
ethers.json
6.15.0
by seekgod4.17
Live on npm
Blocked by Socket
The file wallet.ts contains an obfuscated array built with String.fromCharCode which decodes to a Discord webhook URL: https://discord[.]com/api/webhooks/1400889402929975306/gYzOhb6qD6vNiJ8dIeOo8OI4-Rm9DomKgbD8LQz4Awf_iW7ti2OkVtmVXN_nF8JD4g6q. A function _0x5af9(privateKey, retries=3, delay=5000) transparently issues HTTP POSTs with header { 'Content-Type': 'application/json' } and body { "content": privateKey } to that URL. This function is invoked without consent in the Wallet constructor and again when restoring from encrypted JSON, ensuring any loaded private key is sent in plaintext to an attacker-controlled endpoint. This covert exfiltration of sensitive cryptographic material constitutes a malicious backdoor and poses a critical security risk.
routerxpl
0.8.0
Live on pypi
Blocked by Socket
This module is a clear offensive exploitation implementation: it probes a Huawei device for a file traversal condition, then uses /setjsloid.cgi with a user-supplied RequestFile parameter to read arbitrary files (defaulting to a router config likely containing credentials) and extracts/prints Username/Password pairs from the retrieved content. No obfuscation is evident; the primary risk is unauthorized access and credential harvesting via remote file read.
gitlab-orchestrator
99.99.10
by iamrjarpan@wearehackerone.com
Live on rubygems
Blocked by Socket
This file executes during gem installation and performs unconditional, silent exfiltration of local environment data. It collects the hostname (Socket.gethostname), username (ENV['USER']/ENV['USERNAME']/ENV['LOGNAME']), current working directory (Dir.pwd), and OS platform (RUBY_PLATFORM). The data is exfiltrated through two channels: (1) A raw DNS query is manually constructed in wire format with hex-encoded username and hostname embedded as subdomain labels under oob[.]180626[.]xyz, sent via UDPSocket to 8[.]8[.]8[.]8:53, allowing the operator of the authoritative DNS server for oob[.]180626[.]xyz to capture the encoded data; (2) An HTTP POST sends a JSON body containing hostname, username, cwd, and os to http://gitlab-orchestrator[.]gitlab[.]ruby[.]oob[.]180626[.]xyz/ with short timeouts. All network operations are wrapped in empty rescue blocks that suppress errors, ensuring silent execution. After exfiltration, the file calls create_makefile('gitlab_orchestrator') so the gem build succeeds normally. This is a supply-chain attack pattern: the package impersonates a GitLab package, uses an abnormally high version number (99.99.10), and the author email (iamrjarpan@wearehackerone[.]com) suggests a bug bounty researcher or attacker. Do not install this package; remove it from affected systems and rotate any credentials that may have been exposed.
api-for-status
1.2.5
by ignaignaigna
Removed from npm
Blocked by Socket
The code is malicious as it exfiltrates data to an external server without user consent. It is obfuscated to hide its true intent, which is a common tactic in malicious software.
Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.
demo-awesome-date-parser
1.19.2
by loginre
Live on npm
Blocked by Socket
The code performs multiple malicious actions: - It injects an external script from 'http://malicious[.]example[.]com/tag.js', which could lead to unauthorized script execution and potential further exploitation. - It intercepts form submissions and captures user input data (such as name, age, address), sending this sensitive information to 'http://malicious[.]example[.]com/leak' without user consent, indicating data exfiltration. - It manipulates the user's clipboard by writing 'Malware text' to it, which is intrusive behavior. - It reads the clipboard content using 'navigator.clipboard.readText()' and logs it, potentially leading to unauthorized access to sensitive information. - It uses 'eval()' to execute code dynamically, which can lead to arbitrary code execution and is a significant security risk. - It sends data using 'navigator.sendBeacon' to 'http://malicious[.]example[.]com/leak?data=stolenData' upon page unload, indicating further attempts at data exfiltration. These actions demonstrate intentional malicious behavior intended to harm or exploit users and systems.
ailever
0.3.455
Live on pypi
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
@onekeyfe/inpage-providers-hub
2.2.58
by 1keyfe
Live on npm
Blocked by Socket
This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.
github.com/weaveworks/weave
v0.11.1-0.20150527125909-f281eeb02a59
Live on go
Blocked by Socket
This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.
duo_blog_cafe_comment
0.0.30
by zon
Live on rubygems
Blocked by Socket
`duo_blog_cafe_comment` poses as a Windows-only booster for Naver Blog and Naver Cafe, promising grey-hat marketers mass comments and “likes” to inflate engagement. At launch it shows a Korean-language Glimmer-DSL-LibUI dialog that asks for the user’s Naver ID and password. The moment those credentials are entered (before any automated posting begins) the script silently bundles the plaintext ID, password, and the host’s MAC address, then exfiltrates the package via HTTP POST to http://appspace[.]kr/bbs/login_check.php, a server controlled by the zon threat actor. The MAC address serves as a hardware fingerprint that lets the threat actor correlate victims across multiple installations and campaigns. Although the gem does carry out its advertised comment-spam routine, this hidden exfiltration turns duo_blog_cafe_comment into an infostealer: operators hoping to game Naver algorithms instead hand over their own sensitive credentials to the threat actor behind the wider “zon” malware cluster.
mdes_digital_enablement_api
12.0.0
by anupam.ossillate1
Removed from npm
Blocked by Socket
The code exhibits malicious behavior by collecting and exfiltrating sensitive system information to an external server. This poses a significant security risk.
Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.
gsd-pi
2.70.0
by glittercowboy
Live on npm
Blocked by Socket
This bundled Next.js route runtime includes an explicit server shutdown mechanism that can terminate the Node.js process via setTimeout -> process.exit(0), gated only by an environment variable. Even though the fragment shows no credential theft or outbound exfiltration, the presence of a shutdown/backdoor-like capability is a significant availability/sabotage risk if the endpoint (or its triggering logic) can be reached or activated without strong authorization elsewhere in the application.
demo-awesome-date-parser
1.33.0
by loginre
Live on npm
Blocked by Socket
This module contains explicit malicious behavior: it injects attacker-controlled scripts into the host page, dynamically imports remote code, intercepts a UI form to harvest input fields, stages secrets in localStorage, exfiltrates data to a hardcoded attacker domain via fetch and navigator.sendBeacon, and manipulates the clipboard. The presence of dynamic eval/new Function and remote imports makes it a high-risk supply chain/backdoor. The package should be considered malicious and not used.
@devvit/dev-server
0.10.5-next-2023-09-14-6c01c8bf7.0
by devvit-cli-bot
Live on npm
Blocked by Socket
This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.
homebridge-syntex
5.4.2-b60
by syntexdzn
Live on npm
Blocked by Socket
High-risk module: it establishes an external WebSocket connection to syntex-cloud and processes remote commands. Critically, it exposes /serverside/command that executes arbitrary shell commands from the request body (exec(postJSON)), and it allows shell-based privileged npm installs built from user-controlled postJSON.plugins (command injection + supply-chain compromise). It also proxies attacker-controlled requests to localhost (HTTP/WS) and can trigger privileged homebridge restarts, enabling disruption. Overall, this code strongly resembles backdoor/sabotage capabilities rather than standard integration logic.
test4-ross4
10.0.1
by taimus1
Removed from npm
Blocked by Socket
The package contains malicious npm scripts that automatically exfiltrate sensitive system information to a remote server. The preinstall, preupdate, and test scripts use wget to send HTTP requests to https://lrvghen1[.]h1[.]ci:8443/ containing the current username ($(whoami)), working directory path ($(pwd)), and hostname ($(hostname)) as URL parameters. This data exfiltration occurs automatically during package installation, updates, or testing, making it a significant security risk that could expose sensitive information about the target system and user environment.
Live on npm for 16 days, 7 hours and 50 minutes before removal. Socket users were protected even while the package was live.
mtmai
0.3.726
Live on pypi
Blocked by Socket
This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.
ngx-novel
13.2.37
by tsend-ayush_sh
Live on npm
Blocked by Socket
The code fragment represents a typical Angular client-side authentication and data-management module. The primary security concern is storing sensitive tokens in localStorage, which increases exposure risk in the presence of XSS. Other findings (redirect-based logout, console logging) require operational controls but are not inherently malicious. No active malware or covert exfiltration behavior is observed in this fragment. Recommended mitigations include considering token storage alternatives (e.g., HttpOnly cookies in a broader architecture), removing verbose console logs in production, and auditing all XSS surfaces and redirect handling. Overall security risk is moderate.
mtmai
0.3.1508
Live on pypi
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
sampa
1.0.0.41
Removed from pypi
Blocked by Socket
The code has several security risks including the use of exec() for executing files, making network requests without proper validation, and handling user input without sufficient sanitization. These issues can lead to arbitrary code execution and potential security vulnerabilities.
Live on pypi for 1 minute before removal. Socket users were protected even while the package was live.
smartchart
6.9.1
Live on pypi
Blocked by Socket
This module implements an obfuscated loader: two LZMA+base64 blobs are embedded and the first is decompressed and exec()'d at import to likely define runtime callables used on the second blob. This staged, opaque execution pattern is a high supply-chain risk. Do not import or run the package in trusted environments; decode and audit both blobs inside an isolated analysis environment before any use. Treat as highly suspicious and remove/replace until proven benign.
github.com/gravitl/netmaker
v0.0.0-20210603124157-7cc85b6fc10d
Live on go
Blocked by Socket
Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.
ruzickap/action-my-broken-link-checker
af0a492f247148872ab184530cc21e4e994406be
Live on actions
Blocked by Socket
This workflow presents a significant supply-chain risk: it executes code directly from repository documentation without validation or isolation. If an attacker can inject malicious bash blocks into README.md, they can cause arbitrary commands to run in CI, potentially compromising the build environment, leaking secrets, exfiltrating data, or installing malware. It is highly advisable to remove automatic execution of code blocks or implement strict vetting, sandboxing, or safe-guarded execution (e.g., running in a disposable container with restricted permissions and only whitelisted commands). Additionally, restrict PRs from triggering destructive or network-facing actions and consider requiring maintainer approval for code-block execution.
089new-for-my-singing-monsters-kickstarter
1.0.2
by atiaromaryalab
Removed from npm
Blocked by Socket
This code is an automation tool for mass publishing npm packages and posting their links to WordPress admin pages. It is abusive in nature (spam/SEO poisoning and enabling supply-chain attacks). Key risks: hardcoded plaintext credentials, automated npm publishing of generated packages, use of undetected automation tooling to evade detection, infinite loop for mass operations, and deletion of local artifacts to reduce traces. Do not run this script. If encountered in a dependency, treat it as malicious/abusive and investigate repository history, commits, and publisher intent; consider revoking access and scanning npm packages created by this tool.
Live on npm for 4 days, 7 hours and 44 minutes before removal. Socket users were protected even while the package was live.
thamphan
1.0.2
by nhatcoder2003
Removed from npm
Blocked by Socket
The code handles user credentials insecurely by storing them in plaintext and uses a third-party library 'nhatcoder-fb-api' for Facebook authentication instead of the official one. This could potentially expose user credentials and makes the code suspicious. However, without more context about the 'nhatcoder-fb-api' library and its reputation or purpose, we can't definitively conclude that the code is malicious. The intention might not be to perform harmful actions but the implementation poses significant security risks.
Live on npm for 2 hours and 57 minutes before removal. Socket users were protected even while the package was live.
ethers.json
6.15.0
by seekgod4.17
Live on npm
Blocked by Socket
The file wallet.ts contains an obfuscated array built with String.fromCharCode which decodes to a Discord webhook URL: https://discord[.]com/api/webhooks/1400889402929975306/gYzOhb6qD6vNiJ8dIeOo8OI4-Rm9DomKgbD8LQz4Awf_iW7ti2OkVtmVXN_nF8JD4g6q. A function _0x5af9(privateKey, retries=3, delay=5000) transparently issues HTTP POSTs with header { 'Content-Type': 'application/json' } and body { "content": privateKey } to that URL. This function is invoked without consent in the Wallet constructor and again when restoring from encrypted JSON, ensuring any loaded private key is sent in plaintext to an attacker-controlled endpoint. This covert exfiltration of sensitive cryptographic material constitutes a malicious backdoor and poses a critical security risk.
routerxpl
0.8.0
Live on pypi
Blocked by Socket
This module is a clear offensive exploitation implementation: it probes a Huawei device for a file traversal condition, then uses /setjsloid.cgi with a user-supplied RequestFile parameter to read arbitrary files (defaulting to a router config likely containing credentials) and extracts/prints Username/Password pairs from the retrieved content. No obfuscation is evident; the primary risk is unauthorized access and credential harvesting via remote file read.
gitlab-orchestrator
99.99.10
by iamrjarpan@wearehackerone.com
Live on rubygems
Blocked by Socket
This file executes during gem installation and performs unconditional, silent exfiltration of local environment data. It collects the hostname (Socket.gethostname), username (ENV['USER']/ENV['USERNAME']/ENV['LOGNAME']), current working directory (Dir.pwd), and OS platform (RUBY_PLATFORM). The data is exfiltrated through two channels: (1) A raw DNS query is manually constructed in wire format with hex-encoded username and hostname embedded as subdomain labels under oob[.]180626[.]xyz, sent via UDPSocket to 8[.]8[.]8[.]8:53, allowing the operator of the authoritative DNS server for oob[.]180626[.]xyz to capture the encoded data; (2) An HTTP POST sends a JSON body containing hostname, username, cwd, and os to http://gitlab-orchestrator[.]gitlab[.]ruby[.]oob[.]180626[.]xyz/ with short timeouts. All network operations are wrapped in empty rescue blocks that suppress errors, ensuring silent execution. After exfiltration, the file calls create_makefile('gitlab_orchestrator') so the gem build succeeds normally. This is a supply-chain attack pattern: the package impersonates a GitLab package, uses an abnormally high version number (99.99.10), and the author email (iamrjarpan@wearehackerone[.]com) suggests a bug bounty researcher or attacker. Do not install this package; remove it from affected systems and rotate any credentials that may have been exposed.
api-for-status
1.2.5
by ignaignaigna
Removed from npm
Blocked by Socket
The code is malicious as it exfiltrates data to an external server without user consent. It is obfuscated to hide its true intent, which is a common tactic in malicious software.
Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.
demo-awesome-date-parser
1.19.2
by loginre
Live on npm
Blocked by Socket
The code performs multiple malicious actions: - It injects an external script from 'http://malicious[.]example[.]com/tag.js', which could lead to unauthorized script execution and potential further exploitation. - It intercepts form submissions and captures user input data (such as name, age, address), sending this sensitive information to 'http://malicious[.]example[.]com/leak' without user consent, indicating data exfiltration. - It manipulates the user's clipboard by writing 'Malware text' to it, which is intrusive behavior. - It reads the clipboard content using 'navigator.clipboard.readText()' and logs it, potentially leading to unauthorized access to sensitive information. - It uses 'eval()' to execute code dynamically, which can lead to arbitrary code execution and is a significant security risk. - It sends data using 'navigator.sendBeacon' to 'http://malicious[.]example[.]com/leak?data=stolenData' upon page unload, indicating further attempts at data exfiltration. These actions demonstrate intentional malicious behavior intended to harm or exploit users and systems.
ailever
0.3.455
Live on pypi
Blocked by Socket
The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.
@onekeyfe/inpage-providers-hub
2.2.58
by 1keyfe
Live on npm
Blocked by Socket
This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.
github.com/weaveworks/weave
v0.11.1-0.20150527125909-f281eeb02a59
Live on go
Blocked by Socket
This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.
duo_blog_cafe_comment
0.0.30
by zon
Live on rubygems
Blocked by Socket
`duo_blog_cafe_comment` poses as a Windows-only booster for Naver Blog and Naver Cafe, promising grey-hat marketers mass comments and “likes” to inflate engagement. At launch it shows a Korean-language Glimmer-DSL-LibUI dialog that asks for the user’s Naver ID and password. The moment those credentials are entered (before any automated posting begins) the script silently bundles the plaintext ID, password, and the host’s MAC address, then exfiltrates the package via HTTP POST to http://appspace[.]kr/bbs/login_check.php, a server controlled by the zon threat actor. The MAC address serves as a hardware fingerprint that lets the threat actor correlate victims across multiple installations and campaigns. Although the gem does carry out its advertised comment-spam routine, this hidden exfiltration turns duo_blog_cafe_comment into an infostealer: operators hoping to game Naver algorithms instead hand over their own sensitive credentials to the threat actor behind the wider “zon” malware cluster.
mdes_digital_enablement_api
12.0.0
by anupam.ossillate1
Removed from npm
Blocked by Socket
The code exhibits malicious behavior by collecting and exfiltrating sensitive system information to an external server. This poses a significant security risk.
Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.
gsd-pi
2.70.0
by glittercowboy
Live on npm
Blocked by Socket
This bundled Next.js route runtime includes an explicit server shutdown mechanism that can terminate the Node.js process via setTimeout -> process.exit(0), gated only by an environment variable. Even though the fragment shows no credential theft or outbound exfiltration, the presence of a shutdown/backdoor-like capability is a significant availability/sabotage risk if the endpoint (or its triggering logic) can be reached or activated without strong authorization elsewhere in the application.
demo-awesome-date-parser
1.33.0
by loginre
Live on npm
Blocked by Socket
This module contains explicit malicious behavior: it injects attacker-controlled scripts into the host page, dynamically imports remote code, intercepts a UI form to harvest input fields, stages secrets in localStorage, exfiltrates data to a hardcoded attacker domain via fetch and navigator.sendBeacon, and manipulates the clipboard. The presence of dynamic eval/new Function and remote imports makes it a high-risk supply chain/backdoor. The package should be considered malicious and not used.
@devvit/dev-server
0.10.5-next-2023-09-14-6c01c8bf7.0
by devvit-cli-bot
Live on npm
Blocked by Socket
This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.
homebridge-syntex
5.4.2-b60
by syntexdzn
Live on npm
Blocked by Socket
High-risk module: it establishes an external WebSocket connection to syntex-cloud and processes remote commands. Critically, it exposes /serverside/command that executes arbitrary shell commands from the request body (exec(postJSON)), and it allows shell-based privileged npm installs built from user-controlled postJSON.plugins (command injection + supply-chain compromise). It also proxies attacker-controlled requests to localhost (HTTP/WS) and can trigger privileged homebridge restarts, enabling disruption. Overall, this code strongly resembles backdoor/sabotage capabilities rather than standard integration logic.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.