Secure OSS Dependencies
Beyond CVE Scanning
Open source code makes up more than 90% of modern software projects, with many apps spamming 10,000+ dependencies. This makes it easy for attackers to use open source as a vector for attacks where open source packages registries are frequently the target of malware. Traditional vulnerability scanners cannot detect active supply chain attacks. Socket's free GitHub app safeguards your open source code from both vulnerable and malicious dependencies.
recas
1.2.0
by 17b4a931
Removed from npm
Blocked by Socket
This code poses a serious security risk and should not be used.
Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.
analysis-components
6.999.0
by pavel_palii
Removed from npm
Blocked by Socket
The code exhibits behavior indicative of potential malicious activity, specifically data exfiltration. It poses a significant security risk and should be further investigated and removed if found in a package.
Live on npm for 1 minute before removal. Socket users were protected even while the package was live.
@diotoborg/recusandae-reprehenderit
0.0.1-security
Removed from npm
Blocked by Socket
This package was removed from the npm registry for security reasons.
Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.
test494
1.0.12
by npm
Removed from npm
Blocked by Socket
Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Live on npm for 4 hours and 36 minutes before removal. Socket users were protected even while the package was live.
es6shsm
0.0.1-security.2
by npm
Live on npm
Blocked by Socket
Malicious code in es6shsm (npm) Source: ghsa-malware (532e251435e5aa43412f0a3d67927aad3b0df8a7a31d174bc651cda37d917934) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
hs-loadsh
2.999.999
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.
@cawraytestorg/packagetest
9.9.9
by cawray
Live on npm
Blocked by Socket
The script is malicious as it sends the contents of a critical system file to an external server, which poses a significant security risk.
vine-ember
99.9.9
by dependency-test-6
Removed from npm
Blocked by Socket
The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.
Live on npm for 1 day, 18 hours and 22 minutes before removal. Socket users were protected even while the package was live.
bspin.mobilecasino
1.1.1
by reboda5643
Removed from npm
Blocked by Socket
The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.
Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.
pwn
0.4.621
by 0day Inc.
Live on gem
Blocked by Socket
The script 'packer/provisioners/post_install.sh' exhibits malicious behavior by performing several harmful actions: - **Deletes user and root history files**: Uses secure deletion methods to remove history files, potentially to conceal malicious activities. - **Clears system log files**: Erases log files from '/var/log', hindering the ability to audit and investigate system actions. - **Disables the root account**: Locks the root account password without ensuring alternative secure administrative access, possibly preventing legitimate administrative operations. - **Sets a weak default password ('changeme') for the 'admin' user**: Introduces a significant security risk by using an easily guessable password, facilitating unauthorized access. These actions can be exploited by an attacker to gain unauthorized access, disrupt legitimate operations, and prevent system recovery. The combination of log and history deletion, disabling of root access, and setting weak credentials indicates malicious intent to compromise system security and conceal nefarious activities.
rdkit
2022.9.2
Live on pypi
Blocked by Socket
The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.
patientenapp
1.23.1563
Removed from npm
Blocked by Socket
The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.
Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.
@diotoborg/quaerat-voluptatum
0.0.1-security
by npm
Live on npm
Blocked by Socket
Malicious code in @diotoborg/quaerat-voluptatum (npm) Source: ghsa-malware (c317191d7f8baea64529f132a9125b5769292edde6c5456596b9bf43aa0d1d14) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
war-robots-free-gold-and-silver190
1.0.2
by atiaromaryalab
Removed from npm
Blocked by Socket
The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.
Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.
hight
1.0.2
Removed from npm
Blocked by Socket
The code is highly obfuscated with patterns that are indicative of malicious intent, such as dynamic code execution and anti-debugging techniques. The exact purpose cannot be determined without de-obfuscation and further context, but it is advisable to treat this code as potentially harmful.
Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.
xmdzdom
1.2.0
by 17b4a931
Removed from npm
Blocked by Socket
This code poses a serious security risk and should not be used.
Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.
spr-svg-loaderouazaaaa
2.0.0
by manoc81148
Removed from npm
Blocked by Socket
The script collects information like package name, directory, home directory, hostname, username, DNS servers, and package JSON data, then sends it to a remote server.
Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.
sncicd-tests-run
1.0.1
Removed from npm
Blocked by Socket
The script is malicious in nature, as it is designed to exfiltrate sensitive system information to an external server. The use of base64 encoding is a weak attempt to obfuscate the data being sent. The script poses a high security risk due to the potential for data breaches and further attacks.
Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.
egstore-suspense
1.0.3
Removed from npm
Blocked by Socket
The script collects information like hostname, user id, group id, platform, DNS lookups, current working directory and installing package, then sends it to a remote server.
Live on npm for 4 days, 6 hours and 51 minutes before removal. Socket users were protected even while the package was live.
sap-abstract
1.2.5
by abdallaeg2
Removed from npm
Blocked by Socket
The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.
Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.
healenium
1.0.1
by aagiubkagf
Live on npm
Blocked by Socket
The code connects to a hardcoded IP address (47[.]251[.]102[.]182) on port 8057 without user consent. It sends system information, including OS type and architecture, to this remote server. The code listens for commands from the server and executes them locally using the `exec()` function, which can lead to arbitrary code execution. Additionally, it can receive files from the server and write them to the local filesystem, potentially introducing malicious files. It includes a scheduled task that collects and sends user information at a specific date and time. These behaviors represent unauthorized remote control and data exfiltration, posing significant security risks.
hub-http
1.51.999
Removed from npm
Blocked by Socket
The code is performing malicious activities by exfiltrating sensitive system information to a remote server. This poses a significant security risk and should be considered as malware.
Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.
n-messaging-client
1.999.2
by adhamsadakah300
Removed from npm
Blocked by Socket
The code executes a complex shell command and fetches data from an external URL. While there are no clear indications of malicious intent, the presence of these behaviors raises concerns. Further investigation is needed to determine the exact purpose and potential risks of this code.
Live on npm for 1 day and 4 hours before removal. Socket users were protected even while the package was live.
@zitterorg/laudantium-rerum
2.2.25
by loandinhb931
Live on npm
Blocked by Socket
Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
a15z8my-name
0.1.0
Live on gem
Blocked by Socket
Malicious code in a15z8my-name (RubyGems)
recas
1.2.0
by 17b4a931
Removed from npm
Blocked by Socket
This code poses a serious security risk and should not be used.
Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.
analysis-components
6.999.0
by pavel_palii
Removed from npm
Blocked by Socket
The code exhibits behavior indicative of potential malicious activity, specifically data exfiltration. It poses a significant security risk and should be further investigated and removed if found in a package.
Live on npm for 1 minute before removal. Socket users were protected even while the package was live.
@diotoborg/recusandae-reprehenderit
0.0.1-security
Removed from npm
Blocked by Socket
This package was removed from the npm registry for security reasons.
Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.
test494
1.0.12
by npm
Removed from npm
Blocked by Socket
Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Live on npm for 4 hours and 36 minutes before removal. Socket users were protected even while the package was live.
es6shsm
0.0.1-security.2
by npm
Live on npm
Blocked by Socket
Malicious code in es6shsm (npm) Source: ghsa-malware (532e251435e5aa43412f0a3d67927aad3b0df8a7a31d174bc651cda37d917934) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
hs-loadsh
2.999.999
Removed from npm
Blocked by Socket
The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.
Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.
@cawraytestorg/packagetest
9.9.9
by cawray
Live on npm
Blocked by Socket
The script is malicious as it sends the contents of a critical system file to an external server, which poses a significant security risk.
vine-ember
99.9.9
by dependency-test-6
Removed from npm
Blocked by Socket
The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.
Live on npm for 1 day, 18 hours and 22 minutes before removal. Socket users were protected even while the package was live.
bspin.mobilecasino
1.1.1
by reboda5643
Removed from npm
Blocked by Socket
The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.
Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.
pwn
0.4.621
by 0day Inc.
Live on gem
Blocked by Socket
The script 'packer/provisioners/post_install.sh' exhibits malicious behavior by performing several harmful actions: - **Deletes user and root history files**: Uses secure deletion methods to remove history files, potentially to conceal malicious activities. - **Clears system log files**: Erases log files from '/var/log', hindering the ability to audit and investigate system actions. - **Disables the root account**: Locks the root account password without ensuring alternative secure administrative access, possibly preventing legitimate administrative operations. - **Sets a weak default password ('changeme') for the 'admin' user**: Introduces a significant security risk by using an easily guessable password, facilitating unauthorized access. These actions can be exploited by an attacker to gain unauthorized access, disrupt legitimate operations, and prevent system recovery. The combination of log and history deletion, disabling of root access, and setting weak credentials indicates malicious intent to compromise system security and conceal nefarious activities.
rdkit
2022.9.2
Live on pypi
Blocked by Socket
The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.
patientenapp
1.23.1563
Removed from npm
Blocked by Socket
The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.
Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.
@diotoborg/quaerat-voluptatum
0.0.1-security
by npm
Live on npm
Blocked by Socket
Malicious code in @diotoborg/quaerat-voluptatum (npm) Source: ghsa-malware (c317191d7f8baea64529f132a9125b5769292edde6c5456596b9bf43aa0d1d14) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
war-robots-free-gold-and-silver190
1.0.2
by atiaromaryalab
Removed from npm
Blocked by Socket
The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.
Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.
hight
1.0.2
Removed from npm
Blocked by Socket
The code is highly obfuscated with patterns that are indicative of malicious intent, such as dynamic code execution and anti-debugging techniques. The exact purpose cannot be determined without de-obfuscation and further context, but it is advisable to treat this code as potentially harmful.
Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.
xmdzdom
1.2.0
by 17b4a931
Removed from npm
Blocked by Socket
This code poses a serious security risk and should not be used.
Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.
spr-svg-loaderouazaaaa
2.0.0
by manoc81148
Removed from npm
Blocked by Socket
The script collects information like package name, directory, home directory, hostname, username, DNS servers, and package JSON data, then sends it to a remote server.
Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.
sncicd-tests-run
1.0.1
Removed from npm
Blocked by Socket
The script is malicious in nature, as it is designed to exfiltrate sensitive system information to an external server. The use of base64 encoding is a weak attempt to obfuscate the data being sent. The script poses a high security risk due to the potential for data breaches and further attacks.
Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.
egstore-suspense
1.0.3
Removed from npm
Blocked by Socket
The script collects information like hostname, user id, group id, platform, DNS lookups, current working directory and installing package, then sends it to a remote server.
Live on npm for 4 days, 6 hours and 51 minutes before removal. Socket users were protected even while the package was live.
sap-abstract
1.2.5
by abdallaeg2
Removed from npm
Blocked by Socket
The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.
Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.
healenium
1.0.1
by aagiubkagf
Live on npm
Blocked by Socket
The code connects to a hardcoded IP address (47[.]251[.]102[.]182) on port 8057 without user consent. It sends system information, including OS type and architecture, to this remote server. The code listens for commands from the server and executes them locally using the `exec()` function, which can lead to arbitrary code execution. Additionally, it can receive files from the server and write them to the local filesystem, potentially introducing malicious files. It includes a scheduled task that collects and sends user information at a specific date and time. These behaviors represent unauthorized remote control and data exfiltration, posing significant security risks.
hub-http
1.51.999
Removed from npm
Blocked by Socket
The code is performing malicious activities by exfiltrating sensitive system information to a remote server. This poses a significant security risk and should be considered as malware.
Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.
n-messaging-client
1.999.2
by adhamsadakah300
Removed from npm
Blocked by Socket
The code executes a complex shell command and fetches data from an external URL. While there are no clear indications of malicious intent, the presence of these behaviors raises concerns. Further investigation is needed to determine the exact purpose and potential risks of this code.
Live on npm for 1 day and 4 hours before removal. Socket users were protected even while the package was live.
@zitterorg/laudantium-rerum
2.2.25
by loandinhb931
Live on npm
Blocked by Socket
Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
a15z8my-name
0.1.0
Live on gem
Blocked by Socket
Malicious code in a15z8my-name (RubyGems)
Proactively search and detect dependencies across repositories in your organization, with actionable insights for your projects and SBOMs
Block emerging malware threats, including intentionally maintainer-added updates, along with packages that differ in name by only a few characters..
Get alerted when a dependency update introduces new risky API usage - filesystem, network, child_process, eval().
Detect obfuscated, minified, or hidden code.
Socket detects the sudden inclusion of a new maintainer, updates with telemetry or protestware added, dependencies pulled in from a remote git URL, and much more.
We help security teams work more efficiently
Get actionable alerts for the supply chain risks that matter. Socket highlights risky dependencies directly within the developer workflow.