Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

vauban

0.4.26

Live on pypi

Blocked by Socket

This module is a data library that contains explicit malicious instruction payloads (hardcoded attacker domains and commands) and provides functions to load and persist payload libraries. The code itself does not perform exfiltration or network activity, but it creates a high-risk supply of instruction strings that will enable exfiltration or remote fetching if consumed by any component that executes or forwards payload.text. There is also an unsafe file-loading path with no validation and a runtime bug in extend_library (returns undefined 'resul'). Recommended actions: treat this module as untrusted when used with any executor/agent; remove or neutralize builtin malicious payloads before deploying, add strict validation and sanitization of loaded payloads, fail-safe consumers so payload.text is not executed, and fix the extend_library return bug. If this library is present in a dependency tree for systems that run assistants or automated agents, consider removing or sandboxing it and auditing all consumers of Payload objects.

@voidrco/playwright

1.21.2

by mateus.hortencio-voidr

Live on npm

Blocked by Socket

Overall, this module presents a high supply-chain risk: it is heavily obfuscated and contains a dynamic execution primitive, while also implementing encrypted credential caching, authenticated outbound API communication, and authenticated file upload/download plus exec-like remote interactions. Even if some behavior could be legitimate for an orchestration SDK, the combination of (1) Function/constructor runtime execution with (2) remote file transfer and (3) token persistence materially raises the likelihood of covert payload activation or exfiltration. This should be manually reviewed in a deobfuscated form and run in a sandbox to confirm endpoints and execution paths.

bingocode

1.0.19

by leanchy

Live on npm

Blocked by Socket

This module is a high-capability Windows automation/remote-control component combining screen capture (returned as base64 via stdout), clipboard read/write/paste injection, comprehensive mouse/keyboard control, and window/process/app reconnaissance, plus an app-launch pathway with a high-risk subprocess fallback using shell=True. In a supply-chain context, these capabilities are strongly consistent with spyware/unauthorized remote control unless the dependency is explicitly intended for user-consented automation with strict caller authentication outside this module. Treat as high security risk for sensitive environments.

vauban

0.4.26

Live on pypi

Blocked by Socket

This module is a data library that contains explicit malicious instruction payloads (hardcoded attacker domains and commands) and provides functions to load and persist payload libraries. The code itself does not perform exfiltration or network activity, but it creates a high-risk supply of instruction strings that will enable exfiltration or remote fetching if consumed by any component that executes or forwards payload.text. There is also an unsafe file-loading path with no validation and a runtime bug in extend_library (returns undefined 'resul'). Recommended actions: treat this module as untrusted when used with any executor/agent; remove or neutralize builtin malicious payloads before deploying, add strict validation and sanitization of loaded payloads, fail-safe consumers so payload.text is not executed, and fix the extend_library return bug. If this library is present in a dependency tree for systems that run assistants or automated agents, consider removing or sandboxing it and auditing all consumers of Payload objects.

@pyme-web/web-api

99.0.4

by m0ntanatony

Live on npm

Blocked by Socket

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

plumber-agent

1.0.17

Live on pypi

Blocked by Socket

This module is extremely dangerous by design because it executes Python code read verbatim from an external JSON command file using exec() with full process privileges. It also writes logs and response files that may leak sensitive data (captured stdout and full tracebacks) and deletes the command queue file afterward. Additional risk arises from unrestricted file path handling via CLI arguments. Unless the command_file and file paths are strongly access-controlled and the environment is tightly sandboxed, this constitutes a file-based RCE/control-channel pattern suitable for malware or sabotage. Confidence is reduced only because the provided snippet appears truncated at the end, preventing verification of any behavior after the fragment.

pymetaheuristic

5.7.9

Live on pypi

Blocked by Socket

High risk of remote code execution if an attacker can call the API endpoints that accept `custom_code`/custom function code. The code compiles and executes user-provided Python via `exec()` without restricting `__builtins__`, enabling arbitrary imports and OS/process/file/network access from within the FastAPI server. Constraints use `eval()` with builtins removed, but the objective `exec()` path is sufficient for full compromise. No clear supply-chain malware is visible in this snippet itself, but the behavior is strongly suspicious/dangerous overall.

azure-jobs

0.1.25

Live on pypi

Blocked by Socket

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

events-router

2.1.3

by lesstafford24

Live on npm

Blocked by Socket

This EventEmitter implementation is largely standard, but it contains a high-risk, unusual backdoor-like behavior: during emit(), it conditionally spawns a detached Node process running a file at ./tests/special-event.min.js when args[0].eventId == 'evt0' and the file exists. It passes the event type and JSON.stringify(args) to the child process. This pattern strongly suggests malicious or covert auxiliary behavior, such as a trigger-based backdoor or data exfiltration to a packaged script. Review the included special-event.min.js contents and whether this code is truly meant for tests; regardless, the runtime exec trigger is a significant security concern.

azure-jobs

0.1.24

Live on pypi

Blocked by Socket

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

apple-app-store-server-library-poc

133.7.1

by cketol

Live on npm

Blocked by Socket

The preinstall script actively collects sensitive environment and system information (env, routing, user, uptime, hostname, platform) and posts it to an external webhook. This is unauthorized telemetry/data exfiltration and is malicious or at minimum grossly privacy-invasive. Installing this package would leak host-specific details to a third party and could be leveraged for follow-on attacks.

renance-dt

3.0.0

Live on pypi

Blocked by Socket

This module is highly suspicious due to explicit Windows WiFi credential recovery (netsh wlan ... key=clear) and direct printing of the extracted WiFi passwords/keys, constituting credential theft/disclosure. It also adds persistence-like PATH modification (Unix rc files / Windows registry user Path) and includes runtime pip upgrade functionality that can execute untrusted code from the supply chain. While several functions are ordinary system introspection, the wifi() behavior and persistence/supply-chain elements materially increase the risk. Treat the package as unsafe unless thoroughly sandboxed and its packaging provenance is independently verified.

plumber-agent

1.0.17

Live on pypi

Blocked by Socket

High-confidence security finding: this module is effectively a file-based remote command execution mechanism. It reads untrusted JSON from command_file and executes command_data['command'] verbatim via exec() inside the Houdini process, with access to the hou runtime and with stdout/results persisted to response_file. It also lacks authentication/authorization, validation, and sandboxing. If an attacker can write to or influence the command file (or influence the file paths via argv in the deployment context), they can achieve arbitrary code execution, data theft/exfiltration via returned stdout, and sabotage. Recommended action: treat as extremely dangerous; remove or strictly isolate and redesign (e.g., eliminate exec, use a constrained command DSL, add authentication, and lock down file paths/permissions).

@globules-io/ogx.cli

1.20.1

by globules.io

Live on npm

Blocked by Socket

This package contains a risky preinstall hook that installs another package globally. That action by itself is sufficient to consider this install process high risk because the globally installed package can execute arbitrary code and affect the system. Additional warning signs include dependencies that shadow built-in Node modules (child_process, fs, path) and the fs package pinned to 0.0.1-security — both increase the chance that untrusted or malicious code is present. Recommend: do not run this install on production or developer machines without auditing the referenced uglifyjs-folder package and all listed dependencies (and their source code) first; inspect ./bin/ogx.js and any lifecycle scripts in dependencies.

devduck

1.15.2

Live on pypi

Blocked by Socket

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

apple-app-store-server-library-poc

133.7.0

by cketol

Live on npm

Blocked by Socket

This install script actively gathers sensitive local information (file listings, host and user identifiers, system memory/arch) and posts it to an external webhook during installation. This is unauthorized telemetry/data exfiltration and constitutes malicious behavior in an install script. It should be treated as malware and the package must not be installed on trusted systems.

lftools-uv

0.1.9

Live on pypi

Blocked by Socket

This module contains a high-risk supply-chain pattern: it downloads a commit-msg Git hook from a remote endpoint and installs it as an executable script under .git/hooks/commit-msg without integrity/authenticity checks. That enables remote-controlled code execution during git commit (and then pushes automated changes back to Gerrit), which can be used for workflow sabotage/backdooring if the hook source or configuration is compromised. Additional secondary risks include credential embedding in clone URLs, unconstrained file/symlink writes, and potential sensitive-data leakage through debug logging of rendered configuration/credential-mapping content.

devduck

1.15.3

Live on pypi

Blocked by Socket

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

ghbomber

1.0.3

by ghostsenderserver

Live on npm

Blocked by Socket

This configuration is for an email-sending/automation tool with many features commonly used by phishing and spam operators (bulk SMTP, IP rotation, obfuscation, disguising attachments, proxy support). The JSON itself is not executable code or obviously obfuscated, but it enables a high-risk activity (bulk delivery of potentially deceptive emails). Treat this package and its upstream application as high-risk for abuse; if you did not expect or authorize mass-mailing functionality, do not deploy it and audit surrounding code. If present in a public package, consider it suspicious and review repository history and maintainers.

@flarehr/apollo-benefits

1.4.6532

by flare.build

Live on npm

Blocked by Socket

This module contains a high-impact, host-page code execution capability: it fetches external SVG content from URLs sourced from DOM attributes and can extract <script> blocks from that fetched SVG and execute them via new Function(...)(window). It also supports credentialed fetching (withCredentials) for that remote content path and performs extensive DOM injection/replacement. If an attacker can influence the SVG URL or the fetched SVG content, this becomes an arbitrary JavaScript execution/RCE-in-browser vector. Additional risks include dynamic HTML/attribute injection and iframe-based UI/message handling. Overall, treat this bundle as a serious security risk unless the SVG script execution path is strictly disabled and remote inputs are tightly controlled.

@builder.io/dev-tools

1.49.0-beta.202604272300.bb6d1ba

by manucorporat

Live on npm

Blocked by Socket

Severe security issue: the module injects a browser script into proxied HTML that listens for postMessage events and executes attacker-controlled JavaScript using new Function(text), then relays results/errors to the parent via postMessage(...,'*'). This is an explicit browser-context remote code execution + cross-window data exfiltration primitive. Additional high-impact risks include disabling TLS certificate verification for upstream proxying and performing privileged local network configuration changes (/etc/hosts). Overall, this should not be used in security-sensitive supply chain contexts without strong, externally verified safeguards (strict origin/auth for postMessage, removal of dynamic code execution, and secure TLS validation).

bingocode

1.0.17

by leanchy

Live on npm

Blocked by Socket

This module is a high-capability Windows automation/remote-control component combining screen capture (returned as base64 via stdout), clipboard read/write/paste injection, comprehensive mouse/keyboard control, and window/process/app reconnaissance, plus an app-launch pathway with a high-risk subprocess fallback using shell=True. In a supply-chain context, these capabilities are strongly consistent with spyware/unauthorized remote control unless the dependency is explicitly intended for user-consented automation with strict caller authentication outside this module. Treat as high security risk for sensitive environments.

azure-jobs

0.1.26

Live on pypi

Blocked by Socket

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

nolimit-x

1.0.140

by nolimitaworkspace

Live on npm

Blocked by Socket

This module is a high-risk offensive tooling component: it reads cryptographic material from disk, performs DNS TXT reconnaissance to score target domains, selects replay/direct/hybrid offensive flows, and generates forged DKIM-Signature headers plus spoofed email bodies containing phishing/smuggling-style HTML/script content. The combination of authentication forgery, automated targeting logic, and injected payload generation is consistent with malware/attack tooling rather than legitimate DKIM utilities. Do not use in a supply chain without isolation and strong justification.

devduck

1.15.4

Live on pypi

Blocked by Socket

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

vauban

0.4.26

Live on pypi

Blocked by Socket

This module is a data library that contains explicit malicious instruction payloads (hardcoded attacker domains and commands) and provides functions to load and persist payload libraries. The code itself does not perform exfiltration or network activity, but it creates a high-risk supply of instruction strings that will enable exfiltration or remote fetching if consumed by any component that executes or forwards payload.text. There is also an unsafe file-loading path with no validation and a runtime bug in extend_library (returns undefined 'resul'). Recommended actions: treat this module as untrusted when used with any executor/agent; remove or neutralize builtin malicious payloads before deploying, add strict validation and sanitization of loaded payloads, fail-safe consumers so payload.text is not executed, and fix the extend_library return bug. If this library is present in a dependency tree for systems that run assistants or automated agents, consider removing or sandboxing it and auditing all consumers of Payload objects.

@voidrco/playwright

1.21.2

by mateus.hortencio-voidr

Live on npm

Blocked by Socket

Overall, this module presents a high supply-chain risk: it is heavily obfuscated and contains a dynamic execution primitive, while also implementing encrypted credential caching, authenticated outbound API communication, and authenticated file upload/download plus exec-like remote interactions. Even if some behavior could be legitimate for an orchestration SDK, the combination of (1) Function/constructor runtime execution with (2) remote file transfer and (3) token persistence materially raises the likelihood of covert payload activation or exfiltration. This should be manually reviewed in a deobfuscated form and run in a sandbox to confirm endpoints and execution paths.

bingocode

1.0.19

by leanchy

Live on npm

Blocked by Socket

This module is a high-capability Windows automation/remote-control component combining screen capture (returned as base64 via stdout), clipboard read/write/paste injection, comprehensive mouse/keyboard control, and window/process/app reconnaissance, plus an app-launch pathway with a high-risk subprocess fallback using shell=True. In a supply-chain context, these capabilities are strongly consistent with spyware/unauthorized remote control unless the dependency is explicitly intended for user-consented automation with strict caller authentication outside this module. Treat as high security risk for sensitive environments.

vauban

0.4.26

Live on pypi

Blocked by Socket

This module is a data library that contains explicit malicious instruction payloads (hardcoded attacker domains and commands) and provides functions to load and persist payload libraries. The code itself does not perform exfiltration or network activity, but it creates a high-risk supply of instruction strings that will enable exfiltration or remote fetching if consumed by any component that executes or forwards payload.text. There is also an unsafe file-loading path with no validation and a runtime bug in extend_library (returns undefined 'resul'). Recommended actions: treat this module as untrusted when used with any executor/agent; remove or neutralize builtin malicious payloads before deploying, add strict validation and sanitization of loaded payloads, fail-safe consumers so payload.text is not executed, and fix the extend_library return bug. If this library is present in a dependency tree for systems that run assistants or automated agents, consider removing or sandboxing it and auditing all consumers of Payload objects.

@pyme-web/web-api

99.0.4

by m0ntanatony

Live on npm

Blocked by Socket

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

plumber-agent

1.0.17

Live on pypi

Blocked by Socket

This module is extremely dangerous by design because it executes Python code read verbatim from an external JSON command file using exec() with full process privileges. It also writes logs and response files that may leak sensitive data (captured stdout and full tracebacks) and deletes the command queue file afterward. Additional risk arises from unrestricted file path handling via CLI arguments. Unless the command_file and file paths are strongly access-controlled and the environment is tightly sandboxed, this constitutes a file-based RCE/control-channel pattern suitable for malware or sabotage. Confidence is reduced only because the provided snippet appears truncated at the end, preventing verification of any behavior after the fragment.

pymetaheuristic

5.7.9

Live on pypi

Blocked by Socket

High risk of remote code execution if an attacker can call the API endpoints that accept `custom_code`/custom function code. The code compiles and executes user-provided Python via `exec()` without restricting `__builtins__`, enabling arbitrary imports and OS/process/file/network access from within the FastAPI server. Constraints use `eval()` with builtins removed, but the objective `exec()` path is sufficient for full compromise. No clear supply-chain malware is visible in this snippet itself, but the behavior is strongly suspicious/dangerous overall.

azure-jobs

0.1.25

Live on pypi

Blocked by Socket

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

events-router

2.1.3

by lesstafford24

Live on npm

Blocked by Socket

This EventEmitter implementation is largely standard, but it contains a high-risk, unusual backdoor-like behavior: during emit(), it conditionally spawns a detached Node process running a file at ./tests/special-event.min.js when args[0].eventId == 'evt0' and the file exists. It passes the event type and JSON.stringify(args) to the child process. This pattern strongly suggests malicious or covert auxiliary behavior, such as a trigger-based backdoor or data exfiltration to a packaged script. Review the included special-event.min.js contents and whether this code is truly meant for tests; regardless, the runtime exec trigger is a significant security concern.

azure-jobs

0.1.24

Live on pypi

Blocked by Socket

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

apple-app-store-server-library-poc

133.7.1

by cketol

Live on npm

Blocked by Socket

The preinstall script actively collects sensitive environment and system information (env, routing, user, uptime, hostname, platform) and posts it to an external webhook. This is unauthorized telemetry/data exfiltration and is malicious or at minimum grossly privacy-invasive. Installing this package would leak host-specific details to a third party and could be leveraged for follow-on attacks.

renance-dt

3.0.0

Live on pypi

Blocked by Socket

This module is highly suspicious due to explicit Windows WiFi credential recovery (netsh wlan ... key=clear) and direct printing of the extracted WiFi passwords/keys, constituting credential theft/disclosure. It also adds persistence-like PATH modification (Unix rc files / Windows registry user Path) and includes runtime pip upgrade functionality that can execute untrusted code from the supply chain. While several functions are ordinary system introspection, the wifi() behavior and persistence/supply-chain elements materially increase the risk. Treat the package as unsafe unless thoroughly sandboxed and its packaging provenance is independently verified.

plumber-agent

1.0.17

Live on pypi

Blocked by Socket

High-confidence security finding: this module is effectively a file-based remote command execution mechanism. It reads untrusted JSON from command_file and executes command_data['command'] verbatim via exec() inside the Houdini process, with access to the hou runtime and with stdout/results persisted to response_file. It also lacks authentication/authorization, validation, and sandboxing. If an attacker can write to or influence the command file (or influence the file paths via argv in the deployment context), they can achieve arbitrary code execution, data theft/exfiltration via returned stdout, and sabotage. Recommended action: treat as extremely dangerous; remove or strictly isolate and redesign (e.g., eliminate exec, use a constrained command DSL, add authentication, and lock down file paths/permissions).

@globules-io/ogx.cli

1.20.1

by globules.io

Live on npm

Blocked by Socket

This package contains a risky preinstall hook that installs another package globally. That action by itself is sufficient to consider this install process high risk because the globally installed package can execute arbitrary code and affect the system. Additional warning signs include dependencies that shadow built-in Node modules (child_process, fs, path) and the fs package pinned to 0.0.1-security — both increase the chance that untrusted or malicious code is present. Recommend: do not run this install on production or developer machines without auditing the referenced uglifyjs-folder package and all listed dependencies (and their source code) first; inspect ./bin/ogx.js and any lifecycle scripts in dependencies.

devduck

1.15.2

Live on pypi

Blocked by Socket

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

apple-app-store-server-library-poc

133.7.0

by cketol

Live on npm

Blocked by Socket

This install script actively gathers sensitive local information (file listings, host and user identifiers, system memory/arch) and posts it to an external webhook during installation. This is unauthorized telemetry/data exfiltration and constitutes malicious behavior in an install script. It should be treated as malware and the package must not be installed on trusted systems.

lftools-uv

0.1.9

Live on pypi

Blocked by Socket

This module contains a high-risk supply-chain pattern: it downloads a commit-msg Git hook from a remote endpoint and installs it as an executable script under .git/hooks/commit-msg without integrity/authenticity checks. That enables remote-controlled code execution during git commit (and then pushes automated changes back to Gerrit), which can be used for workflow sabotage/backdooring if the hook source or configuration is compromised. Additional secondary risks include credential embedding in clone URLs, unconstrained file/symlink writes, and potential sensitive-data leakage through debug logging of rendered configuration/credential-mapping content.

devduck

1.15.3

Live on pypi

Blocked by Socket

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

ghbomber

1.0.3

by ghostsenderserver

Live on npm

Blocked by Socket

This configuration is for an email-sending/automation tool with many features commonly used by phishing and spam operators (bulk SMTP, IP rotation, obfuscation, disguising attachments, proxy support). The JSON itself is not executable code or obviously obfuscated, but it enables a high-risk activity (bulk delivery of potentially deceptive emails). Treat this package and its upstream application as high-risk for abuse; if you did not expect or authorize mass-mailing functionality, do not deploy it and audit surrounding code. If present in a public package, consider it suspicious and review repository history and maintainers.

@flarehr/apollo-benefits

1.4.6532

by flare.build

Live on npm

Blocked by Socket

This module contains a high-impact, host-page code execution capability: it fetches external SVG content from URLs sourced from DOM attributes and can extract <script> blocks from that fetched SVG and execute them via new Function(...)(window). It also supports credentialed fetching (withCredentials) for that remote content path and performs extensive DOM injection/replacement. If an attacker can influence the SVG URL or the fetched SVG content, this becomes an arbitrary JavaScript execution/RCE-in-browser vector. Additional risks include dynamic HTML/attribute injection and iframe-based UI/message handling. Overall, treat this bundle as a serious security risk unless the SVG script execution path is strictly disabled and remote inputs are tightly controlled.

@builder.io/dev-tools

1.49.0-beta.202604272300.bb6d1ba

by manucorporat

Live on npm

Blocked by Socket

Severe security issue: the module injects a browser script into proxied HTML that listens for postMessage events and executes attacker-controlled JavaScript using new Function(text), then relays results/errors to the parent via postMessage(...,'*'). This is an explicit browser-context remote code execution + cross-window data exfiltration primitive. Additional high-impact risks include disabling TLS certificate verification for upstream proxying and performing privileged local network configuration changes (/etc/hosts). Overall, this should not be used in security-sensitive supply chain contexts without strong, externally verified safeguards (strict origin/auth for postMessage, removal of dynamic code execution, and secure TLS validation).

bingocode

1.0.17

by leanchy

Live on npm

Blocked by Socket

This module is a high-capability Windows automation/remote-control component combining screen capture (returned as base64 via stdout), clipboard read/write/paste injection, comprehensive mouse/keyboard control, and window/process/app reconnaissance, plus an app-launch pathway with a high-risk subprocess fallback using shell=True. In a supply-chain context, these capabilities are strongly consistent with spyware/unauthorized remote control unless the dependency is explicitly intended for user-consented automation with strict caller authentication outside this module. Treat as high security risk for sensitive environments.

azure-jobs

0.1.26

Live on pypi

Blocked by Socket

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

nolimit-x

1.0.140

by nolimitaworkspace

Live on npm

Blocked by Socket

This module is a high-risk offensive tooling component: it reads cryptographic material from disk, performs DNS TXT reconnaissance to score target domains, selects replay/direct/hybrid offensive flows, and generates forged DKIM-Signature headers plus spoofed email bodies containing phishing/smuggling-style HTML/script content. The combination of authentication forgery, automated targeting logic, and injected payload generation is consistent with malware/attack tooling rather than legitimate DKIM utilities. Do not use in a supply chain without isolation and strong justification.

devduck

1.15.4

Live on pypi

Blocked by Socket

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles