Latest Threat Research:Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise.Details
Socket
Book a DemoInstallSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.4

We protect you from vulnerable and malicious packages

magneticod

0.1.0

Live on PyPI

Blocked by Socket

This module is intentionally adversarial in the BitTorrent DHT context: it implements Sybil-style ID manipulation, returns empty node lists while offering tokens, and harvests peer addresses via a callback. It is network-active and designed for DHT poisoning/peer-harvesting. There is no local code-execution or filesystem sabotage, but using this code will cause active abuse of the global DHT and collection of peer IPs. Treat as malicious for network integrity/privacy — do not include in trust-sensitive environments unless intentionally running a Sybil/measurement tool with explicit consent and isolation.

lion-vue

1.1.0

by hammersjs

Live on npm

Blocked by Socket

This code is malicious or at minimum highly dangerous: it performs global prototype and constructor poisoning across core JavaScript types, replacing deterministic native behavior with randomized or suppressed outputs, and overrides dynamic code execution and JSON serialization. The likely intent is sabotage or stealthy interference (breaking functionality, corrupting data, hiding execution) rather than benign functionality. Even if not exfiltrating data, the module would cause widespread failures, non-deterministic behavior, and potential masking of other malicious actions. I recommend treating this package as malicious and not using it.

@segment/action-destinations

3.221.1-add-tar-release-pipeline.eee625f.0

by forgetfulfellow

Live on npm

Blocked by Socket

This file defines a Segment destination named 'Trackey' but hard-codes its HTTP sink to https://eo493p73oqjeket[.]m[.]pipedream[.]net/public-api/integrations/segment/webhook. All incoming event fields (userId, event, messageId, timestamp, properties, groupId, traits) are forwarded verbatim in a JSON POST, and the user-supplied API key is sent in an 'api-key' header. Because the endpoint is an unrelated pipedream[.]net collector rather than an official Trackey API, this constitutes intentional data exfiltration and credential leakage. Do not deploy this connector with real secrets or PII until the endpoint and maintainer intent are fully verified; rotate any exposed keys immediately.

ailever

0.2.256

Live on PyPI

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

elf-stats-cocoa-pinecone-118

1.0.0

by sonwever

Live on npm

Blocked by Socket

High-confidence malicious exfiltration code. It reads sensitive host files (including /etc/shadow when accessible), encodes them, and sends them covertly to a hardcoded external endpoint using a shell-invoked curl. Treat as a backdoor: remove, quarantine, and investigate systems where this code executed; rotate affected credentials and audit network logs for connections to the endpoint.

@softeria/ms-365-mcp-server

0.10.1

by eirikb

Live on npm

Blocked by Socket

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

@laredoute/design-tokens

0.1.55

by xl00t

Live on npm

Blocked by Socket

This preinstall script performs immediate data exfiltration of local machine identifiers to an external HTTP server. This is high-risk and likely malicious telemetry/backdoor behavior. You should not install this package in trusted environments; inspect source and remove or sandbox before any use.

bane

3.9.1

Live on PyPI

Blocked by Socket

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

mtmai

0.4.98

Live on PyPI

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

paway.helper

2.4.8

by Tinn

Live on NuGet

Blocked by Socket

The module contains a large obfuscated component that implements resource decryption, dynamic memory allocation/protection, creation of delegates from function pointers and an interceptor for native module resolution — behavior consistent with an in-memory loader/payload unpacker. It also exposes global keyboard/mouse hooks and IPC/window messaging functions. While many classes appear benign, the obfuscated low-level routines provide clear primitives for code injection, execution and input capture. This is a high-risk supply-chain indicator; treat the package as potentially malicious and do not use it in trusted environments until provenance and purpose are validated.

azure-graphrbac

6.2.7

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

webdriverio-browserstack

1.0.1

by shabbirbs

Removed from npm

Blocked by Socket

This script is highly suspicious as it seems to be designed for unauthorized data exfiltration. Users of this script might unintentionally expose sensitive system information to potentially malicious actors.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

catflix

2.0.0

by swiv

Removed from npm

Blocked by Socket

This package contains malicious code that automatically exfiltrates sensitive environment information to an external server during installation, updates, and testing. The malicious scripts use wget to send HTTP requests to gwvpsgropkvresgkvddyujz63xh8o7aa2[.]oast[.]fun, transmitting the current username ($(whoami)), working directory path ($(pwd)), and system hostname ($(hostname)) as URL parameters. The code is embedded in npm lifecycle hooks (preinstall, preupdate, test) ensuring automatic execution during standard package operations. The --quiet flag is used to suppress output and hide the malicious activity from users. This represents clear data exfiltration malware designed to collect identifying system information without user consent or knowledge.

Live on npm for 15 days, 18 hours and 40 minutes before removal. Socket users were protected even while the package was live.

vector-maps

99.9.9

by dependency-test-6

Removed from npm

Blocked by Socket

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 day, 18 hours and 23 minutes before removal. Socket users were protected even while the package was live.

ethers-xdc

1.2.1

by m_kasim2

Live on npm

Blocked by Socket

This file creates a persistent reverse shell connection to example[.]com on port 43197, allowing remote command execution and potential data exfiltration. The connection is automatically reestablished every few seconds if interrupted, indicating clear malicious intent.

mtmai

0.3.872

Live on PyPI

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

fiji-core-cryptopool

8.999.0

by officeathand

Removed from npm

Blocked by Socket

The code is malicious in nature as it collects sensitive system information without explicit user consent and sends it to an external web service. This could lead to a data privacy breach.

Live on npm for 21 days, 6 hours and 15 minutes before removal. Socket users were protected even while the package was live.

ldhpgemrdhs92007

1.250731.11345

by ongtrieuhau861.001

Live on npm

Blocked by Socket

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

mtmai

0.3.858

Live on PyPI

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

shove

0.6.6

Live on PyPI

Blocked by Socket

This code appears to be a compromised version of a storage backend library. The critical syntax errors and incomplete SQL execution suggest intentional tampering rather than legitimate code. The non-functional state combined with potential backdoor mechanisms indicates a high probability of supply chain attack. This package should not be used.

discord-sender

1.0.3

by joeleeofficial

Live on npm

Blocked by Socket

This module performs intentional data exfiltration: it sends caller-supplied webhook URLs and values (and optionally data fetched from the supplied URL) to a hardcoded third-party collector (https://shell.joelee.ga). It also performs a request to an arbitrary URL provided by the caller, introducing SSRF-like risk. There is no opt-out, configuration, or validation. Treat this package as malicious and do not install or use it in trusted environments; remove and investigate any deployments that used it and rotate any potentially exposed secrets/webhooks.

iflow-mcp-yenn503-hexstrike-redteam

6.0.0

Live on PyPI

Blocked by Socket

This source is a clearly malicious/ offensive loader: it implements stealthy process injection and execution of arbitrary shellcode using advanced Windows internals and evasion techniques (APC write primitive, VTable redirection, PEB tampering, CFG patching, PAGE_NOACCESS hiding). It should not be used in benign software; inclusion in a supply chain would be a severe security incident. The code intentionally performs unauthorized code injection and memory tampering; treat it as malware.

magneticod

0.1.0

Live on PyPI

Blocked by Socket

This module is intentionally adversarial in the BitTorrent DHT context: it implements Sybil-style ID manipulation, returns empty node lists while offering tokens, and harvests peer addresses via a callback. It is network-active and designed for DHT poisoning/peer-harvesting. There is no local code-execution or filesystem sabotage, but using this code will cause active abuse of the global DHT and collection of peer IPs. Treat as malicious for network integrity/privacy — do not include in trust-sensitive environments unless intentionally running a Sybil/measurement tool with explicit consent and isolation.

lion-vue

1.1.0

by hammersjs

Live on npm

Blocked by Socket

This code is malicious or at minimum highly dangerous: it performs global prototype and constructor poisoning across core JavaScript types, replacing deterministic native behavior with randomized or suppressed outputs, and overrides dynamic code execution and JSON serialization. The likely intent is sabotage or stealthy interference (breaking functionality, corrupting data, hiding execution) rather than benign functionality. Even if not exfiltrating data, the module would cause widespread failures, non-deterministic behavior, and potential masking of other malicious actions. I recommend treating this package as malicious and not using it.

@segment/action-destinations

3.221.1-add-tar-release-pipeline.eee625f.0

by forgetfulfellow

Live on npm

Blocked by Socket

This file defines a Segment destination named 'Trackey' but hard-codes its HTTP sink to https://eo493p73oqjeket[.]m[.]pipedream[.]net/public-api/integrations/segment/webhook. All incoming event fields (userId, event, messageId, timestamp, properties, groupId, traits) are forwarded verbatim in a JSON POST, and the user-supplied API key is sent in an 'api-key' header. Because the endpoint is an unrelated pipedream[.]net collector rather than an official Trackey API, this constitutes intentional data exfiltration and credential leakage. Do not deploy this connector with real secrets or PII until the endpoint and maintainer intent are fully verified; rotate any exposed keys immediately.

ailever

0.2.256

Live on PyPI

Blocked by Socket

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

elf-stats-cocoa-pinecone-118

1.0.0

by sonwever

Live on npm

Blocked by Socket

High-confidence malicious exfiltration code. It reads sensitive host files (including /etc/shadow when accessible), encodes them, and sends them covertly to a hardcoded external endpoint using a shell-invoked curl. Treat as a backdoor: remove, quarantine, and investigate systems where this code executed; rotate affected credentials and audit network logs for connections to the endpoint.

@softeria/ms-365-mcp-server

0.10.1

by eirikb

Live on npm

Blocked by Socket

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

@laredoute/design-tokens

0.1.55

by xl00t

Live on npm

Blocked by Socket

This preinstall script performs immediate data exfiltration of local machine identifiers to an external HTTP server. This is high-risk and likely malicious telemetry/backdoor behavior. You should not install this package in trusted environments; inspect source and remove or sandbox before any use.

bane

3.9.1

Live on PyPI

Blocked by Socket

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

mtmai

0.4.98

Live on PyPI

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

paway.helper

2.4.8

by Tinn

Live on NuGet

Blocked by Socket

The module contains a large obfuscated component that implements resource decryption, dynamic memory allocation/protection, creation of delegates from function pointers and an interceptor for native module resolution — behavior consistent with an in-memory loader/payload unpacker. It also exposes global keyboard/mouse hooks and IPC/window messaging functions. While many classes appear benign, the obfuscated low-level routines provide clear primitives for code injection, execution and input capture. This is a high-risk supply-chain indicator; treat the package as potentially malicious and do not use it in trusted environments until provenance and purpose are validated.

azure-graphrbac

6.2.7

Removed from npm

Blocked by Socket

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

webdriverio-browserstack

1.0.1

by shabbirbs

Removed from npm

Blocked by Socket

This script is highly suspicious as it seems to be designed for unauthorized data exfiltration. Users of this script might unintentionally expose sensitive system information to potentially malicious actors.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

catflix

2.0.0

by swiv

Removed from npm

Blocked by Socket

This package contains malicious code that automatically exfiltrates sensitive environment information to an external server during installation, updates, and testing. The malicious scripts use wget to send HTTP requests to gwvpsgropkvresgkvddyujz63xh8o7aa2[.]oast[.]fun, transmitting the current username ($(whoami)), working directory path ($(pwd)), and system hostname ($(hostname)) as URL parameters. The code is embedded in npm lifecycle hooks (preinstall, preupdate, test) ensuring automatic execution during standard package operations. The --quiet flag is used to suppress output and hide the malicious activity from users. This represents clear data exfiltration malware designed to collect identifying system information without user consent or knowledge.

Live on npm for 15 days, 18 hours and 40 minutes before removal. Socket users were protected even while the package was live.

vector-maps

99.9.9

by dependency-test-6

Removed from npm

Blocked by Socket

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 day, 18 hours and 23 minutes before removal. Socket users were protected even while the package was live.

ethers-xdc

1.2.1

by m_kasim2

Live on npm

Blocked by Socket

This file creates a persistent reverse shell connection to example[.]com on port 43197, allowing remote command execution and potential data exfiltration. The connection is automatically reestablished every few seconds if interrupted, indicating clear malicious intent.

mtmai

0.3.872

Live on PyPI

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

fiji-core-cryptopool

8.999.0

by officeathand

Removed from npm

Blocked by Socket

The code is malicious in nature as it collects sensitive system information without explicit user consent and sends it to an external web service. This could lead to a data privacy breach.

Live on npm for 21 days, 6 hours and 15 minutes before removal. Socket users were protected even while the package was live.

ldhpgemrdhs92007

1.250731.11345

by ongtrieuhau861.001

Live on npm

Blocked by Socket

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

mtmai

0.3.858

Live on PyPI

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

shove

0.6.6

Live on PyPI

Blocked by Socket

This code appears to be a compromised version of a storage backend library. The critical syntax errors and incomplete SQL execution suggest intentional tampering rather than legitimate code. The non-functional state combined with potential backdoor mechanisms indicates a high probability of supply chain attack. This package should not be used.

discord-sender

1.0.3

by joeleeofficial

Live on npm

Blocked by Socket

This module performs intentional data exfiltration: it sends caller-supplied webhook URLs and values (and optionally data fetched from the supplied URL) to a hardcoded third-party collector (https://shell.joelee.ga). It also performs a request to an arbitrary URL provided by the caller, introducing SSRF-like risk. There is no opt-out, configuration, or validation. Treat this package as malicious and do not install or use it in trusted environments; remove and investigate any deployments that used it and rotate any potentially exposed secrets/webhooks.

iflow-mcp-yenn503-hexstrike-redteam

6.0.0

Live on PyPI

Blocked by Socket

This source is a clearly malicious/ offensive loader: it implements stealthy process injection and execution of arbitrary shellcode using advanced Windows internals and evasion techniques (APC write primitive, VTable redirection, PEB tampering, CFG patching, PAGE_NOACCESS hiding). It should not be used in benign software; inclusion in a supply chain would be a severe security incident. The code intentionally performs unauthorized code injection and memory tampering; treat it as malware.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

Protestware or potentially unwanted behavior

42 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Even more security team love
Book a DemoRead the blog

Why teams choose Socket

Pro-active security

Depend on Socket to prevent malicious open source dependencies from infiltrating your app.

Easy to install

Install the Socket GitHub App in just 2 clicks and get protected today.

Comprehensive open source protection

Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.

Develop faster

Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles