Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

infiltra

3.8

Live on pypi

Blocked by Socket

This code fragment is a high-risk SSRF exploitation payload intended to trigger server-side requests from Office Web Apps Server to an attacker-controlled URL and to exfiltrate interaction data via Interactsh. While useful for authorized security testing, its inclusion in dependencies or tooling without clear consent constitutes a significant security risk and could enable data leakage or internal network discovery if misused.

nerd-mega-compute

0.1.43

Live on pypi

Blocked by Socket

The code exhibits highly dangerous patterns: insecure deserialization of untrusted input using pickle, dynamic code execution via eval of an externally supplied function name, and thorough exposure of environment data plus multiple disk writes of serialized results. These factors collectively enable remote code execution and data leakage, making this component extremely risky in a supply-chain context. Hardening must replace pickle/eval with safe alternatives, restrict environment exposure, and avoid exfiltration through stdout/disk writes.

richardtmiles/carbonphp

13.8.0

Live on composer

Blocked by Socket

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

realtime-demo

1.1.1

Live on npm

Blocked by Socket

This code introduces a critical supply-chain and remote code execution risk: it fetches JavaScript from a hardcoded HTTP endpoint and executes it in-process via Module._compile with host module resolution paths copied in. Unless you fully control and can cryptographically validate the fetched content and trust the endpoint, this is unsafe. Recommended actions: remove runtime remote execution; vendor the code or install via a package manager with integrity checks; if dynamic fetching is required, use HTTPS, validate signatures or hashes, enforce allowlists, and log/monitor failures (do not silently swallow errors). Treat this as high-risk and remediate immediately.

slg-vue-components

2.3.1

by 0xhunter313

Removed from npm

Blocked by Socket

The script runs a local program called 'index.js' and then attempts to execute the command '/etc/passwd'. This behavior is potentially dangerous as it could lead to unauthorized access or disclosure of sensitive system information.

Live on npm for 29 days, 16 hours and 10 minutes before removal. Socket users were protected even while the package was live.

routerxpl

0.6.3

Live on pypi

Blocked by Socket

This module is explicitly designed to exploit a specific router model for remote command execution. It fingerprints the target via HTTP response headers, and if the expected service signature is found, it starts an interactive command loop. The execute() method directly injects attacker-supplied commands into a SOAP/XML payload using a $(cmd) substitution pattern and sends it to a UPnP/SOAP upgrade endpoint with router credentials. This constitutes high malicious capability and a strong supply-chain security risk if included in a broader project, even though the snippet itself is not obfuscated.

@qingchencloud/openclaw-zh

2026.2.15-nightly.202602161920

by qq1186258278

Live on npm

Blocked by Socket

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

dev-journey-app

1.2.0

by shahwarhello

Live on npm

Blocked by Socket

This file reads sensitive system information—including home directory, hostname, username, DNS servers, and the contents of /etc/passwd and /etc/hosts—and sends it via an HTTPS POST request to a suspicious external domain (gyi0s7bw2x1wzw1ykq7j7qqnxe35rvfk[.]oastify[.]com). Such unauthorized data exfiltration indicates malicious intent and poses a severe security risk.

@mc-donate/donateweb

40.0.2

by ak565

Live on npm

Blocked by Socket

The preinstall script executes a malicious data exfiltration command that collects sensitive system information including hostname, username, current directory, and user/group IDs, then transmits this data to the remote server 2773noomhzik9tg0hhnr1q8ntez5nvbk[.]oastify[.]com via curl. This constitutes unauthorized data collection and exfiltration of system identifiers that could be used for reconnaissance or further attacks. The package should be considered malicious and blocked from installation.

pg-ng-popover

100.0.2

by slecksy

Removed from npm

Blocked by Socket

This script is installing a package from a remote URL, which introduces potential security risks. The package could contain malicious code or dependencies that could compromise the system.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

anuga

3.3.1

Live on pypi

Blocked by Socket

This module is primarily a file-based geometry/config ingestion utility, but it contains a critical arbitrary code execution primitive: Create_culvert_bridge_Operator uses eval(value) on text loaded from an external configuration file and then propagates the evaluated results into operator constructors. If culvert_bridge_file contents can be influenced (including via supply-chain/deployment tampering), an attacker can execute arbitrary Python code in the application's context. Other functions are comparatively lower risk aside from parsing/availability concerns and one undefined-variable bug.

zd-product-tray

90.826.663

by x4cfgsed

Removed from npm

Blocked by Socket

The code is highly obfuscated and performs a malicious action by sending environment variables to an external server. This poses a significant security risk as it can lead to the exposure of sensitive information.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

torchmonarch

0.3.0.dev20260112

Removed from pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

Live on pypi for 65 days, 20 hours and 47 minutes before removal. Socket users were protected even while the package was live.

gxl-ai-utils

1.5.1

Live on pypi

Blocked by Socket

The module contains code that slices a local archive and orchestrates uploading the parts to a hardcoded remote host using embedded root credentials. These characteristics (hardcoded credentials, fixed remote IP, obfuscation steps, sys.path manipulation) are strong indicators of unauthorized data exfiltration or at minimum extremely poor security practices. Treat as high security risk and avoid executing until the utils_file functions and credentials/host intent are audited and corrected.

delicious-logger

1.0.2

by bietdoidao

Live on npm

Blocked by Socket

This file implements a hidden backdoor that conditionally executes system commands when a hardcoded password ('secret') is provided, then exfiltrates the resulting output to a remote HTTP endpoint (e.g., example[.]com/api/commands). The use of user-controlled command execution combined with data exfiltration is characteristic of malicious software, posing severe security risks.

@tofusoup429/pubfuncs

2.5.3

by tofusoup429

Live on npm

Blocked by Socket

This code contains malicious data exfiltration functionality. It sends sensitive organizational and account data to a suspicious hardcoded AWS Lambda URL (https://6afjtyt73gyyztrrofzuh343um0[.]amazonaws[.]on[.]aws/) without validation or user consent. The function takes sensitive parameters including organizationCode and accountCode and transmits them to this external endpoint, representing a clear data theft mechanism. While not obfuscated and lacking traditional malware payloads like reverse shells or cryptominers, the unauthorized data exfiltration to an untrusted endpoint represents a significant security breach. This is a supply chain attack intended to steal organizational data from any application using this dependency.

konnektive-engine

0.3.91

by drew.altukhov

Live on npm

Blocked by Socket

This module is primarily UI/modal code, but it contains a clear non-core payload: when the user’s language is Russian and the host matches ru/su/xn--p1ai patterns, it uses localStorage timing and then disables page interaction (pointerEvents) while loading and autoplaying a looping audio file from a hardcoded external domain. No direct credential theft/exfiltration is shown in this fragment, but the behavior is disruptive and introduces third-party network activity, making it a significant supply-chain security risk.

tensorkube

0.0.73

Live on pypi

Blocked by Socket

This template itself is not obfuscated and contains no direct data-exfiltration code, but it provisions a Lambda with broad, potentially destructive privileges (IAM deletion/modify, ECR deletion, CloudFormation DeleteStack, EFS deletion, S3 delete, EC2 security group deletion). The template configures automatic invocation of that Lambda to delete ECR images as part of stack operations. If the referenced Lambda image is untrusted or compromised, these permissions could be abused to cause substantial account-wide damage. Recommend treating this as high-risk from a privilege perspective: audit and pin the Lambda image, restrict IAM policies to least privilege (avoid Resource:"*"), and require manual approval for destructive teardown actions.

354766/dapi/docmost-cli/docmost/

136773cc2d9de6523a5c0ec3203de1261247d78a

Live on socket

Blocked by Socket

This manifest entry is high-risk and likely malicious in intent: it grants an automated ability to add a git remote and push local repository contents to an external GitHub repository. If honored by tooling in CI or developer environments with available credentials, it enables immediate exfiltration of source code, history, and potentially embedded secrets. Treat as potentially malicious, block execution, remove the permission, audit environments for execution attempts, and investigate the target repository and any exposed credentials.

gardener-cicd-libs

1.2430.0

Live on pypi

Blocked by Socket

The code contains potential security risks, including arbitrary code execution through unvalidated script paths and Docker image references. It is crucial to implement input validation and improve error handling to mitigate these risks. The overall security posture is concerning due to the possibility of executing malicious code and leaking sensitive information.

iplens

0.1.4

Removed from pypi

Blocked by Socket

This module is intended to extract IPv4 addresses from a file using multiple parsing strategies. However, it uses eval(content) on untrusted file contents which allows arbitrary code execution and is a severe security vulnerability. If an attacker can control the parsed file, they can execute arbitrary Python code in the application's context. Remove or replace eval with safe parsing (ast.literal_eval for Python literals, stricter JSON/CSV parsing) and avoid broad exception suppression. No other explicit malicious behavior is present in the fragment, but the eval makes the code dangerous to use as-is.

Live on pypi for 5 hours and 29 minutes before removal. Socket users were protected even while the package was live.

infiltra

3.8

Live on pypi

Blocked by Socket

This code fragment is a high-risk SSRF exploitation payload intended to trigger server-side requests from Office Web Apps Server to an attacker-controlled URL and to exfiltrate interaction data via Interactsh. While useful for authorized security testing, its inclusion in dependencies or tooling without clear consent constitutes a significant security risk and could enable data leakage or internal network discovery if misused.

nerd-mega-compute

0.1.43

Live on pypi

Blocked by Socket

The code exhibits highly dangerous patterns: insecure deserialization of untrusted input using pickle, dynamic code execution via eval of an externally supplied function name, and thorough exposure of environment data plus multiple disk writes of serialized results. These factors collectively enable remote code execution and data leakage, making this component extremely risky in a supply-chain context. Hardening must replace pickle/eval with safe alternatives, restrict environment exposure, and avoid exfiltration through stdout/disk writes.

richardtmiles/carbonphp

13.8.0

Live on composer

Blocked by Socket

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

realtime-demo

1.1.1

Live on npm

Blocked by Socket

This code introduces a critical supply-chain and remote code execution risk: it fetches JavaScript from a hardcoded HTTP endpoint and executes it in-process via Module._compile with host module resolution paths copied in. Unless you fully control and can cryptographically validate the fetched content and trust the endpoint, this is unsafe. Recommended actions: remove runtime remote execution; vendor the code or install via a package manager with integrity checks; if dynamic fetching is required, use HTTPS, validate signatures or hashes, enforce allowlists, and log/monitor failures (do not silently swallow errors). Treat this as high-risk and remediate immediately.

slg-vue-components

2.3.1

by 0xhunter313

Removed from npm

Blocked by Socket

The script runs a local program called 'index.js' and then attempts to execute the command '/etc/passwd'. This behavior is potentially dangerous as it could lead to unauthorized access or disclosure of sensitive system information.

Live on npm for 29 days, 16 hours and 10 minutes before removal. Socket users were protected even while the package was live.

routerxpl

0.6.3

Live on pypi

Blocked by Socket

This module is explicitly designed to exploit a specific router model for remote command execution. It fingerprints the target via HTTP response headers, and if the expected service signature is found, it starts an interactive command loop. The execute() method directly injects attacker-supplied commands into a SOAP/XML payload using a $(cmd) substitution pattern and sends it to a UPnP/SOAP upgrade endpoint with router credentials. This constitutes high malicious capability and a strong supply-chain security risk if included in a broader project, even though the snippet itself is not obfuscated.

@qingchencloud/openclaw-zh

2026.2.15-nightly.202602161920

by qq1186258278

Live on npm

Blocked by Socket

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

dev-journey-app

1.2.0

by shahwarhello

Live on npm

Blocked by Socket

This file reads sensitive system information—including home directory, hostname, username, DNS servers, and the contents of /etc/passwd and /etc/hosts—and sends it via an HTTPS POST request to a suspicious external domain (gyi0s7bw2x1wzw1ykq7j7qqnxe35rvfk[.]oastify[.]com). Such unauthorized data exfiltration indicates malicious intent and poses a severe security risk.

@mc-donate/donateweb

40.0.2

by ak565

Live on npm

Blocked by Socket

The preinstall script executes a malicious data exfiltration command that collects sensitive system information including hostname, username, current directory, and user/group IDs, then transmits this data to the remote server 2773noomhzik9tg0hhnr1q8ntez5nvbk[.]oastify[.]com via curl. This constitutes unauthorized data collection and exfiltration of system identifiers that could be used for reconnaissance or further attacks. The package should be considered malicious and blocked from installation.

pg-ng-popover

100.0.2

by slecksy

Removed from npm

Blocked by Socket

This script is installing a package from a remote URL, which introduces potential security risks. The package could contain malicious code or dependencies that could compromise the system.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

anuga

3.3.1

Live on pypi

Blocked by Socket

This module is primarily a file-based geometry/config ingestion utility, but it contains a critical arbitrary code execution primitive: Create_culvert_bridge_Operator uses eval(value) on text loaded from an external configuration file and then propagates the evaluated results into operator constructors. If culvert_bridge_file contents can be influenced (including via supply-chain/deployment tampering), an attacker can execute arbitrary Python code in the application's context. Other functions are comparatively lower risk aside from parsing/availability concerns and one undefined-variable bug.

zd-product-tray

90.826.663

by x4cfgsed

Removed from npm

Blocked by Socket

The code is highly obfuscated and performs a malicious action by sending environment variables to an external server. This poses a significant security risk as it can lead to the exposure of sensitive information.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

torchmonarch

0.3.0.dev20260112

Removed from pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

Live on pypi for 65 days, 20 hours and 47 minutes before removal. Socket users were protected even while the package was live.

gxl-ai-utils

1.5.1

Live on pypi

Blocked by Socket

The module contains code that slices a local archive and orchestrates uploading the parts to a hardcoded remote host using embedded root credentials. These characteristics (hardcoded credentials, fixed remote IP, obfuscation steps, sys.path manipulation) are strong indicators of unauthorized data exfiltration or at minimum extremely poor security practices. Treat as high security risk and avoid executing until the utils_file functions and credentials/host intent are audited and corrected.

delicious-logger

1.0.2

by bietdoidao

Live on npm

Blocked by Socket

This file implements a hidden backdoor that conditionally executes system commands when a hardcoded password ('secret') is provided, then exfiltrates the resulting output to a remote HTTP endpoint (e.g., example[.]com/api/commands). The use of user-controlled command execution combined with data exfiltration is characteristic of malicious software, posing severe security risks.

@tofusoup429/pubfuncs

2.5.3

by tofusoup429

Live on npm

Blocked by Socket

This code contains malicious data exfiltration functionality. It sends sensitive organizational and account data to a suspicious hardcoded AWS Lambda URL (https://6afjtyt73gyyztrrofzuh343um0[.]amazonaws[.]on[.]aws/) without validation or user consent. The function takes sensitive parameters including organizationCode and accountCode and transmits them to this external endpoint, representing a clear data theft mechanism. While not obfuscated and lacking traditional malware payloads like reverse shells or cryptominers, the unauthorized data exfiltration to an untrusted endpoint represents a significant security breach. This is a supply chain attack intended to steal organizational data from any application using this dependency.

konnektive-engine

0.3.91

by drew.altukhov

Live on npm

Blocked by Socket

This module is primarily UI/modal code, but it contains a clear non-core payload: when the user’s language is Russian and the host matches ru/su/xn--p1ai patterns, it uses localStorage timing and then disables page interaction (pointerEvents) while loading and autoplaying a looping audio file from a hardcoded external domain. No direct credential theft/exfiltration is shown in this fragment, but the behavior is disruptive and introduces third-party network activity, making it a significant supply-chain security risk.

tensorkube

0.0.73

Live on pypi

Blocked by Socket

This template itself is not obfuscated and contains no direct data-exfiltration code, but it provisions a Lambda with broad, potentially destructive privileges (IAM deletion/modify, ECR deletion, CloudFormation DeleteStack, EFS deletion, S3 delete, EC2 security group deletion). The template configures automatic invocation of that Lambda to delete ECR images as part of stack operations. If the referenced Lambda image is untrusted or compromised, these permissions could be abused to cause substantial account-wide damage. Recommend treating this as high-risk from a privilege perspective: audit and pin the Lambda image, restrict IAM policies to least privilege (avoid Resource:"*"), and require manual approval for destructive teardown actions.

354766/dapi/docmost-cli/docmost/

136773cc2d9de6523a5c0ec3203de1261247d78a

Live on socket

Blocked by Socket

This manifest entry is high-risk and likely malicious in intent: it grants an automated ability to add a git remote and push local repository contents to an external GitHub repository. If honored by tooling in CI or developer environments with available credentials, it enables immediate exfiltration of source code, history, and potentially embedded secrets. Treat as potentially malicious, block execution, remove the permission, audit environments for execution attempts, and investigate the target repository and any exposed credentials.

gardener-cicd-libs

1.2430.0

Live on pypi

Blocked by Socket

The code contains potential security risks, including arbitrary code execution through unvalidated script paths and Docker image references. It is crucial to implement input validation and improve error handling to mitigate these risks. The overall security posture is concerning due to the possibility of executing malicious code and leaking sensitive information.

iplens

0.1.4

Removed from pypi

Blocked by Socket

This module is intended to extract IPv4 addresses from a file using multiple parsing strategies. However, it uses eval(content) on untrusted file contents which allows arbitrary code execution and is a severe security vulnerability. If an attacker can control the parsed file, they can execute arbitrary Python code in the application's context. Remove or replace eval with safe parsing (ast.literal_eval for Python literals, stricter JSON/CSV parsing) and avoid broad exception suppression. No other explicit malicious behavior is present in the fragment, but the eval makes the code dangerous to use as-is.

Live on pypi for 5 hours and 29 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles