🚀 Big News:Socket Has Acquired Secure Annex.Learn More
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

scalix

1.0.0

by scalixworld

Live on npm

Blocked by Socket

This module contains an explicit, user-triggered arbitrary shell command execution pathway (input prefixed with '!': execSync of user-controlled text), plus filesystem export writes that incorporate user-influenced filenames and tool-call arguments. It also performs diagnostics that partially disclose API key tail and renders sensitive command output back to the UI. Even without evidence of stealthy malware behavior in this fragment, the direct RCE/sabotage primitive and potential sensitive-data leakage make this a severe security risk for inclusion as an untrusted dependency.

@venex/vxai

0.1.6

by james_vx19

Live on npm

Blocked by Socket

This module is an LLM-driven host interaction toolkit. It exposes and executes high-risk primitives: arbitrary filesystem read/list/write/append (including recursive directory creation), arbitrary shell command execution via spawnSync with shell enabled, and repository/source searching via rg/regex. Tool arguments flow directly from untrusted model tool-call payloads into these sinks, and results are returned for iterative agent continuation, creating strong potential for data theft, tampering/persistence, and RCE. This represents a very high supply-chain/runtime security risk and is highly consistent with malicious/sabotage-capable agent behavior.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This fragment is a full exploitation orchestrator that crafts and sends payloads to a remote target to achieve RCE/flag retrieval. It confirms success using WIN_MARKERS and explicit command execution strings (e.g., "cat flag.txt", "id", "SHELLPWNED"). It also runs objdump/strings and uses advanced exploit strategies (ret2win/ret2libc/SROP/ORW/ret2dlresolve). This is strongly indicative of offensive capability/malicious tooling if included in a general dependency; confidence is limited only by missing surrounding package metadata and usage context.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This module is highly suggestive of exploit-development support. It derives libc versions/base addresses via system inspection (including Android adb reconnaissance), resolves exploitation-critical offsets (system, /bin/sh, execve, etc.), and can query libc.rip using a leaked address to compute absolute runtime symbol addresses. While no payload execution or data theft is shown in this snippet, the functionality directly enables ret2libc/ROP chaining, creating a high supply-chain risk if included in non-security-testing contexts. Additionally, the apparent `return absolut` typo indicates possible incompleteness in the module’s implementation.

hermes-web-ui

0.5.1

by bigjayz1990

Live on npm

Blocked by Socket

This module contains a severe, backdoor-like remote execution capability: an authenticated WebSocket terminal that uses node-pty to spawn a system shell (with client-influenced shell selection) and forwards arbitrary client messages directly into the spawned PTY stdin, then relays PTY output back to the client. If the WebSocket auth token can be bypassed or misconfigured (notably via AUTH_DISABLED behavior), this becomes straightforward remote command execution under the server’s privileges. Treat as high security risk for supply-chain use and require strict isolation, strong/verified access control, and comprehensive documentation/audit of the terminal feature.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

High security alert. The module performs a runtime fetch of remote JavaScript from a public CDN and immediately executes it via eval to obtain a global loader, creating a direct supply-chain/RCE path. It then uses the dynamically obtained command runner to execute OS commands for starting and querying isolated sessions, with caller-controlled command/args interpolated into a command line (potential command injection depending on runner escaping). No explicit credential theft or data exfiltration is visible in this snippet, but the presence of eval+remote code execution makes the effective malware risk substantial and warrants urgent review/replacement with integrity-checked, statically imported dependencies and strict argv handling.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

This module contains a critical runtime supply-chain integrity violation: it conditionally downloads JavaScript from a public CDN and executes it via eval to create the module loader (globalThis.use). This provides a direct remote-code-execution primitive at startup and undermines the trustworthiness of all subsequent dynamic module loading. Additionally, user-influenced command arguments are forwarded into an external execution workflow via spawn, increasing the impact of any downstream argument-handling weaknesses. Even without explicit evidence of cryptomining/backdoors in this fragment, the eval+fetch pattern makes the supply-chain risk extremely high and the component unsafe to run without strong integrity controls.

@link-assistant/hive-mind

1.59.4

by konard

Live on npm

Blocked by Socket

High security alert. The module performs a runtime fetch of remote JavaScript from a public CDN and immediately executes it via eval to obtain a global loader, creating a direct supply-chain/RCE path. It then uses the dynamically obtained command runner to execute OS commands for starting and querying isolated sessions, with caller-controlled command/args interpolated into a command line (potential command injection depending on runner escaping). No explicit credential theft or data exfiltration is visible in this snippet, but the presence of eval+remote code execution makes the effective malware risk substantial and warrants urgent review/replacement with integrity-checked, statically imported dependencies and strict argv handling.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

High concern: the code fetches JavaScript from an external CDN (unpkg) and executes it via eval at runtime. This creates a direct supply-chain and remote code execution risk (potential backdoor/sabotage), independent of the rest of the logic. The remaining parts mainly parse stdout for IDs and read a local file to post comment content.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This module is a highly suspicious, intentionally malicious payload/artifact generator. It constructs complete scripts for multiple languages that contain direct command execution ('id') and dynamic evaluation mechanisms (JS eval; PHP eval/base64_decode), uses offset to create oversized literals, and appends attacker-controlled bytes (sc) verbatim into the resulting executable script content. While this fragment does not execute commands itself, it clearly prepares harmful artifacts for later deployment and execution. Recommended action: treat as malicious and do not use; inspect downstream code paths that write/run the generated files.

rhachet

1.41.5

by GitHub Actions

Live on npm

Blocked by Socket

This module is a powerful plugin-code generator/manager that persists and enables arbitrary OS command execution through execSync embedded from input.meta.command, executed during multiple lifecycle hooks with stdio inherited. There is no validation/allowlisting/sandboxing of the command string or strict enforcement of deletion targets beyond filename joining, so security depends heavily on strict trust boundaries for meta.command and filesystem roots. The capability level makes it a significant supply-chain execution vector if attacker influence is possible.

alya-baileys

1.8.41

by diszxe

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This fragment is a clearly offensive exploitation component. It performs networked libc address leakage from a remote target, resolves libc offsets (including an external libc.rip HTTPS lookup), and then sends a second ROP payload intended to execute system('/bin/sh'), confirming success via returned output/markers. As a dependency, it represents a high supply-chain security risk and strong likelihood of malicious/weaponizable intent, even though it contains no stealth persistence or credential theft within this snippet.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This module is highly consistent with offensive exploitation/attack automation. It brute-forces ASLR/PIE/libc address guesses, crafts ret2win/one-gadget/partial-overwrite payloads using pwntools, and repeatedly sends them over a network connection. It marks success based on response content (including any non-empty output), then continues or stops accordingly. Given its direct payload-delivery behavior and mitigation-bypass brute forcing, it represents a serious security risk and strong malicious-intent indicator for unauthorized remote exploitation capability.

period-newline

0.1.0

by ryanmccollum1

Live on npm

Blocked by Socket

This fragment is consistent with malicious supply-chain reconnaissance/stealing: it automatically collects host/user identity, external IP from a remote service, reads local configuration file contents from multiple candidate paths, executes a shell command to capture activity output, encrypts the aggregated data with an embedded secret, and exfiltrates it over TCP to a configurable endpoint. The extensive obfuscation/indirection and custom encrypted transport further strengthen the assessment. Treat the package as malicious and investigate for execution, persistence, and egress to the configured endpoint/port.

@link-assistant/hive-mind

1.59.4

by konard

Live on npm

Blocked by Socket

This module has a critical, high-risk supply-chain pattern: it downloads executable JavaScript from a public CDN at runtime and executes it with eval to populate globalThis.use, which is then used to obtain a command execution helper for running `gh` commands. The rest of the code appears to be CI/PR status orchestration, but the eval-based remote loader makes the overall package trustworthiness very low and warrants blocking/review before use (pinning, removing eval/remote loading, and replacing with vetted local dependencies/integrity-verified code).

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is a highly suspicious, intentionally malicious payload/artifact generator. It constructs complete scripts for multiple languages that contain direct command execution ('id') and dynamic evaluation mechanisms (JS eval; PHP eval/base64_decode), uses offset to create oversized literals, and appends attacker-controlled bytes (sc) verbatim into the resulting executable script content. While this fragment does not execute commands itself, it clearly prepares harmful artifacts for later deployment and execution. Recommended action: treat as malicious and do not use; inspect downstream code paths that write/run the generated files.

@cap-js/db-service

2.10.1

by GitHub Actions

Live on npm

Blocked by Socket

This module is a runtime bootstrapper/installer pattern: it downloads a platform-specific Bun ZIP from GitHub Releases, extracts it, and executes the extracted Bun binary immediately. The primary security concern is supply-chain integrity: the code performs no checksum/signature verification of the downloaded artifact and follows HTTP redirects without destination validation. PowerShell extraction uses `-ExecutionPolicy Bypass` on Windows. While the behavior is consistent with a legitimate installer, the lack of cryptographic verification and direct execution of network-obtained binaries makes this high-impact and should be reviewed/mitigated (e.g., pin expected hashes, validate redirect destinations, and avoid broad ExecutionPolicy bypass where possible).

sadi-sdk-ts

1.1.90

by hecker_he

Live on npm

Blocked by Socket

This module is not a straightforward, deterministic 3D renderer. It dynamically constructs and executes a Web Worker from a hardcoded base64 payload (runtime code staging) and the staged worker code contains network-style logic (fetch/open behavior and Authorization/header construction) and WebAssembly loader/probing routines. Untrusted binary buffers parsed from IndexedDB are then uploaded into WebGL GPU state via worker-driven commands. Together, these patterns strongly indicate a supply-chain sabotage/backdoor risk (remote interaction capability plus executable staged code), warranting immediate isolation and deeper provenance review.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

High supply-chain and execution risk. The module performs runtime download-and-eval of JavaScript from https://unpkg.com to define globalThis.use, which can fully compromise the host if the remote content is malicious or altered. Beyond that, it executes external commands via command-stream (including piping prompt content into an agent CLI), forwards all environment variables to the child process, parses untrusted JSON output that influences retries/control flow, and can auto-commit/push git changes—together creating a dangerous trust boundary around both execution and data handling. No explicit evidence of cryptomining/backdoor networking appears in this snippet, but the eval(fetch) pattern alone warrants strong containment/review.

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is highly indicative of malicious/weaponization behavior in a software supply-chain context: it generates multiple deliberately crafted document formats (PDF/DOC/DOCX/XLS/XLSX/RTF) containing caller-controlled overflow/payload bytes, and the PDF specifically embeds hardcoded JavaScript intended to execute when the document is opened in a vulnerable/susceptible viewer. While it does not perform network/file system actions itself, it returns ready-to-deliver malicious artifacts, strongly increasing the likelihood of security harm if used in distribution or testing pipelines.

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is highly weaponized and operationally capable of exploiting a remote service: it crafts ROP/SROP/GOT overwrite/ret2win/one_gadget/ORW payloads using leaked bases and gadget discovery, delivers them over UDP, and confirms attempted execution via /tmp marker side effects and /proc-based shell detection. If included as a supply-chain dependency in non-isolated environments, it represents a critical security risk and strong malicious/exploit intent signal.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

This module has a critical supply-chain/runtime security flaw: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to establish globalThis.use. That provides an immediate arbitrary-code-execution path under the privileges of the running process, making the package highly untrustworthy regardless of the rest of the logic appearing to only perform benign disk/RAM checks. Treat this dependency/module as compromised/unacceptable unless the remote eval bootstrap is removed or replaced with pinned, integrity-verified local code.

valyrian-edge

1.0.0

by routsom

Live on npm

Blocked by Socket

This file implements an offensive prompt-injection/jailbreak exploitation executor that sends crafted malicious payloads to a remote chat endpoint, evaluates success/extraction from returned content, retains extracted data, and generates a runnable Python replay script. While it is not obfuscated and does not look like traditional malware (persistence/ransom), it is high-risk exploitation tooling and should not be used or trusted in production without strict containment and authorization controls.

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is a deliberate weaponized payload generator. It constructs multiple document formats embedding explicit XXE (file:///etc/passwd) and XSS/execution code, including an HTML cookie exfiltration attempt to an external attacker-controlled domain, and it appends caller-supplied bytes to tailor payload content. While this file does not execute or transmit anything itself, its returned outputs are overtly malicious and designed to be used by downstream consumers (writers/parsers/renderers).

scalix

1.0.0

by scalixworld

Live on npm

Blocked by Socket

This module contains an explicit, user-triggered arbitrary shell command execution pathway (input prefixed with '!': execSync of user-controlled text), plus filesystem export writes that incorporate user-influenced filenames and tool-call arguments. It also performs diagnostics that partially disclose API key tail and renders sensitive command output back to the UI. Even without evidence of stealthy malware behavior in this fragment, the direct RCE/sabotage primitive and potential sensitive-data leakage make this a severe security risk for inclusion as an untrusted dependency.

@venex/vxai

0.1.6

by james_vx19

Live on npm

Blocked by Socket

This module is an LLM-driven host interaction toolkit. It exposes and executes high-risk primitives: arbitrary filesystem read/list/write/append (including recursive directory creation), arbitrary shell command execution via spawnSync with shell enabled, and repository/source searching via rg/regex. Tool arguments flow directly from untrusted model tool-call payloads into these sinks, and results are returned for iterative agent continuation, creating strong potential for data theft, tampering/persistence, and RCE. This represents a very high supply-chain/runtime security risk and is highly consistent with malicious/sabotage-capable agent behavior.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This fragment is a full exploitation orchestrator that crafts and sends payloads to a remote target to achieve RCE/flag retrieval. It confirms success using WIN_MARKERS and explicit command execution strings (e.g., "cat flag.txt", "id", "SHELLPWNED"). It also runs objdump/strings and uses advanced exploit strategies (ret2win/ret2libc/SROP/ORW/ret2dlresolve). This is strongly indicative of offensive capability/malicious tooling if included in a general dependency; confidence is limited only by missing surrounding package metadata and usage context.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This module is highly suggestive of exploit-development support. It derives libc versions/base addresses via system inspection (including Android adb reconnaissance), resolves exploitation-critical offsets (system, /bin/sh, execve, etc.), and can query libc.rip using a leaked address to compute absolute runtime symbol addresses. While no payload execution or data theft is shown in this snippet, the functionality directly enables ret2libc/ROP chaining, creating a high supply-chain risk if included in non-security-testing contexts. Additionally, the apparent `return absolut` typo indicates possible incompleteness in the module’s implementation.

hermes-web-ui

0.5.1

by bigjayz1990

Live on npm

Blocked by Socket

This module contains a severe, backdoor-like remote execution capability: an authenticated WebSocket terminal that uses node-pty to spawn a system shell (with client-influenced shell selection) and forwards arbitrary client messages directly into the spawned PTY stdin, then relays PTY output back to the client. If the WebSocket auth token can be bypassed or misconfigured (notably via AUTH_DISABLED behavior), this becomes straightforward remote command execution under the server’s privileges. Treat as high security risk for supply-chain use and require strict isolation, strong/verified access control, and comprehensive documentation/audit of the terminal feature.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

High security alert. The module performs a runtime fetch of remote JavaScript from a public CDN and immediately executes it via eval to obtain a global loader, creating a direct supply-chain/RCE path. It then uses the dynamically obtained command runner to execute OS commands for starting and querying isolated sessions, with caller-controlled command/args interpolated into a command line (potential command injection depending on runner escaping). No explicit credential theft or data exfiltration is visible in this snippet, but the presence of eval+remote code execution makes the effective malware risk substantial and warrants urgent review/replacement with integrity-checked, statically imported dependencies and strict argv handling.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

This module contains a critical runtime supply-chain integrity violation: it conditionally downloads JavaScript from a public CDN and executes it via eval to create the module loader (globalThis.use). This provides a direct remote-code-execution primitive at startup and undermines the trustworthiness of all subsequent dynamic module loading. Additionally, user-influenced command arguments are forwarded into an external execution workflow via spawn, increasing the impact of any downstream argument-handling weaknesses. Even without explicit evidence of cryptomining/backdoors in this fragment, the eval+fetch pattern makes the supply-chain risk extremely high and the component unsafe to run without strong integrity controls.

@link-assistant/hive-mind

1.59.4

by konard

Live on npm

Blocked by Socket

High security alert. The module performs a runtime fetch of remote JavaScript from a public CDN and immediately executes it via eval to obtain a global loader, creating a direct supply-chain/RCE path. It then uses the dynamically obtained command runner to execute OS commands for starting and querying isolated sessions, with caller-controlled command/args interpolated into a command line (potential command injection depending on runner escaping). No explicit credential theft or data exfiltration is visible in this snippet, but the presence of eval+remote code execution makes the effective malware risk substantial and warrants urgent review/replacement with integrity-checked, statically imported dependencies and strict argv handling.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

High concern: the code fetches JavaScript from an external CDN (unpkg) and executes it via eval at runtime. This creates a direct supply-chain and remote code execution risk (potential backdoor/sabotage), independent of the rest of the logic. The remaining parts mainly parse stdout for IDs and read a local file to post comment content.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This module is a highly suspicious, intentionally malicious payload/artifact generator. It constructs complete scripts for multiple languages that contain direct command execution ('id') and dynamic evaluation mechanisms (JS eval; PHP eval/base64_decode), uses offset to create oversized literals, and appends attacker-controlled bytes (sc) verbatim into the resulting executable script content. While this fragment does not execute commands itself, it clearly prepares harmful artifacts for later deployment and execution. Recommended action: treat as malicious and do not use; inspect downstream code paths that write/run the generated files.

rhachet

1.41.5

by GitHub Actions

Live on npm

Blocked by Socket

This module is a powerful plugin-code generator/manager that persists and enables arbitrary OS command execution through execSync embedded from input.meta.command, executed during multiple lifecycle hooks with stdio inherited. There is no validation/allowlisting/sandboxing of the command string or strict enforcement of deletion targets beyond filename joining, so security depends heavily on strict trust boundaries for meta.command and filesystem roots. The capability level makes it a significant supply-chain execution vector if attacker influence is possible.

alya-baileys

1.8.41

by diszxe

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This fragment is a clearly offensive exploitation component. It performs networked libc address leakage from a remote target, resolves libc offsets (including an external libc.rip HTTPS lookup), and then sends a second ROP payload intended to execute system('/bin/sh'), confirming success via returned output/markers. As a dependency, it represents a high supply-chain security risk and strong likelihood of malicious/weaponizable intent, even though it contains no stealth persistence or credential theft within this snippet.

binsmasher

0.8.0

Live on pypi

Blocked by Socket

This module is highly consistent with offensive exploitation/attack automation. It brute-forces ASLR/PIE/libc address guesses, crafts ret2win/one-gadget/partial-overwrite payloads using pwntools, and repeatedly sends them over a network connection. It marks success based on response content (including any non-empty output), then continues or stops accordingly. Given its direct payload-delivery behavior and mitigation-bypass brute forcing, it represents a serious security risk and strong malicious-intent indicator for unauthorized remote exploitation capability.

period-newline

0.1.0

by ryanmccollum1

Live on npm

Blocked by Socket

This fragment is consistent with malicious supply-chain reconnaissance/stealing: it automatically collects host/user identity, external IP from a remote service, reads local configuration file contents from multiple candidate paths, executes a shell command to capture activity output, encrypts the aggregated data with an embedded secret, and exfiltrates it over TCP to a configurable endpoint. The extensive obfuscation/indirection and custom encrypted transport further strengthen the assessment. Treat the package as malicious and investigate for execution, persistence, and egress to the configured endpoint/port.

@link-assistant/hive-mind

1.59.4

by konard

Live on npm

Blocked by Socket

This module has a critical, high-risk supply-chain pattern: it downloads executable JavaScript from a public CDN at runtime and executes it with eval to populate globalThis.use, which is then used to obtain a command execution helper for running `gh` commands. The rest of the code appears to be CI/PR status orchestration, but the eval-based remote loader makes the overall package trustworthiness very low and warrants blocking/review before use (pinning, removing eval/remote loading, and replacing with vetted local dependencies/integrity-verified code).

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is a highly suspicious, intentionally malicious payload/artifact generator. It constructs complete scripts for multiple languages that contain direct command execution ('id') and dynamic evaluation mechanisms (JS eval; PHP eval/base64_decode), uses offset to create oversized literals, and appends attacker-controlled bytes (sc) verbatim into the resulting executable script content. While this fragment does not execute commands itself, it clearly prepares harmful artifacts for later deployment and execution. Recommended action: treat as malicious and do not use; inspect downstream code paths that write/run the generated files.

@cap-js/db-service

2.10.1

by GitHub Actions

Live on npm

Blocked by Socket

This module is a runtime bootstrapper/installer pattern: it downloads a platform-specific Bun ZIP from GitHub Releases, extracts it, and executes the extracted Bun binary immediately. The primary security concern is supply-chain integrity: the code performs no checksum/signature verification of the downloaded artifact and follows HTTP redirects without destination validation. PowerShell extraction uses `-ExecutionPolicy Bypass` on Windows. While the behavior is consistent with a legitimate installer, the lack of cryptographic verification and direct execution of network-obtained binaries makes this high-impact and should be reviewed/mitigated (e.g., pin expected hashes, validate redirect destinations, and avoid broad ExecutionPolicy bypass where possible).

sadi-sdk-ts

1.1.90

by hecker_he

Live on npm

Blocked by Socket

This module is not a straightforward, deterministic 3D renderer. It dynamically constructs and executes a Web Worker from a hardcoded base64 payload (runtime code staging) and the staged worker code contains network-style logic (fetch/open behavior and Authorization/header construction) and WebAssembly loader/probing routines. Untrusted binary buffers parsed from IndexedDB are then uploaded into WebGL GPU state via worker-driven commands. Together, these patterns strongly indicate a supply-chain sabotage/backdoor risk (remote interaction capability plus executable staged code), warranting immediate isolation and deeper provenance review.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

High supply-chain and execution risk. The module performs runtime download-and-eval of JavaScript from https://unpkg.com to define globalThis.use, which can fully compromise the host if the remote content is malicious or altered. Beyond that, it executes external commands via command-stream (including piping prompt content into an agent CLI), forwards all environment variables to the child process, parses untrusted JSON output that influences retries/control flow, and can auto-commit/push git changes—together creating a dangerous trust boundary around both execution and data handling. No explicit evidence of cryptomining/backdoor networking appears in this snippet, but the eval(fetch) pattern alone warrants strong containment/review.

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is highly indicative of malicious/weaponization behavior in a software supply-chain context: it generates multiple deliberately crafted document formats (PDF/DOC/DOCX/XLS/XLSX/RTF) containing caller-controlled overflow/payload bytes, and the PDF specifically embeds hardcoded JavaScript intended to execute when the document is opened in a vulnerable/susceptible viewer. While it does not perform network/file system actions itself, it returns ready-to-deliver malicious artifacts, strongly increasing the likelihood of security harm if used in distribution or testing pipelines.

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is highly weaponized and operationally capable of exploiting a remote service: it crafts ROP/SROP/GOT overwrite/ret2win/one_gadget/ORW payloads using leaked bases and gadget discovery, delivers them over UDP, and confirms attempted execution via /tmp marker side effects and /proc-based shell detection. If included as a supply-chain dependency in non-isolated environments, it represents a critical security risk and strong malicious/exploit intent signal.

@link-assistant/hive-mind

1.59.3

by konard

Live on npm

Blocked by Socket

This module has a critical supply-chain/runtime security flaw: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to establish globalThis.use. That provides an immediate arbitrary-code-execution path under the privileges of the running process, making the package highly untrustworthy regardless of the rest of the logic appearing to only perform benign disk/RAM checks. Treat this dependency/module as compromised/unacceptable unless the remote eval bootstrap is removed or replaced with pinned, integrity-verified local code.

valyrian-edge

1.0.0

by routsom

Live on npm

Blocked by Socket

This file implements an offensive prompt-injection/jailbreak exploitation executor that sends crafted malicious payloads to a remote chat endpoint, evaluates success/extraction from returned content, retains extracted data, and generates a runnable Python replay script. While it is not obfuscated and does not look like traditional malware (persistence/ransom), it is high-risk exploitation tooling and should not be used or trusted in production without strict containment and authorization controls.

binsmasher

4.2.0

Live on pypi

Blocked by Socket

This module is a deliberate weaponized payload generator. It constructs multiple document formats embedding explicit XXE (file:///etc/passwd) and XSS/execution code, including an HTML cookie exfiltration attempt to an external attacker-controlled domain, and it appends caller-supplied bytes to tailor payload content. While this file does not execute or transmit anything itself, its returned outputs are overtly malicious and designed to be used by downstream consumers (writers/parsers/renderers).

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

Unstable ownership

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles