Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

Secure OSS Dependencies

Socket for Open Source Security

Quickly evaluate the security and health of any open source package. Unlike a traditional vulnerability scanner, Socket can detect an active supply chain attack and help you block it. Socket detects over 70 issues in open source code for comprehensive protection.

Explore IntegrationsBook a Demo

Beyond CVE Scanning

What is Open Source Security?

Open source code makes up more than 90% of modern software projects, with many apps spamming 10,000+ dependencies. This makes it easy for attackers to use open source as a vector for attacks where open source packages registries are frequently the target of malware. Traditional vulnerability scanners cannot detect active supply chain attacks. Socket's free GitHub app safeguards your open source code from both vulnerable and malicious dependencies.

Install Github AppContact Sales
Socket Website

We protect you from vulnerable and malicious packages

recas

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

analysis-components

6.999.0

by pavel_palii

Removed from npm

Blocked by Socket

The code exhibits behavior indicative of potential malicious activity, specifically data exfiltration. It poses a significant security risk and should be further investigated and removed if found in a package.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

@diotoborg/recusandae-reprehenderit

0.0.1-security

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

test494

1.0.12

by npm

Removed from npm

Blocked by Socket

Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 4 hours and 36 minutes before removal. Socket users were protected even while the package was live.

es6shsm

0.0.1-security.2

by npm

Live on npm

Blocked by Socket

Malicious code in es6shsm (npm) Source: ghsa-malware (532e251435e5aa43412f0a3d67927aad3b0df8a7a31d174bc651cda37d917934) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

hs-loadsh

2.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

@cawraytestorg/packagetest

9.9.9

by cawray

Live on npm

Blocked by Socket

The script is malicious as it sends the contents of a critical system file to an external server, which poses a significant security risk.

vine-ember

99.9.9

by dependency-test-6

Removed from npm

Blocked by Socket

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 day, 18 hours and 22 minutes before removal. Socket users were protected even while the package was live.

bspin.mobilecasino

1.1.1

by reboda5643

Removed from npm

Blocked by Socket

The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

pwn

0.4.621

by 0day Inc.

Live on gem

Blocked by Socket

The script 'packer/provisioners/post_install.sh' exhibits malicious behavior by performing several harmful actions: - **Deletes user and root history files**: Uses secure deletion methods to remove history files, potentially to conceal malicious activities. - **Clears system log files**: Erases log files from '/var/log', hindering the ability to audit and investigate system actions. - **Disables the root account**: Locks the root account password without ensuring alternative secure administrative access, possibly preventing legitimate administrative operations. - **Sets a weak default password ('changeme') for the 'admin' user**: Introduces a significant security risk by using an easily guessable password, facilitating unauthorized access. These actions can be exploited by an attacker to gain unauthorized access, disrupt legitimate operations, and prevent system recovery. The combination of log and history deletion, disabling of root access, and setting weak credentials indicates malicious intent to compromise system security and conceal nefarious activities.

rdkit

2022.9.2

Live on pypi

Blocked by Socket

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

patientenapp

1.23.1563

Removed from npm

Blocked by Socket

The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

@diotoborg/quaerat-voluptatum

0.0.1-security

by npm

Live on npm

Blocked by Socket

Malicious code in @diotoborg/quaerat-voluptatum (npm) Source: ghsa-malware (c317191d7f8baea64529f132a9125b5769292edde6c5456596b9bf43aa0d1d14) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

war-robots-free-gold-and-silver190

1.0.2

by atiaromaryalab

Removed from npm

Blocked by Socket

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

hight

1.0.2

Removed from npm

Blocked by Socket

The code is highly obfuscated with patterns that are indicative of malicious intent, such as dynamic code execution and anti-debugging techniques. The exact purpose cannot be determined without de-obfuscation and further context, but it is advisable to treat this code as potentially harmful.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

xmdzdom

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

spr-svg-loaderouazaaaa

2.0.0

by manoc81148

Removed from npm

Blocked by Socket

The script collects information like package name, directory, home directory, hostname, username, DNS servers, and package JSON data, then sends it to a remote server.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

sncicd-tests-run

1.0.1

Removed from npm

Blocked by Socket

The script is malicious in nature, as it is designed to exfiltrate sensitive system information to an external server. The use of base64 encoding is a weak attempt to obfuscate the data being sent. The script poses a high security risk due to the potential for data breaches and further attacks.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

egstore-suspense

1.0.3

Removed from npm

Blocked by Socket

The script collects information like hostname, user id, group id, platform, DNS lookups, current working directory and installing package, then sends it to a remote server.

Live on npm for 4 days, 6 hours and 51 minutes before removal. Socket users were protected even while the package was live.

sap-abstract

1.2.5

by abdallaeg2

Removed from npm

Blocked by Socket

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

healenium

1.0.1

by aagiubkagf

Live on npm

Blocked by Socket

The code connects to a hardcoded IP address (47[.]251[.]102[.]182) on port 8057 without user consent. It sends system information, including OS type and architecture, to this remote server. The code listens for commands from the server and executes them locally using the `exec()` function, which can lead to arbitrary code execution. Additionally, it can receive files from the server and write them to the local filesystem, potentially introducing malicious files. It includes a scheduled task that collects and sends user information at a specific date and time. These behaviors represent unauthorized remote control and data exfiltration, posing significant security risks.

hub-http

1.51.999

Removed from npm

Blocked by Socket

The code is performing malicious activities by exfiltrating sensitive system information to a remote server. This poses a significant security risk and should be considered as malware.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.

n-messaging-client

1.999.2

by adhamsadakah300

Removed from npm

Blocked by Socket

The code executes a complex shell command and fetches data from an external URL. While there are no clear indications of malicious intent, the presence of these behaviors raises concerns. Further investigation is needed to determine the exact purpose and potential risks of this code.

Live on npm for 1 day and 4 hours before removal. Socket users were protected even while the package was live.

@zitterorg/laudantium-rerum

2.2.25

by loandinhb931

Live on npm

Blocked by Socket

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

a15z8my-name

0.1.0

Live on gem

Blocked by Socket

Malicious code in a15z8my-name (RubyGems)

recas

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

analysis-components

6.999.0

by pavel_palii

Removed from npm

Blocked by Socket

The code exhibits behavior indicative of potential malicious activity, specifically data exfiltration. It poses a significant security risk and should be further investigated and removed if found in a package.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

@diotoborg/recusandae-reprehenderit

0.0.1-security

Removed from npm

Blocked by Socket

This package was removed from the npm registry for security reasons.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

test494

1.0.12

by npm

Removed from npm

Blocked by Socket

Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 4 hours and 36 minutes before removal. Socket users were protected even while the package was live.

es6shsm

0.0.1-security.2

by npm

Live on npm

Blocked by Socket

Malicious code in es6shsm (npm) Source: ghsa-malware (532e251435e5aa43412f0a3d67927aad3b0df8a7a31d174bc651cda37d917934) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

hs-loadsh

2.999.999

Removed from npm

Blocked by Socket

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

@cawraytestorg/packagetest

9.9.9

by cawray

Live on npm

Blocked by Socket

The script is malicious as it sends the contents of a critical system file to an external server, which poses a significant security risk.

vine-ember

99.9.9

by dependency-test-6

Removed from npm

Blocked by Socket

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 day, 18 hours and 22 minutes before removal. Socket users were protected even while the package was live.

bspin.mobilecasino

1.1.1

by reboda5643

Removed from npm

Blocked by Socket

The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

pwn

0.4.621

by 0day Inc.

Live on gem

Blocked by Socket

The script 'packer/provisioners/post_install.sh' exhibits malicious behavior by performing several harmful actions: - **Deletes user and root history files**: Uses secure deletion methods to remove history files, potentially to conceal malicious activities. - **Clears system log files**: Erases log files from '/var/log', hindering the ability to audit and investigate system actions. - **Disables the root account**: Locks the root account password without ensuring alternative secure administrative access, possibly preventing legitimate administrative operations. - **Sets a weak default password ('changeme') for the 'admin' user**: Introduces a significant security risk by using an easily guessable password, facilitating unauthorized access. These actions can be exploited by an attacker to gain unauthorized access, disrupt legitimate operations, and prevent system recovery. The combination of log and history deletion, disabling of root access, and setting weak credentials indicates malicious intent to compromise system security and conceal nefarious activities.

rdkit

2022.9.2

Live on pypi

Blocked by Socket

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

patientenapp

1.23.1563

Removed from npm

Blocked by Socket

The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

@diotoborg/quaerat-voluptatum

0.0.1-security

by npm

Live on npm

Blocked by Socket

Malicious code in @diotoborg/quaerat-voluptatum (npm) Source: ghsa-malware (c317191d7f8baea64529f132a9125b5769292edde6c5456596b9bf43aa0d1d14) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

war-robots-free-gold-and-silver190

1.0.2

by atiaromaryalab

Removed from npm

Blocked by Socket

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

hight

1.0.2

Removed from npm

Blocked by Socket

The code is highly obfuscated with patterns that are indicative of malicious intent, such as dynamic code execution and anti-debugging techniques. The exact purpose cannot be determined without de-obfuscation and further context, but it is advisable to treat this code as potentially harmful.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

xmdzdom

1.2.0

by 17b4a931

Removed from npm

Blocked by Socket

This code poses a serious security risk and should not be used.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

spr-svg-loaderouazaaaa

2.0.0

by manoc81148

Removed from npm

Blocked by Socket

The script collects information like package name, directory, home directory, hostname, username, DNS servers, and package JSON data, then sends it to a remote server.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

sncicd-tests-run

1.0.1

Removed from npm

Blocked by Socket

The script is malicious in nature, as it is designed to exfiltrate sensitive system information to an external server. The use of base64 encoding is a weak attempt to obfuscate the data being sent. The script poses a high security risk due to the potential for data breaches and further attacks.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

egstore-suspense

1.0.3

Removed from npm

Blocked by Socket

The script collects information like hostname, user id, group id, platform, DNS lookups, current working directory and installing package, then sends it to a remote server.

Live on npm for 4 days, 6 hours and 51 minutes before removal. Socket users were protected even while the package was live.

sap-abstract

1.2.5

by abdallaeg2

Removed from npm

Blocked by Socket

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

healenium

1.0.1

by aagiubkagf

Live on npm

Blocked by Socket

The code connects to a hardcoded IP address (47[.]251[.]102[.]182) on port 8057 without user consent. It sends system information, including OS type and architecture, to this remote server. The code listens for commands from the server and executes them locally using the `exec()` function, which can lead to arbitrary code execution. Additionally, it can receive files from the server and write them to the local filesystem, potentially introducing malicious files. It includes a scheduled task that collects and sends user information at a specific date and time. These behaviors represent unauthorized remote control and data exfiltration, posing significant security risks.

hub-http

1.51.999

Removed from npm

Blocked by Socket

The code is performing malicious activities by exfiltrating sensitive system information to a remote server. This poses a significant security risk and should be considered as malware.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.

n-messaging-client

1.999.2

by adhamsadakah300

Removed from npm

Blocked by Socket

The code executes a complex shell command and fetches data from an external URL. While there are no clear indications of malicious intent, the presence of these behaviors raises concerns. Further investigation is needed to determine the exact purpose and potential risks of this code.

Live on npm for 1 day and 4 hours before removal. Socket users were protected even while the package was live.

@zitterorg/laudantium-rerum

2.2.25

by loandinhb931

Live on npm

Blocked by Socket

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

a15z8my-name

0.1.0

Live on gem

Blocked by Socket

Malicious code in a15z8my-name (RubyGems)

Get Visibility Into Open Source Dependencies with Real-Time Security Feedback

Proactively search and detect dependencies across repositories in your organization, with actionable insights for your projects and SBOMs

Organization Dashboard

Open Source Supply Chain Attack Prevention

Block Malware and Typosquatting

Block emerging malware threats, including intentionally maintainer-added updates, along with packages that differ in name by only a few characters..

Detect Privileged API Usage

Get alerted when a dependency update introduces new risky API usage - filesystem, network, child_process, eval().

Detect Hidden Code

Detect obfuscated, minified, or hidden code.

Detect Suspicious Updates

Socket detects the sudden inclusion of a new maintainer, updates with telemetry or protestware added, dependencies pulled in from a remote git URL, and much more.

We help security teams work more efficiently

Cut through the noise and focus on real threats.

Get actionable alerts for the supply chain risks that matter. Socket highlights risky dependencies directly within the developer workflow.

SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc