
Product
Introducing Reachability for PHP
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
leadtools.imagingandocr-x86
19.0.2
by SuperJMN
Live on nuget
Blocked by Socket
The provided C# code for `Leadtools.Forms.Commands` exhibits a very high degree of obfuscation, particularly within the `BankCheckReader` and `MRTDReader` classes. This obfuscation is applied to core processing logic, string resources, and data validation routines. While the library appears to be a legitimate document processing tool from LEAD Technologies, Inc., the extreme obfuscation makes it impossible to definitively rule out malicious intent. The unusual methods like `global::<Module>.a()` for string manipulation and the complex control flows in `ProcessImage` are strong indicators that the code may be hiding malicious behavior. Therefore, this package should be treated with extreme caution and is flagged as a high security risk due to the extensive and suspicious obfuscation.
cuckoo
2.0.3
Live on pypi
Blocked by Socket
This code is an explicit exploit tool that abuses the vulnerable Capcom (Htsysm72FB) driver to execute arbitrary kernel-mode shellcode and provide kernel read/write primitives. It is used to locate and patch ntoskrnl to toggle Driver Signature Enforcement (DSE). It should be treated as malicious when present in software distributed to end users: it intentionally subverts OS integrity and enables loading unsigned drivers or further kernel modification. Only run in isolated, controlled research environments; do not include in production or allow normal users to execute it.
ml-keyframer
9.9.12
by r00tdaddy
Removed from npm
Blocked by Socket
This install script is highly malicious as it attempts to exfiltrate sensitive information from the system to an external server.
Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.
nab
0.8.2
Live on cargo
Blocked by Socket
High likelihood of malicious behavior: the module is designed to harvest browser cookies and credentials by decrypting cookie stores (using Keychain-derived keys on macOS) and by extracting login data from browsers (via `sqlite3` on copied Chromium “Login Data”), plus Keychain internet password retrieval and optional 1Password lookup. It uses subprocess execution with dynamically constructed Python/SQL code and returns secrets ready for reuse (cookie header and Credential structs). Even without visible network exfiltration in this fragment, the capability aligns with credential theft and account/session compromise.
@muya-ui/core
0.4.29
by yuck
Live on npm
Blocked by Socket
The source code contains a malicious backdoor that stealthily exfiltrates sensitive git repository information and package version to a suspicious external server. This represents a high security risk and a serious supply chain compromise. Immediate removal or remediation of this code is strongly recommended.
ncert-learn
5.2.3
Live on pypi
Blocked by Socket
This script invokes xmrig.exe to perform a cryptomining benchmark using the --bench=1M and --submit parameters, potentially submitting results over the network. Unauthorized execution can consume system resources for mining and send data externally without user consent, making it a malicious threat.
bapy
0.2.202
Live on pypi
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
thenamk3
3.3.0
by thenamk3
Removed from npm
Blocked by Socket
The code exhibits potential security risks due to handling sensitive data, complex encoding/decoding functions, and accessing environment variables. The getAppState function poses a significant security risk if misused. Caution is advised when using these functions. The malware score should be higher due to the identified risks. The obfuscated score is accurate. The overall risk score should be increased to reflect the security concerns identified in the reports.
Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.
github.com/gravitl/netmaker
v0.10.1-0.20220212180444-d9a334b30cd8
Live on go
Blocked by Socket
High-risk supply-chain/security indicator: the authorize() middleware includes a hardcoded static bearer token fallback (authToken := "928rt238tghgwe@TY@$Y@#WQAEGB2FC#@HG#@$Hddd"). If the Authorization header is missing or malformed, the code still attempts to verify this embedded token, which strongly suggests a backdoor credential or at minimum a dangerous authentication bypass condition. Because this middleware gates sensitive sinks (JWT verification, node updates, gateway/relay mutations, and mq.NodeUpdate publishing), the impact could be significant. Additional concern: possible RBAC logic bug using params["netid"] instead of params["nodeid"].
digits-common
1.0.2
by jr0ch17-workfront
Removed from npm
Blocked by Socket
The script is designed to send sensitive information to a remote server, which is a clear indication of malicious behavior.
Live on npm for 10 days and 5 minutes before removal. Socket users were protected even while the package was live.
ailever
0.3.457
Live on pypi
Blocked by Socket
The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.
github.com/sourcegraph/sourcegraph
v0.0.0-20210416000032-e1bb11dbd30c
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
norsodikin
0.3.9.dev12
Live on pypi
Blocked by Socket
This file includes hardcoded credentials (a Telegram bot token and chat ID) and transmits newly created SSH usernames and passwords to a remote endpoint (e.g., example[.]com) without user consent.
dvuln
0.2.1
by crazyproger1
Removed from npm
Blocked by Socket
The code fetches an HTML file from an external source, replaces the current document's HTML with it, establishes a WebSocket connection to a potentially suspicious domain, and sends user login credentials and cookies over the WebSocket connection. This behavior could be potentially malicious or pose a security risk, especially if the external HTML or the WebSocket server are compromised.
Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.
vibe-notion
0.9.0
by GitHub Actions
Live on npm
Blocked by Socket
This module is explicitly designed to locate Notion's cookie storage and extract and decrypt the 'token_v2' authentication cookie and related user IDs using platform-specific secret stores (Keychain, DPAPI) and known derived-key methods. The code performs credential harvesting and exposes sensitive tokens to its caller. Even though it does not itself exfiltrate tokens over the network, the functionality is high-risk and suitable for abuse in supply-chain or malicious contexts. Treat as malicious/credential-harvesting code unless its use is explicitly authorized by the machine owner and tightly controlled.
tfjs-core
6.5.0
by jpdtestjpd
Live on npm
Blocked by Socket
The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.
mtmai
0.3.1429
Live on pypi
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
mtmai
0.3.1351
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
github.com/milvus-io/milvus
v0.10.3-0.20211220091904-931f7e054a1e
Live on go
Blocked by Socket
This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.
apt-toolkit
3.2.0
Live on pypi
Blocked by Socket
This module is an explicit offensive tool: it codifies actionable exploitation plans and TTPs for government, military, and critical infrastructure targets. Although it contains no direct execution or I/O, its outputs are operationally useful and dangerous. Treat as malicious/abusive content; do not include in trusted supply chains or deploy in production. Reviewers should remove or quarantine this package and investigate origin and distribution context.
github.com/sourcegraph/sourcegraph
v0.0.0-20210506155407-953b3a48817b
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
dartlab
0.7.4
Live on pypi
Blocked by Socket
The file implements a normal OAuth-backed client/provider for a ChatGPT-like SSE responses API. No obfuscated or dynamic execution techniques are present, and there are no embedded hardcoded credentials. However, the hardcoded CODEX_API_BASE ('https://chatgpt.com/backend-api') is atypical for official OpenAI APIs and is a significant risk: the module will transmit OAuth Bearer tokens, optional account identifiers, and all conversation content to that domain. If that endpoint is not trusted, this constitutes credential and data exfiltration. Recommend verifying the intended API base (confirm domain ownership/trust), replacing it with the official/trusted endpoint if it was tampered with, and auditing repository history for unexpected modifications. Treat this as a supply-chain/typosquatting danger until the endpoint is validated.
leadtools.imagingandocr-x86
19.0.2
by SuperJMN
Live on nuget
Blocked by Socket
The provided C# code for `Leadtools.Forms.Commands` exhibits a very high degree of obfuscation, particularly within the `BankCheckReader` and `MRTDReader` classes. This obfuscation is applied to core processing logic, string resources, and data validation routines. While the library appears to be a legitimate document processing tool from LEAD Technologies, Inc., the extreme obfuscation makes it impossible to definitively rule out malicious intent. The unusual methods like `global::<Module>.a()` for string manipulation and the complex control flows in `ProcessImage` are strong indicators that the code may be hiding malicious behavior. Therefore, this package should be treated with extreme caution and is flagged as a high security risk due to the extensive and suspicious obfuscation.
cuckoo
2.0.3
Live on pypi
Blocked by Socket
This code is an explicit exploit tool that abuses the vulnerable Capcom (Htsysm72FB) driver to execute arbitrary kernel-mode shellcode and provide kernel read/write primitives. It is used to locate and patch ntoskrnl to toggle Driver Signature Enforcement (DSE). It should be treated as malicious when present in software distributed to end users: it intentionally subverts OS integrity and enables loading unsigned drivers or further kernel modification. Only run in isolated, controlled research environments; do not include in production or allow normal users to execute it.
ml-keyframer
9.9.12
by r00tdaddy
Removed from npm
Blocked by Socket
This install script is highly malicious as it attempts to exfiltrate sensitive information from the system to an external server.
Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.
nab
0.8.2
Live on cargo
Blocked by Socket
High likelihood of malicious behavior: the module is designed to harvest browser cookies and credentials by decrypting cookie stores (using Keychain-derived keys on macOS) and by extracting login data from browsers (via `sqlite3` on copied Chromium “Login Data”), plus Keychain internet password retrieval and optional 1Password lookup. It uses subprocess execution with dynamically constructed Python/SQL code and returns secrets ready for reuse (cookie header and Credential structs). Even without visible network exfiltration in this fragment, the capability aligns with credential theft and account/session compromise.
@muya-ui/core
0.4.29
by yuck
Live on npm
Blocked by Socket
The source code contains a malicious backdoor that stealthily exfiltrates sensitive git repository information and package version to a suspicious external server. This represents a high security risk and a serious supply chain compromise. Immediate removal or remediation of this code is strongly recommended.
ncert-learn
5.2.3
Live on pypi
Blocked by Socket
This script invokes xmrig.exe to perform a cryptomining benchmark using the --bench=1M and --submit parameters, potentially submitting results over the network. Unauthorized execution can consume system resources for mining and send data externally without user consent, making it a malicious threat.
bapy
0.2.202
Live on pypi
Blocked by Socket
The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.
thenamk3
3.3.0
by thenamk3
Removed from npm
Blocked by Socket
The code exhibits potential security risks due to handling sensitive data, complex encoding/decoding functions, and accessing environment variables. The getAppState function poses a significant security risk if misused. Caution is advised when using these functions. The malware score should be higher due to the identified risks. The obfuscated score is accurate. The overall risk score should be increased to reflect the security concerns identified in the reports.
Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.
github.com/gravitl/netmaker
v0.10.1-0.20220212180444-d9a334b30cd8
Live on go
Blocked by Socket
High-risk supply-chain/security indicator: the authorize() middleware includes a hardcoded static bearer token fallback (authToken := "928rt238tghgwe@TY@$Y@#WQAEGB2FC#@HG#@$Hddd"). If the Authorization header is missing or malformed, the code still attempts to verify this embedded token, which strongly suggests a backdoor credential or at minimum a dangerous authentication bypass condition. Because this middleware gates sensitive sinks (JWT verification, node updates, gateway/relay mutations, and mq.NodeUpdate publishing), the impact could be significant. Additional concern: possible RBAC logic bug using params["netid"] instead of params["nodeid"].
digits-common
1.0.2
by jr0ch17-workfront
Removed from npm
Blocked by Socket
The script is designed to send sensitive information to a remote server, which is a clear indication of malicious behavior.
Live on npm for 10 days and 5 minutes before removal. Socket users were protected even while the package was live.
ailever
0.3.457
Live on pypi
Blocked by Socket
The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.
github.com/sourcegraph/sourcegraph
v0.0.0-20210416000032-e1bb11dbd30c
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
norsodikin
0.3.9.dev12
Live on pypi
Blocked by Socket
This file includes hardcoded credentials (a Telegram bot token and chat ID) and transmits newly created SSH usernames and passwords to a remote endpoint (e.g., example[.]com) without user consent.
dvuln
0.2.1
by crazyproger1
Removed from npm
Blocked by Socket
The code fetches an HTML file from an external source, replaces the current document's HTML with it, establishes a WebSocket connection to a potentially suspicious domain, and sends user login credentials and cookies over the WebSocket connection. This behavior could be potentially malicious or pose a security risk, especially if the external HTML or the WebSocket server are compromised.
Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.
vibe-notion
0.9.0
by GitHub Actions
Live on npm
Blocked by Socket
This module is explicitly designed to locate Notion's cookie storage and extract and decrypt the 'token_v2' authentication cookie and related user IDs using platform-specific secret stores (Keychain, DPAPI) and known derived-key methods. The code performs credential harvesting and exposes sensitive tokens to its caller. Even though it does not itself exfiltrate tokens over the network, the functionality is high-risk and suitable for abuse in supply-chain or malicious contexts. Treat as malicious/credential-harvesting code unless its use is explicitly authorized by the machine owner and tightly controlled.
tfjs-core
6.5.0
by jpdtestjpd
Live on npm
Blocked by Socket
The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.
mtmai
0.3.1429
Live on pypi
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
mtmai
0.3.1351
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
github.com/milvus-io/milvus
v0.10.3-0.20211220091904-931f7e054a1e
Live on go
Blocked by Socket
This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.
apt-toolkit
3.2.0
Live on pypi
Blocked by Socket
This module is an explicit offensive tool: it codifies actionable exploitation plans and TTPs for government, military, and critical infrastructure targets. Although it contains no direct execution or I/O, its outputs are operationally useful and dangerous. Treat as malicious/abusive content; do not include in trusted supply chains or deploy in production. Reviewers should remove or quarantine this package and investigate origin and distribution context.
github.com/sourcegraph/sourcegraph
v0.0.0-20210506155407-953b3a48817b
Live on go
Blocked by Socket
This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.
dartlab
0.7.4
Live on pypi
Blocked by Socket
The file implements a normal OAuth-backed client/provider for a ChatGPT-like SSE responses API. No obfuscated or dynamic execution techniques are present, and there are no embedded hardcoded credentials. However, the hardcoded CODEX_API_BASE ('https://chatgpt.com/backend-api') is atypical for official OpenAI APIs and is a significant risk: the module will transmit OAuth Bearer tokens, optional account identifiers, and all conversation content to that domain. If that endpoint is not trusted, this constitutes credential and data exfiltration. Recommend verifying the intended API base (confirm domain ownership/trust), replacing it with the official/trusted endpoint if it was tampered with, and auditing repository history for unexpected modifications. Treat this as a supply-chain/typosquatting danger until the endpoint is validated.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.