Socket
Socket
Sign inDemoInstall

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Protecting the best engineering teams in the world

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

react


react-bot published 18.3.1 •
jquery


timmywil published 3.7.1 •
left-pad


stevemao published 1.3.0 •

We protect you from vulnerable and malicious packages

alchemy-nirvana-ohz686

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The provided code imports multiple modules and calls a function `functame` from each one. The names of the modules and the function `functame` are unusual and may suggest obfuscation or non-standard naming conventions. Without seeing the implementation of `functame` in each module, it is difficult to determine the intent or any potential malicious behavior. However, the unconventional naming patterns and the lack of clear functionality could be a sign of obfuscated or suspicious behavior.

Live on npm for 57 days, 2 hours and 50 minutes before removal. Socket users were protected even while the package was live.

aae-stream

130.0.0

by testerer

Removed from npm

Blocked by Socket

This script downloads a remote file and passes sensitive information to it. The script also executes a command with nc that could allow for remote code execution. This is highly suspicious and likely malicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

datetime

3.0.1

Live on pypi

Blocked by Socket

The primary concern with this code is the use of 'exec' to execute scripts fetched from the internet without validation. This poses a significant security risk as it can potentially execute malicious code. The use of 'os.spawnle' and 'subprocess.Popen' with user-provided inputs also adds to the security concerns. Additionally, there is a typo in 'Optarser' and incomplete handling of the temporary directory cleanup. http://python-distribute.org/distribute_setup.py was marked as Malicious by 1 engine in VT. https://www.virustotal.com/gui/url/3dce83785eafd47d40edd58b58c82593994cd409fc76351033486881fe943c36

npj4

1.0.11

by j4m13d

Live on npm

Blocked by Socket

The code snippet poses a security risk due to its use of `exec` to connect to an external IP address. This behavior is suspicious and could indicate potential malicious intent, such as data exfiltration or downloading further malicious payloads. The lack of context or justification for the external connection further elevates the risk.

abdo-obfuscate

4.5.1

by AbdelrahmanAhmed

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

fc-datalayer

2.9999.3

Removed from npm

Blocked by Socket

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

slg-vue-components

2.3.8

by 0xhunter313

Removed from npm

Blocked by Socket

This script exports the HOSTNAME environment variable and sends data to a remote server using curl. The script also sends sensitive system information to the remote server. This behavior is considered highly suspicious and potentially malicious.

Live on npm for 29 days, 16 hours and 26 minutes before removal. Socket users were protected even while the package was live.

spotify-internal

9.9.9

by dlnbb

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

fa-icdc-form-api-bdt

14.0.2

by kevin404

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

wehackreposss

5.5.5

by faique

Removed from npm

Blocked by Socket

The script is making a request to a remote server, which could potentially be used for malicious purposes such as downloading and executing malicious code. This behavior raises security concerns.

Live on npm for 2 days, 21 hours and 53 minutes before removal. Socket users were protected even while the package was live.

ifl-primitives

4.28.1

by subhashreeshrm

Removed from npm

Blocked by Socket

The code is designed for data exfiltration to a suspicious domain, constituting a significant privacy risk and potentially malicious behavior. The collection and transmission of sensitive system and user information without explicit consent or awareness significantly increase the security risk associated with this package.

Live on npm for 3 days, 5 hours and 53 minutes before removal. Socket users were protected even while the package was live.

oahspe

0.0.5

Live on pypi

Blocked by Socket

The code demonstrates several security risks, particularly the direct execution of commands based on user input, which can lead to command injection vulnerabilities and unauthorized file manipulation. It also lacks proper sanitization and validation of user input. The overall structure raises significant concerns regarding the potential for malicious behavior, especially if used in an untrusted environment.

load-image-ios

7.998.1

Removed from npm

Blocked by Socket

The code is heavily obfuscated and performs malicious activities such as exfiltrating environment variables and sending them to suspicious remote servers. The use of obfuscation and unusual error handling further indicates malicious intent.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

psn-discount-today733

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

chartfactor

4.1.33

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

azure-graphrbac

3.5.2

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by exfiltrating sensitive user information and system data to a remote server without consent. The infinite loop structure raises concerns about resource management. The overall risk and malware scores are high due to the nature of the actions performed.

Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.

websites-assets

696.69.69

by exzuperi

Removed from npm

Blocked by Socket

The code collects sensitive system information and sends it to a hardcoded remote server without user consent. This behavior is suspicious and can be considered malicious due to potential data leakage and privacy violations.

Live on npm for 1 day and 31 minutes before removal. Socket users were protected even while the package was live.

kasms

1.0.190

by psych0124

Removed from npm

Blocked by Socket

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

plugin-throttling

213.21.24

by exzuperi6

Removed from npm

Blocked by Socket

The code appears to be collecting sensitive system information and sending it to an external server. This behavior is indicative of data theft. Additionally, the reference to buying something through Telegram is highly suspicious and suggests potential malicious intent. Overall, this code poses a significant security risk.

Live on npm for 5 hours and 22 minutes before removal. Socket users were protected even while the package was live.

gulp-filste5

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 2 hours and 2 minutes before removal. Socket users were protected even while the package was live.

nodejs-wheel

20.12.0

Live on pypi

Blocked by Socket

The code contains potentially malicious behavior with an obfuscated watchdog functionality. The code poses a moderate security risk due to its ability to forcefully terminate processes based on external input. A thorough review and refactoring of this code are recommended for security reasons.

plumo-verifier-web

1.8.9

by testto008

Removed from npm

Blocked by Socket

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package.json data, and sends it to a remote server.

Live on npm for 13 hours and 34 minutes before removal. Socket users were protected even while the package was live.

@time-loop/electron-panel-window

3.0.6

by deephunt3r

Live on npm

Blocked by Socket

The code exhibits clear malicious behavior intended for data exfiltration. It collects sensitive system information and sends it to a remote server via DNS queries, which is indicative of an attempt to bypass traditional network security measures.

tsb-authorization

1.18.21

by here.is.random.user

Removed from npm

Blocked by Socket

The code exhibits behavior consistent with a supply chain attack, aiming to exfiltrate sensitive user and system information without consent. Despite a coding error in the hostname, the intent and capability for malicious activity are evident.

sqprefect

2.5.11

Removed from pypi

Blocked by Socket

The source code exhibits several serious security concerns, including collecting system information, sending it to a suspicious domain, reading and decoding potentially sensitive files, and executing potentially malicious code. These behaviors justify high malware, obfuscation, and security risk scores.

Live on pypi for 21 minutes before removal. Socket users were protected even while the package was live.

alchemy-nirvana-ohz686

1.0.0

by afifaljafari112

Removed from npm

Blocked by Socket

The provided code imports multiple modules and calls a function `functame` from each one. The names of the modules and the function `functame` are unusual and may suggest obfuscation or non-standard naming conventions. Without seeing the implementation of `functame` in each module, it is difficult to determine the intent or any potential malicious behavior. However, the unconventional naming patterns and the lack of clear functionality could be a sign of obfuscated or suspicious behavior.

Live on npm for 57 days, 2 hours and 50 minutes before removal. Socket users were protected even while the package was live.

aae-stream

130.0.0

by testerer

Removed from npm

Blocked by Socket

This script downloads a remote file and passes sensitive information to it. The script also executes a command with nc that could allow for remote code execution. This is highly suspicious and likely malicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

datetime

3.0.1

Live on pypi

Blocked by Socket

The primary concern with this code is the use of 'exec' to execute scripts fetched from the internet without validation. This poses a significant security risk as it can potentially execute malicious code. The use of 'os.spawnle' and 'subprocess.Popen' with user-provided inputs also adds to the security concerns. Additionally, there is a typo in 'Optarser' and incomplete handling of the temporary directory cleanup. http://python-distribute.org/distribute_setup.py was marked as Malicious by 1 engine in VT. https://www.virustotal.com/gui/url/3dce83785eafd47d40edd58b58c82593994cd409fc76351033486881fe943c36

npj4

1.0.11

by j4m13d

Live on npm

Blocked by Socket

The code snippet poses a security risk due to its use of `exec` to connect to an external IP address. This behavior is suspicious and could indicate potential malicious intent, such as data exfiltration or downloading further malicious payloads. The lack of context or justification for the external connection further elevates the risk.

abdo-obfuscate

4.5.1

by AbdelrahmanAhmed

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

fc-datalayer

2.9999.3

Removed from npm

Blocked by Socket

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

slg-vue-components

2.3.8

by 0xhunter313

Removed from npm

Blocked by Socket

This script exports the HOSTNAME environment variable and sends data to a remote server using curl. The script also sends sensitive system information to the remote server. This behavior is considered highly suspicious and potentially malicious.

Live on npm for 29 days, 16 hours and 26 minutes before removal. Socket users were protected even while the package was live.

spotify-internal

9.9.9

by dlnbb

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

fa-icdc-form-api-bdt

14.0.2

by kevin404

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

wehackreposss

5.5.5

by faique

Removed from npm

Blocked by Socket

The script is making a request to a remote server, which could potentially be used for malicious purposes such as downloading and executing malicious code. This behavior raises security concerns.

Live on npm for 2 days, 21 hours and 53 minutes before removal. Socket users were protected even while the package was live.

ifl-primitives

4.28.1

by subhashreeshrm

Removed from npm

Blocked by Socket

The code is designed for data exfiltration to a suspicious domain, constituting a significant privacy risk and potentially malicious behavior. The collection and transmission of sensitive system and user information without explicit consent or awareness significantly increase the security risk associated with this package.

Live on npm for 3 days, 5 hours and 53 minutes before removal. Socket users were protected even while the package was live.

oahspe

0.0.5

Live on pypi

Blocked by Socket

The code demonstrates several security risks, particularly the direct execution of commands based on user input, which can lead to command injection vulnerabilities and unauthorized file manipulation. It also lacks proper sanitization and validation of user input. The overall structure raises significant concerns regarding the potential for malicious behavior, especially if used in an untrusted environment.

load-image-ios

7.998.1

Removed from npm

Blocked by Socket

The code is heavily obfuscated and performs malicious activities such as exfiltrating environment variables and sending them to suspicious remote servers. The use of obfuscation and unusual error handling further indicates malicious intent.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

psn-discount-today733

1.0.2

by sicrap

Removed from npm

Blocked by Socket

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

chartfactor

4.1.33

Live on pypi

Blocked by Socket

This file is encrypted with PyArmor

azure-graphrbac

3.5.2

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by exfiltrating sensitive user information and system data to a remote server without consent. The infinite loop structure raises concerns about resource management. The overall risk and malware scores are high due to the nature of the actions performed.

Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.

websites-assets

696.69.69

by exzuperi

Removed from npm

Blocked by Socket

The code collects sensitive system information and sends it to a hardcoded remote server without user consent. This behavior is suspicious and can be considered malicious due to potential data leakage and privacy violations.

Live on npm for 1 day and 31 minutes before removal. Socket users were protected even while the package was live.

kasms

1.0.190

by psych0124

Removed from npm

Blocked by Socket

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

plugin-throttling

213.21.24

by exzuperi6

Removed from npm

Blocked by Socket

The code appears to be collecting sensitive system information and sending it to an external server. This behavior is indicative of data theft. Additionally, the reference to buying something through Telegram is highly suspicious and suggests potential malicious intent. Overall, this code poses a significant security risk.

Live on npm for 5 hours and 22 minutes before removal. Socket users were protected even while the package was live.

gulp-filste5

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 2 hours and 2 minutes before removal. Socket users were protected even while the package was live.

nodejs-wheel

20.12.0

Live on pypi

Blocked by Socket

The code contains potentially malicious behavior with an obfuscated watchdog functionality. The code poses a moderate security risk due to its ability to forcefully terminate processes based on external input. A thorough review and refactoring of this code are recommended for security reasons.

plumo-verifier-web

1.8.9

by testto008

Removed from npm

Blocked by Socket

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package.json data, and sends it to a remote server.

Live on npm for 13 hours and 34 minutes before removal. Socket users were protected even while the package was live.

@time-loop/electron-panel-window

3.0.6

by deephunt3r

Live on npm

Blocked by Socket

The code exhibits clear malicious behavior intended for data exfiltration. It collects sensitive system information and sends it to a remote server via DNS queries, which is indicative of an attempt to bypass traditional network security measures.

tsb-authorization

1.18.21

by here.is.random.user

Removed from npm

Blocked by Socket

The code exhibits behavior consistent with a supply chain attack, aiming to exfiltrate sensitive user and system information without consent. Despite a coding error in the hostname, the intent and capability for malicious activity are evident.

sqprefect

2.5.11

Removed from pypi

Blocked by Socket

The source code exhibits several serious security concerns, including collecting system information, sending it to a suspicious domain, reading and decoding potentially sensitive files, and executing potentially malicious code. These behaviors justify high malware, obfuscation, and security risk scores.

Live on pypi for 21 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

AI-detected potential malware

Suspicious Stars on GitHub

GitHub dependency

Git dependency

Obfuscated code

NPM Shrinkwrap

Telemetry

Protestware or potentially unwanted behavior

19 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoLearn more

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Dec 14, 2023

Hijacked cryptocurrency library adds malware

Widely-used library in cryptocurrency frontend was compromised to include wallet-draining code, following the hijacking of NPM account credentials via phishing.

Jan 06, 2022

Maintainer intentionally adds malware

Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.

Nov 15, 2021

npm discovers a platform vulnerability allowing unauthorized publishing of any package

Attackers could publish new versions of any npm package without authorization for multiple years.

Oct 22, 2021

Hijacked package adds cryptominers and password-stealing malware

Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.

Nov 26, 2018

Package hijacked adding organization specific backdoors

Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc