New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

@link-assistant/hive-mind

1.24.4

by GitHub Actions

Live on npm

Blocked by Socket

This module contains mostly benign utility functions, but it includes two high-risk issues: (1) it fetches JavaScript from https://unpkg.com/use-m/use.js at runtime and evals it to create globalThis.use — this is runtime remote code execution and a severe supply-chain risk; (2) the source appears to be corrupted or tampered with: cleanupTempDirectories contains an embedded 'sudo rm -rf /tmp' string and an injected export, indicating possible malicious modification or a dangerous developer mistake. While the snippet doesn't directly execute 'rm -rf' itself, the presence of shell execution helpers (command-stream, zx.$) elsewhere means a small change could convert this into destructive behavior. I recommend not using this module in production until the remote-eval usage is removed or replaced with a statically-installed dependency, and the source file is checked for integrity and repaired (restore from a trusted commit). Also audit sentry.lib.mjs, git.lib.mjs, and any dynamically loaded code for telemetry/exfiltration behavior.

imagecomponents.core.imaging

4.0.0.3

by Image Components

Live on nuget

Blocked by Socket

The best-supported report (Report 1) clearly highlights high-risk indicators: heavy obfuscation, extensive unmanaged interop for memory manipulation, dynamic code loading/execution, and Linux-specific memory access patterns that could enable in-memory payload deployment or backdoor functionality. The evidence strongly supports a high security risk and potential malware-like capability within this library, warranting removal from distribution channels or thorough, sandboxed verification before use in any project.

@corp-front/corporate-filter-company-select

1.99.99

by sweetsummerchild

Live on npm

Blocked by Socket

This module performs immediate, unauthorized exfiltration of local environment and identity information to a hardcoded external interaction domain. The pattern (hex-encoding identifiers into a subdomain of an oastify.com host and POSTing JSON containing cwd/package/hostname/whoami) is consistent with malicious data-leak/backdoor behavior or a proof-of-concept OAST callback. Treat the package as hostile: do not install or execute in trusted environments, remove it from dependency trees, and investigate any systems that have executed it for potential indicator of compromise.

exp10it

2.4.10

Live on pypi

Blocked by Socket

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

github.com/BishopFox/sliver

v0.0.0-20200915204034-cb10bc9c2491

Live on go

Blocked by Socket

This file implements mutual TLS networking for the Sliver C2 framework. It does not contain obvious obfuscation, hidden credential harvesting, or direct exfiltration code in this fragment, but it is part of an explicit command-and-control system. Notable issues: unbounded message-length handling (DoS risk), fragile Read/error handling, and a potential for deadlocks when routing responses. If your threat model forbids C2 functionality, this package is inappropriate. If evaluating for secure coding, fix input-length validation and use io.ReadFull or similar, handle errors robustly, and add bounds checks on message size.

testjsonn1

0.4

Removed from pypi

Blocked by Socket

This setup.py exhibits high supply-chain risk: it runs pip to install packages and executes package code (testjsonn1.main()) during installation, granting arbitrary code execution with the installer’s privileges. Even absent explicit malicious indicators in this file, the pattern is unsafe and often abused. Recommendations: remove install-time execution, move dependencies to install_requires or pyproject.toml, avoid invoking pip from setup, and audit the imported testjsonn1.main() and the packages installed ('requests', 'pyperclip') before use.

Live on pypi for 3 hours and 5 minutes before removal. Socket users were protected even while the package was live.

pinokiod

3.237.0

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

github.com/sagernet/sing-box

v1.1.6-0.20230302051312-08a855e8fb64

Live on go

Blocked by Socket

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

354766/payram/payram-helper-mcp-server/payram-headless-setup/

825d664b7395f0ac574727f55ea25edde3ab58c1

Live on socket

Blocked by Socket

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The PayRam Headless Setup description is largely coherent and aligned with its intended automation-centric deployment. However, the review identifies significant supply-chain and secret-management risks: plaintext storage of tokens/mnemonics, potential credential leakage through environment variables and logs, and reliance on downloaded scripts from a public repository without integrity verification. To elevate safety, implement verified script delivery (signatures/checksums), encrypt at-rest secrets or restrict file permissions, minimize secret exposure in logs, and add robust auditing and secret rotation policies. Overall, the baseline is acceptable for non-production use with strong caveats; in production, apply the recommended hardening steps to reduce risk. LLM verification: The skill's documented capabilities align with its purpose (headless payment setup), but it includes several risky behaviors that elevate supply-chain and operational risk: executing an unverified remote install script from raw.githubusercontent, storing sensitive tokens and mnemonics in plaintext files, and automating wallet deployments and fund sweeps with quiet/non-interactive flags. I rate this as suspicious rather than overtly malicious: it is coherent with legitimate use but offers high-pr

devilkyuuna

1.0.14

by kyunna

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

org.scalameta:testkit_2.11

4.15.1

Live on maven

Blocked by Socket

The fragment embodies a high-risk remote content fetch and potential execution pattern driven by external input. Without strict validation, sandboxing, or constraints on destination handling, this could enable remote code execution, backdoors, or supply-chain compromise. Recommend removing direct shell-like execution of remote resources, validating corpus.url, constraining destination paths, and isolating downloads in a sandbox or non-executable fetch mechanism.

zonduutest

1.0.9

by zondaa

Removed from npm

Blocked by Socket

The script exhibits several behaviors indicative of malicious activity, including collecting sensitive system information and exfiltrating it to external domains via DNS and HTTP requests. The setting of NODE_TLS_REJECT_UNAUTHORIZED to 0 further increases the security risk.

Live on npm for 5 days, 23 hours and 53 minutes before removal. Socket users were protected even while the package was live.

devussy/upload-google-play

fa73d0b083a308ef89cc47dc5963178185e8a50f

Live on actions

Blocked by Socket

On the surface this is a legitimate native module that compiles on install. However, the presence of the same non-version dependency (node-pre-gyp) in bundleDependencies and dependencies with a wildcard specifier is a deviation that matches a high-risk pattern noted in the policy (same non-version dependency across sections). While there is no explicit remote code execution or telemetry in the install script itself, the wildcard and bundle configuration can increase the attack surface (node-pre-gyp may fetch binaries or artifacts). Recommend manual review of bundled node-pre-gyp contents and any prebuilt binaries before use, and validating the package integrity (shasum/integrity) and source repository if this is used in a security-sensitive environment.

dimaslanjaka/universal-framework

dev-snyk-upgrade-51aa460ad1db099e1eb1503e0d7f24b3

Live on composer

Blocked by Socket

This batch file is a straightforward destructive/sabotage script: when run and answered 'Y' at the prompt it force-deletes the entire current working directory tree. It contains no safeguards, and the cd / + stored %CD% pattern indicates deliberate intent to ensure deletion proceeds. Treat as malicious; do not execute. Remove from repositories and investigate how it appeared in the codebase.

words-with-friends-word-puzzle-apps-on-google-play971

1.0.2

by atiaromaryalab

Removed from npm

Blocked by Socket

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 3 hours and 59 minutes before removal. Socket users were protected even while the package was live.

@h_kuan/hk-pay-test-cli

1.0.2

by h_kuan

Live on npm

Blocked by Socket

This dependency contains a full automation pipeline for encrypted payment/order registration: it fingerprints the host (machine UUID + network interface data), communicates with hardcoded remote payment/auth APIs, encrypts/signs request payloads, persists returned tokens/credentials to local JSON files, and can spawn a detached background polling process to continue network interactions. The presence of credential persistence and host fingerprint exfiltration behaviors, combined with detached background execution, makes it high-risk for supply-chain compromise or abusive automation. Separately, crypto-related randomness appears to use Math.random, which is not cryptographically secure and increases security risk in the handling of secrets and encryption material.

rank4222wun

1.0.26

by rank1987n11

Removed from npm

Blocked by Socket

This package will execute a local script (preinstall.js) during installation. Execution of arbitrary local code at install time is a common vector for supply-chain attacks. You must inspect the contents of preinstall.js (and any files it loads or downloads) before installing. Treat this as potentially risky until proven benign.

Live on npm for 3 days, 3 hours and 15 minutes before removal. Socket users were protected even while the package was live.

pypjt

1.11.2

Live on pypi

Blocked by Socket

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.

paypal-logger

0.8.0

by jpdtestjpd

Removed from npm

Blocked by Socket

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 16 hours and 28 minutes before removal. Socket users were protected even while the package was live.

reer-rhino-mcp

0.1.7

Live on pypi

Blocked by Socket

This code implements a dangerous remote code execution backdoor disguised as CAD automation software. While likely intended for legitimate purposes, it allows any network client to execute arbitrary Python code without authentication or validation, creating critical security vulnerabilities.

@link-assistant/hive-mind

1.24.4

by GitHub Actions

Live on npm

Blocked by Socket

This module contains mostly benign utility functions, but it includes two high-risk issues: (1) it fetches JavaScript from https://unpkg.com/use-m/use.js at runtime and evals it to create globalThis.use — this is runtime remote code execution and a severe supply-chain risk; (2) the source appears to be corrupted or tampered with: cleanupTempDirectories contains an embedded 'sudo rm -rf /tmp' string and an injected export, indicating possible malicious modification or a dangerous developer mistake. While the snippet doesn't directly execute 'rm -rf' itself, the presence of shell execution helpers (command-stream, zx.$) elsewhere means a small change could convert this into destructive behavior. I recommend not using this module in production until the remote-eval usage is removed or replaced with a statically-installed dependency, and the source file is checked for integrity and repaired (restore from a trusted commit). Also audit sentry.lib.mjs, git.lib.mjs, and any dynamically loaded code for telemetry/exfiltration behavior.

imagecomponents.core.imaging

4.0.0.3

by Image Components

Live on nuget

Blocked by Socket

The best-supported report (Report 1) clearly highlights high-risk indicators: heavy obfuscation, extensive unmanaged interop for memory manipulation, dynamic code loading/execution, and Linux-specific memory access patterns that could enable in-memory payload deployment or backdoor functionality. The evidence strongly supports a high security risk and potential malware-like capability within this library, warranting removal from distribution channels or thorough, sandboxed verification before use in any project.

@corp-front/corporate-filter-company-select

1.99.99

by sweetsummerchild

Live on npm

Blocked by Socket

This module performs immediate, unauthorized exfiltration of local environment and identity information to a hardcoded external interaction domain. The pattern (hex-encoding identifiers into a subdomain of an oastify.com host and POSTing JSON containing cwd/package/hostname/whoami) is consistent with malicious data-leak/backdoor behavior or a proof-of-concept OAST callback. Treat the package as hostile: do not install or execute in trusted environments, remove it from dependency trees, and investigate any systems that have executed it for potential indicator of compromise.

exp10it

2.4.10

Live on pypi

Blocked by Socket

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

github.com/BishopFox/sliver

v0.0.0-20200915204034-cb10bc9c2491

Live on go

Blocked by Socket

This file implements mutual TLS networking for the Sliver C2 framework. It does not contain obvious obfuscation, hidden credential harvesting, or direct exfiltration code in this fragment, but it is part of an explicit command-and-control system. Notable issues: unbounded message-length handling (DoS risk), fragile Read/error handling, and a potential for deadlocks when routing responses. If your threat model forbids C2 functionality, this package is inappropriate. If evaluating for secure coding, fix input-length validation and use io.ReadFull or similar, handle errors robustly, and add bounds checks on message size.

testjsonn1

0.4

Removed from pypi

Blocked by Socket

This setup.py exhibits high supply-chain risk: it runs pip to install packages and executes package code (testjsonn1.main()) during installation, granting arbitrary code execution with the installer’s privileges. Even absent explicit malicious indicators in this file, the pattern is unsafe and often abused. Recommendations: remove install-time execution, move dependencies to install_requires or pyproject.toml, avoid invoking pip from setup, and audit the imported testjsonn1.main() and the packages installed ('requests', 'pyperclip') before use.

Live on pypi for 3 hours and 5 minutes before removal. Socket users were protected even while the package was live.

pinokiod

3.237.0

Live on npm

Blocked by Socket

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

github.com/sagernet/sing-box

v1.1.6-0.20230302051312-08a855e8fb64

Live on go

Blocked by Socket

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

354766/payram/payram-helper-mcp-server/payram-headless-setup/

825d664b7395f0ac574727f55ea25edde3ab58c1

Live on socket

Blocked by Socket

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The PayRam Headless Setup description is largely coherent and aligned with its intended automation-centric deployment. However, the review identifies significant supply-chain and secret-management risks: plaintext storage of tokens/mnemonics, potential credential leakage through environment variables and logs, and reliance on downloaded scripts from a public repository without integrity verification. To elevate safety, implement verified script delivery (signatures/checksums), encrypt at-rest secrets or restrict file permissions, minimize secret exposure in logs, and add robust auditing and secret rotation policies. Overall, the baseline is acceptable for non-production use with strong caveats; in production, apply the recommended hardening steps to reduce risk. LLM verification: The skill's documented capabilities align with its purpose (headless payment setup), but it includes several risky behaviors that elevate supply-chain and operational risk: executing an unverified remote install script from raw.githubusercontent, storing sensitive tokens and mnemonics in plaintext files, and automating wallet deployments and fund sweeps with quiet/non-interactive flags. I rate this as suspicious rather than overtly malicious: it is coherent with legitimate use but offers high-pr

devilkyuuna

1.0.14

by kyunna

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

org.scalameta:testkit_2.11

4.15.1

Live on maven

Blocked by Socket

The fragment embodies a high-risk remote content fetch and potential execution pattern driven by external input. Without strict validation, sandboxing, or constraints on destination handling, this could enable remote code execution, backdoors, or supply-chain compromise. Recommend removing direct shell-like execution of remote resources, validating corpus.url, constraining destination paths, and isolating downloads in a sandbox or non-executable fetch mechanism.

zonduutest

1.0.9

by zondaa

Removed from npm

Blocked by Socket

The script exhibits several behaviors indicative of malicious activity, including collecting sensitive system information and exfiltrating it to external domains via DNS and HTTP requests. The setting of NODE_TLS_REJECT_UNAUTHORIZED to 0 further increases the security risk.

Live on npm for 5 days, 23 hours and 53 minutes before removal. Socket users were protected even while the package was live.

devussy/upload-google-play

fa73d0b083a308ef89cc47dc5963178185e8a50f

Live on actions

Blocked by Socket

On the surface this is a legitimate native module that compiles on install. However, the presence of the same non-version dependency (node-pre-gyp) in bundleDependencies and dependencies with a wildcard specifier is a deviation that matches a high-risk pattern noted in the policy (same non-version dependency across sections). While there is no explicit remote code execution or telemetry in the install script itself, the wildcard and bundle configuration can increase the attack surface (node-pre-gyp may fetch binaries or artifacts). Recommend manual review of bundled node-pre-gyp contents and any prebuilt binaries before use, and validating the package integrity (shasum/integrity) and source repository if this is used in a security-sensitive environment.

dimaslanjaka/universal-framework

dev-snyk-upgrade-51aa460ad1db099e1eb1503e0d7f24b3

Live on composer

Blocked by Socket

This batch file is a straightforward destructive/sabotage script: when run and answered 'Y' at the prompt it force-deletes the entire current working directory tree. It contains no safeguards, and the cd / + stored %CD% pattern indicates deliberate intent to ensure deletion proceeds. Treat as malicious; do not execute. Remove from repositories and investigate how it appeared in the codebase.

words-with-friends-word-puzzle-apps-on-google-play971

1.0.2

by atiaromaryalab

Removed from npm

Blocked by Socket

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 3 hours and 59 minutes before removal. Socket users were protected even while the package was live.

@h_kuan/hk-pay-test-cli

1.0.2

by h_kuan

Live on npm

Blocked by Socket

This dependency contains a full automation pipeline for encrypted payment/order registration: it fingerprints the host (machine UUID + network interface data), communicates with hardcoded remote payment/auth APIs, encrypts/signs request payloads, persists returned tokens/credentials to local JSON files, and can spawn a detached background polling process to continue network interactions. The presence of credential persistence and host fingerprint exfiltration behaviors, combined with detached background execution, makes it high-risk for supply-chain compromise or abusive automation. Separately, crypto-related randomness appears to use Math.random, which is not cryptographically secure and increases security risk in the handling of secrets and encryption material.

rank4222wun

1.0.26

by rank1987n11

Removed from npm

Blocked by Socket

This package will execute a local script (preinstall.js) during installation. Execution of arbitrary local code at install time is a common vector for supply-chain attacks. You must inspect the contents of preinstall.js (and any files it loads or downloads) before installing. Treat this as potentially risky until proven benign.

Live on npm for 3 days, 3 hours and 15 minutes before removal. Socket users were protected even while the package was live.

pypjt

1.11.2

Live on pypi

Blocked by Socket

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.

paypal-logger

0.8.0

by jpdtestjpd

Removed from npm

Blocked by Socket

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 16 hours and 28 minutes before removal. Socket users were protected even while the package was live.

reer-rhino-mcp

0.1.7

Live on pypi

Blocked by Socket

This code implements a dangerous remote code execution backdoor disguised as CAD automation software. While likely intended for legitimate purposes, it allows any network client to execute arbitrary Python code without authentication or validation, creating critical security vulnerabilities.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Unstable ownership

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Suspicious Stars on GitHub

Telemetry

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a Demo

Questions? Call us at (844) SOCKET-0

Read the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub App
Book a Demo

Questions? Call us at (844) SOCKET-0

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles