Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
Product
Rubygems Ecosystem Support Now Generally Available
Socket's Rubygems ecosystem support is moving from beta to GA, featuring enhanced security scanning to detect supply chain threats beyond traditional CVEs in your Ruby dependencies.
Eli Insua
April 15, 2025
We're excited to announce that support for the Rubygems ecosystem is now out of beta and generally available!
Since we first launched Ruby support in beta six months ago, everything has been running smoothly with minimal issues and proven performance in production environments. As part of this process, we've learned more about how manifest files are used in the Rubygems ecosystem.
What We Learned During Beta#
Throughout the beta period, our Ruby support has demonstrated consistent scanning performance and reliable results across a wide range of repositories and projects with diverse requirements.
While it's considered best practice to commit Gemfile.lock files, we found that not everyone follows this recommendation. Other manifest formats—like Gemfile and *.gemspec—tend to be less precise. Because of this, we removed them from our list of recommended manifest formats.
If you still want to use those formats, we suggest generating a Software Bill of Materials (SBOM) using CycloneDX and committing that to your repository.
Beyond CVEs: Comprehensive Protection for Ruby Projects#
Our AI-powered security scanning has proven particularly valuable for Rails applications, where dependency trees can grow complex and difficult to manually audit.
Unlike traditional tools that focus solely on known vulnerabilities, Socket provides comprehensive protection against emerging supply chain threats. For Ruby projects, this means detecting suspicious behavior in gems that may indicate compromise or malicious intent, even before they're reported as a supply chain attack.
Enterprise customers have been using our Ruby support throughout the beta period, monitoring supply chain risk while safely incorporating external dependencies.
Getting Started#
Socket seamlessly integrates with your existing development workflow. For Ruby teams, this means security checks can run alongside your CI/CD pipeline, Slack notifications, and GitHub PR reviews, ensuring that security doesn't slow down development.
If you're already using Socket, Ruby support is now enabled by default for your projects. For new users, you can get started with our free Socket for GitHub app in just minutes.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Ready to block malicious and vulnerable dependencies?
Related posts
Back to all posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025