Launch Week Day 3: Introducing Organization Notifications in Socket.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

github.com/BishopFox/sliver

v0.0.0-20210428141235-2fe0a61c7071

Live on go

Blocked by Socket

This file implements core C2 implant behaviors: remote interactive shell spawning and arbitrary TCP port forwarding driven by protobuf messages from a controller. Sources are untrusted network messages and sinks include spawning OS processes and sending data back to the controller (exfiltration) as well as dialing arbitrary remote hosts (proxying). The code lacks input validation and contains concurrency risks (unsynchronized global cache). In a supply-chain context this is high-risk and likely malicious functionality (implant/C2). If the package is included as a dependency in benign software this represents a severe supply-chain risk and should be treated as malicious unless explicitly required and audited.

dploot

3.1.3

Live on pypi

Blocked by Socket

dploot is Python rewrite of SharpDPAPI written un C# by Harmj0y, which is itself a port of DPAPI from Mimikatz by gentilkiwi. It implements all the DPAPI logic of these tools, but this time it is usable with a python interpreter and from a Linux environment. It is meant to be an offensive security tool. It should not be used as a dependency in a production environment. This module implements a credential harvesting system that remotely extracts sensitive browser data from Windows user profiles via SMB connections. It targets Chromium-based browsers (Chrome, Edge, Brave) by reading Local State, Login Data, Cookies, and Web Data files, then decrypts stored passwords, cookies, and Google refresh tokens using DPAPI masterkeys and app-bound key handling. The code contains hardcoded AES and ChaCha20 cryptographic keys (aes_key: B31C6E241AC846728DA9C1FAC4936651CFFB944D143AB816276BCC6DA0284787, chacha20_key: E98F37D7F4E1FA433D19304DC2258042090E2D1D7EEA7670D41F738D08729660) used for decrypting app-bound encrypted payloads. The module enumerates all users on the target system and systematically harvests credentials across multiple browser profiles. Extracted secrets are exposed through configurable callbacks (per_loot_callback) that enable data exfiltration, stdout printing that may leak sensitive data to logs, and return values for programmatic access. This represents a complete credential theft capability designed for post-exploitation scenarios and unauthorized data harvesting.

@b2bgeo/run-in-packages

13.3.8

by security_act1on3_2

Live on npm

Blocked by Socket

The script is designed to send potentially sensitive information to a remote server, which poses a significant security risk and indicates malicious behavior.

betteroi

2.0.0

by midowo

Removed from npm

Blocked by Socket

The code implements a persistent data exfiltration mechanism by sending a bot identifier repeatedly to a suspicious external domain without transparency or consent. This behavior is highly suspicious and indicative of malicious intent or a backdoor. The code poses a significant security risk and should be treated as malicious or potentially malware.

Live on npm for 4 hours and 18 minutes before removal. Socket users were protected even while the package was live.

@seonjiwon/frontend-perf-analyzer

0.1.14

by seonjiwon

Live on npm

Blocked by Socket

High risk. The postinstall hook executes a local setup script that must be audited before installing. The declared dependency that is identical to the package name is abnormal and potentially malicious or a packaging error; it increases supply-chain risk because it may cause npm to fetch an external package/version unexpectedly. Treat this package as suspicious until scripts/setup.js is reviewed and the self-dependency is explained or removed.

bonsai-ml

0.0.6

Removed from pypi

Blocked by Socket

This module is intentionally obfuscated and executes a large embedded payload at import time. That design is a strong supply-chain/malicious indicator: executing compressed/reversed/base64-encoded code without any verification is dangerous. Even if the embedded payload is benign, the pattern prevents easy review and allows arbitrary harmful behavior (data theft, backdoors, remote code execution, file system damage, etc.). Treat this package as untrusted until the decompressed payload is decoded and reviewed. If this appears in a dependency, remove or quarantine it and obtain a human-reviewed, provenance-verified replacement.

Live on pypi for 6 hours and 20 minutes before removal. Socket users were protected even while the package was live.

resulwebsdk-angular383

0.0.1

by resulticks

Removed from npm

Blocked by Socket

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 2 hours and 44 minutes before removal. Socket users were protected even while the package was live.

connections-api-requests

0.1.9

Removed from pypi

Blocked by Socket

This module implements an automatic downloader-and-executor (dropper/stager). Importing the module triggers a PowerShell command that downloads an executable from a hard-coded remote HTTP URL to ProgramData and runs it hidden. The behavior is strongly indicative of malicious intent or at minimum extremely risky and inappropriate for safe libraries: it enables arbitrary remote code execution, performs covert installation, and provides no integrity checks or user consent. Do not import or use this module. Treat as malicious: remove, block the domain, and investigate any hosts where this code ran.

Live on pypi for 14 hours and 39 minutes before removal. Socket users were protected even while the package was live.

@profoundlogic/coderflow-server

0.9.0

by profoundlogic

Live on npm

Blocked by Socket

This module is highly suspicious and should be treated as high-risk from a supply-chain/security perspective. The most concerning aspect is server-side injection of a substantial inline client-side JavaScript payload into proxied/served HTML, with apparent network/proxy/WebSocket-like behavior and route-based interaction. Combined with container exec-based environment-variable extraction and ${...} substitution that can feed into the injected payload and headers, it creates a plausible backdoor/persistent-agent pattern. Full remediation requires deobfuscating the injected script, enumerating all endpoints it contacts, and auditing/locking down container exec usage and all inputs used for HTML/header generation.

@link-assistant/hive-mind

1.50.4

by konard

Live on npm

Blocked by Socket

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

swarm-safety

1.3.1

Live on pypi

Blocked by Socket

This module is explicitly adversarial and returns actionable suggestions that, if consumed and executed without strict validation and authorization, can lead to privilege escalation, unauthorized financial actions, or disruptive incident-response behavior. The file does not itself perform I/O or network activity, but it is a dangerous supply-chain component: treat it as malicious/instrumental in adversarial steering and do not allow automated execution of its outputs without strong governance (human review, authorization checks, parameter validation, and mapping of endpoints to a safe execution policy).

carbonorm/carbonphp

13.6.2

Live on composer

Blocked by Socket

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

clawbench-cli

0.1.4

Live on pypi

Blocked by Socket

This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.

builtin-pages-lib

4.0.0

by thecyberanon

Removed from npm

Blocked by Socket

This script is highly suspicious and poses a significant security risk. It should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

@devvit/dev-server

0.9.10-next-2023-06-08-62879cbc3.0

by devvit-cli-bot

Live on npm

Blocked by Socket

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

kfsd

0.0.142

Live on pypi

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

api-token-admin

9.848.0

by hopnspns

Removed from npm

Blocked by Socket

The code is highly suspicious due to its behavior of exfiltrating environment variables to an external server if specific conditions are not met. This matches patterns often used in data theft or malicious telemetry gathering. It includes specific hardcoded checks and a remote host, which indicate possible malicious intent.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

runbooks

0.9.5

Removed from pypi

Blocked by Socket

The script is a convenience bootstrapper but implements high-risk supply-chain and remote code execution patterns: installing unpinned npm packages (which may run lifecycle scripts) and piping a remote script from raw.githubusercontent.com directly into node without integrity checks. The script itself is not obfuscated and contains no embedded payloads, but it creates a simple, reliable path for arbitrary code execution and potential credential theft/exfiltration if either the remote cfat.js or any installed package is compromised. Do not run this script in sensitive or production environments without first: (1) fetching and auditing the remote cfat.js locally, (2) pinning and auditing exact package versions (use a lockfile), (3) verifying artifact integrity (checksums/signatures/pinned commit SHA), and (4) executing in a constrained environment (sandbox, least-privilege account).

Live on pypi for 9 days and 12 hours before removal. Socket users were protected even while the package was live.

usaa-textarea

1.2.1

by w00dr0w

Removed from npm

Blocked by Socket

This script is using 'nslookup' to resolve a domain and then execute 'node index.js'. This behavior is considered suspicious and potentially malicious. The domain name and IP address should be inspected to determine their legitimacy.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

github.com/slpcat/docker-images

v0.0.0-20241122082342-2e5e298a994e

Live on go

Blocked by Socket

This script performs an explicit and high-risk modification: it temporarily makes /etc/sudoers world-writable and appends a hard-coded passwordless sudo rule for 'orcladmin'. This is effectively a backdoor or unauthorized privilege escalation mechanism. Treat presence of this script or its resulting sudoers line as a severe security incident: investigate account existence and activity, check system logs and sudo logs, restore a vetted /etc/sudoers, rotate credentials, and audit for additional indicators of compromise. Do not run this script on production systems.

rfmux

1.3.2

Live on pypi

Blocked by Socket

This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.

fuckyoubitchbro

0.1.1

Live on pypi

Blocked by Socket

This module implements a remote dropper: it downloads a hardcoded .exe into a user profile directory and executes it without integrity checks or user consent. That pattern is highly dangerous for supply-chain or malware distribution. Do not run this code in a trusted environment. Remove the behavior or replace it with secure update mechanisms (signed packages, integrity checks, user prompts, and least-privilege execution). Investigate the remote binary separately in a safe sandbox if required.

isctf4

0.30.1

by alesha72003

Removed from npm

Blocked by Socket

The code contains a critical security vulnerability due to the presence of a reverse shell command, which poses a high risk of unauthorized access and potential system compromise. The rest of the code is benign and performs a simple utility function.

Live on npm for 151 days, 9 hours and 58 minutes before removal. Socket users were protected even while the package was live.

@jobindex/pdf-viewer

1.1.3

by GitHub Actions

Live on npm

Blocked by Socket

This module largely implements legitimate PDF annotation/editor rendering (DOM/SVG/canvas operations and editor lifecycle management). However, it also embeds and executes a large `data:text/javascript;base64` payload containing WebAssembly- and network/request-like capability indicators. That combination is highly consistent with supply-chain compromise or intentional malicious augmentation. Treat the package/file as untrusted: avoid use, retrieve the version from a trusted source, and quarantine or block it via build/runtime policies until the embedded payload execution path is fully verified.

airbnb-vermeer-node

95.6.0

by adam-airbnb

Live on npm

Blocked by Socket

This module performs immediate and unconditional exfiltration of identifying host information and the full process.env to a hard-coded external domain, using both a DNS/HTTP beacon (via generated subdomain) and a JSON POST. The obfuscation and technique are characteristic of malicious supply-chain implants or telemetry backdoors. Treat this as malicious/unwanted code: remove it from trusted builds, rotate any exposed secrets, and investigate exposures where this code may have executed.

github.com/BishopFox/sliver

v0.0.0-20210428141235-2fe0a61c7071

Live on go

Blocked by Socket

This file implements core C2 implant behaviors: remote interactive shell spawning and arbitrary TCP port forwarding driven by protobuf messages from a controller. Sources are untrusted network messages and sinks include spawning OS processes and sending data back to the controller (exfiltration) as well as dialing arbitrary remote hosts (proxying). The code lacks input validation and contains concurrency risks (unsynchronized global cache). In a supply-chain context this is high-risk and likely malicious functionality (implant/C2). If the package is included as a dependency in benign software this represents a severe supply-chain risk and should be treated as malicious unless explicitly required and audited.

dploot

3.1.3

Live on pypi

Blocked by Socket

dploot is Python rewrite of SharpDPAPI written un C# by Harmj0y, which is itself a port of DPAPI from Mimikatz by gentilkiwi. It implements all the DPAPI logic of these tools, but this time it is usable with a python interpreter and from a Linux environment. It is meant to be an offensive security tool. It should not be used as a dependency in a production environment. This module implements a credential harvesting system that remotely extracts sensitive browser data from Windows user profiles via SMB connections. It targets Chromium-based browsers (Chrome, Edge, Brave) by reading Local State, Login Data, Cookies, and Web Data files, then decrypts stored passwords, cookies, and Google refresh tokens using DPAPI masterkeys and app-bound key handling. The code contains hardcoded AES and ChaCha20 cryptographic keys (aes_key: B31C6E241AC846728DA9C1FAC4936651CFFB944D143AB816276BCC6DA0284787, chacha20_key: E98F37D7F4E1FA433D19304DC2258042090E2D1D7EEA7670D41F738D08729660) used for decrypting app-bound encrypted payloads. The module enumerates all users on the target system and systematically harvests credentials across multiple browser profiles. Extracted secrets are exposed through configurable callbacks (per_loot_callback) that enable data exfiltration, stdout printing that may leak sensitive data to logs, and return values for programmatic access. This represents a complete credential theft capability designed for post-exploitation scenarios and unauthorized data harvesting.

@b2bgeo/run-in-packages

13.3.8

by security_act1on3_2

Live on npm

Blocked by Socket

The script is designed to send potentially sensitive information to a remote server, which poses a significant security risk and indicates malicious behavior.

betteroi

2.0.0

by midowo

Removed from npm

Blocked by Socket

The code implements a persistent data exfiltration mechanism by sending a bot identifier repeatedly to a suspicious external domain without transparency or consent. This behavior is highly suspicious and indicative of malicious intent or a backdoor. The code poses a significant security risk and should be treated as malicious or potentially malware.

Live on npm for 4 hours and 18 minutes before removal. Socket users were protected even while the package was live.

@seonjiwon/frontend-perf-analyzer

0.1.14

by seonjiwon

Live on npm

Blocked by Socket

High risk. The postinstall hook executes a local setup script that must be audited before installing. The declared dependency that is identical to the package name is abnormal and potentially malicious or a packaging error; it increases supply-chain risk because it may cause npm to fetch an external package/version unexpectedly. Treat this package as suspicious until scripts/setup.js is reviewed and the self-dependency is explained or removed.

bonsai-ml

0.0.6

Removed from pypi

Blocked by Socket

This module is intentionally obfuscated and executes a large embedded payload at import time. That design is a strong supply-chain/malicious indicator: executing compressed/reversed/base64-encoded code without any verification is dangerous. Even if the embedded payload is benign, the pattern prevents easy review and allows arbitrary harmful behavior (data theft, backdoors, remote code execution, file system damage, etc.). Treat this package as untrusted until the decompressed payload is decoded and reviewed. If this appears in a dependency, remove or quarantine it and obtain a human-reviewed, provenance-verified replacement.

Live on pypi for 6 hours and 20 minutes before removal. Socket users were protected even while the package was live.

resulwebsdk-angular383

0.0.1

by resulticks

Removed from npm

Blocked by Socket

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 2 hours and 44 minutes before removal. Socket users were protected even while the package was live.

connections-api-requests

0.1.9

Removed from pypi

Blocked by Socket

This module implements an automatic downloader-and-executor (dropper/stager). Importing the module triggers a PowerShell command that downloads an executable from a hard-coded remote HTTP URL to ProgramData and runs it hidden. The behavior is strongly indicative of malicious intent or at minimum extremely risky and inappropriate for safe libraries: it enables arbitrary remote code execution, performs covert installation, and provides no integrity checks or user consent. Do not import or use this module. Treat as malicious: remove, block the domain, and investigate any hosts where this code ran.

Live on pypi for 14 hours and 39 minutes before removal. Socket users were protected even while the package was live.

@profoundlogic/coderflow-server

0.9.0

by profoundlogic

Live on npm

Blocked by Socket

This module is highly suspicious and should be treated as high-risk from a supply-chain/security perspective. The most concerning aspect is server-side injection of a substantial inline client-side JavaScript payload into proxied/served HTML, with apparent network/proxy/WebSocket-like behavior and route-based interaction. Combined with container exec-based environment-variable extraction and ${...} substitution that can feed into the injected payload and headers, it creates a plausible backdoor/persistent-agent pattern. Full remediation requires deobfuscating the injected script, enumerating all endpoints it contacts, and auditing/locking down container exec usage and all inputs used for HTML/header generation.

@link-assistant/hive-mind

1.50.4

by konard

Live on npm

Blocked by Socket

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

swarm-safety

1.3.1

Live on pypi

Blocked by Socket

This module is explicitly adversarial and returns actionable suggestions that, if consumed and executed without strict validation and authorization, can lead to privilege escalation, unauthorized financial actions, or disruptive incident-response behavior. The file does not itself perform I/O or network activity, but it is a dangerous supply-chain component: treat it as malicious/instrumental in adversarial steering and do not allow automated execution of its outputs without strong governance (human review, authorization checks, parameter validation, and mapping of endpoints to a safe execution policy).

carbonorm/carbonphp

13.6.2

Live on composer

Blocked by Socket

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

clawbench-cli

0.1.4

Live on pypi

Blocked by Socket

This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.

builtin-pages-lib

4.0.0

by thecyberanon

Removed from npm

Blocked by Socket

This script is highly suspicious and poses a significant security risk. It should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

@devvit/dev-server

0.9.10-next-2023-06-08-62879cbc3.0

by devvit-cli-bot

Live on npm

Blocked by Socket

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

kfsd

0.0.142

Live on pypi

Blocked by Socket

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

api-token-admin

9.848.0

by hopnspns

Removed from npm

Blocked by Socket

The code is highly suspicious due to its behavior of exfiltrating environment variables to an external server if specific conditions are not met. This matches patterns often used in data theft or malicious telemetry gathering. It includes specific hardcoded checks and a remote host, which indicate possible malicious intent.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

runbooks

0.9.5

Removed from pypi

Blocked by Socket

The script is a convenience bootstrapper but implements high-risk supply-chain and remote code execution patterns: installing unpinned npm packages (which may run lifecycle scripts) and piping a remote script from raw.githubusercontent.com directly into node without integrity checks. The script itself is not obfuscated and contains no embedded payloads, but it creates a simple, reliable path for arbitrary code execution and potential credential theft/exfiltration if either the remote cfat.js or any installed package is compromised. Do not run this script in sensitive or production environments without first: (1) fetching and auditing the remote cfat.js locally, (2) pinning and auditing exact package versions (use a lockfile), (3) verifying artifact integrity (checksums/signatures/pinned commit SHA), and (4) executing in a constrained environment (sandbox, least-privilege account).

Live on pypi for 9 days and 12 hours before removal. Socket users were protected even while the package was live.

usaa-textarea

1.2.1

by w00dr0w

Removed from npm

Blocked by Socket

This script is using 'nslookup' to resolve a domain and then execute 'node index.js'. This behavior is considered suspicious and potentially malicious. The domain name and IP address should be inspected to determine their legitimacy.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

github.com/slpcat/docker-images

v0.0.0-20241122082342-2e5e298a994e

Live on go

Blocked by Socket

This script performs an explicit and high-risk modification: it temporarily makes /etc/sudoers world-writable and appends a hard-coded passwordless sudo rule for 'orcladmin'. This is effectively a backdoor or unauthorized privilege escalation mechanism. Treat presence of this script or its resulting sudoers line as a severe security incident: investigate account existence and activity, check system logs and sudo logs, restore a vetted /etc/sudoers, rotate credentials, and audit for additional indicators of compromise. Do not run this script on production systems.

rfmux

1.3.2

Live on pypi

Blocked by Socket

This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.

fuckyoubitchbro

0.1.1

Live on pypi

Blocked by Socket

This module implements a remote dropper: it downloads a hardcoded .exe into a user profile directory and executes it without integrity checks or user consent. That pattern is highly dangerous for supply-chain or malware distribution. Do not run this code in a trusted environment. Remove the behavior or replace it with secure update mechanisms (signed packages, integrity checks, user prompts, and least-privilege execution). Investigate the remote binary separately in a safe sandbox if required.

isctf4

0.30.1

by alesha72003

Removed from npm

Blocked by Socket

The code contains a critical security vulnerability due to the presence of a reverse shell command, which poses a high risk of unauthorized access and potential system compromise. The rest of the code is benign and performs a simple utility function.

Live on npm for 151 days, 9 hours and 58 minutes before removal. Socket users were protected even while the package was live.

@jobindex/pdf-viewer

1.1.3

by GitHub Actions

Live on npm

Blocked by Socket

This module largely implements legitimate PDF annotation/editor rendering (DOM/SVG/canvas operations and editor lifecycle management). However, it also embeds and executes a large `data:text/javascript;base64` payload containing WebAssembly- and network/request-like capability indicators. That combination is highly consistent with supply-chain compromise or intentional malicious augmentation. Treat the package/file as untrusted: avoid use, retrieve the version from a trusted source, and quarantine or block it via build/runtime policies until the embedded payload execution path is fully verified.

airbnb-vermeer-node

95.6.0

by adam-airbnb

Live on npm

Blocked by Socket

This module performs immediate and unconditional exfiltration of identifying host information and the full process.env to a hard-coded external domain, using both a DNS/HTTP beacon (via generated subdomain) and a JSON POST. The obfuscation and technique are characteristic of malicious supply-chain implants or telemetry backdoors. Treat this as malicious/unwanted code: remove it from trusted builds, rotate any exposed secrets, and investigate exposures where this code may have executed.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles