New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.4

We protect you from vulnerable and malicious packages

monoping

1.0.5

Removed from npm

Blocked by Socket

The code is obfuscated but appears to implement login and token-update network calls using axios, read process.env.REMOTE_ID and call back with the login data. I found no evidence of active malware (no eval, no shell spawning, no file corruption, no arbitrary remote exfiltration). Notable concerns: heavy string obfuscation (reduces auditability), a hardcoded renewal URL that should be validated, and the module calling process.exit(1) on TokenExpiredError which can unexpectedly terminate a host process. Reviewers should verify the axiosConfig base URL and the renewal domain before trusting the package.

Live on npm for 1 day, 6 hours and 41 minutes before removal. Socket users were protected even while the package was live.

sema-engine

0.0.68

by frantic0

Live on npm

Blocked by Socket

The fragment contains significant dynamic code execution vectors and an embedded base64 payload intended to be loaded as a Worker. The combination of eval-based code loading (getParserModuleExports, compileGrammar flows) and a large embedded base64 payload used to instantiate a Worker indicates potential execution of arbitrary code at runtime. In a package, this is a serious supply-chain and runtime risk if inputs or dependencies are not strictly trusted. The code appears designed to enable on-the-fly code generation and execution, which, if exposed to untrusted grammar or livecode payloads, could be leveraged for malicious actions (remote code execution, data exfiltration, or backdoors). The embedded base64 payload and dynamic eval/Worker usage are the primary risk signals. Recommended mitigations include avoiding eval for untrusted inputs, sandboxing or precompiling grammars, auditing the base64 payload source, restricting inputs to trusted sources, and replacing dynamic code generation with safer, constrained interpreters or compilers.

grenache-nodejs-example-fib-server

99.10.9

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

youtube-scrapper

0.0.1

Live on pypi

Blocked by Socket

This module performs a straightforward CSV-to-Postgres upload but contains a high-risk anomaly: it transparently sends the supplied database password to a hardcoded external IP (3.21.144.229) via psycopg2.connect while also connecting to the user-specified host via SQLAlchemy. That behavior effectively leaks credentials to an unexpected host and is consistent with credential exfiltration (or a critical developer mistake). Additional risks: dynamic SQL in read_table (SQL injection), unconditional DROP/CREATE (destructive), lack of TLS/secure connection options, and no input validation or error handling. Remediation: remove or correct the hardcoded connection, avoid embedding credentials in strings (use environment-secured credentials or parameterized config), enforce TLS, validate/sanitize table names or use parameterized queries, add error handling and least-privilege DB users. Treat code as unsafe until fixed.

github.com/gravitl/netmaker

v0.0.0-20210329221848-ac6e9cfd7bc0

Live on go

Blocked by Socket

The best-supported interpretation from all three reports is that this snippet is intended to remove/disrupt a networking/service component: it deletes a network interface, performs an authenticated DELETE against a local admin API to remove a node entry, overwrites sensitive network configuration, deletes a token, and then executes a privileged Go removal routine. The hardcoded bearer credential and `sudo go run ./main.go` pattern are strong security red flags. Even if this could be legitimate administrative deprovisioning, it is high-risk automation without verification/controls, and the unreviewed `main.go` is an unresolved supply-chain execution sink.

muaddib-scanner

2.2.17

by dnszlsk

Live on npm

Blocked by Socket

This code is outright malicious. It exfiltrates environment tokens to a hardcoded external endpoint and, if no tokens are found, runs a destructive rm -rf on the user's home directory. Treat as high-risk malware: do not install or run. If executed, assume secrets are compromised and perform credential rotation and forensic/restore actions.

mtpylib

0.0.59

Live on pypi

Blocked by Socket

The code programmatically creates a tor configuration, writes it to /tmp, and launches the system 'tor' process, exposing local services (SSH, HTTP/HTTPS) as hidden services and opening a ControlPort bound to all interfaces. This behaviour is high-risk in deployment: hardcoded hashed control password, ControlPort on 0.0.0.0, HiddenServiceDir in /tmp, and mapping of sensitive ports all elevate the chance of misuse or compromise. The code does not appear to be intentionally obfuscated or obviously malicious, but it performs privileged network-exposing actions that could facilitate abuse or accidental exposure. Recommend careful review before use: remove hardcoded secrets, avoid binding ControlPort to 0.0.0.0, use a secure directory for HiddenServiceDir, and add lifecycle and permission checks. If the intent is not to expose local SSH/HTTP over Tor, do not use.

sh4d0wup

0.8.0

Live on cargo

Blocked by Socket

This code implements an in-memory execution/infection helper: it compiles and emits a small Rust program that uses memfd_create and fexecve to load and execute ELF bytes provided at runtime, and can fork+detach to execute additional payloads. Those behaviors are powerful and can be used for malicious purposes (stealthy payload execution, in-memory loaders). The code is intentionally invasive and should be treated as high-risk. Use only in trusted contexts and avoid including it in general dependency trees. If you did not expect an infecting/injector utility in this package, treat it as malicious.

354766/the-edgar/founder-forge/founder-forge/

788f0ba1d9cb553423fe1358c5c78b1b58ce03af

Live on socket

Blocked by Socket

The selected analysis (Report 3) presents the most coherent and focused assessment of FounderForge’s security posture, emphasizing clear phase-gating, local artifact storage, and minimal direct credential risk. While the workflow is largely benign, multiple reports converge on a medium-level risk stemming from external web-search integrations and multi-agent data flows. The improved assessment recommends explicit data-handling policies, prompt hygiene, and auditing to reduce data leakage risk and enhance trust in the automation pipeline.

354766/rivet-dev/skills/rivetkit-client-react/

071421335a48c16b956d4e9f0cd2d72df4463dc8

Live on socket

Blocked by Socket

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is documentation for the RivetKit React client with usage examples. It does not contain hidden or malicious code. The only notable security issue is the recommended URL-auth endpoint form (https://namespace:token@api.rivet.dev) which, while supported, can lead to accidental credential leakage in browsers or logs; developers should prefer environment variables or other safer methods in client-side contexts. No evidence of credential harvesting, obfuscated code, or exfiltration to suspicious third parties was found.

pyopenrpa

1.1.17

Live on pypi

Blocked by Socket

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

con4gis/framework

1.1.18

Live on composer

Blocked by Socket

The provided file is a modified/tampered SweetAlert2 bundle containing a malicious payload: a locale- and host-targeted, delayed activation that disables page interaction and autoplays a looping audio file loaded from a third-party domain. This is a clear supply-chain compromise or malicious insertion. Immediate actions: do NOT use this package version; remove it from deployments; audit package integrity (compare with official upstream release, verify checksums/signatures); rotate any secrets that may have been exposed in environments where this version was deployed; notify maintainers and users. Replace with a clean, verified release and investigate how the compromise occurred.

npmclassic

2018.2.2

by kaizhu

Live on npm

Blocked by Socket

This module contains a high-risk remote administration/backdoor pattern: it exposes a TCP-accessible Node REPL (conditioned on PORT_REPL), routes incoming socket data into REPL evaluation, and includes REPL commands that execute host shell commands using child_process.spawn with shell:true derived directly from REPL input. It also forwards stdout to the TCP client, enabling data/command output exfiltration. The surrounding storage/DB code increases manipulation and persistence but the critical threat is the networked REPL + shell execution path.

github.com/BishopFox/sliver

v0.0.0-20201210215035-f8cb6d74c52b

Live on go

Blocked by Socket

This source file is a core component of a remote C2 implant (Sliver) providing pivot management and proxied I/O. Its purpose (enabling pivoting and communication with a remote controller) is malicious in typical benign-supply-chain contexts and it should be treated as high-risk. Additionally, the code contains robustness and security issues (nil dereferences, unchecked err usage, trusting remote length fields, inadequate error handling and no timeouts) that increase the risk of crashes or resource exhaustion. If present as a dependency in otherwise benign software, assume compromise and remove unless inclusion is explicitly intended and authorized.

rpc-selfbot

1.0.3

by unknownx1

Removed from npm

Blocked by Socket

This module implements covert data exfiltration: it accepts an input string and sends it to a hardcoded external Discord webhook. Behavior is malicious in practice (credential or secret theft potential). Treat as compromise/backdoor, remove and audit callers and rotate any potentially leaked credentials.

Live on npm for 4 hours and 20 minutes before removal. Socket users were protected even while the package was live.

hellosign-embed-with-dbx-file

1.0.0

by test6uy767

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and sending sensitive system data to a remote server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 3 days and 17 minutes before removal. Socket users were protected even while the package was live.

cl-lite

1.0.1522

by michael_tian

Live on npm

Blocked by Socket

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

github.com/weaveworks/weave

v1.6.1-0.20160620152929-80b3514e24aa

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

poma-chunker

0.1.3

Removed from pypi

Blocked by Socket

This code implements anti-debugging and anti-analysis checks and will terminate the process if it detects instrumentation, debuggers, or anomalous timing. I found no evidence in this fragment of data exfiltration, backdoor creation, network communication, credential harvesting, or direct destructive actions. However, anti-analysis behaviors are commonly used by malware to evade detection; this raises suspicion but is not proof of malicious payload by itself. Because the snippet is obfuscated and appears truncated, further review of the full package is recommended before trusting it.

Live on pypi for 6 days, 17 hours and 49 minutes before removal. Socket users were protected even while the package was live.

github-orca

0.0.20.1626.gb0c19ef3

by Nick Quaranto

Live on rubygems

Blocked by Socket

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

@getfoundry/unbrowse-openclaw

0.5.10

by getfoundry

Live on npm

Blocked by Socket

This module programmatically extracts and decrypts Chrome cookies on macOS by reading the Chrome Local State, copying the Cookies DB, retrieving the Chrome Safe Storage password from the macOS Keychain, deriving the decryption key, querying the DB with sqlite3, and decrypting cookie blobs. While similar code can be legitimate for automation or testing, its capabilities (keychain access, cookie DB copy, decryption to plaintext) are high-risk and commonly abused for credential theft. The code also creates an unprotected temporary DB copy and uses execSync with interpolated inputs (potential shell injection). Treat this module as sensitive: only use in trusted contexts and avoid running it in environments with untrusted inputs. If you did not expect cookie extraction behavior, do not install or run it.

tx-engine

0.5.6

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

ncert-learn

5.5.2

Live on pypi

Blocked by Socket

This script invokes xmrig.exe to perform a cryptomining benchmark using the --bench=1M and --submit parameters, potentially submitting results over the network. Unauthorized execution can consume system resources for mining and send data externally without user consent, making it a malicious threat.

@esvndev/es-react-config-setting

1.0.155

by esvndev

Live on npm

Blocked by Socket

This code includes a high-risk dynamic code execution path: remote configuration responses can include a script string that the client constructs via new Function(...) and immediately executes. Combined with periodic polling and persistence to localStorage, this constitutes a supply-chain/execution backdoor allowing server-controlled arbitrary JS to run in users' browsers. Unless the remote endpoint and scripts are fully trusted and protected (signed, restricted), this is dangerous. Recommend removing runtime script execution (new Function) or adding strict verification (digital signatures, checksum, origin checks), prompt/consent before execution, and auditing the remote config service. The bundled UI code otherwise appears standard.

monoping

1.0.5

Removed from npm

Blocked by Socket

The code is obfuscated but appears to implement login and token-update network calls using axios, read process.env.REMOTE_ID and call back with the login data. I found no evidence of active malware (no eval, no shell spawning, no file corruption, no arbitrary remote exfiltration). Notable concerns: heavy string obfuscation (reduces auditability), a hardcoded renewal URL that should be validated, and the module calling process.exit(1) on TokenExpiredError which can unexpectedly terminate a host process. Reviewers should verify the axiosConfig base URL and the renewal domain before trusting the package.

Live on npm for 1 day, 6 hours and 41 minutes before removal. Socket users were protected even while the package was live.

sema-engine

0.0.68

by frantic0

Live on npm

Blocked by Socket

The fragment contains significant dynamic code execution vectors and an embedded base64 payload intended to be loaded as a Worker. The combination of eval-based code loading (getParserModuleExports, compileGrammar flows) and a large embedded base64 payload used to instantiate a Worker indicates potential execution of arbitrary code at runtime. In a package, this is a serious supply-chain and runtime risk if inputs or dependencies are not strictly trusted. The code appears designed to enable on-the-fly code generation and execution, which, if exposed to untrusted grammar or livecode payloads, could be leveraged for malicious actions (remote code execution, data exfiltration, or backdoors). The embedded base64 payload and dynamic eval/Worker usage are the primary risk signals. Recommended mitigations include avoiding eval for untrusted inputs, sandboxing or precompiling grammars, auditing the base64 payload source, restricting inputs to trusted sources, and replacing dynamic code generation with safer, constrained interpreters or compilers.

grenache-nodejs-example-fib-server

99.10.9

Removed from npm

Blocked by Socket

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

youtube-scrapper

0.0.1

Live on pypi

Blocked by Socket

This module performs a straightforward CSV-to-Postgres upload but contains a high-risk anomaly: it transparently sends the supplied database password to a hardcoded external IP (3.21.144.229) via psycopg2.connect while also connecting to the user-specified host via SQLAlchemy. That behavior effectively leaks credentials to an unexpected host and is consistent with credential exfiltration (or a critical developer mistake). Additional risks: dynamic SQL in read_table (SQL injection), unconditional DROP/CREATE (destructive), lack of TLS/secure connection options, and no input validation or error handling. Remediation: remove or correct the hardcoded connection, avoid embedding credentials in strings (use environment-secured credentials or parameterized config), enforce TLS, validate/sanitize table names or use parameterized queries, add error handling and least-privilege DB users. Treat code as unsafe until fixed.

github.com/gravitl/netmaker

v0.0.0-20210329221848-ac6e9cfd7bc0

Live on go

Blocked by Socket

The best-supported interpretation from all three reports is that this snippet is intended to remove/disrupt a networking/service component: it deletes a network interface, performs an authenticated DELETE against a local admin API to remove a node entry, overwrites sensitive network configuration, deletes a token, and then executes a privileged Go removal routine. The hardcoded bearer credential and `sudo go run ./main.go` pattern are strong security red flags. Even if this could be legitimate administrative deprovisioning, it is high-risk automation without verification/controls, and the unreviewed `main.go` is an unresolved supply-chain execution sink.

muaddib-scanner

2.2.17

by dnszlsk

Live on npm

Blocked by Socket

This code is outright malicious. It exfiltrates environment tokens to a hardcoded external endpoint and, if no tokens are found, runs a destructive rm -rf on the user's home directory. Treat as high-risk malware: do not install or run. If executed, assume secrets are compromised and perform credential rotation and forensic/restore actions.

mtpylib

0.0.59

Live on pypi

Blocked by Socket

The code programmatically creates a tor configuration, writes it to /tmp, and launches the system 'tor' process, exposing local services (SSH, HTTP/HTTPS) as hidden services and opening a ControlPort bound to all interfaces. This behaviour is high-risk in deployment: hardcoded hashed control password, ControlPort on 0.0.0.0, HiddenServiceDir in /tmp, and mapping of sensitive ports all elevate the chance of misuse or compromise. The code does not appear to be intentionally obfuscated or obviously malicious, but it performs privileged network-exposing actions that could facilitate abuse or accidental exposure. Recommend careful review before use: remove hardcoded secrets, avoid binding ControlPort to 0.0.0.0, use a secure directory for HiddenServiceDir, and add lifecycle and permission checks. If the intent is not to expose local SSH/HTTP over Tor, do not use.

sh4d0wup

0.8.0

Live on cargo

Blocked by Socket

This code implements an in-memory execution/infection helper: it compiles and emits a small Rust program that uses memfd_create and fexecve to load and execute ELF bytes provided at runtime, and can fork+detach to execute additional payloads. Those behaviors are powerful and can be used for malicious purposes (stealthy payload execution, in-memory loaders). The code is intentionally invasive and should be treated as high-risk. Use only in trusted contexts and avoid including it in general dependency trees. If you did not expect an infecting/injector utility in this package, treat it as malicious.

354766/the-edgar/founder-forge/founder-forge/

788f0ba1d9cb553423fe1358c5c78b1b58ce03af

Live on socket

Blocked by Socket

The selected analysis (Report 3) presents the most coherent and focused assessment of FounderForge’s security posture, emphasizing clear phase-gating, local artifact storage, and minimal direct credential risk. While the workflow is largely benign, multiple reports converge on a medium-level risk stemming from external web-search integrations and multi-agent data flows. The improved assessment recommends explicit data-handling policies, prompt hygiene, and auditing to reduce data leakage risk and enhance trust in the automation pipeline.

354766/rivet-dev/skills/rivetkit-client-react/

071421335a48c16b956d4e9f0cd2d72df4463dc8

Live on socket

Blocked by Socket

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is documentation for the RivetKit React client with usage examples. It does not contain hidden or malicious code. The only notable security issue is the recommended URL-auth endpoint form (https://namespace:token@api.rivet.dev) which, while supported, can lead to accidental credential leakage in browsers or logs; developers should prefer environment variables or other safer methods in client-side contexts. No evidence of credential harvesting, obfuscated code, or exfiltration to suspicious third parties was found.

pyopenrpa

1.1.17

Live on pypi

Blocked by Socket

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

con4gis/framework

1.1.18

Live on composer

Blocked by Socket

The provided file is a modified/tampered SweetAlert2 bundle containing a malicious payload: a locale- and host-targeted, delayed activation that disables page interaction and autoplays a looping audio file loaded from a third-party domain. This is a clear supply-chain compromise or malicious insertion. Immediate actions: do NOT use this package version; remove it from deployments; audit package integrity (compare with official upstream release, verify checksums/signatures); rotate any secrets that may have been exposed in environments where this version was deployed; notify maintainers and users. Replace with a clean, verified release and investigate how the compromise occurred.

npmclassic

2018.2.2

by kaizhu

Live on npm

Blocked by Socket

This module contains a high-risk remote administration/backdoor pattern: it exposes a TCP-accessible Node REPL (conditioned on PORT_REPL), routes incoming socket data into REPL evaluation, and includes REPL commands that execute host shell commands using child_process.spawn with shell:true derived directly from REPL input. It also forwards stdout to the TCP client, enabling data/command output exfiltration. The surrounding storage/DB code increases manipulation and persistence but the critical threat is the networked REPL + shell execution path.

github.com/BishopFox/sliver

v0.0.0-20201210215035-f8cb6d74c52b

Live on go

Blocked by Socket

This source file is a core component of a remote C2 implant (Sliver) providing pivot management and proxied I/O. Its purpose (enabling pivoting and communication with a remote controller) is malicious in typical benign-supply-chain contexts and it should be treated as high-risk. Additionally, the code contains robustness and security issues (nil dereferences, unchecked err usage, trusting remote length fields, inadequate error handling and no timeouts) that increase the risk of crashes or resource exhaustion. If present as a dependency in otherwise benign software, assume compromise and remove unless inclusion is explicitly intended and authorized.

rpc-selfbot

1.0.3

by unknownx1

Removed from npm

Blocked by Socket

This module implements covert data exfiltration: it accepts an input string and sends it to a hardcoded external Discord webhook. Behavior is malicious in practice (credential or secret theft potential). Treat as compromise/backdoor, remove and audit callers and rotate any potentially leaked credentials.

Live on npm for 4 hours and 20 minutes before removal. Socket users were protected even while the package was live.

hellosign-embed-with-dbx-file

1.0.0

by test6uy767

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and sending sensitive system data to a remote server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 3 days and 17 minutes before removal. Socket users were protected even while the package was live.

cl-lite

1.0.1522

by michael_tian

Live on npm

Blocked by Socket

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

github.com/weaveworks/weave

v1.6.1-0.20160620152929-80b3514e24aa

Live on go

Blocked by Socket

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

poma-chunker

0.1.3

Removed from pypi

Blocked by Socket

This code implements anti-debugging and anti-analysis checks and will terminate the process if it detects instrumentation, debuggers, or anomalous timing. I found no evidence in this fragment of data exfiltration, backdoor creation, network communication, credential harvesting, or direct destructive actions. However, anti-analysis behaviors are commonly used by malware to evade detection; this raises suspicion but is not proof of malicious payload by itself. Because the snippet is obfuscated and appears truncated, further review of the full package is recommended before trusting it.

Live on pypi for 6 days, 17 hours and 49 minutes before removal. Socket users were protected even while the package was live.

github-orca

0.0.20.1626.gb0c19ef3

by Nick Quaranto

Live on rubygems

Blocked by Socket

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

@getfoundry/unbrowse-openclaw

0.5.10

by getfoundry

Live on npm

Blocked by Socket

This module programmatically extracts and decrypts Chrome cookies on macOS by reading the Chrome Local State, copying the Cookies DB, retrieving the Chrome Safe Storage password from the macOS Keychain, deriving the decryption key, querying the DB with sqlite3, and decrypting cookie blobs. While similar code can be legitimate for automation or testing, its capabilities (keychain access, cookie DB copy, decryption to plaintext) are high-risk and commonly abused for credential theft. The code also creates an unprotected temporary DB copy and uses execSync with interpolated inputs (potential shell injection). Treat this module as sensitive: only use in trusted contexts and avoid running it in environments with untrusted inputs. If you did not expect cookie extraction behavior, do not install or run it.

tx-engine

0.5.6

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

ncert-learn

5.5.2

Live on pypi

Blocked by Socket

This script invokes xmrig.exe to perform a cryptomining benchmark using the --bench=1M and --submit parameters, potentially submitting results over the network. Unauthorized execution can consume system resources for mining and send data externally without user consent, making it a malicious threat.

@esvndev/es-react-config-setting

1.0.155

by esvndev

Live on npm

Blocked by Socket

This code includes a high-risk dynamic code execution path: remote configuration responses can include a script string that the client constructs via new Function(...) and immediately executes. Combined with periodic polling and persistence to localStorage, this constitutes a supply-chain/execution backdoor allowing server-controlled arbitrary JS to run in users' browsers. Unless the remote endpoint and scripts are fully trusted and protected (signed, restricted), this is dangerous. Recommend removing runtime script execution (new Function) or adding strict verification (digital signatures, checksum, origin checks), prompt/consent before execution, and auditing the remote config service. The bundled UI code otherwise appears standard.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Unstable ownership

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Skill: Pre-execution shell command

Suspicious Stars on GitHub

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a DemoRead the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles