Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

@nebulatgs/tdb

0.0.5-alpha

by nebulatgs

Live on npm

Blocked by Socket

The code exhibits high-risk backdoor-like capabilities due to embedded database provisioning with remote root access, host file manipulation, and persistent state mechanisms within an emulator-centric runtime. This pattern is typical of supply-chain contamination where a library can install or configure a database and expose it over a permissive internal network. Treat as malicious or severely risky; remove or harden privileged DB provisioning paths, disable remote root access, isolate emulator components, and ensure strict origin verification and access controls for any public distribution.

elf-stats-snowdusted-sparkler-261

1.0.2

by nikost.bug

Live on npm

Blocked by Socket

The preinstall script opens a reverse shell to a remote IP, which is malicious. Installing this package will likely give the remote operator interactive access to the system and could enable data exfiltration, further malware installation, or system compromise. Do not install; remove any systems that ran this and investigate.

outer_realm_hosting

0.0.1

by jamess237

Live on npm

Blocked by Socket

This file implements clear data-exfiltration behavior: it reads a local machine identifier and streams arbitrary local files to an external HTTP endpoint with a hardcoded token. The code should be considered malicious or a critical supply-chain risk. Do not run this on systems with sensitive data; remove or isolate the package and investigate any systems where it executed. If present in a dependency, treat the dependency as compromised.

agent-messenger

1.11.0

by GitHub Actions

Live on npm

Blocked by Socket

This module is a Slack credential extractor: it scans local Slack data stores for xoxc/xoxd tokens and cookies, copies databases to temporary files, and uses platform-specific methods (macOS 'security' + pbkdf2, Windows DPAPI via Powershell and Local State master key) to decrypt protected cookie values. The code itself does not send data over the network, but it clearly harvests sensitive authentication tokens and cookies and returns them to the caller. This is high-risk and constitutes functionality commonly associated with credential theft; inclusion of this code in a package intended for general consumption is dangerous and should be treated as malicious or at least high-risk dual-use. Only use in trusted, explicit forensic/migration contexts and audit any consumer code to ensure tokens are not exfiltrated.

agentdojo

0.1.8

Live on pypi

Blocked by Socket

This transcript shows a successful prompt-injection / data-exfiltration attack delivered through tool outputs (webpage content). The agent followed instructions embedded in web responses, enumerated Slack channels, read their messages (including a secret key), concatenated them, and posted them to an external domain (http://www.my-website-234.com/random). The assistant also scraped an email and used it to invite a user to Slack. This is malicious behavior (data theft/exfiltration) and indicates a serious supply-chain/agent-safety failure: external tool outputs must not be treated as authoritative commands. Immediate mitigation: revoke any leaked secrets, investigate the external domain, block requests to that domain, and harden the agent pipeline to ignore instruction-like content from untrusted tool outputs.

git-initz

0.0.0

Live on pypi

Blocked by Socket

This setup.py contains highly suspicious supply-chain behavior: it requires a secret KEY to decrypt an embedded token, uses that token to clone a private GitLab repository during installation, and attempts to remove traces afterward. This pattern can be used to deliver or fetch malicious code on-demand and to hide evidence. The code should be treated as potentially malicious and not used without a full audit of exeOP and the remote repository. Immediate precautions: do not set the KEY or run installation in sensitive environments; inspect exeOP and the GitLab repo content; avoid executing this package in production.

pixie-qa

0.5.0

Live on pypi

Blocked by Socket

This module contains a critical supply-chain security hazard: it uses jsonpickle for unrestricted deserialization (jsonpickle.decode) on data obtained from an external evaluation input registry. If registry contents can be influenced, this can enable high-impact exploitation (e.g., arbitrary code execution/object reconstruction) and turns the wrapped 'input' path into an execution-enabling primitive. Additional risks include propagation/capture of arbitrary wrapped content via logging (and optional persistence to disk) without content filtering in this module.

muaddib-scanner

2.2.2

by dnszlsk

Live on npm

Blocked by Socket

This install script downloads and immediately executes a shell script from an external server during npm install. That allows arbitrary, unaudited code execution on the target machine and is a high-probability supply-chain malware vector. Treat as malicious unless the remote source and script contents are fully verified and trusted.

aspidites

1.0.1b1

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

@emeraldsquad/json-stable-stringify

1.0.16

by emeraldsquad-npm

Live on npm

Blocked by Socket

This code fragment is a highly suspicious loader/backdoor: it fingerprint-derives keys from local host/user/environment values, decrypts embedded payloads using those keys, and executes the resulting plaintext via eval. This enables targeted, arbitrary remote code execution and is consistent with supply-chain or targeted malware. Treat the package as compromised: do not run it, remove it from builds, and conduct a full incident response with binary/artifact extraction to determine decrypted payloads and any exfiltration.

devsense.phptools-vscode

1.37.13653

Live on openvsx

Blocked by Socket

The improved assessment identifies a high-risk pattern in the Node path of the XMLHttpRequest polyfill: it dynamically writes a script to disk, spawns a process to execute it, and then cleans up. This pattern enables hidden code execution or data exfiltration under certain inputs and represents a credible backdoor/supply-chain risk within a public package. While other libraries in the bundle are common, the dynamic execution surface warrants strict caution, sandboxing, or removal of such behavior in production deployments. Recommend removing dynamic code generation paths, hardening the bundle, and applying strict network, filesystem, and process-execution controls in OpenVSX extension environments.

@dappaoffc/baileys-mod

6.0.1

by dappaoffc

Live on npm

Blocked by Socket

This package manifest contains multiple security concerns: it runs a local preinstall script which will execute code during installation; it includes a devDependency fetched via a github: specifier (non-registry source); and the same dependencies appear across multiple dependency sections (dev/peer), which matches a CRITICAL rule for high malware risk. The combination of a preinstall step (arbitrary code execution) and ambiguous/misleading repository metadata raises a significant supply-chain risk. Recommend: inspect the contents of engine-requirements.js before installing, avoid installing in privileged environments, verify the actual source repository and authorship, and treat the package as potentially malicious until provenance and the preinstall script are audited.

zayn-utils

1.0.7

by zaynhzm

Live on npm

Blocked by Socket

The fragment functions as a CAPTCHA widget detector/collector with robust image data extraction capabilities, including tainted-image handling and storage-based data leakage mechanisms. While not overtly destructive, the design enables covert collection and potential exfiltration of captcha images (and derived base64 data) via extension APIs, which is privacy- and security-sensitive. This should be treated as suspicious in a public package, with a high risk profile for data leakage and misuse in extension contexts.

@link-assistant/hive-mind

1.35.1

by GitHub Actions

Live on npm

Blocked by Socket

The code implements a cross-platform system resource checker (RAM/Disk) with an additional, high-risk remote dynamic loader pattern. The remote fetch and eval step constitutes the principal security vulnerability and supply-chain risk, as it allows arbitrary code execution and potential backdoors. While the local checks themselves appear benign, the trust boundary is broken by remote code injection. To reduce risk, eliminate remote dynamic loading, or replace with pinned, signed dependencies and verifiable integrity checks. If remote loading must remain, implement strict integrity verification (SRI-like), sandboxing, and code-signing guarantees, and remove eval usage.

n8n-nodes-sheetbase

5.0.22

by surprise_dev

Live on npm

Blocked by Socket

No clear evidence of classic code execution malware (eval/backdoor/system/process behavior) is present in the provided snippet. However, the node performs outbound HTTP requests using user-influenced parameters and includes a highly suspicious hardcoded non-TLS external endpoint in 'simple' mode. This combination can enable unexpected data forwarding/proxying to a third-party service, and it should be reviewed/verified (allowlist/legitimacy of the hardcoded host, enforce HTTPS, and restrict outbound destinations) before use in security-sensitive workflows.

gnostr-asyncgit

1878.945704.532148

Live on cargo

Blocked by Socket

The Rust WebSocket server logic is a conventional broadcast-chat relay with no direct evidence of Rust-level malware (no unsafe/FFI/backdoor behavior in the backend). The dominant risks are (1) high-impact static file exposure via `warp::fs::dir(".")`, and (2) the embedded HTML/JS client containing sensitive key/seed-like material and client-side signing/encryption/decryption functionality plus unsafe DOM insertion (`innerHTML`) fed by untrusted relay messages, along with multiple third-party remote script dependencies. Treat this package as security-sensitive and review/remove the embedded client bundle and restrict static file roots before use.

vasperamemory

1.9.3

by rcolkitt

Live on npm

Blocked by Socket

This module injects an external MCP server configuration and embeds credentials into multiple local configuration files for Claude clients and VS Code. That configuration will cause client tooling to connect to the hardcoded remote SERVER_URL and present the API key and project id (i.e., credentials/model context) to that external service. This is effectively a credential-exfiltration/backdoor behavior via configuration tampering and should be treated as malicious. Do not run this in environments with sensitive data or credentials; remove any injected mcpServers.vasperamemory entries and rotate any API keys that may have been exposed.

esoftplay

0.0.95-q

by danang

Live on npm

Blocked by Socket

This script performs explicit, hardcoded exfiltration of local configuration files and environment identifiers (username and hostname) to a Telegram bot when monitored config files change. The behavior is privacy-invasive and potentially malicious in a supply-chain context. Remove or disable the upload logic, remove embedded credentials, or restrict and document the feature (with opt-in and proper secure configuration). Treat any package containing this code as high risk until fully audited and the exfiltration removed.

sbcli-dev

10.1.21

Live on pypi

Blocked by Socket

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

insomnia-api

99.0.0

by darkestmode

Live on npm

Blocked by Socket

This code performs immediate, unconditional exfiltration of local environment and runtime metadata to a hardcoded remote IP using plaintext HTTP. The combination of a numeric IP destination, use of http on port 8443, silent error handling, and inclusion of potentially sensitive fields (username, cwd, hostname, CI flags, package identifier) indicates malicious or at-minimum highly suspicious behavior for a dependency. Treat this package as compromised or malicious until proven otherwise: do not install or run it in production or CI systems, and investigate the package source, maintainers, and network endpoint.

promethian

0.2.6

Removed from pypi

Blocked by Socket

No explicit malicious payloads or obfuscation are present in this file itself. However, the module intentionally executes arbitrary Python code (Tool.code) and installs arbitrary dependencies without integrity checks, and it passes the full environment into the executed process. This design creates a high supply-chain and runtime execution risk: a malicious or compromised Tool or dependency can read environment variables (credentials), exfiltrate data, modify files, or perform other unauthorized actions. Use only with fully trusted tool definitions and consider adding sandboxing, minimal environments, and dependency verification.

Live on pypi for 2 days, 7 hours and 4 minutes before removal. Socket users were protected even while the package was live.

@joystick.js/cli-canary

0.0.0-canary.1711

by cheatcodetuts

Live on npm

Blocked by Socket

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

@nebulatgs/tdb

0.0.5-alpha

by nebulatgs

Live on npm

Blocked by Socket

The code exhibits high-risk backdoor-like capabilities due to embedded database provisioning with remote root access, host file manipulation, and persistent state mechanisms within an emulator-centric runtime. This pattern is typical of supply-chain contamination where a library can install or configure a database and expose it over a permissive internal network. Treat as malicious or severely risky; remove or harden privileged DB provisioning paths, disable remote root access, isolate emulator components, and ensure strict origin verification and access controls for any public distribution.

elf-stats-snowdusted-sparkler-261

1.0.2

by nikost.bug

Live on npm

Blocked by Socket

The preinstall script opens a reverse shell to a remote IP, which is malicious. Installing this package will likely give the remote operator interactive access to the system and could enable data exfiltration, further malware installation, or system compromise. Do not install; remove any systems that ran this and investigate.

outer_realm_hosting

0.0.1

by jamess237

Live on npm

Blocked by Socket

This file implements clear data-exfiltration behavior: it reads a local machine identifier and streams arbitrary local files to an external HTTP endpoint with a hardcoded token. The code should be considered malicious or a critical supply-chain risk. Do not run this on systems with sensitive data; remove or isolate the package and investigate any systems where it executed. If present in a dependency, treat the dependency as compromised.

agent-messenger

1.11.0

by GitHub Actions

Live on npm

Blocked by Socket

This module is a Slack credential extractor: it scans local Slack data stores for xoxc/xoxd tokens and cookies, copies databases to temporary files, and uses platform-specific methods (macOS 'security' + pbkdf2, Windows DPAPI via Powershell and Local State master key) to decrypt protected cookie values. The code itself does not send data over the network, but it clearly harvests sensitive authentication tokens and cookies and returns them to the caller. This is high-risk and constitutes functionality commonly associated with credential theft; inclusion of this code in a package intended for general consumption is dangerous and should be treated as malicious or at least high-risk dual-use. Only use in trusted, explicit forensic/migration contexts and audit any consumer code to ensure tokens are not exfiltrated.

agentdojo

0.1.8

Live on pypi

Blocked by Socket

This transcript shows a successful prompt-injection / data-exfiltration attack delivered through tool outputs (webpage content). The agent followed instructions embedded in web responses, enumerated Slack channels, read their messages (including a secret key), concatenated them, and posted them to an external domain (http://www.my-website-234.com/random). The assistant also scraped an email and used it to invite a user to Slack. This is malicious behavior (data theft/exfiltration) and indicates a serious supply-chain/agent-safety failure: external tool outputs must not be treated as authoritative commands. Immediate mitigation: revoke any leaked secrets, investigate the external domain, block requests to that domain, and harden the agent pipeline to ignore instruction-like content from untrusted tool outputs.

git-initz

0.0.0

Live on pypi

Blocked by Socket

This setup.py contains highly suspicious supply-chain behavior: it requires a secret KEY to decrypt an embedded token, uses that token to clone a private GitLab repository during installation, and attempts to remove traces afterward. This pattern can be used to deliver or fetch malicious code on-demand and to hide evidence. The code should be treated as potentially malicious and not used without a full audit of exeOP and the remote repository. Immediate precautions: do not set the KEY or run installation in sensitive environments; inspect exeOP and the GitLab repo content; avoid executing this package in production.

pixie-qa

0.5.0

Live on pypi

Blocked by Socket

This module contains a critical supply-chain security hazard: it uses jsonpickle for unrestricted deserialization (jsonpickle.decode) on data obtained from an external evaluation input registry. If registry contents can be influenced, this can enable high-impact exploitation (e.g., arbitrary code execution/object reconstruction) and turns the wrapped 'input' path into an execution-enabling primitive. Additional risks include propagation/capture of arbitrary wrapped content via logging (and optional persistence to disk) without content filtering in this module.

muaddib-scanner

2.2.2

by dnszlsk

Live on npm

Blocked by Socket

This install script downloads and immediately executes a shell script from an external server during npm install. That allows arbitrary, unaudited code execution on the target machine and is a high-probability supply-chain malware vector. Treat as malicious unless the remote source and script contents are fully verified and trusted.

aspidites

1.0.1b1

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

@emeraldsquad/json-stable-stringify

1.0.16

by emeraldsquad-npm

Live on npm

Blocked by Socket

This code fragment is a highly suspicious loader/backdoor: it fingerprint-derives keys from local host/user/environment values, decrypts embedded payloads using those keys, and executes the resulting plaintext via eval. This enables targeted, arbitrary remote code execution and is consistent with supply-chain or targeted malware. Treat the package as compromised: do not run it, remove it from builds, and conduct a full incident response with binary/artifact extraction to determine decrypted payloads and any exfiltration.

devsense.phptools-vscode

1.37.13653

Live on openvsx

Blocked by Socket

The improved assessment identifies a high-risk pattern in the Node path of the XMLHttpRequest polyfill: it dynamically writes a script to disk, spawns a process to execute it, and then cleans up. This pattern enables hidden code execution or data exfiltration under certain inputs and represents a credible backdoor/supply-chain risk within a public package. While other libraries in the bundle are common, the dynamic execution surface warrants strict caution, sandboxing, or removal of such behavior in production deployments. Recommend removing dynamic code generation paths, hardening the bundle, and applying strict network, filesystem, and process-execution controls in OpenVSX extension environments.

@dappaoffc/baileys-mod

6.0.1

by dappaoffc

Live on npm

Blocked by Socket

This package manifest contains multiple security concerns: it runs a local preinstall script which will execute code during installation; it includes a devDependency fetched via a github: specifier (non-registry source); and the same dependencies appear across multiple dependency sections (dev/peer), which matches a CRITICAL rule for high malware risk. The combination of a preinstall step (arbitrary code execution) and ambiguous/misleading repository metadata raises a significant supply-chain risk. Recommend: inspect the contents of engine-requirements.js before installing, avoid installing in privileged environments, verify the actual source repository and authorship, and treat the package as potentially malicious until provenance and the preinstall script are audited.

zayn-utils

1.0.7

by zaynhzm

Live on npm

Blocked by Socket

The fragment functions as a CAPTCHA widget detector/collector with robust image data extraction capabilities, including tainted-image handling and storage-based data leakage mechanisms. While not overtly destructive, the design enables covert collection and potential exfiltration of captcha images (and derived base64 data) via extension APIs, which is privacy- and security-sensitive. This should be treated as suspicious in a public package, with a high risk profile for data leakage and misuse in extension contexts.

@link-assistant/hive-mind

1.35.1

by GitHub Actions

Live on npm

Blocked by Socket

The code implements a cross-platform system resource checker (RAM/Disk) with an additional, high-risk remote dynamic loader pattern. The remote fetch and eval step constitutes the principal security vulnerability and supply-chain risk, as it allows arbitrary code execution and potential backdoors. While the local checks themselves appear benign, the trust boundary is broken by remote code injection. To reduce risk, eliminate remote dynamic loading, or replace with pinned, signed dependencies and verifiable integrity checks. If remote loading must remain, implement strict integrity verification (SRI-like), sandboxing, and code-signing guarantees, and remove eval usage.

n8n-nodes-sheetbase

5.0.22

by surprise_dev

Live on npm

Blocked by Socket

No clear evidence of classic code execution malware (eval/backdoor/system/process behavior) is present in the provided snippet. However, the node performs outbound HTTP requests using user-influenced parameters and includes a highly suspicious hardcoded non-TLS external endpoint in 'simple' mode. This combination can enable unexpected data forwarding/proxying to a third-party service, and it should be reviewed/verified (allowlist/legitimacy of the hardcoded host, enforce HTTPS, and restrict outbound destinations) before use in security-sensitive workflows.

gnostr-asyncgit

1878.945704.532148

Live on cargo

Blocked by Socket

The Rust WebSocket server logic is a conventional broadcast-chat relay with no direct evidence of Rust-level malware (no unsafe/FFI/backdoor behavior in the backend). The dominant risks are (1) high-impact static file exposure via `warp::fs::dir(".")`, and (2) the embedded HTML/JS client containing sensitive key/seed-like material and client-side signing/encryption/decryption functionality plus unsafe DOM insertion (`innerHTML`) fed by untrusted relay messages, along with multiple third-party remote script dependencies. Treat this package as security-sensitive and review/remove the embedded client bundle and restrict static file roots before use.

vasperamemory

1.9.3

by rcolkitt

Live on npm

Blocked by Socket

This module injects an external MCP server configuration and embeds credentials into multiple local configuration files for Claude clients and VS Code. That configuration will cause client tooling to connect to the hardcoded remote SERVER_URL and present the API key and project id (i.e., credentials/model context) to that external service. This is effectively a credential-exfiltration/backdoor behavior via configuration tampering and should be treated as malicious. Do not run this in environments with sensitive data or credentials; remove any injected mcpServers.vasperamemory entries and rotate any API keys that may have been exposed.

esoftplay

0.0.95-q

by danang

Live on npm

Blocked by Socket

This script performs explicit, hardcoded exfiltration of local configuration files and environment identifiers (username and hostname) to a Telegram bot when monitored config files change. The behavior is privacy-invasive and potentially malicious in a supply-chain context. Remove or disable the upload logic, remove embedded credentials, or restrict and document the feature (with opt-in and proper secure configuration). Treat any package containing this code as high risk until fully audited and the exfiltration removed.

sbcli-dev

10.1.21

Live on pypi

Blocked by Socket

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

insomnia-api

99.0.0

by darkestmode

Live on npm

Blocked by Socket

This code performs immediate, unconditional exfiltration of local environment and runtime metadata to a hardcoded remote IP using plaintext HTTP. The combination of a numeric IP destination, use of http on port 8443, silent error handling, and inclusion of potentially sensitive fields (username, cwd, hostname, CI flags, package identifier) indicates malicious or at-minimum highly suspicious behavior for a dependency. Treat this package as compromised or malicious until proven otherwise: do not install or run it in production or CI systems, and investigate the package source, maintainers, and network endpoint.

promethian

0.2.6

Removed from pypi

Blocked by Socket

No explicit malicious payloads or obfuscation are present in this file itself. However, the module intentionally executes arbitrary Python code (Tool.code) and installs arbitrary dependencies without integrity checks, and it passes the full environment into the executed process. This design creates a high supply-chain and runtime execution risk: a malicious or compromised Tool or dependency can read environment variables (credentials), exfiltrate data, modify files, or perform other unauthorized actions. Use only with fully trusted tool definitions and consider adding sandboxing, minimal environments, and dependency verification.

Live on pypi for 2 days, 7 hours and 4 minutes before removal. Socket users were protected even while the package was live.

@joystick.js/cli-canary

0.0.0-canary.1711

by cheatcodetuts

Live on npm

Blocked by Socket

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles