Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

cl-lite

1.0.1360

by michael_tian

Live on npm

Blocked by Socket

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

github.com/ysrc/xunfeng

v0.2.0

Live on go

Blocked by Socket

This code fragment is structured as an exploit/probing module targeting remote command execution: it sends a crafted TCP payload containing an `nslookup` command with a randomized token, then waits and verifies success via an out-of-band HTTP logging endpoint that should return 'YES' for that token. While the payload-construction line appears corrupted (which may prevent it from functioning as-is) and the __main__ invocation looks malformed, the overall design and behavior patterns strongly indicate malicious/weaponized scanning capability rather than legitimate debugging.

github.com/weaveworks/weave

v0.11.1-0.20150610205640-2eb39d962af8

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

phone-mcp

0.1.8

Removed from pypi

Blocked by Socket

This module is an MCP agent exposing many powerful device-control and data-access endpoints over stdio. The snippet contains no explicit obfuscation or hardcoded secrets and no direct evidence of malicious payloads inside this file, but it creates a high-risk remote-control surface. If the stdio transport or the MCP controller is not strongly authenticated and isolated, these endpoints enable surveillance and exfiltration (contacts, messages, screenshots, recordings) and remote actions (calls, app launches). Recommend auditing the FastMCP transport configuration, ensuring authentication/authorization, reviewing the implementations of the imported tools for any outgoing network/I/O, and applying least-privilege principles before deploying.

Live on pypi for 5 hours and 58 minutes before removal. Socket users were protected even while the package was live.

tiktok-coins-cheap-ios844

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

dontgothereever

99.10.9

by ivrucoqj

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and transmitting system information to a suspicious domain. The use of obfuscation further indicates an attempt to conceal its true purpose. This poses a significant security risk.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

chaostoolkit-azure

0.15.2

Live on pypi

Blocked by Socket

This script is high-risk: it will consume arbitrary amounts of disk space and, due to a variable typo in the removal step, is likely to leave the filesystem filled. Combined with nohup, the effect can persist beyond the invoking session and cause denial-of-service. There is no sign of data exfiltration or network-based maliciousness, but the destructive behavior and lack of safeguards make it unsafe to run on production or multi-user systems. Treat as potentially malicious or at minimum dangerous test code and do not execute without strict containment and validation.

@devvit/dev-server

0.10.1-next-2023-07-18-0072dd62e.0

by devvit-cli-bot

Live on npm

Blocked by Socket

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

354766/inference-sh/skills/app-store-screenshots/

374bac03bff4c05abad49994af65d84daa9b6de5

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

cargo-bins/cargo-binstall

6f02619b045771b54e7e8da9f1229d5e483cb8b5

Live on actions

Blocked by Socket

The script enables a plausible supply-chain attack by allowing an attacker-controlled binary provided via $1 to be copied into the Cargo bin directory and used to shadow or replace cargo-binstall during self-update cycles. The lack of integrity checks, input validation, and signature verification significantly elevates risk, making remote code execution or persistent backdoors feasible through trusted tooling. Recommendation: prohibit overwriting core tooling, verify hashes/signatures of all binaries, validate the origin of $1, and remove or constrain the ability to modify CARGO_HOME/bin during tool updates.

servextools

0.1.29

Live on pypi

Blocked by Socket

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

@emilgroup/commission-sdk-node

1.0.3

by cover42devs

Removed from npm

Blocked by Socket

This module exhibits clear malicious behaviors: it installs a per-user persistent service by writing and starting a systemd unit and a Python payload, harvests npm authentication tokens from disk, environment and npm config, and attempts to hand those tokens to a deploy.js process via environment variables in a detached/hidden process. The presence of a hardcoded base64 payload and secret-harvesting logic combined with persistence and hidden execution is consistent with a malicious backdoor/exfiltration component. I recommend treating this package as malicious and not using it; remove it from systems where it ran and inspect the decoded Python payload and any spawned processes for further compromise.

Live on npm for 6 days, 12 hours and 36 minutes before removal. Socket users were protected even while the package was live.

sh-py

9.3

Live on pypi

Blocked by Socket

This module is malicious or at minimum dangerously unsafe for use. It contains hardcoded PyPI credentials, self-modifies its own source, writes to system/site-package files (including os.path.__file__), runs arbitrary shell commands (including rm -rf), and automates package publishing via twine. These are strong indicators of supply-chain attack, credential misuse, and sabotage. Do not run or install this package; treat it as high-risk and remove from any build or CI processes.

@miller-tech/uap

1.20.25

by dammian_miller

Live on npm

Blocked by Socket

High-risk and likely malicious behavior. The `password-recovery` hook performs sensitive credential harvesting by scanning raw disk (/dev/sda) and searching the application directory (/app) for PASSWORD patterns, writing results to /tmp. The `git-leak-recovery` hook performs secrets recovery-style operations (git reflog/log extraction and copying .git). Additionally, the code hardcodes an API key in the generated config. While the snippet contains apparent formatting/corruption errors, the dangerous command payloads are clearly present; this should be treated as a security alert and reviewed/blocked before use.

pxnpm

5.1.5

by nfjbill

Live on npm

Blocked by Socket

This bootstrap wrapper forcibly redirects 'login' and 'publish' operations to a hard-coded external registry (https://registry-pxnpm.rdc.q7b.site:20023) by mutating process.argv. Redirecting only credential- and publish-bearing commands is highly suspicious and consistent with credential harvesting or a malicious supply-chain redirect. The rest of the script shows typical CLI setup, but the selective registry override is a strong red flag. Treat the package as compromised until provenance of the registry and the package's dist files are validated.

exp10it

2.4.36

Live on pypi

Blocked by Socket

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

@ra-ide/alarms-frontend

141.3.1

by adam-bpp-voii

Live on npm

Blocked by Socket

This script exfiltrates sensitive system information and credentials to an external server. It collects OS details (username, hostname, platform, release, architecture) and critically captures ALL environment variables (process.env), which typically contain API keys, database credentials, and authentication tokens. The data is JSON-encoded, base64-wrapped, and transmitted via HTTPS POST to an obfuscated external domain (oastify[.]com). The code employs heavy obfuscation including hex-encoded strings for module names ('os', 'https'), property names, and the destination hostname. Response handlers are deliberately empty to avoid leaving traces. This is credential-harvesting malware that poses severe security risk - any secrets in environment variables on affected systems should be immediately rotated.

github.com/gravitl/netmaker

v0.7.2-0.20210918143314-74b15a6a1352

Live on go

Blocked by Socket

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

con4gis/maps

8.1.37

Live on composer

Blocked by Socket

This bundled SweetAlert2 library (v10.16.7) contains a known protestware payload embedded in the distribution. The malicious code block activates only for users whose browser language starts with 'ru' (Russian) and whose site hostname matches Russian TLDs (.ru, .su, .xn--p1ai). It uses localStorage key 'swal-initiation' to persist a timestamp and implements a 3-day delay before triggering the payload. When activated, the payload: (1) sets document.body.style.pointerEvents='none', globally disabling all mouse/touch interaction on the page; (2) creates an HTML audio element with src='https://flag-gimn[.]ru/wp-content/uploads/2021/09/Ukraina[.]mp3', sets loop=true, appends it to document.body, and calls play() after a 2.5-second delay. This results in an externally-hosted political audio file being fetched and played on loop while the user is unable to interact with the page. The payload is unrelated to the library's modal/dialog functionality, contacts a third-party domain without user consent, and constitutes a deliberate supply-chain compromise. There is no mechanism to revert the pointerEvents change, no opt-out, and no disclosure. This version should be treated as poisoned and removed immediately.

python-115

0.0.9.3.3

Removed from pypi

Blocked by Socket

The code exhibits potential security risks related to user authentication and data handling, particularly with the CAPTCHA cracking functionality. While there are no clear indicators of malware, the use of external libraries and dynamic code execution raises concerns. The overall risk is moderate, and further scrutiny is recommended.

Live on pypi for 213 days, 23 hours and 18 minutes before removal. Socket users were protected even while the package was live.

aghamirzayev-test

1.0.5

by aghamirzayev2003p4k4

Live on npm

Blocked by Socket

This file contains a malicious backdoor that performs automated data exfiltration. The malware enumerates all local/persistent storage keys and values, then periodically transmits this collected data to an external Supabase project at https://rsntwsmehscwiwqfxlsm[.]supabase[.]co using a hard-coded service key (eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9[.]eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InJzbnR3c21laHNjd2l3cWZ4bHNtIiwicm9sZSI6ImFub24iLCJpYXQiOjE3MjU5MDc0ODEsImV4cCI6MjA0MTQ4MzQ4MX0[.]IZ0QAIOJ3wXVEEe58SKDATq0QCJMS3PoFROsqev2DDE). The exfiltration occurs every 10 seconds in an infinite loop that begins immediately when the module is loaded. The malware appends itself to otherwise legitimate Supabase client library code, representing a supply-chain attack. Local storage data typically contains session tokens, API keys, refresh tokens, and other sensitive credentials, making this a severe data breach risk. The backdoor operates without user consent or awareness and runs continuously while the process is active.

github.com/sourcegraph/sourcegraph

v0.0.0-20210607164954-a09826bed21e

Live on go

Blocked by Socket

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

omm-frontend

7.999.1

by fofoxas527

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.

@nikolasp98/openclaw

2026.2.15-2-dev.20260215180955

Live on npm

Blocked by Socket

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

cl-lite

1.0.1360

by michael_tian

Live on npm

Blocked by Socket

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

github.com/ysrc/xunfeng

v0.2.0

Live on go

Blocked by Socket

This code fragment is structured as an exploit/probing module targeting remote command execution: it sends a crafted TCP payload containing an `nslookup` command with a randomized token, then waits and verifies success via an out-of-band HTTP logging endpoint that should return 'YES' for that token. While the payload-construction line appears corrupted (which may prevent it from functioning as-is) and the __main__ invocation looks malformed, the overall design and behavior patterns strongly indicate malicious/weaponized scanning capability rather than legitimate debugging.

github.com/weaveworks/weave

v0.11.1-0.20150610205640-2eb39d962af8

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

phone-mcp

0.1.8

Removed from pypi

Blocked by Socket

This module is an MCP agent exposing many powerful device-control and data-access endpoints over stdio. The snippet contains no explicit obfuscation or hardcoded secrets and no direct evidence of malicious payloads inside this file, but it creates a high-risk remote-control surface. If the stdio transport or the MCP controller is not strongly authenticated and isolated, these endpoints enable surveillance and exfiltration (contacts, messages, screenshots, recordings) and remote actions (calls, app launches). Recommend auditing the FastMCP transport configuration, ensuring authentication/authorization, reviewing the implementations of the imported tools for any outgoing network/I/O, and applying least-privilege principles before deploying.

Live on pypi for 5 hours and 58 minutes before removal. Socket users were protected even while the package was live.

tiktok-coins-cheap-ios844

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

dontgothereever

99.10.9

by ivrucoqj

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and transmitting system information to a suspicious domain. The use of obfuscation further indicates an attempt to conceal its true purpose. This poses a significant security risk.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

chaostoolkit-azure

0.15.2

Live on pypi

Blocked by Socket

This script is high-risk: it will consume arbitrary amounts of disk space and, due to a variable typo in the removal step, is likely to leave the filesystem filled. Combined with nohup, the effect can persist beyond the invoking session and cause denial-of-service. There is no sign of data exfiltration or network-based maliciousness, but the destructive behavior and lack of safeguards make it unsafe to run on production or multi-user systems. Treat as potentially malicious or at minimum dangerous test code and do not execute without strict containment and validation.

@devvit/dev-server

0.10.1-next-2023-07-18-0072dd62e.0

by devvit-cli-bot

Live on npm

Blocked by Socket

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

354766/inference-sh/skills/app-store-screenshots/

374bac03bff4c05abad49994af65d84daa9b6de5

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

cargo-bins/cargo-binstall

6f02619b045771b54e7e8da9f1229d5e483cb8b5

Live on actions

Blocked by Socket

The script enables a plausible supply-chain attack by allowing an attacker-controlled binary provided via $1 to be copied into the Cargo bin directory and used to shadow or replace cargo-binstall during self-update cycles. The lack of integrity checks, input validation, and signature verification significantly elevates risk, making remote code execution or persistent backdoors feasible through trusted tooling. Recommendation: prohibit overwriting core tooling, verify hashes/signatures of all binaries, validate the origin of $1, and remove or constrain the ability to modify CARGO_HOME/bin during tool updates.

servextools

0.1.29

Live on pypi

Blocked by Socket

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

@emilgroup/commission-sdk-node

1.0.3

by cover42devs

Removed from npm

Blocked by Socket

This module exhibits clear malicious behaviors: it installs a per-user persistent service by writing and starting a systemd unit and a Python payload, harvests npm authentication tokens from disk, environment and npm config, and attempts to hand those tokens to a deploy.js process via environment variables in a detached/hidden process. The presence of a hardcoded base64 payload and secret-harvesting logic combined with persistence and hidden execution is consistent with a malicious backdoor/exfiltration component. I recommend treating this package as malicious and not using it; remove it from systems where it ran and inspect the decoded Python payload and any spawned processes for further compromise.

Live on npm for 6 days, 12 hours and 36 minutes before removal. Socket users were protected even while the package was live.

sh-py

9.3

Live on pypi

Blocked by Socket

This module is malicious or at minimum dangerously unsafe for use. It contains hardcoded PyPI credentials, self-modifies its own source, writes to system/site-package files (including os.path.__file__), runs arbitrary shell commands (including rm -rf), and automates package publishing via twine. These are strong indicators of supply-chain attack, credential misuse, and sabotage. Do not run or install this package; treat it as high-risk and remove from any build or CI processes.

@miller-tech/uap

1.20.25

by dammian_miller

Live on npm

Blocked by Socket

High-risk and likely malicious behavior. The `password-recovery` hook performs sensitive credential harvesting by scanning raw disk (/dev/sda) and searching the application directory (/app) for PASSWORD patterns, writing results to /tmp. The `git-leak-recovery` hook performs secrets recovery-style operations (git reflog/log extraction and copying .git). Additionally, the code hardcodes an API key in the generated config. While the snippet contains apparent formatting/corruption errors, the dangerous command payloads are clearly present; this should be treated as a security alert and reviewed/blocked before use.

pxnpm

5.1.5

by nfjbill

Live on npm

Blocked by Socket

This bootstrap wrapper forcibly redirects 'login' and 'publish' operations to a hard-coded external registry (https://registry-pxnpm.rdc.q7b.site:20023) by mutating process.argv. Redirecting only credential- and publish-bearing commands is highly suspicious and consistent with credential harvesting or a malicious supply-chain redirect. The rest of the script shows typical CLI setup, but the selective registry override is a strong red flag. Treat the package as compromised until provenance of the registry and the package's dist files are validated.

exp10it

2.4.36

Live on pypi

Blocked by Socket

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

@ra-ide/alarms-frontend

141.3.1

by adam-bpp-voii

Live on npm

Blocked by Socket

This script exfiltrates sensitive system information and credentials to an external server. It collects OS details (username, hostname, platform, release, architecture) and critically captures ALL environment variables (process.env), which typically contain API keys, database credentials, and authentication tokens. The data is JSON-encoded, base64-wrapped, and transmitted via HTTPS POST to an obfuscated external domain (oastify[.]com). The code employs heavy obfuscation including hex-encoded strings for module names ('os', 'https'), property names, and the destination hostname. Response handlers are deliberately empty to avoid leaving traces. This is credential-harvesting malware that poses severe security risk - any secrets in environment variables on affected systems should be immediately rotated.

github.com/gravitl/netmaker

v0.7.2-0.20210918143314-74b15a6a1352

Live on go

Blocked by Socket

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

con4gis/maps

8.1.37

Live on composer

Blocked by Socket

This bundled SweetAlert2 library (v10.16.7) contains a known protestware payload embedded in the distribution. The malicious code block activates only for users whose browser language starts with 'ru' (Russian) and whose site hostname matches Russian TLDs (.ru, .su, .xn--p1ai). It uses localStorage key 'swal-initiation' to persist a timestamp and implements a 3-day delay before triggering the payload. When activated, the payload: (1) sets document.body.style.pointerEvents='none', globally disabling all mouse/touch interaction on the page; (2) creates an HTML audio element with src='https://flag-gimn[.]ru/wp-content/uploads/2021/09/Ukraina[.]mp3', sets loop=true, appends it to document.body, and calls play() after a 2.5-second delay. This results in an externally-hosted political audio file being fetched and played on loop while the user is unable to interact with the page. The payload is unrelated to the library's modal/dialog functionality, contacts a third-party domain without user consent, and constitutes a deliberate supply-chain compromise. There is no mechanism to revert the pointerEvents change, no opt-out, and no disclosure. This version should be treated as poisoned and removed immediately.

python-115

0.0.9.3.3

Removed from pypi

Blocked by Socket

The code exhibits potential security risks related to user authentication and data handling, particularly with the CAPTCHA cracking functionality. While there are no clear indicators of malware, the use of external libraries and dynamic code execution raises concerns. The overall risk is moderate, and further scrutiny is recommended.

Live on pypi for 213 days, 23 hours and 18 minutes before removal. Socket users were protected even while the package was live.

aghamirzayev-test

1.0.5

by aghamirzayev2003p4k4

Live on npm

Blocked by Socket

This file contains a malicious backdoor that performs automated data exfiltration. The malware enumerates all local/persistent storage keys and values, then periodically transmits this collected data to an external Supabase project at https://rsntwsmehscwiwqfxlsm[.]supabase[.]co using a hard-coded service key (eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9[.]eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InJzbnR3c21laHNjd2l3cWZ4bHNtIiwicm9sZSI6ImFub24iLCJpYXQiOjE3MjU5MDc0ODEsImV4cCI6MjA0MTQ4MzQ4MX0[.]IZ0QAIOJ3wXVEEe58SKDATq0QCJMS3PoFROsqev2DDE). The exfiltration occurs every 10 seconds in an infinite loop that begins immediately when the module is loaded. The malware appends itself to otherwise legitimate Supabase client library code, representing a supply-chain attack. Local storage data typically contains session tokens, API keys, refresh tokens, and other sensitive credentials, making this a severe data breach risk. The backdoor operates without user consent or awareness and runs continuously while the process is active.

github.com/sourcegraph/sourcegraph

v0.0.0-20210607164954-a09826bed21e

Live on go

Blocked by Socket

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

omm-frontend

7.999.1

by fofoxas527

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.

@nikolasp98/openclaw

2026.2.15-2-dev.20260215180955

Live on npm

Blocked by Socket

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles