
Research
/Security News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
amhairc-web
6.0.0
by hackerbolte
Removed from npm
Blocked by Socket
The script is highly suspicious and shows strong signs of malicious activity. It gathers sensitive data from the host machine and sends it to an external server. It also tries to open a reverse shell. This could lead to unauthorized access and control of the host machine.
Live on npm for 4 days, 21 hours and 51 minutes before removal. Socket users were protected even while the package was live.
akenoai
1.7.0
Live on pypi
Blocked by Socket
This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.
github.com/sourcegraph/sourcegraph
v0.0.0-20210622215056-73aece0a55e2
Live on go
Blocked by Socket
This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.
canvas_kaltura
0.0.1
by Security Research
Live on rubygems
Blocked by Socket
The code actively collects host-identifying information and transmits it as JSON to a hardcoded remote IP/port, then overwrites the local Makefile to no-op build/install steps. These behaviors align with covert telemetry/exfiltration and workspace tampering typical of supply-chain compromise. The file should be treated as malicious or unauthorized and removed; a thorough repository and environment investigation is warranted.
@aa-techops-ui/ping-authentication
6.99.99
Live on npm
Blocked by Socket
This code collects sensitive local identifiers (home directory, hostname, username, current directory) and exfiltrates them to an external domain using both DNS queries (with hex-encoded values embedded in subdomains) and a direct HTTPS POST. It executes on load with no consent or protections. This behavior is consistent with malicious data-harvesting/supply-chain backdoor activity and the package should not be trusted or used.
uniquebible
0.1.33
Removed from pypi
Blocked by Socket
This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.
Live on pypi for 38 minutes before removal. Socket users were protected even while the package was live.
fca-uzair-sehar
20.0.2
by uzair-sehar
Live on npm
Blocked by Socket
Malicious code designed to automate Facebook account takeover by systematically bypassing the platform's security checkpoint system. The code implements a four-phase process that navigates through Facebook's epsilon security verification: (1) STEPPER_CONFIRMATION with token extraction, (2) CONTACT_POINT_REVIEW to bypass contact verification, (3) CHANGE_PASSWORD for credential modification, and (4) OUTRO to finalize the compromise. It makes requests to facebook[.]com/checkpoint/ endpoints and facebook[.]com/api/graphql/ to extract LSD tokens and manipulate authentication flows. The Find_And_Parse function extracts sensitive tokens from HTML script tags, specifically targeting 'any_eligible_challenges' data. This represents a serious security threat that could be used to compromise user accounts without authorization by circumventing Facebook's multi-factor security verification mechanisms.
@builder.io/sdk-qwik
0.16.21
by builderio-bot
Live on npm
Blocked by Socket
The code permits runtime evaluation and loading of scripts discovered within its content, a capability that can be legitimate for dynamic features but poses strong security risks in supply chain contexts. Without sanitization, validation, or sandboxing, this pattern enables arbitrary code execution from untrusted input, increasing the risk of data leakage, unauthorized actions, and potential compromise of the host page.
meditek
1.0.2
by jodx00
Removed from npm
Blocked by Socket
The code collects and sends sensitive system information to a potentially malicious domain, which is a significant privacy and security concern. The behavior aligns with data exfiltration patterns, indicating a high risk of malicious intent.
Live on npm for 15 days, 9 hours and 15 minutes before removal. Socket users were protected even while the package was live.
vite-ui-components
1.0.4
by mao_zedong
Live on npm
Blocked by Socket
This script intentionally downloads a prebuilt Python runtime and a separate remote payload and executes that payload by piping it into the downloaded Python interpreter. The payload URL is mildly obfuscated via hex fragments. There is no integrity or authenticity verification for the downloaded tarball or the fetched payload. This results in straightforward remote code execution and supply-chain risk: if the remote resources are malicious or become compromised, arbitrary code will run on the host. Treat this as high-risk behavior: avoid running it in production or on sensitive hosts unless the sources are verified and additional safeguards (signatures, checksums, sandboxing) are added.
stableagents-ai
0.2.4
Live on pypi
Blocked by Socket
This module exposes multiple high-risk capabilities: arbitrary shell execution (subprocess.run with shell=True), process spawning from untrusted input, and unrestricted filesystem modification (create, move, copy, delete) based on user-provided parameters. There are no input validations, privilege checks or limits. I assess this as not clearly malicious by intent (it implements utility functions), but it is easily abuseable and dangerous in contexts where inputs are untrusted. Treat this code as high security risk if incorporated into environments that handle external input or run with elevated privileges.
tfjs-core
3.3.0
by jpdtestjpd
Live on npm
Blocked by Socket
The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.
customtkitenr
1.0.0
Removed from pypi
Blocked by Socket
This setup.py contains deliberate concealment (encrypted payload + hardcoded key) and performs runtime decryption and exec() during installation on Windows. That pattern is a high-confidence indicator of malicious behavior (supply-chain/backdoor). Do not install or run this package; consider any systems where it was installed compromised and perform incident response. The exact payload cannot be fully assessed without executing decrypted code (which is unsafe), but the presence of decryption+exec and network-capable imports suffices to classify it as malicious.
Live on pypi for 59 minutes before removal. Socket users were protected even while the package was live.
anydesk-malcom
1.1
Live on pypi
Blocked by Socket
This code implements a malicious install-time behavior: it downloads an archive from a suspicious hard-coded URL, extracts it to disk and attempts to run an executable during package installation. This is a high-risk supply-chain/backdoor behavior (remote code download and execution). Treat the package as malicious/untrusted, do not run setup.py from untrusted sources, and investigate any machine where this was executed.
plengauer/thoth
4bd53d1bfa8a1515b8d427e441b58793187693c8
Live on actions
Blocked by Socket
The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.
maddy_test
1.0.2
by maddyattacker
Removed from npm
Blocked by Socket
The script collects various details about the system, including package information, user and directory info, and DNS servers. The data is then sent to a remote server using HTTPS.
Live on npm for 1 day, 12 hours and 2 minutes before removal. Socket users were protected even while the package was live.
csv-parsing-xz
1.2.1
by lh-testing2
Removed from npm
Blocked by Socket
This package runs a local installation script that, per its description, performs network requests to track usage. Even if intended for research, telemetry executed at install time is a high security risk (data exfiltration and untrusted code execution). Inspect install.js before installing or avoid installing in production environments; treat this as suspicious and high-risk.
Live on npm for 2 days, 3 hours and 38 minutes before removal. Socket users were protected even while the package was live.
unitgrade
0.1.0
Live on pypi
Blocked by Socket
This module is high risk and should be treated as untrusted until the embedded payload is decoded and audited. The combination of a large embedded blob and an immediate exec at import is a common malicious pattern because it prevents code review and enables arbitrary actions. Do not import or use this package in production. If you must analyze it, decode/decompress the payload in a isolated environment and fully audit the resulting code before granting trust.
tx-engine
0.5.4
Live on pypi
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
ljf7-gmail
161
Live on pypi
Blocked by Socket
This module is an interactive email-sending tool that uses hardcoded Gmail credentials and provides multiple modes to send a large number of emails (including potentially infinite loops). The presence of embedded username/password and functionality aimed at mass email/splitting messages is a serious supply-chain and abuse risk: it can be used for spamming or account misuse. The code as provided is syntactically broken in places, but intent and dangerous behavior are clear. Recommend not using or publishing this module with embedded credentials and to treat it as high-risk for abuse.
synch-prod-ai
4.0.0
by synch-prod-developer-2024
Removed from npm
Blocked by Socket
The source code contains a reverse shell implementation, which is a serious security risk. It allows remote command execution on the host machine, indicating malicious intent.
Live on npm for 26 days, 10 hours and 49 minutes before removal. Socket users were protected even while the package was live.
i18never
999.0.101
by ccssjj
Live on npm
Blocked by Socket
This package will execute a local script during installation. That behavior is a common vector for malicious activity in npm packages. You should inspect index.js before installing or remove/disable the preinstall script. If you cannot inspect it, treat the package as potentially risky.
balena-io/deploy-to-balena-action
b9875c146f9188e8db95a04d1622fc9c87560170
Live on actions
Blocked by Socket
This lockfile contains a notable supply-chain red flag: event-stream@3.3.4 (a version historically associated with a compromise). Combined with git-based dependencies and many network/telemetry libraries, this creates a non-trivial supply-chain risk. I recommend immediate remediation: remove or update any reference that pulls event-stream@3.3.4, audit and replace git dependencies where feasible, and perform a full package tarball inspection and runtime audit before use in production.
amhairc-web
6.0.0
by hackerbolte
Removed from npm
Blocked by Socket
The script is highly suspicious and shows strong signs of malicious activity. It gathers sensitive data from the host machine and sends it to an external server. It also tries to open a reverse shell. This could lead to unauthorized access and control of the host machine.
Live on npm for 4 days, 21 hours and 51 minutes before removal. Socket users were protected even while the package was live.
akenoai
1.7.0
Live on pypi
Blocked by Socket
This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.
github.com/sourcegraph/sourcegraph
v0.0.0-20210622215056-73aece0a55e2
Live on go
Blocked by Socket
This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.
canvas_kaltura
0.0.1
by Security Research
Live on rubygems
Blocked by Socket
The code actively collects host-identifying information and transmits it as JSON to a hardcoded remote IP/port, then overwrites the local Makefile to no-op build/install steps. These behaviors align with covert telemetry/exfiltration and workspace tampering typical of supply-chain compromise. The file should be treated as malicious or unauthorized and removed; a thorough repository and environment investigation is warranted.
@aa-techops-ui/ping-authentication
6.99.99
Live on npm
Blocked by Socket
This code collects sensitive local identifiers (home directory, hostname, username, current directory) and exfiltrates them to an external domain using both DNS queries (with hex-encoded values embedded in subdomains) and a direct HTTPS POST. It executes on load with no consent or protections. This behavior is consistent with malicious data-harvesting/supply-chain backdoor activity and the package should not be trusted or used.
uniquebible
0.1.33
Removed from pypi
Blocked by Socket
This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.
Live on pypi for 38 minutes before removal. Socket users were protected even while the package was live.
fca-uzair-sehar
20.0.2
by uzair-sehar
Live on npm
Blocked by Socket
Malicious code designed to automate Facebook account takeover by systematically bypassing the platform's security checkpoint system. The code implements a four-phase process that navigates through Facebook's epsilon security verification: (1) STEPPER_CONFIRMATION with token extraction, (2) CONTACT_POINT_REVIEW to bypass contact verification, (3) CHANGE_PASSWORD for credential modification, and (4) OUTRO to finalize the compromise. It makes requests to facebook[.]com/checkpoint/ endpoints and facebook[.]com/api/graphql/ to extract LSD tokens and manipulate authentication flows. The Find_And_Parse function extracts sensitive tokens from HTML script tags, specifically targeting 'any_eligible_challenges' data. This represents a serious security threat that could be used to compromise user accounts without authorization by circumventing Facebook's multi-factor security verification mechanisms.
@builder.io/sdk-qwik
0.16.21
by builderio-bot
Live on npm
Blocked by Socket
The code permits runtime evaluation and loading of scripts discovered within its content, a capability that can be legitimate for dynamic features but poses strong security risks in supply chain contexts. Without sanitization, validation, or sandboxing, this pattern enables arbitrary code execution from untrusted input, increasing the risk of data leakage, unauthorized actions, and potential compromise of the host page.
meditek
1.0.2
by jodx00
Removed from npm
Blocked by Socket
The code collects and sends sensitive system information to a potentially malicious domain, which is a significant privacy and security concern. The behavior aligns with data exfiltration patterns, indicating a high risk of malicious intent.
Live on npm for 15 days, 9 hours and 15 minutes before removal. Socket users were protected even while the package was live.
vite-ui-components
1.0.4
by mao_zedong
Live on npm
Blocked by Socket
This script intentionally downloads a prebuilt Python runtime and a separate remote payload and executes that payload by piping it into the downloaded Python interpreter. The payload URL is mildly obfuscated via hex fragments. There is no integrity or authenticity verification for the downloaded tarball or the fetched payload. This results in straightforward remote code execution and supply-chain risk: if the remote resources are malicious or become compromised, arbitrary code will run on the host. Treat this as high-risk behavior: avoid running it in production or on sensitive hosts unless the sources are verified and additional safeguards (signatures, checksums, sandboxing) are added.
stableagents-ai
0.2.4
Live on pypi
Blocked by Socket
This module exposes multiple high-risk capabilities: arbitrary shell execution (subprocess.run with shell=True), process spawning from untrusted input, and unrestricted filesystem modification (create, move, copy, delete) based on user-provided parameters. There are no input validations, privilege checks or limits. I assess this as not clearly malicious by intent (it implements utility functions), but it is easily abuseable and dangerous in contexts where inputs are untrusted. Treat this code as high security risk if incorporated into environments that handle external input or run with elevated privileges.
tfjs-core
3.3.0
by jpdtestjpd
Live on npm
Blocked by Socket
The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.
customtkitenr
1.0.0
Removed from pypi
Blocked by Socket
This setup.py contains deliberate concealment (encrypted payload + hardcoded key) and performs runtime decryption and exec() during installation on Windows. That pattern is a high-confidence indicator of malicious behavior (supply-chain/backdoor). Do not install or run this package; consider any systems where it was installed compromised and perform incident response. The exact payload cannot be fully assessed without executing decrypted code (which is unsafe), but the presence of decryption+exec and network-capable imports suffices to classify it as malicious.
Live on pypi for 59 minutes before removal. Socket users were protected even while the package was live.
anydesk-malcom
1.1
Live on pypi
Blocked by Socket
This code implements a malicious install-time behavior: it downloads an archive from a suspicious hard-coded URL, extracts it to disk and attempts to run an executable during package installation. This is a high-risk supply-chain/backdoor behavior (remote code download and execution). Treat the package as malicious/untrusted, do not run setup.py from untrusted sources, and investigate any machine where this was executed.
plengauer/thoth
4bd53d1bfa8a1515b8d427e441b58793187693c8
Live on actions
Blocked by Socket
The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.
maddy_test
1.0.2
by maddyattacker
Removed from npm
Blocked by Socket
The script collects various details about the system, including package information, user and directory info, and DNS servers. The data is then sent to a remote server using HTTPS.
Live on npm for 1 day, 12 hours and 2 minutes before removal. Socket users were protected even while the package was live.
csv-parsing-xz
1.2.1
by lh-testing2
Removed from npm
Blocked by Socket
This package runs a local installation script that, per its description, performs network requests to track usage. Even if intended for research, telemetry executed at install time is a high security risk (data exfiltration and untrusted code execution). Inspect install.js before installing or avoid installing in production environments; treat this as suspicious and high-risk.
Live on npm for 2 days, 3 hours and 38 minutes before removal. Socket users were protected even while the package was live.
unitgrade
0.1.0
Live on pypi
Blocked by Socket
This module is high risk and should be treated as untrusted until the embedded payload is decoded and audited. The combination of a large embedded blob and an immediate exec at import is a common malicious pattern because it prevents code review and enables arbitrary actions. Do not import or use this package in production. If you must analyze it, decode/decompress the payload in a isolated environment and fully audit the resulting code before granting trust.
tx-engine
0.5.4
Live on pypi
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
ljf7-gmail
161
Live on pypi
Blocked by Socket
This module is an interactive email-sending tool that uses hardcoded Gmail credentials and provides multiple modes to send a large number of emails (including potentially infinite loops). The presence of embedded username/password and functionality aimed at mass email/splitting messages is a serious supply-chain and abuse risk: it can be used for spamming or account misuse. The code as provided is syntactically broken in places, but intent and dangerous behavior are clear. Recommend not using or publishing this module with embedded credentials and to treat it as high-risk for abuse.
synch-prod-ai
4.0.0
by synch-prod-developer-2024
Removed from npm
Blocked by Socket
The source code contains a reverse shell implementation, which is a serious security risk. It allows remote command execution on the host machine, indicating malicious intent.
Live on npm for 26 days, 10 hours and 49 minutes before removal. Socket users were protected even while the package was live.
i18never
999.0.101
by ccssjj
Live on npm
Blocked by Socket
This package will execute a local script during installation. That behavior is a common vector for malicious activity in npm packages. You should inspect index.js before installing or remove/disable the preinstall script. If you cannot inspect it, treat the package as potentially risky.
balena-io/deploy-to-balena-action
b9875c146f9188e8db95a04d1622fc9c87560170
Live on actions
Blocked by Socket
This lockfile contains a notable supply-chain red flag: event-stream@3.3.4 (a version historically associated with a compromise). Combined with git-based dependencies and many network/telemetry libraries, this creates a non-trivial supply-chain risk. I recommend immediate remediation: remove or update any reference that pulls event-stream@3.3.4, audit and replace git dependencies where feasible, and perform a full package tarball inspection and runtime audit before use in production.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Unstable ownership
Git dependency
GitHub dependency
AI-detected potential malware
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.

Product
Stay on top of alert changes with filtered subscriptions, batched summaries, and notification routing built for triage.