Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
mooo
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.1.1
- Maintainers
- 1
Mooo
Mooo is a lightweight HTTP proxy written in Python. You can run it in a server then use it to access the internet.
Quick Start
[!WARNING] By default, mooo porxy all domains, which means it can retrieve the local network. This poses a security risk. It is recommended to specify
--domainor--profileto limit the domain that the proxy server
Option 1: Use Python package
-
Install moon with
pip install mooo -
Start the proxy server
mooo --host 0.0.0.0 --port 8080
Option 2: Use Docker image
docker run -p 8080:8080 bebound/mooo --host 0.0.0.0 --port 8080
Use mooo
curl http://your_proxy_server:8080/{http_url}
git clone http://your_proxy_server:8080/{github_url}
Use pre-defined profile
Mooo provides some pre-defined profiles, you can use it to proxy some popular websites. Currently, it supports github, google and docker.
Use mooo to proxy github.com
mooo --profile github --profile github
Use mooo to proxy multiple profile with same port. You need to use reverse proxy to route the request to mooo with specific domain. Mooo routes the request to different profile based on the domain. For example, access github.custom.domain will route to github.com and docker.custom.domain will route to docker registry.
mooo --profile github docker google --smart-route
Parameters
| Parameter | Description | Default | Example |
|---|---|---|---|
--host | The listening host | 127.0.0.1 | 0.0.0.0 |
--port | The listening port | 8080 | |
--debug | Show debug logging | False | |
--domain | Once it's set, the request domain must match the wildcard domain list | None | *.github.com |
--cookie | Pass the cookie to the server | False | |
--default-domain | The default domain to proxy | None | https://www.github.com |
--profile | Use pre-defined profile | None | github |
--smart-route | Apply profile rules based on host domain | False |
FAQs
A simple http proxy
We found that mooo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025