Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

Security News

Stay Ahead of npm Malware: Introducing Socket's Real-Time Threat Feed on X

Follow the @npm_malware account to get live alerts from the Socket threat feed.

Stay Ahead of npm Malware: Introducing Socket's Real-Time Threat Feed on X

Charlie Gerard

December 15, 2023


Socket helps improve your open source security posture by detecting attacks which aren't caught by standard vulnerability scanners.

While these tools detect and report known vulnerabilities (CVEs), Socket also proactively catches attacks such as typosquats, hidden code, suspicious package updates, and more.

To help you stay up to date with the latest malware threats on the npm ecosystem, you can now follow the @npm_malware account where Socket is publishing real-time alerts from our threat feed.

Whenever Socket detects malware in a package, this account will tweet the details. Oftentimes these packages have been or will be removed from the npm registry.

Clicking on the tweet takes you to the file where the threat was detected for the version of the package in question, which is logged in our Socket package library. It displays more details on the issues detected in the package, which can also be viewed inline.

In addition to catching malware in our Socket for GitHub app and Socket CLI tool, you can also follow our threat feed account on Twitter for immediate updates on packages that are getting flagged as malware, so you can take prompt action if they exist in your projects. IT professionals, security analysts, and anyone who wants to keep a finger on the pulse of emerging malware detected on npm can follow this new account on X for a reliable source of threat intelligence.

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a demo

Related posts

Back to all posts
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc