Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

@robylon/whatsapp-react-sdk

1.0.1

by alanastor

Live on npm

Blocked by Socket

This dependency is primarily a chatbot widget, but it contains a high-risk privacy/data-exfiltration feature: on an iframe postMessage command ('captureSessionData'), it collects cookies plus full localStorage and sessionStorage from the host page and forwards them to the iframe via postMessage. It also renders externally provided HTML using a dangerous DOM sink (mitigated only by embedded sanitization) and sends telemetry/error logs to a backend. The combination of session-state harvesting, sensitive postMessage transport (with possible '*' fallback), and HTML rendering makes the security posture substantially more concerning than a typical chat widget.

nemesis.essentials.net

8.7.7

by Michał Bryłka, Leszek Kowalski

Live on nuget

Blocked by Socket

On assembly load the <Module> static constructor launches PowerShell to run a command that: 1) builds a temp .bat path via [System.IO.Path]::GetTempFileName() + ‘.bat’, 2) downloads a remote file from https://raw[.]githubusercontent[.]com/TerryDavisSoldier/textfilestorage/main/terry[.]txt using Invoke-WebRequest, 3) writes it to the temp .bat, and 4) invokes Start-Process on that .bat with WindowStyle Hidden. This silent, hardcoded download-and-execute chain gives an attacker arbitrary remote code execution the moment the library is loaded—classic supply-chain/backdoor behavior. Remove the package and any hosts that loaded it.

github.com/bishopfox/sliver

v1.5.40-0.20240105035431-ceb8b2f51304

Live on go

Blocked by Socket

This file is a server-side component of an offensive implant/C2 framework (Sliver). It generates, transforms (obfuscates/Donut-wrap), parses PE exports, and dispatches binary payloads to remote agents for in-memory execution, migration, DLL sideloading and assembly execution. Those capabilities are intrinsically malicious when used against systems without authorization — the code is intentionally designed to produce and deliver executable implants. There are no hidden obfuscation tricks in this file, but the behaviors (shellcode generation, encoding, in-memory execution orchestration) are high-risk and align with backdoor/implant functionality. If you are evaluating this for supply-chain safety, treat this package as malicious/offensive tooling and do not include it in production environments unless explicitly intended and authorized.

devcloudcli

1.2.21

Live on pypi

Blocked by Socket

This script performs an unconditional, elevated recursive deletion of multiple filesystem paths. It is high-risk: if executed by a user with sudo privileges or by root, it will cause irreversible data loss (including deleting /home/public and /home/sample-videos if those paths exist). The code itself is not obfuscated and contains no network or data-exfiltration behavior, but the destructive filesystem operation warrants treating it as dangerous. Only run this script in a fully controlled environment with explicit intent, or modify it to add safety checks, confirmations, and logging.

@worktile/planet

17.1.0-next.0

by why520crazy

Live on npm

Blocked by Socket

The code provides a legitimate-looking dynamic asset loader, but it harbors elevated security concerns: remote/executable content delivery, sandboxed execution of fetched code, and a large embedded payload with obfuscated characteristics. In a public library context, these patterns expose significant supply-chain and runtime-execution risks, especially if manifests or assets are untrusted. Recommendation: disable or tightly restrict remote code execution, validate all manifests strictly, remove or harden the embedded payload, and ensure sandboxing provides strong isolation with clearly defined boundaries.

@cb-global-design-system-tokens/tailwind

1.0.21

by prethy

Live on npm

Blocked by Socket

The obfuscated code uses 'eval' to execute a base64-decoded JavaScript string. The decoded code imports modules such as 'os', 'dns', 'https', and 'querystring', suggesting it performs system information retrieval and network communication without user consent. This could involve collecting sensitive data or making unauthorized network requests. The use of obfuscation techniques and dynamic code execution poses a significant security risk, indicating potential malicious intent. Due to the obfuscation, specific domains or IP addresses involved are not clearly identifiable, but the hidden nature of the code suggests it may connect to external services or servers to exfiltrate data or receive commands.

mtmai

0.4.180

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

@jtalk22/slack-mcp

4.1.0

by jtalk222

Live on npm

Blocked by Socket

This code is highly suspicious and effectively performs credential harvesting for Slack on macOS: it decrypts Slack-related cookies from Chrome’s encrypted Cookies DB using the Chrome Safe Storage password, scrapes token-like values from live Slack pages in Chrome via AppleScript/`execute ... javascript`, and persists the recovered secrets to disk and the macOS Keychain. Even without visible network exfiltration in the snippet, the module’s capabilities match common browser credential theft patterns and would be high risk in a supply-chain context.

term-from-nat

0.0.4

Live on pypi

Blocked by Socket

This file implements a reverse shell: it connects to a remote host and exposes a local bash shell to that remote peer, forwarding commands from the network to the shell and sending shell output back. pkt_common functions obscure packet handling and may provide additional stealth (encryption/obfuscation). This is high-risk malicious functionality — treat as malware/backdoor unless execution is explicitly authorized and audited. Remove or quarantine and investigate any systems where this code ran.

epicagames-cache

999.9.9

by amigomioteconsidero15

Removed from npm

Blocked by Socket

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

pinokiod

1.3.49

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

jessa-vue-components

3.13.1563

Removed from npm

Blocked by Socket

The code is likely malicious, as it collects and transmits system information to an external domain using obfuscation techniques. This behavior indicates potential data exfiltration.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

baileys-york

6.7.65

by baileys-york

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

rror.stack

1.999.0

Removed from npm

Blocked by Socket

The code is highly suspicious due to its obfuscated nature and the exfiltration of system information to an external domain using network requests. This behavior is consistent with malware trying to steal system data.

Live on npm for 44 minutes before removal. Socket users were protected even while the package was live.

luksdk-web

1.1.11

by luksdk

Live on npm

Blocked by Socket

The code fragment exhibits aggressive runtime instrumentation and monkey-patching designed to intercept, rewrite, and observe resource loading inside an iframe hosting a game SDK (likely Cocos). It communicates with a parent window about detected engine versions and applies version-specific rewrites to asset loading, potentially enabling backdoors, data leakage, or manipulation of loaded resources. While some behavior could be legitimate for anti-tamper or integration purposes, the combination of iframe interception, blob URL usage, cross-window callbacks, and extensive runtime rewrites constitutes a high-risk pattern for supply-chain-like abuse or stealthy manipulation in an npm/package context. Given the obfuscated/inline-injected code and reliance on dynamic runtime introspection, this should be treated as suspicious and reviewed for intent, provenance, and potential security impact before using in any public project.

bashrc

0.1.149

Live on pypi

Blocked by Socket

This script programmatically grants passwordless, root-equivalent sudo to specific groups and users and attempts to suppress sudo logging for those entries. Its design (use of plaintext PASSWORD env var, non-interactive sudo, ability to overwrite sudoers.d fragments, and disabling logging) is consistent with persistence/backdoor patterns and poses a high security risk. Treat the code as dangerous: do not run on production or sensitive hosts. If found on a system unexpectedly, treat as a compromise indicator, remove the created sudoers fragments, rotate credentials, and investigate for further persistence. Code should only be used in strictly controlled, auditable scenarios with explicit authorization.

github.com/sourcegraph/sourcegraph

v0.0.0-20201216014714-e03c758a44ae

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

aspidites

1.3.0

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

354766/soapbox-pub/nostr-skills/nak/

33e790638ef5dcc61e4a99f46601ddda20d13063

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) This document describes a legitimate Nostr CLI's features and examples; its capabilities are aligned with the stated purpose. However, multiple usage examples and the installation instruction present operational security risks: curl|sh install from raw GitHub, passing secret keys via CLI flags or writing them unprotected to disk, and use of remote signing (bunker://) without explicit safety details. These patterns can lead to credential exposure or allow third-party signers to sign on the user's behalf. There is no evidence of malicious code in the provided documentation, but the documentation encourages patterns that can facilitate credential leakage if developers follow the examples without caution. Recommend: avoid passing private keys on CLI args, prefer secure key storage, provide install verification (checksums/signatures) or packaged installers, and add warnings about trusting remote signing endpoints. LLM verification: The provided SKILL.md documents a legitimate CLI tool for interacting with the Nostr protocol; functionality described aligns with expectations for such a tool. The primary security concern is the recommended pipe-to-shell installation (curl ... | sh) from a raw GitHub URL with no integrity verification — this is a supply-chain risk and should be avoided or accompanied by signature/checksum verification. Features that handle private keys and remote signing expand the trust boundary and must be u

debugger-help

4.2.1

Live on pypi

Blocked by Socket

High suspicious/attack-surface agent behavior: the script (1) polls a remote controller for “actions” and then executes them locally via subprocess(shell=True) and possibly imported security/active-response functions, and (2) collects and exfiltrates extensive system logs/telemetry and partial environment data to a remote ingest URL. No obvious obfuscation is present, but the architecture matches remote control + reconnaissance/exfiltration typical of malware/agent implants. Confirm the owning package/project intent, restrict egress, and review debugger_help.security internals before trusting this dependency.

qure

0.2.32

by hbi99

Live on npm

Blocked by Socket

This module is a high-risk dynamic loader: it fetches remote content over XHR and can execute JavaScript responses via eval (Node path) or script-tag injection (browser path). It also dynamically synthesizes executable functions from Function.toString() using regex extraction and Function.apply. If any attacker influence exists over URLs/responses or provided function/declaration inputs, this becomes a direct remote code execution / supply-chain compromise threat.

aacn.website.references

4.5.2.35228

by AACN

Live on nuget

Blocked by Socket

The code contains a high-severity pattern: runtime compilation and execution of user-supplied C# code (LinqScratchPad.CompileAndRun) combined with unvalidated SQL/script execution and arbitrary file downloads. This creates a significant attack surface for remote code execution, data leakage, or corruption if exposed to untrusted inputs or misconfigured access controls. Harden by removing runtime code compilation from public surfaces, enforcing strict authorization, employing sandboxing and whitelisting for inputs, parameterizing SQL, and auditing admin endpoints. Overall, the component represents a dangerous dependency surface in a supply-chain context and should be replaced or heavily hardened before use in production.

jaspine-coer

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

@robylon/whatsapp-react-sdk

1.0.1

by alanastor

Live on npm

Blocked by Socket

This dependency is primarily a chatbot widget, but it contains a high-risk privacy/data-exfiltration feature: on an iframe postMessage command ('captureSessionData'), it collects cookies plus full localStorage and sessionStorage from the host page and forwards them to the iframe via postMessage. It also renders externally provided HTML using a dangerous DOM sink (mitigated only by embedded sanitization) and sends telemetry/error logs to a backend. The combination of session-state harvesting, sensitive postMessage transport (with possible '*' fallback), and HTML rendering makes the security posture substantially more concerning than a typical chat widget.

nemesis.essentials.net

8.7.7

by Michał Bryłka, Leszek Kowalski

Live on nuget

Blocked by Socket

On assembly load the <Module> static constructor launches PowerShell to run a command that: 1) builds a temp .bat path via [System.IO.Path]::GetTempFileName() + ‘.bat’, 2) downloads a remote file from https://raw[.]githubusercontent[.]com/TerryDavisSoldier/textfilestorage/main/terry[.]txt using Invoke-WebRequest, 3) writes it to the temp .bat, and 4) invokes Start-Process on that .bat with WindowStyle Hidden. This silent, hardcoded download-and-execute chain gives an attacker arbitrary remote code execution the moment the library is loaded—classic supply-chain/backdoor behavior. Remove the package and any hosts that loaded it.

github.com/bishopfox/sliver

v1.5.40-0.20240105035431-ceb8b2f51304

Live on go

Blocked by Socket

This file is a server-side component of an offensive implant/C2 framework (Sliver). It generates, transforms (obfuscates/Donut-wrap), parses PE exports, and dispatches binary payloads to remote agents for in-memory execution, migration, DLL sideloading and assembly execution. Those capabilities are intrinsically malicious when used against systems without authorization — the code is intentionally designed to produce and deliver executable implants. There are no hidden obfuscation tricks in this file, but the behaviors (shellcode generation, encoding, in-memory execution orchestration) are high-risk and align with backdoor/implant functionality. If you are evaluating this for supply-chain safety, treat this package as malicious/offensive tooling and do not include it in production environments unless explicitly intended and authorized.

devcloudcli

1.2.21

Live on pypi

Blocked by Socket

This script performs an unconditional, elevated recursive deletion of multiple filesystem paths. It is high-risk: if executed by a user with sudo privileges or by root, it will cause irreversible data loss (including deleting /home/public and /home/sample-videos if those paths exist). The code itself is not obfuscated and contains no network or data-exfiltration behavior, but the destructive filesystem operation warrants treating it as dangerous. Only run this script in a fully controlled environment with explicit intent, or modify it to add safety checks, confirmations, and logging.

@worktile/planet

17.1.0-next.0

by why520crazy

Live on npm

Blocked by Socket

The code provides a legitimate-looking dynamic asset loader, but it harbors elevated security concerns: remote/executable content delivery, sandboxed execution of fetched code, and a large embedded payload with obfuscated characteristics. In a public library context, these patterns expose significant supply-chain and runtime-execution risks, especially if manifests or assets are untrusted. Recommendation: disable or tightly restrict remote code execution, validate all manifests strictly, remove or harden the embedded payload, and ensure sandboxing provides strong isolation with clearly defined boundaries.

@cb-global-design-system-tokens/tailwind

1.0.21

by prethy

Live on npm

Blocked by Socket

The obfuscated code uses 'eval' to execute a base64-decoded JavaScript string. The decoded code imports modules such as 'os', 'dns', 'https', and 'querystring', suggesting it performs system information retrieval and network communication without user consent. This could involve collecting sensitive data or making unauthorized network requests. The use of obfuscation techniques and dynamic code execution poses a significant security risk, indicating potential malicious intent. Due to the obfuscation, specific domains or IP addresses involved are not clearly identifiable, but the hidden nature of the code suggests it may connect to external services or servers to exfiltrate data or receive commands.

mtmai

0.4.180

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

@jtalk22/slack-mcp

4.1.0

by jtalk222

Live on npm

Blocked by Socket

This code is highly suspicious and effectively performs credential harvesting for Slack on macOS: it decrypts Slack-related cookies from Chrome’s encrypted Cookies DB using the Chrome Safe Storage password, scrapes token-like values from live Slack pages in Chrome via AppleScript/`execute ... javascript`, and persists the recovered secrets to disk and the macOS Keychain. Even without visible network exfiltration in the snippet, the module’s capabilities match common browser credential theft patterns and would be high risk in a supply-chain context.

term-from-nat

0.0.4

Live on pypi

Blocked by Socket

This file implements a reverse shell: it connects to a remote host and exposes a local bash shell to that remote peer, forwarding commands from the network to the shell and sending shell output back. pkt_common functions obscure packet handling and may provide additional stealth (encryption/obfuscation). This is high-risk malicious functionality — treat as malware/backdoor unless execution is explicitly authorized and audited. Remove or quarantine and investigate any systems where this code ran.

epicagames-cache

999.9.9

by amigomioteconsidero15

Removed from npm

Blocked by Socket

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

pinokiod

1.3.49

by cocktailpeanut

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

jessa-vue-components

3.13.1563

Removed from npm

Blocked by Socket

The code is likely malicious, as it collects and transmits system information to an external domain using obfuscation techniques. This behavior indicates potential data exfiltration.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

baileys-york

6.7.65

by baileys-york

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

rror.stack

1.999.0

Removed from npm

Blocked by Socket

The code is highly suspicious due to its obfuscated nature and the exfiltration of system information to an external domain using network requests. This behavior is consistent with malware trying to steal system data.

Live on npm for 44 minutes before removal. Socket users were protected even while the package was live.

luksdk-web

1.1.11

by luksdk

Live on npm

Blocked by Socket

The code fragment exhibits aggressive runtime instrumentation and monkey-patching designed to intercept, rewrite, and observe resource loading inside an iframe hosting a game SDK (likely Cocos). It communicates with a parent window about detected engine versions and applies version-specific rewrites to asset loading, potentially enabling backdoors, data leakage, or manipulation of loaded resources. While some behavior could be legitimate for anti-tamper or integration purposes, the combination of iframe interception, blob URL usage, cross-window callbacks, and extensive runtime rewrites constitutes a high-risk pattern for supply-chain-like abuse or stealthy manipulation in an npm/package context. Given the obfuscated/inline-injected code and reliance on dynamic runtime introspection, this should be treated as suspicious and reviewed for intent, provenance, and potential security impact before using in any public project.

bashrc

0.1.149

Live on pypi

Blocked by Socket

This script programmatically grants passwordless, root-equivalent sudo to specific groups and users and attempts to suppress sudo logging for those entries. Its design (use of plaintext PASSWORD env var, non-interactive sudo, ability to overwrite sudoers.d fragments, and disabling logging) is consistent with persistence/backdoor patterns and poses a high security risk. Treat the code as dangerous: do not run on production or sensitive hosts. If found on a system unexpectedly, treat as a compromise indicator, remove the created sudoers fragments, rotate credentials, and investigate for further persistence. Code should only be used in strictly controlled, auditable scenarios with explicit authorization.

github.com/sourcegraph/sourcegraph

v0.0.0-20201216014714-e03c758a44ae

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

aspidites

1.3.0

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

354766/soapbox-pub/nostr-skills/nak/

33e790638ef5dcc61e4a99f46601ddda20d13063

Live on socket

Blocked by Socket

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) This document describes a legitimate Nostr CLI's features and examples; its capabilities are aligned with the stated purpose. However, multiple usage examples and the installation instruction present operational security risks: curl|sh install from raw GitHub, passing secret keys via CLI flags or writing them unprotected to disk, and use of remote signing (bunker://) without explicit safety details. These patterns can lead to credential exposure or allow third-party signers to sign on the user's behalf. There is no evidence of malicious code in the provided documentation, but the documentation encourages patterns that can facilitate credential leakage if developers follow the examples without caution. Recommend: avoid passing private keys on CLI args, prefer secure key storage, provide install verification (checksums/signatures) or packaged installers, and add warnings about trusting remote signing endpoints. LLM verification: The provided SKILL.md documents a legitimate CLI tool for interacting with the Nostr protocol; functionality described aligns with expectations for such a tool. The primary security concern is the recommended pipe-to-shell installation (curl ... | sh) from a raw GitHub URL with no integrity verification — this is a supply-chain risk and should be avoided or accompanied by signature/checksum verification. Features that handle private keys and remote signing expand the trust boundary and must be u

debugger-help

4.2.1

Live on pypi

Blocked by Socket

High suspicious/attack-surface agent behavior: the script (1) polls a remote controller for “actions” and then executes them locally via subprocess(shell=True) and possibly imported security/active-response functions, and (2) collects and exfiltrates extensive system logs/telemetry and partial environment data to a remote ingest URL. No obvious obfuscation is present, but the architecture matches remote control + reconnaissance/exfiltration typical of malware/agent implants. Confirm the owning package/project intent, restrict egress, and review debugger_help.security internals before trusting this dependency.

qure

0.2.32

by hbi99

Live on npm

Blocked by Socket

This module is a high-risk dynamic loader: it fetches remote content over XHR and can execute JavaScript responses via eval (Node path) or script-tag injection (browser path). It also dynamically synthesizes executable functions from Function.toString() using regex extraction and Function.apply. If any attacker influence exists over URLs/responses or provided function/declaration inputs, this becomes a direct remote code execution / supply-chain compromise threat.

aacn.website.references

4.5.2.35228

by AACN

Live on nuget

Blocked by Socket

The code contains a high-severity pattern: runtime compilation and execution of user-supplied C# code (LinqScratchPad.CompileAndRun) combined with unvalidated SQL/script execution and arbitrary file downloads. This creates a significant attack surface for remote code execution, data leakage, or corruption if exposed to untrusted inputs or misconfigured access controls. Harden by removing runtime code compilation from public surfaces, enforcing strict authorization, employing sandboxing and whitelisting for inputs, parameterizing SQL, and auditing admin endpoints. Overall, the component represents a dangerous dependency surface in a supply-chain context and should be replaced or heavily hardened before use in production.

jaspine-coer

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles