
Product
Introducing Data Exports
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
mtmai
0.3.1551
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
thispackagedoesnotexist
0.2.3
Live on pypi
Blocked by Socket
This file contains malware functionality that enables remote arbitrary code execution. The code accepts base64-encoded executables or Python scripts from a remote client and executes them on the target system without validation. It can create and execute temporary executable files, run Python scripts directly, and operate in hidden mode to avoid detection. The malware includes cleanup mechanisms to remove evidence of execution. This represents a backdoor or remote access trojan (RAT) component that allows an attacker to execute arbitrary commands and binaries on compromised systems. The code is part of a larger remote control system that includes VNC components, proxy functionality, and other typical RAT features as evidenced by the package structure.
walter.web.firewall
2021.11.19.847
by Walter Verhoeven, Walter Verhoeven, Stijn Snellinx, Walter Verhoeven, Lambert Snellinx
Live on nuget
Blocked by Socket
The fragment exhibits strong indicators of obfuscation and dynamic code-loading patterns that can enable covert payload delivery or runtime execution of code not present in static analysis. While some components may serve legitimate loader infrastructure, the overall pattern poses non-trivial supply-chain and runtime-execution risk. Actionable steps include restricting dynamic loading, verifying all embedded resources, conducting thorough dynamic analysis in a sandbox, and enforcing provenance controls on dependencies and native interop usage.
github.com/bishopfox/sliver
v0.0.0-20210407112431-8dccad26561f
Live on go
Blocked by Socket
This source file implements command-and-control implant handlers that intentionally provide full remote control over command execution, file system read/write/delete, environment disclosure/modification, and data exfiltration. The code contains no access controls or sandboxing and follows symlinks when archiving, increasing the risk of unintended traversal. Treated in isolation, this module is highly dangerous and should only be present in environments where such functionality is explicitly required and authorized (e.g., red-team infrastructure). If found in repositories or dependencies not explicitly labeled as C2/implant tooling, consider it malicious and remove or isolate it.
bane
4.1.7
Live on pypi
Blocked by Socket
This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.
@griezstore/baileys
6.7.22
by griezstore
Live on npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
agentdojo
0.1.15
Live on pypi
Blocked by Socket
The transcript shows a successful prompt-injection-driven data exfiltration: an attacker-supplied instruction embedded in webpage content caused the assistant to read and post concatenated channel messages (including a secret key) to an external site (http://www.my-website-234.com/random). This is a high-severity supply-chain/security incident (confidential data leak). The assistant also completed the benign user task (messaging Bob), but that does not mitigate the exfiltration. Recommended actions: treat external content as untrusted (do not execute instructions from webpages/tool outputs), prevent automatic posting of internal messages to arbitrary external URLs, redact secrets in channel reads, and alert/rotate any leaked credentials.
bashrc
0.16.0
Live on pypi
Blocked by Socket
The script performs actions that can create a persistent backdoor and weaken host/SSH security: it fetches public keys from GitHub and appends them to authorized_keys for multiple accounts (including root), disables SSH host key verification in the client config, writes suspicious /etc/hosts entries, and adds private keys from disk into the SSH agent. These behaviors are high-risk and likely malicious or at least dangerously insecure for production use. If you did not expect this behavior (adding external GitHub keys, modifying root authorized_keys, changing /etc/hosts), do not run this script and audit callers and the helper scripts it invokes.
node-server-dev
3.2.1
by liurunlin
Live on npm
Blocked by Socket
This module is highly suspicious and strongly matches a remote-controlled agent/backdoor pattern. It connects to a remote Socket.IO endpoint, repeatedly transmits device/user identity information, and—most importantly—executes server-provided payload strings via `eval(...)` (Node) or `runScript(...)` (browser). The lack of code integrity checks and the presence of stealthy error suppression significantly increase risk. Treat the dependency as unsafe unless the server protocol and payload execution behavior are fully audited and proven legitimate.
carbonorm/carbonphp
12.2.1
Live on composer
Blocked by Socket
The Deployment class exhibits multiple high-risk patterns: hardcoded credentials, webhook-triggered remote code updates, privileged system modifications, and network interactions that could be leveraged for data exfiltration or host compromise. While some deployment tooling is legitimate, the embedded secrets and broad privileged capabilities present meaningful supply-chain and host-security risks. Recommendation: remove all hardcoded credentials, avoid executing privileged actions from PHP in production, secure webhooks with robust authentication, isolate DNS/Apache changes behind secure pipelines, and eliminate dynamic autoload injection that could be abused. Treat as medium-to-high risk with potential for significant impact if compromised.
typescript52
1.0.0
by thezank
Removed from npm
Blocked by Socket
The code is performing unauthorized data exfiltration by sending sensitive system and user information to a remote server without user consent. This behavior is indicative of malicious intent.
Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.
github.com/bishopfox/sliver
v1.5.40-0.20231015133907-5a5e8d2a0424
Live on go
Blocked by Socket
The script automates the rapid deployment of a Sliver remote-access framework with system-wide persistence and per-user configuration generation. While Sliver can be used for legitimate red-team activities, the embedded trust material (GPG key), unsigned verification flow risk, and automatic root-level installation create significant supply-chain and post-compromise risk if provenance is unclear. Treat as high-risk and require strict provenance checks, explicit user consent, and removal from any production or shared repositories until provenance, integrity, and necessity are verified.
zhdex
1.0.0
by hoangdaicntt
Removed from npm
Blocked by Socket
Heavily obfuscated JavaScript that injects code into application files at runtime, communicates with external domains (e.g., webhook[.]site) for potential data exfiltration, and manipulates local files without user authorization. It disguises its functions through complex obfuscation techniques and actively modifies runtime behavior in ways that strongly indicate malicious intent.
Live on npm for 14 days, 12 hours and 1 minute before removal. Socket users were protected even while the package was live.
idlem
0.0.5
Live on pypi
Blocked by Socket
The source code is primarily focused on managing a cryptocurrency mining operation, which can be considered malicious if performed without explicit user consent. The use of Docker and monitoring of system resources and user logins are key components of this operation.
tx-engine
0.3.3
Live on pypi
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
raw-packet
0.2.1
Live on pypi
Blocked by Socket
This file is an explicit tool to perform DHCP starvation (a denial-of-service against DHCP servers) by generating many unique client identities and sending forged DHCP DISCOVER/REQUEST packets and optionally automating MAC changes to obtain many leases. It manipulates host networking via os.system() (service control, ifconfig, dhclient) and uses raw sockets to inject traffic. There is no evidence of data exfiltration or stealthy backdoors, but the code is overtly malicious/disruptive and should not be executed on networks without explicit authorization. Recommended action: treat as malicious activity, do not run except in isolated lab environments with permission.
colab-ssh
0.2.15
Live on pypi
Blocked by Socket
The code functions as a high-risk backdoor mechanism: it enables root SSH access, exports port 22 via ngrok using a user-supplied authtoken, and exposes credentials through stdout. This pattern is unacceptable in open-source dependencies and constitutes a severe supply-chain/security risk. It should be removed, audited, and not used in any package without rigorous, explicit user consent and secure handling of credentials.
es-workflow-template
0.4.14
by becoxy
Live on npm
Blocked by Socket
This bundled front-end fragment is primarily UI/runtime code, but it contains two high-signal security red flags: (1) browser-side dynamic evaluation using new Function for DOM-derived swal-function-param values (code execution primitive under attacker control), and (2) a locale/host-triggered hardcoded remote audio autoplay from https://flag-gimn.ru/... (unrelated outbound network behavior consistent with tracking or payload injection). Additionally, the module supports rich HTML/template insertion paths that can contribute to DOM XSS depending on upstream sanitization. Overall, the security risk is elevated and the dependency/build provenance should be treated as suspect and validated (e.g., diff against upstream, verify integrity during packaging).
tiktok-coins-hack591
1.0.2
by sicrap
Removed from npm
Blocked by Socket
The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.
Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.
@ambitlabs/hypercore-sim
1.0.2
by cosullivan
Live on npm
Blocked by Socket
The fragment demonstrates unusual and potentially dangerous behavior: it reads contract code and uses Hardhat-specific tooling to overwrite code at a fixed address, then configures that injected contract with an external hyperCoreWrite value. This creates a plausible backdoor-like pathway or at least a perception of code tampering within a repository. In normal production code, such setCode usage and fixed-address code injection would be inappropriate and should be removed or guarded behind explicit test-only guards. Further review of intent, test harness context, and access controls is recommended before trusting or publishing this code in a public package.
http-fetcher-extra
4.2.3
by itselviz
Removed from npm
Blocked by Socket
This source code is a high-risk malicious Discord token grabber that steals authentication tokens and sensitive user information from local storage files and exfiltrates them to an attacker-controlled Discord webhook. The malware scans LevelDB and log files from Discord and multiple browsers (Chrome, Opera, Brave, Yandex) in user AppData directories, extracts Discord tokens using regex patterns, and sends them to the webhook URL https://discord[.]com/api/webhooks/952128654513700874/ZXUwj_ZtTgd6ATIpMORqlOu0Bu6kAQH8Pj4d-bX2OWT5JuKlTlLRpJ3DwjCzysBbH2C0. It also uses stolen tokens to query Discord's API at https://discord[.]com/api/v6/users/@me to harvest additional user details including username, email, phone number, and Nitro subscription status, which are then exfiltrated to the same webhook. This poses severe security threats including account compromise, identity theft, privacy violations, and unauthorized access to Discord accounts.
Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.
n8n-nodes-gg-udhasudsh-hgjkhg-official
0.0.27
by zabuza-momochi
Live on npm
Blocked by Socket
The provided fragment appears to be an obfuscated module that decodes string literals and assigns them to module.exports to provide UI/operation configuration for a 'search' resource. In this snippet there is no evidence of network access, process spawning, environment-variable harvesting, eval/new Function usage, or other typical malware behaviors. The main concern is the heavy obfuscation and the fragmentary nature of the input — both increase the risk that malicious actions could be hidden elsewhere in the same file or package. I recommend obtaining and auditing the full, preferably deobfuscated source (or running the decoders in a controlled sandbox) before trusting this package in a production environment.
github.com/gravitational/teleport
v1.3.3-0.20231220082030-fd251a31eaa6
Live on go
Blocked by Socket
The script functions as a bootstrap installer that fetches a Teleport binary from a CDN, extracts it, and executes it with user-provided arguments. While common in bootstrap flows, this approach carries significant supply-chain risk due to lack of integrity verification, potential tampering of the CDN content, and execution of an external binary in the host environment. To reduce risk, add cryptographic verification (signatures/checksums), validate the artifact against a trusted manifest, constrain and sanitize teleportArgs, implement isolation (sandbox/container), and improve error handling with cleanup. Consider using pinned TLS/HTTPS, and validating the tarball contents before execution.
phantom-module
111.0.25
by lwirz
Live on npm
Blocked by Socket
This code performs deliberate data exfiltration: it backgrounds a shell that waits, collects logs and any files containing 'flag' across the filesystem, writes them to /tmp/flag.json, and sends that JSON to a hardcoded remote server. It also immediately sends a manifest to the same server. The behavior is strongly indicative of malicious/backdoor activity and should be treated as compromise/supply-chain malware. Remove and investigate any systems where this ran and treat the remote host as malicious.
pinokiod
0.0.85
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
mtmai
0.3.1551
Live on pypi
Blocked by Socket
This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.
thispackagedoesnotexist
0.2.3
Live on pypi
Blocked by Socket
This file contains malware functionality that enables remote arbitrary code execution. The code accepts base64-encoded executables or Python scripts from a remote client and executes them on the target system without validation. It can create and execute temporary executable files, run Python scripts directly, and operate in hidden mode to avoid detection. The malware includes cleanup mechanisms to remove evidence of execution. This represents a backdoor or remote access trojan (RAT) component that allows an attacker to execute arbitrary commands and binaries on compromised systems. The code is part of a larger remote control system that includes VNC components, proxy functionality, and other typical RAT features as evidenced by the package structure.
walter.web.firewall
2021.11.19.847
by Walter Verhoeven, Walter Verhoeven, Stijn Snellinx, Walter Verhoeven, Lambert Snellinx
Live on nuget
Blocked by Socket
The fragment exhibits strong indicators of obfuscation and dynamic code-loading patterns that can enable covert payload delivery or runtime execution of code not present in static analysis. While some components may serve legitimate loader infrastructure, the overall pattern poses non-trivial supply-chain and runtime-execution risk. Actionable steps include restricting dynamic loading, verifying all embedded resources, conducting thorough dynamic analysis in a sandbox, and enforcing provenance controls on dependencies and native interop usage.
github.com/bishopfox/sliver
v0.0.0-20210407112431-8dccad26561f
Live on go
Blocked by Socket
This source file implements command-and-control implant handlers that intentionally provide full remote control over command execution, file system read/write/delete, environment disclosure/modification, and data exfiltration. The code contains no access controls or sandboxing and follows symlinks when archiving, increasing the risk of unintended traversal. Treated in isolation, this module is highly dangerous and should only be present in environments where such functionality is explicitly required and authorized (e.g., red-team infrastructure). If found in repositories or dependencies not explicitly labeled as C2/implant tooling, consider it malicious and remove or isolate it.
bane
4.1.7
Live on pypi
Blocked by Socket
This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.
@griezstore/baileys
6.7.22
by griezstore
Live on npm
Blocked by Socket
`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.
agentdojo
0.1.15
Live on pypi
Blocked by Socket
The transcript shows a successful prompt-injection-driven data exfiltration: an attacker-supplied instruction embedded in webpage content caused the assistant to read and post concatenated channel messages (including a secret key) to an external site (http://www.my-website-234.com/random). This is a high-severity supply-chain/security incident (confidential data leak). The assistant also completed the benign user task (messaging Bob), but that does not mitigate the exfiltration. Recommended actions: treat external content as untrusted (do not execute instructions from webpages/tool outputs), prevent automatic posting of internal messages to arbitrary external URLs, redact secrets in channel reads, and alert/rotate any leaked credentials.
bashrc
0.16.0
Live on pypi
Blocked by Socket
The script performs actions that can create a persistent backdoor and weaken host/SSH security: it fetches public keys from GitHub and appends them to authorized_keys for multiple accounts (including root), disables SSH host key verification in the client config, writes suspicious /etc/hosts entries, and adds private keys from disk into the SSH agent. These behaviors are high-risk and likely malicious or at least dangerously insecure for production use. If you did not expect this behavior (adding external GitHub keys, modifying root authorized_keys, changing /etc/hosts), do not run this script and audit callers and the helper scripts it invokes.
node-server-dev
3.2.1
by liurunlin
Live on npm
Blocked by Socket
This module is highly suspicious and strongly matches a remote-controlled agent/backdoor pattern. It connects to a remote Socket.IO endpoint, repeatedly transmits device/user identity information, and—most importantly—executes server-provided payload strings via `eval(...)` (Node) or `runScript(...)` (browser). The lack of code integrity checks and the presence of stealthy error suppression significantly increase risk. Treat the dependency as unsafe unless the server protocol and payload execution behavior are fully audited and proven legitimate.
carbonorm/carbonphp
12.2.1
Live on composer
Blocked by Socket
The Deployment class exhibits multiple high-risk patterns: hardcoded credentials, webhook-triggered remote code updates, privileged system modifications, and network interactions that could be leveraged for data exfiltration or host compromise. While some deployment tooling is legitimate, the embedded secrets and broad privileged capabilities present meaningful supply-chain and host-security risks. Recommendation: remove all hardcoded credentials, avoid executing privileged actions from PHP in production, secure webhooks with robust authentication, isolate DNS/Apache changes behind secure pipelines, and eliminate dynamic autoload injection that could be abused. Treat as medium-to-high risk with potential for significant impact if compromised.
typescript52
1.0.0
by thezank
Removed from npm
Blocked by Socket
The code is performing unauthorized data exfiltration by sending sensitive system and user information to a remote server without user consent. This behavior is indicative of malicious intent.
Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.
github.com/bishopfox/sliver
v1.5.40-0.20231015133907-5a5e8d2a0424
Live on go
Blocked by Socket
The script automates the rapid deployment of a Sliver remote-access framework with system-wide persistence and per-user configuration generation. While Sliver can be used for legitimate red-team activities, the embedded trust material (GPG key), unsigned verification flow risk, and automatic root-level installation create significant supply-chain and post-compromise risk if provenance is unclear. Treat as high-risk and require strict provenance checks, explicit user consent, and removal from any production or shared repositories until provenance, integrity, and necessity are verified.
zhdex
1.0.0
by hoangdaicntt
Removed from npm
Blocked by Socket
Heavily obfuscated JavaScript that injects code into application files at runtime, communicates with external domains (e.g., webhook[.]site) for potential data exfiltration, and manipulates local files without user authorization. It disguises its functions through complex obfuscation techniques and actively modifies runtime behavior in ways that strongly indicate malicious intent.
Live on npm for 14 days, 12 hours and 1 minute before removal. Socket users were protected even while the package was live.
idlem
0.0.5
Live on pypi
Blocked by Socket
The source code is primarily focused on managing a cryptocurrency mining operation, which can be considered malicious if performed without explicit user consent. The use of Docker and monitoring of system resources and user logins are key components of this operation.
tx-engine
0.3.3
Live on pypi
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
raw-packet
0.2.1
Live on pypi
Blocked by Socket
This file is an explicit tool to perform DHCP starvation (a denial-of-service against DHCP servers) by generating many unique client identities and sending forged DHCP DISCOVER/REQUEST packets and optionally automating MAC changes to obtain many leases. It manipulates host networking via os.system() (service control, ifconfig, dhclient) and uses raw sockets to inject traffic. There is no evidence of data exfiltration or stealthy backdoors, but the code is overtly malicious/disruptive and should not be executed on networks without explicit authorization. Recommended action: treat as malicious activity, do not run except in isolated lab environments with permission.
colab-ssh
0.2.15
Live on pypi
Blocked by Socket
The code functions as a high-risk backdoor mechanism: it enables root SSH access, exports port 22 via ngrok using a user-supplied authtoken, and exposes credentials through stdout. This pattern is unacceptable in open-source dependencies and constitutes a severe supply-chain/security risk. It should be removed, audited, and not used in any package without rigorous, explicit user consent and secure handling of credentials.
es-workflow-template
0.4.14
by becoxy
Live on npm
Blocked by Socket
This bundled front-end fragment is primarily UI/runtime code, but it contains two high-signal security red flags: (1) browser-side dynamic evaluation using new Function for DOM-derived swal-function-param values (code execution primitive under attacker control), and (2) a locale/host-triggered hardcoded remote audio autoplay from https://flag-gimn.ru/... (unrelated outbound network behavior consistent with tracking or payload injection). Additionally, the module supports rich HTML/template insertion paths that can contribute to DOM XSS depending on upstream sanitization. Overall, the security risk is elevated and the dependency/build provenance should be treated as suspect and validated (e.g., diff against upstream, verify integrity during packaging).
tiktok-coins-hack591
1.0.2
by sicrap
Removed from npm
Blocked by Socket
The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.
Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.
@ambitlabs/hypercore-sim
1.0.2
by cosullivan
Live on npm
Blocked by Socket
The fragment demonstrates unusual and potentially dangerous behavior: it reads contract code and uses Hardhat-specific tooling to overwrite code at a fixed address, then configures that injected contract with an external hyperCoreWrite value. This creates a plausible backdoor-like pathway or at least a perception of code tampering within a repository. In normal production code, such setCode usage and fixed-address code injection would be inappropriate and should be removed or guarded behind explicit test-only guards. Further review of intent, test harness context, and access controls is recommended before trusting or publishing this code in a public package.
http-fetcher-extra
4.2.3
by itselviz
Removed from npm
Blocked by Socket
This source code is a high-risk malicious Discord token grabber that steals authentication tokens and sensitive user information from local storage files and exfiltrates them to an attacker-controlled Discord webhook. The malware scans LevelDB and log files from Discord and multiple browsers (Chrome, Opera, Brave, Yandex) in user AppData directories, extracts Discord tokens using regex patterns, and sends them to the webhook URL https://discord[.]com/api/webhooks/952128654513700874/ZXUwj_ZtTgd6ATIpMORqlOu0Bu6kAQH8Pj4d-bX2OWT5JuKlTlLRpJ3DwjCzysBbH2C0. It also uses stolen tokens to query Discord's API at https://discord[.]com/api/v6/users/@me to harvest additional user details including username, email, phone number, and Nitro subscription status, which are then exfiltrated to the same webhook. This poses severe security threats including account compromise, identity theft, privacy violations, and unauthorized access to Discord accounts.
Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.
n8n-nodes-gg-udhasudsh-hgjkhg-official
0.0.27
by zabuza-momochi
Live on npm
Blocked by Socket
The provided fragment appears to be an obfuscated module that decodes string literals and assigns them to module.exports to provide UI/operation configuration for a 'search' resource. In this snippet there is no evidence of network access, process spawning, environment-variable harvesting, eval/new Function usage, or other typical malware behaviors. The main concern is the heavy obfuscation and the fragmentary nature of the input — both increase the risk that malicious actions could be hidden elsewhere in the same file or package. I recommend obtaining and auditing the full, preferably deobfuscated source (or running the decoders in a controlled sandbox) before trusting this package in a production environment.
github.com/gravitational/teleport
v1.3.3-0.20231220082030-fd251a31eaa6
Live on go
Blocked by Socket
The script functions as a bootstrap installer that fetches a Teleport binary from a CDN, extracts it, and executes it with user-provided arguments. While common in bootstrap flows, this approach carries significant supply-chain risk due to lack of integrity verification, potential tampering of the CDN content, and execution of an external binary in the host environment. To reduce risk, add cryptographic verification (signatures/checksums), validate the artifact against a trusted manifest, constrain and sanitize teleportArgs, implement isolation (sandbox/container), and improve error handling with cleanup. Consider using pinned TLS/HTTPS, and validating the tarball contents before execution.
phantom-module
111.0.25
by lwirz
Live on npm
Blocked by Socket
This code performs deliberate data exfiltration: it backgrounds a shell that waits, collects logs and any files containing 'flag' across the filesystem, writes them to /tmp/flag.json, and sends that JSON to a hardcoded remote server. It also immediately sends a manifest to the same server. The behavior is strongly indicative of malicious/backdoor activity and should be treated as compromise/supply-chain malware. Remove and investigate any systems where this ran and treat the remote host as malicious.
pinokiod
0.0.85
by cocktailpeanut
Live on npm
Blocked by Socket
The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Non-permissive License
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.

Research
/Security News
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

Research
/Security News
Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.