
Research
/Security News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
bluelamp-ai
1.4.0
Live on pypi
Blocked by Socket
This function contains high-risk insecure operations. Primary issue is unescaped shell execution of user-controlled values (multiple command-injection opportunities). It also performs risky system modifications (appending to /etc/sudoers, creating a user in root group) that can grant or escalate privileges or corrupt system configuration. No clear signs of deliberate malware, but the code is dangerous and should not be used as-is. Remediation: validate and strictly canonicalize inputs; avoid shell=True and pass command arguments as a list to subprocess.run; use secure APIs (e.g., os.mkdir/os.chown where possible), use visudo or safer editing for sudoers, remove adding user to root group unless required, and fix the final 'return Non' bug. Consider least-privilege execution and explicit authorization checks before making system changes.
mtmai
0.3.1238
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
ehua/tdkdog
1.0
Live on composer
Blocked by Socket
The code acts as a provisioning mechanism for FRP-based reverse tunnels by writing frpc.ini, a looping batch launcher, and a registry protocol file into the webroot. While FRP itself can be legitimate, this pattern enables a backdoor-like capability: exposing internal services to an external FRP server and enabling persistent remote access. Key risks: unvalidated DB/request data controls tunnel definitions and server address, artifacts placed in public directory increase exposure, and the registry protocol launch is an unusual persistence/activation vector. Mitigations: restrict access to these endpoints to trusted admins, validate and restrict DB-provided IP/port values, avoid placing launchers in a public webroot, do not auto-generate protocol handlers, and log/alert changes to these configuration artifacts. Treat this module as high-risk and review usage and access controls before deployment.
mgcomtools
0.1.100
Live on pypi
Blocked by Socket
This file contains a function that processes an input message by printing it locally and sending it via an HTTP POST request to an external API endpoint (https://api.example.com/bot<TOKEN>/sendMessage?chat_id=<CHANNEL_ID>&text=<MESSAGE>). The function uses hardcoded sensitive credentials—a bot token and channel ID—which, if compromised, could allow an attacker to exfiltrate data from systems where the code is deployed. By automatically forwarding any given message to a predetermined external channel, the function establishes a covert channel for data leakage, presenting a significant security risk.
ayecue.greybel-vs
2.6.47
Live on openvsx
Blocked by Socket
The JavaScript fragment exhibits strong indicators of a malicious payload or backdoor-like component: heavy obfuscation, dynamic execution, and extensive network/IPC-oriented sinks that can exfiltrate data or enable remote control. It is not suitable for inclusion in production dependencies without thorough provenance, isolation, and targeted removal. Recommended actions: treat as high-risk; blacklist or replace with trusted, audited equivalents; request vendor disclosure and supply-chain verification before reintroduction.
groove-dev
0.22.26
by groove-ai
Live on npm
Blocked by Socket
This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.
bluelamp-ai
1.0.2
Live on pypi
Blocked by Socket
This module unambiguously hides and executes a compressed base64-encoded Python payload via exec. That is a high-risk anti-analysis pattern and should be treated as potentially malicious until the embedded payload is fully decoded and audited in a safe environment. Do not run this module in production or on sensitive hosts. Extract and review the decoded source to assess true intent and functionality.
ember-js-buy
1.0.0
by nomakta
Live on npm
Blocked by Socket
The code is designed to exfiltrate system and environment data to an external domain without user consent, which is indicative of malicious behavior. The use of DNS queries for data transmission is unusual and raises security concerns.
tplus-portaltouch
3.56.1
by tplus
Live on npm
Blocked by Socket
This file contains a malicious React router component that implements a supply chain attack through navigation data exfiltration. The code appears to be a legitimate StaticRouter component but secretly intercepts all user navigation events (push, replace, go, goBack, goForward) through the globalHistoryHandler function and forwards them to an external package 'mutants-microfx'. Every navigation action is captured and sent to _mutantsMicrofx.history methods, creating a covert channel for stealing user browsing patterns and routing information. The malicious functionality is disguised within standard React Router patterns, making it difficult to detect during code reviews. Any application using this component would unknowingly transmit all navigation data to the external package without user consent or awareness.
pkscreener
0.45.20240906.550
Live on pypi
Blocked by Socket
This module implements covert telemetry/exfiltration: it gathers local user identifiers and IP-derived location and pushes them to a hardcoded external GitHub repository, doing so silently and with trivial obfuscation. This is privacy-invasive and constitutes a supply-chain risk. Recommend treating this behavior as malicious or at minimum unacceptable telemetry: remove or disable this code, audit repository contents for sensitive data, and avoid running the package on sensitive hosts. Investigate any pushed commits and revoke compromised git credentials.
yaaaf
0.0.2
Live on pypi
Blocked by Socket
This module intentionally executes python code extracted from LLM/client responses and injects local artefacts (dataframe and model) into that execution environment. That design creates a high-risk code-execution and data-exfiltration vector: a malicious or compromised LLM response can run arbitrary operations (file/network/OS access) and leak data back via captured stdout or assistant utterances. No obfuscation or hidden credentials found, but the exec usage on untrusted input makes this unsafe for untrusted LLMs or unverified content without significant sandboxing or restrictions. Recommend treating this as dangerous in its current form and implementing strong sandboxing or removing exec-based workflow.
bapy
1.0.32
Live on pypi
Blocked by Socket
This script programmatically grants passwordless sudo to multiple groups and users and disables sudo logging for them. It requires a plaintext PASSWORD to be supplied (via env or arg) and uses it to perform privileged writes to /etc/sudoers.d. While it could be used for legitimate automation, the combination of NOPASSWD:ALL and disabled logging constitutes a high-risk action that can provide persistence and stealthy privilege escalation. Inclusion in a codebase or supply chain without strict review and justification should be treated as dangerous and unacceptable for general use.
github.com/sourcegraph/sourcegraph
v0.0.0-20220401070916-1ed408a6c609
Live on go
Blocked by Socket
This module is overtly destructive: it intentionally corrupts every .zip file in a user-supplied directory by truncating and writing junk data. There is no benign archive processing logic, no safety gates, and error handling can silently suppress failures. If included in a build or distribution pipeline, it represents a high-confidence supply-chain sabotage risk to artifact integrity/availability.
roboidai
1.1.19
Live on pypi
Blocked by Socket
This module intentionally conceals and executes an embedded Python payload at import time via multiple obfuscation layers (ROT13 + base64 + hex-escaped eval for identifiers) and eval(compile(...,'exec')). That pattern enables arbitrary code execution in any process that imports the module and is a high-risk supply-chain/backdoor indicator. Do not import or run this module in trusted environments. Decode the assembled 'trust' payload in an isolated sandbox and perform a full static review of the decoded code before considering use.
hackme
0.2.0
Live on pypi
Blocked by Socket
This module is an explicit ARP spoofing / MITM implementation: it crafts and transmits forged ARP replies to a victim and a gateway using raw Ethernet frames. As written it contains small coding errors (undefined variable/typo) that would prevent successful execution, but the logic and comments clearly indicate malicious intent. Inclusion in a codebase or dependency is high-risk: if executed with elevated privileges it will actively poison ARP caches on the LAN, enabling interception or disruption of traffic. Treat this code as dangerous; do not run it in production or on networks you do not own or administer.
@whalent/agent
0.2.11
by whalent
Live on npm
Blocked by Socket
A heavily obfuscated JavaScript daemon/agent in package/dist/index.cjs functions as a backdoor with a WebSocket connection to a remote gateway, accepting remote commands to spawn and interact with PTY shells, perform arbitrary filesystem operations, manage its own lifecycle (restart, kill workers) and upgrade itself via execSync. Although some descriptions frame it as potentially legitimate, the combination of obfuscation, remote administration, and upgrade capabilities constitutes a high-risk threat requiring thorough auditing and hardened controls.
@smule/core
900.1.1
by neversummer.69
Live on npm
Blocked by Socket
This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.
coderun-cli
1.0.6
by luxian
Removed from npm
Blocked by Socket
This appears to be a standard, minified frontend bundle (React DOM reconciler plus styling and utilities). No clear malicious behavior (backdoor, credential harvesting, eval-based code injection, or network exfiltration to suspicious domains) is present in the provided fragment. The main security considerations are typical for such libraries: dynamic asset loading (ensure assets are from trusted origins and, if possible, use integrity checks), and careful handling of any dangerouslySetInnerHTML or untrusted HTML. Recommend verifying the package origin and asset hosting integrity to mitigate supply-chain risks.
Live on npm for 14 hours and 6 minutes before removal. Socket users were protected even while the package was live.
kfsd
0.0.202
Live on pypi
Blocked by Socket
This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.
noierrdev-antoine-tx-engine
0.1.8
Live on cargo
Blocked by Socket
This module appends an implicit transfer to one of several hardcoded accounts, which is characteristic of covert siphoning of funds. There is no unsafe or low-level memory risk, but the economic behavior is suspicious: silently adding a transfer to fixed external addresses is likely malicious in most contexts (or at best a poor/unsafe design if undocumented). Treat this code as potentially malicious if found in client-side or server-side code that builds user transactions; audit call sites and remove or make tipping explicit and configurable.
sap-ac
0.0.1
by abdallaeg2
Removed from npm
Blocked by Socket
The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.
Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.
load-image-meta
9.768.488
Removed from npm
Blocked by Socket
The code is obfuscated and performs actions typical of data exfiltration, such as collecting environment variables and sending them to a remote server. This behavior is indicative of malicious intent.
Live on npm for 1 hour before removal. Socket users were protected even while the package was live.
mcpsec
2.7.1
Live on pypi
Blocked by Socket
This module is an explicit exploit/playbook for path traversal and arbitrary file read with payloads targeting highly sensitive files and AI prompts to escalate attacks. While declarative and not executing I/O itself, it is a high-risk artifact: if integrated into an executor it enables credential and secret exfiltration. Treat as offensive tooling — only allow in authorized, controlled red-team or testing environments with strict access controls and auditing.
api-ts-utils
2.1.3
by ffffrakyevin
Live on npm
Blocked by Socket
This code is highly indicative of malicious clipboard-stealing software. It repeatedly reads the Windows clipboard using hidden PowerShell/WinForms calls, optionally logs captured contents to disk, and exfiltrates clipboard changes via an unauthenticated POST to a hardcoded remote HTTPS endpoint. It also includes stealthy detached relaunch behavior and a singleton lock with PID-killing to keep the collector running reliably. Use should be blocked and the surrounding package/install workflow should be investigated for additional payloads or persistence mechanisms.
ailever
0.3.281
Live on pypi
Blocked by Socket
The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).
bluelamp-ai
1.4.0
Live on pypi
Blocked by Socket
This function contains high-risk insecure operations. Primary issue is unescaped shell execution of user-controlled values (multiple command-injection opportunities). It also performs risky system modifications (appending to /etc/sudoers, creating a user in root group) that can grant or escalate privileges or corrupt system configuration. No clear signs of deliberate malware, but the code is dangerous and should not be used as-is. Remediation: validate and strictly canonicalize inputs; avoid shell=True and pass command arguments as a list to subprocess.run; use secure APIs (e.g., os.mkdir/os.chown where possible), use visudo or safer editing for sudoers, remove adding user to root group unless required, and fix the final 'return Non' bug. Consider least-privilege execution and explicit authorization checks before making system changes.
mtmai
0.3.1238
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
ehua/tdkdog
1.0
Live on composer
Blocked by Socket
The code acts as a provisioning mechanism for FRP-based reverse tunnels by writing frpc.ini, a looping batch launcher, and a registry protocol file into the webroot. While FRP itself can be legitimate, this pattern enables a backdoor-like capability: exposing internal services to an external FRP server and enabling persistent remote access. Key risks: unvalidated DB/request data controls tunnel definitions and server address, artifacts placed in public directory increase exposure, and the registry protocol launch is an unusual persistence/activation vector. Mitigations: restrict access to these endpoints to trusted admins, validate and restrict DB-provided IP/port values, avoid placing launchers in a public webroot, do not auto-generate protocol handlers, and log/alert changes to these configuration artifacts. Treat this module as high-risk and review usage and access controls before deployment.
mgcomtools
0.1.100
Live on pypi
Blocked by Socket
This file contains a function that processes an input message by printing it locally and sending it via an HTTP POST request to an external API endpoint (https://api.example.com/bot<TOKEN>/sendMessage?chat_id=<CHANNEL_ID>&text=<MESSAGE>). The function uses hardcoded sensitive credentials—a bot token and channel ID—which, if compromised, could allow an attacker to exfiltrate data from systems where the code is deployed. By automatically forwarding any given message to a predetermined external channel, the function establishes a covert channel for data leakage, presenting a significant security risk.
ayecue.greybel-vs
2.6.47
Live on openvsx
Blocked by Socket
The JavaScript fragment exhibits strong indicators of a malicious payload or backdoor-like component: heavy obfuscation, dynamic execution, and extensive network/IPC-oriented sinks that can exfiltrate data or enable remote control. It is not suitable for inclusion in production dependencies without thorough provenance, isolation, and targeted removal. Recommended actions: treat as high-risk; blacklist or replace with trusted, audited equivalents; request vendor disclosure and supply-chain verification before reintroduction.
groove-dev
0.22.26
by groove-ai
Live on npm
Blocked by Socket
This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.
bluelamp-ai
1.0.2
Live on pypi
Blocked by Socket
This module unambiguously hides and executes a compressed base64-encoded Python payload via exec. That is a high-risk anti-analysis pattern and should be treated as potentially malicious until the embedded payload is fully decoded and audited in a safe environment. Do not run this module in production or on sensitive hosts. Extract and review the decoded source to assess true intent and functionality.
ember-js-buy
1.0.0
by nomakta
Live on npm
Blocked by Socket
The code is designed to exfiltrate system and environment data to an external domain without user consent, which is indicative of malicious behavior. The use of DNS queries for data transmission is unusual and raises security concerns.
tplus-portaltouch
3.56.1
by tplus
Live on npm
Blocked by Socket
This file contains a malicious React router component that implements a supply chain attack through navigation data exfiltration. The code appears to be a legitimate StaticRouter component but secretly intercepts all user navigation events (push, replace, go, goBack, goForward) through the globalHistoryHandler function and forwards them to an external package 'mutants-microfx'. Every navigation action is captured and sent to _mutantsMicrofx.history methods, creating a covert channel for stealing user browsing patterns and routing information. The malicious functionality is disguised within standard React Router patterns, making it difficult to detect during code reviews. Any application using this component would unknowingly transmit all navigation data to the external package without user consent or awareness.
pkscreener
0.45.20240906.550
Live on pypi
Blocked by Socket
This module implements covert telemetry/exfiltration: it gathers local user identifiers and IP-derived location and pushes them to a hardcoded external GitHub repository, doing so silently and with trivial obfuscation. This is privacy-invasive and constitutes a supply-chain risk. Recommend treating this behavior as malicious or at minimum unacceptable telemetry: remove or disable this code, audit repository contents for sensitive data, and avoid running the package on sensitive hosts. Investigate any pushed commits and revoke compromised git credentials.
yaaaf
0.0.2
Live on pypi
Blocked by Socket
This module intentionally executes python code extracted from LLM/client responses and injects local artefacts (dataframe and model) into that execution environment. That design creates a high-risk code-execution and data-exfiltration vector: a malicious or compromised LLM response can run arbitrary operations (file/network/OS access) and leak data back via captured stdout or assistant utterances. No obfuscation or hidden credentials found, but the exec usage on untrusted input makes this unsafe for untrusted LLMs or unverified content without significant sandboxing or restrictions. Recommend treating this as dangerous in its current form and implementing strong sandboxing or removing exec-based workflow.
bapy
1.0.32
Live on pypi
Blocked by Socket
This script programmatically grants passwordless sudo to multiple groups and users and disables sudo logging for them. It requires a plaintext PASSWORD to be supplied (via env or arg) and uses it to perform privileged writes to /etc/sudoers.d. While it could be used for legitimate automation, the combination of NOPASSWD:ALL and disabled logging constitutes a high-risk action that can provide persistence and stealthy privilege escalation. Inclusion in a codebase or supply chain without strict review and justification should be treated as dangerous and unacceptable for general use.
github.com/sourcegraph/sourcegraph
v0.0.0-20220401070916-1ed408a6c609
Live on go
Blocked by Socket
This module is overtly destructive: it intentionally corrupts every .zip file in a user-supplied directory by truncating and writing junk data. There is no benign archive processing logic, no safety gates, and error handling can silently suppress failures. If included in a build or distribution pipeline, it represents a high-confidence supply-chain sabotage risk to artifact integrity/availability.
roboidai
1.1.19
Live on pypi
Blocked by Socket
This module intentionally conceals and executes an embedded Python payload at import time via multiple obfuscation layers (ROT13 + base64 + hex-escaped eval for identifiers) and eval(compile(...,'exec')). That pattern enables arbitrary code execution in any process that imports the module and is a high-risk supply-chain/backdoor indicator. Do not import or run this module in trusted environments. Decode the assembled 'trust' payload in an isolated sandbox and perform a full static review of the decoded code before considering use.
hackme
0.2.0
Live on pypi
Blocked by Socket
This module is an explicit ARP spoofing / MITM implementation: it crafts and transmits forged ARP replies to a victim and a gateway using raw Ethernet frames. As written it contains small coding errors (undefined variable/typo) that would prevent successful execution, but the logic and comments clearly indicate malicious intent. Inclusion in a codebase or dependency is high-risk: if executed with elevated privileges it will actively poison ARP caches on the LAN, enabling interception or disruption of traffic. Treat this code as dangerous; do not run it in production or on networks you do not own or administer.
@whalent/agent
0.2.11
by whalent
Live on npm
Blocked by Socket
A heavily obfuscated JavaScript daemon/agent in package/dist/index.cjs functions as a backdoor with a WebSocket connection to a remote gateway, accepting remote commands to spawn and interact with PTY shells, perform arbitrary filesystem operations, manage its own lifecycle (restart, kill workers) and upgrade itself via execSync. Although some descriptions frame it as potentially legitimate, the combination of obfuscation, remote administration, and upgrade capabilities constitutes a high-risk threat requiring thorough auditing and hardened controls.
@smule/core
900.1.1
by neversummer.69
Live on npm
Blocked by Socket
This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.
coderun-cli
1.0.6
by luxian
Removed from npm
Blocked by Socket
This appears to be a standard, minified frontend bundle (React DOM reconciler plus styling and utilities). No clear malicious behavior (backdoor, credential harvesting, eval-based code injection, or network exfiltration to suspicious domains) is present in the provided fragment. The main security considerations are typical for such libraries: dynamic asset loading (ensure assets are from trusted origins and, if possible, use integrity checks), and careful handling of any dangerouslySetInnerHTML or untrusted HTML. Recommend verifying the package origin and asset hosting integrity to mitigate supply-chain risks.
Live on npm for 14 hours and 6 minutes before removal. Socket users were protected even while the package was live.
kfsd
0.0.202
Live on pypi
Blocked by Socket
This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.
noierrdev-antoine-tx-engine
0.1.8
Live on cargo
Blocked by Socket
This module appends an implicit transfer to one of several hardcoded accounts, which is characteristic of covert siphoning of funds. There is no unsafe or low-level memory risk, but the economic behavior is suspicious: silently adding a transfer to fixed external addresses is likely malicious in most contexts (or at best a poor/unsafe design if undocumented). Treat this code as potentially malicious if found in client-side or server-side code that builds user transactions; audit call sites and remove or make tipping explicit and configurable.
sap-ac
0.0.1
by abdallaeg2
Removed from npm
Blocked by Socket
The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.
Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.
load-image-meta
9.768.488
Removed from npm
Blocked by Socket
The code is obfuscated and performs actions typical of data exfiltration, such as collecting environment variables and sending them to a remote server. This behavior is indicative of malicious intent.
Live on npm for 1 hour before removal. Socket users were protected even while the package was live.
mcpsec
2.7.1
Live on pypi
Blocked by Socket
This module is an explicit exploit/playbook for path traversal and arbitrary file read with payloads targeting highly sensitive files and AI prompts to escalate attacks. While declarative and not executing I/O itself, it is a high-risk artifact: if integrated into an executor it enables credential and secret exfiltration. Treat as offensive tooling — only allow in authorized, controlled red-team or testing environments with strict access controls and auditing.
api-ts-utils
2.1.3
by ffffrakyevin
Live on npm
Blocked by Socket
This code is highly indicative of malicious clipboard-stealing software. It repeatedly reads the Windows clipboard using hidden PowerShell/WinForms calls, optionally logs captured contents to disk, and exfiltrates clipboard changes via an unauthenticated POST to a hardcoded remote HTTPS endpoint. It also includes stealthy detached relaunch behavior and a singleton lock with PID-killing to keep the collector running reliably. Use should be blocked and the surrounding package/install workflow should be investigated for additional payloads or persistence mechanisms.
ailever
0.3.281
Live on pypi
Blocked by Socket
The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.

Product
Stay on top of alert changes with filtered subscriptions, batched summaries, and notification routing built for triage.