New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.4

We protect you from vulnerable and malicious packages

mtmai

0.3.932

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

mtmai

0.4.167

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

github-badge-bot

1.7.7

by kingtiger19990427

Live on npm

Blocked by Socket

This module silently downloads, installs, and starts Chrome Remote Desktop on Windows, using elevated, hidden execution and retry strategies, and binds the host using a hardcoded authorization code while reporting hostname and status to a remote Telegram chat. Those behaviors enable remote access without user consent and contain hardcoded secrets and stealthy privilege escalation techniques — in a supply-chain scenario this is effectively a remote-access backdoor and should be treated as high risk. Only allow usage if every embedded credential (AUTH_CODE and Telegram credentials) and the operator endpoint are explicitly verified and intended; otherwise remove or require interactive admin approval and secure secret handling.

sh-py

9.7

Live on pypi

Blocked by Socket

This module exhibits multiple clear malicious and high-risk behaviors: hardcoded PyPI credentials written to disk, automated package publishing (twine) using those credentials, self-modifying source code, appending to a standard-library file for persistence, and executing external command output via eval. It also relies on shell=True and unsanitized command construction, enabling command injection. Do not install or run this package in any environment. Treat as malicious and remove any artifacts if executed.

dv-sol-lib

1.0.5

by arijan-kokolari

Live on npm

Blocked by Socket

The code transmits the user's private key to an external API endpoint at 'https://pumpapi[.]fun/api/trade' during token trading operations. This exposes sensitive credentials over the network, leading to potential unauthorized access and loss of user funds. The external API may not be trustworthy, and sending private keys over unsecured channels poses a significant security threat.

tx-engine

0.5.0

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

muaddib-scanner

2.2.22

by dnszlsk

Live on npm

Blocked by Socket

This postinstall hook downloads code from a remote server and immediately evals it. That is effectively remote arbitrary code execution during installation and should be treated as malicious. It poses a high to critical security risk (possible data exfiltration, reverse shell, system compromise, or persisted backdoor). Do not install or run this package without offline inspection and replacing this behavior with a safe, verified alternative.

selene-fn

99.0.0

by robert135123442r1

Live on npm

Blocked by Socket

This package executes a local JavaScript file at install time. While that can be a legitimate setup step, it is a high-risk behavior because the executed script can perform telemetry, exfiltrate data, modify the filesystem, install further packages, or run arbitrary commands. You should inspect callback.js before installing or avoid installing untrusted packages that run install-time scripts.

opt-raydium-sdk-v2

0.1.10

by sappysealsz

Live on npm

Blocked by Socket

The file contains a clear backdoor that exfiltrates private key material: when an owner is provided as a keypair (private key present), the module reads signer.secretKey and POSTs it to an external domain (decoded from a base64 string). This is an explicit credential-theft routine embedded in an otherwise legitimate Solana/Raydium helper library. Treat this package as compromised: do not use it, rotate any keys that were used with it, and investigate any systems where it was executed.

let1x3

8.0.5

by karemelsqary1

Live on npm

Blocked by Socket

This preinstall hook is malicious: it harvests system and sensitive files (including private SSH keys and environment files) and exfiltrates them to a remote Discord webhook. Installing this package would likely leak credentials and system information and should be blocked and reported.

mcorev3

3.0.8.9

by mcorev3, M Design

Live on nuget

Blocked by Socket

The assembly is heavily obfuscated and contains runtime decryption/unpacking, dynamic method generation, and native interop to allocate/write/execute memory — a loader/execution pattern. It also has network (SMTP) and database interaction points. These behaviors allow in-memory code execution and potential data exfiltration. Treat this package as high risk: if this is unexpected for the project, do not use it and perform dynamic analysis in an isolated environment. Further investigation (runtime tracing, decryption of embedded resources, and inspection of the decrypted payload) is needed to determine intent (legitimate protection vs malicious loader).

fsd

0.0.572

Removed from pypi

Blocked by Socket

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on pypi for 5 days, 8 hours and 42 minutes before removal. Socket users were protected even while the package was live.

@urbandictionary/prod

281.3.13

by neversummer.69

Live on npm

Blocked by Socket

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

torchmonarch

0.1.0rc1

Live on pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

@khaledtag/karrot_ui

0.0.45

by khaledtag

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

azure-graphrbac

3.8.5

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by sending sensitive system and project data to remote servers. The actions performed by the code pose a significant security risk due to the exposure of sensitive information. The code is not obfuscated, so the obfuscation score is low.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.

aspidites

1.0.1b3

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

kyoushi-statemachines

0.3.3

Live on pypi

Blocked by Socket

This file is an offensive exploitation toolkit. It automates uploading a PHP web shell concealed inside an image to WordPress, controls that web shell via a base64(JSON) GET parameter command channel, and contains built-in support for initiating a reverse shell to a hardcoded attacker host and managing interactive post-exploitation tasks (PTY, su, exec). The presence of a concrete remote attacker IP:port and tailored attack flow indicate malicious intent. Treat this code as high risk; do not run in production or against systems you do not own/authorize.

elf-stats-festive-sparkler-275

2.0.1

Live on npm

Blocked by Socket

This code performs explicit, immediate data exfiltration: it reads local files under /opt, base64-encodes them, and transmits them to a hard-coded external endpoint. Treat this as malicious/supply-chain compromise. Do not run or include this package; remove it, rotate any potentially exposed secrets, block the destination, and investigate origin and impact.

yelp-react-component-ynra

14.2.1

by bugbounty-automation

Removed from npm

Blocked by Socket

The code is highly suspicious and exhibits behavior consistent with malware. It collects extensive system information and sends it to external servers without user consent, using both HTTPS and DNS queries. The methods used for data transmission are covert, indicating a high risk of data exfiltration and privacy invasion.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

@iflow-ai/iflow-cli

0.5.5-beta-20260130170805

by creamidea

Live on npm

Blocked by Socket

An automated, hardcoded download-and-install of a JetBrains plugin into the IDE's plugin directories from a remote ZIP URL, executed without explicit user consent and without cryptographic verification, potentially enabling arbitrary code execution in the IDE. The behavior may include removing existing plugins with the same target name, representing a supply-chain style threat.

github.com/sourcegraph/sourcegraph

v0.0.0-20210104130942-d8b73e04728c

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

fsd

0.1.440

Removed from pypi

Blocked by Socket

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 9 hours and 4 minutes before removal. Socket users were protected even while the package was live.

mtmai

0.3.932

Live on pypi

Blocked by Socket

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

mtmai

0.4.167

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

github-badge-bot

1.7.7

by kingtiger19990427

Live on npm

Blocked by Socket

This module silently downloads, installs, and starts Chrome Remote Desktop on Windows, using elevated, hidden execution and retry strategies, and binds the host using a hardcoded authorization code while reporting hostname and status to a remote Telegram chat. Those behaviors enable remote access without user consent and contain hardcoded secrets and stealthy privilege escalation techniques — in a supply-chain scenario this is effectively a remote-access backdoor and should be treated as high risk. Only allow usage if every embedded credential (AUTH_CODE and Telegram credentials) and the operator endpoint are explicitly verified and intended; otherwise remove or require interactive admin approval and secure secret handling.

sh-py

9.7

Live on pypi

Blocked by Socket

This module exhibits multiple clear malicious and high-risk behaviors: hardcoded PyPI credentials written to disk, automated package publishing (twine) using those credentials, self-modifying source code, appending to a standard-library file for persistence, and executing external command output via eval. It also relies on shell=True and unsanitized command construction, enabling command injection. Do not install or run this package in any environment. Treat as malicious and remove any artifacts if executed.

dv-sol-lib

1.0.5

by arijan-kokolari

Live on npm

Blocked by Socket

The code transmits the user's private key to an external API endpoint at 'https://pumpapi[.]fun/api/trade' during token trading operations. This exposes sensitive credentials over the network, leading to potential unauthorized access and loss of user funds. The external API may not be trustworthy, and sending private keys over unsecured channels poses a significant security threat.

tx-engine

0.5.0

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

muaddib-scanner

2.2.22

by dnszlsk

Live on npm

Blocked by Socket

This postinstall hook downloads code from a remote server and immediately evals it. That is effectively remote arbitrary code execution during installation and should be treated as malicious. It poses a high to critical security risk (possible data exfiltration, reverse shell, system compromise, or persisted backdoor). Do not install or run this package without offline inspection and replacing this behavior with a safe, verified alternative.

selene-fn

99.0.0

by robert135123442r1

Live on npm

Blocked by Socket

This package executes a local JavaScript file at install time. While that can be a legitimate setup step, it is a high-risk behavior because the executed script can perform telemetry, exfiltrate data, modify the filesystem, install further packages, or run arbitrary commands. You should inspect callback.js before installing or avoid installing untrusted packages that run install-time scripts.

opt-raydium-sdk-v2

0.1.10

by sappysealsz

Live on npm

Blocked by Socket

The file contains a clear backdoor that exfiltrates private key material: when an owner is provided as a keypair (private key present), the module reads signer.secretKey and POSTs it to an external domain (decoded from a base64 string). This is an explicit credential-theft routine embedded in an otherwise legitimate Solana/Raydium helper library. Treat this package as compromised: do not use it, rotate any keys that were used with it, and investigate any systems where it was executed.

let1x3

8.0.5

by karemelsqary1

Live on npm

Blocked by Socket

This preinstall hook is malicious: it harvests system and sensitive files (including private SSH keys and environment files) and exfiltrates them to a remote Discord webhook. Installing this package would likely leak credentials and system information and should be blocked and reported.

mcorev3

3.0.8.9

by mcorev3, M Design

Live on nuget

Blocked by Socket

The assembly is heavily obfuscated and contains runtime decryption/unpacking, dynamic method generation, and native interop to allocate/write/execute memory — a loader/execution pattern. It also has network (SMTP) and database interaction points. These behaviors allow in-memory code execution and potential data exfiltration. Treat this package as high risk: if this is unexpected for the project, do not use it and perform dynamic analysis in an isolated environment. Further investigation (runtime tracing, decryption of embedded resources, and inspection of the decrypted payload) is needed to determine intent (legitimate protection vs malicious loader).

fsd

0.0.572

Removed from pypi

Blocked by Socket

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on pypi for 5 days, 8 hours and 42 minutes before removal. Socket users were protected even while the package was live.

@urbandictionary/prod

281.3.13

by neversummer.69

Live on npm

Blocked by Socket

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

torchmonarch

0.1.0rc1

Live on pypi

Blocked by Socket

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

@khaledtag/karrot_ui

0.0.45

by khaledtag

Live on npm

Blocked by Socket

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

azure-graphrbac

3.8.5

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior by sending sensitive system and project data to remote servers. The actions performed by the code pose a significant security risk due to the exposure of sensitive information. The code is not obfuscated, so the obfuscation score is low.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.

aspidites

1.0.1b3

Live on pypi

Blocked by Socket

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

kyoushi-statemachines

0.3.3

Live on pypi

Blocked by Socket

This file is an offensive exploitation toolkit. It automates uploading a PHP web shell concealed inside an image to WordPress, controls that web shell via a base64(JSON) GET parameter command channel, and contains built-in support for initiating a reverse shell to a hardcoded attacker host and managing interactive post-exploitation tasks (PTY, su, exec). The presence of a concrete remote attacker IP:port and tailored attack flow indicate malicious intent. Treat this code as high risk; do not run in production or against systems you do not own/authorize.

elf-stats-festive-sparkler-275

2.0.1

Live on npm

Blocked by Socket

This code performs explicit, immediate data exfiltration: it reads local files under /opt, base64-encodes them, and transmits them to a hard-coded external endpoint. Treat this as malicious/supply-chain compromise. Do not run or include this package; remove it, rotate any potentially exposed secrets, block the destination, and investigate origin and impact.

yelp-react-component-ynra

14.2.1

by bugbounty-automation

Removed from npm

Blocked by Socket

The code is highly suspicious and exhibits behavior consistent with malware. It collects extensive system information and sends it to external servers without user consent, using both HTTPS and DNS queries. The methods used for data transmission are covert, indicating a high risk of data exfiltration and privacy invasion.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

@iflow-ai/iflow-cli

0.5.5-beta-20260130170805

by creamidea

Live on npm

Blocked by Socket

An automated, hardcoded download-and-install of a JetBrains plugin into the IDE's plugin directories from a remote ZIP URL, executed without explicit user consent and without cryptographic verification, potentially enabling arbitrary code execution in the IDE. The behavior may include removing existing plugins with the same target name, representing a supply-chain style threat.

github.com/sourcegraph/sourcegraph

v0.0.0-20210104130942-d8b73e04728c

Live on go

Blocked by Socket

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

fsd

0.1.440

Removed from pypi

Blocked by Socket

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 9 hours and 4 minutes before removal. Socket users were protected even while the package was live.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Unstable ownership

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Skill: Pre-execution shell command

Suspicious Stars on GitHub

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a DemoRead the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles