New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket

Secure your dependencies. Ship with confidence.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

Install GitHub AppBook a Demo

Find and compare millions of open source packages

Quickly evaluate the security and health of any open source package.

jquery
t

timmywil published 4.0.0

left-pad
s

stevemao published 1.3.0

react
r

react-bot published 19.2.5

We protect you from vulnerable and malicious packages

@twork-data-services/company-sms-phones

1.99.0

by tutalarsen

Live on npm

Blocked by Socket

The preinstall hook executes a local file (index.js) with output suppressed. This is potentially dangerous because the file could perform malicious actions (exfiltrate data, spawn shells, modify the system, add backdoors, or run untrusted code). Without inspecting index.js, the install script cannot be declared safe. Treat this as a high-risk behavior until the script's contents are audited or the install step is removed.

github.com/BishopFox/sliver

v1.6.10

Live on go

Blocked by Socket

Best match is the “tunneling/port-forward + remote-driven TunnelID routing/CloseConn teardown” assessment (Reports 1/3). This module is not just a normal library; it implements high-impact bidirectional TCP proxying over an RPC tunnel with remote-controlled connection selection and teardown via a global TunnelID→net.Conn pool. While no classic malware primitives are visible in this fragment (no exec/files/network to unrelated hosts), the intended capability is characteristic of offensive C2 tooling. Treat as a high security risk supply-chain dependency and require strict provenance, isolation, and code review across the full package to confirm authorization and intended use.

qa-octuple

2.5.6

by darkcod3

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and exfiltrating sensitive system information and file contents to an external server. This poses a significant security risk due to potential data breaches and unauthorized access.

Live on npm for 14 days, 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

github-badge-bot

1.1.0

by kingtiger19990427

Live on npm

Blocked by Socket

This script functions as a credential/session stealer: it enumerates and extracts Discord tokens and Telegram sessions, validates Discord tokens, and exfiltrates the stolen data to a Telegram-based receiver. The behavior is malicious (unauthorized credential harvesting and data exfiltration); the package should be treated as malicious and not used. Review and remove any deployments where this code is present and investigate any systems where it executed.

goldsaxanalyticsenginemarkets

0.012

Live on pypi

Blocked by Socket

This module reads local sqlite price/time-series data and unconditionally transmits constructed event payloads (symbol, database identifier, prices, timestamps) to a hard-coded external HTTP endpoint. The external-reporting channel is unencrypted, unauthenticated, and likely to leak sensitive internal data. Combined with unsafe SQL string composition, inconsistent threading usage, undefined variables, and syntactic errors, the code presents a significant security risk. Treat the external reporting behavior as an exfiltration/backdoor indicator: either remove or make it explicitly opt-in, switch to HTTPS with authentication, fix SQL concatenation and threading issues, and correct the syntactic errors before use. Until then, do not trust this package for production use.

mtmai

0.3.921

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

@anhackle/test

1.0.0

by anhackle

Live on npm

Blocked by Socket

The code is malicious in intent: it attempts to exfiltrate browser cookies to an external webhook. In its exact form it contains a coding error (document.cookie()), which likely prevents successful exfiltration, but the intent is clear and dangerous. Treat this as a compromise indicator, remove the code, and remediate exposed credentials and cookie configuration.

sbcli-down-lba

0.0.5

Live on pypi

Blocked by Socket

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

node-calculator-0c8f

3.0.4

Live on npm

Blocked by Socket

This code intentionally harvests sensitive environment data (FLAG or all environment variables) and transmits it to a hardcoded external webhook via a shell-executed curl POST. It is a direct data exfiltration backdoor and should be considered malicious. Do not execute in any environment containing secrets; remove or isolate the package and investigate any runtime that executed it for potential data leakage.

@volcenjine/rtc

89.3.5

by mtdev008742

Live on npm

Blocked by Socket

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

@rstreamlabs/rstream-cli

1.10.0

by GitHub Actions

Live on npm

Blocked by Socket

This package runs an installer binary during npm install which executes code from the @rstreamlabs/installer dependency. Combined with the package-specified custom registry (https://rstream.io), this is a significant supply-chain risk: the installer could fetch and execute remote code, collect telemetry, exfiltrate data, modify git hooks or system configuration, or otherwise perform malicious actions. You should not install without auditing the @rstreamlabs/installer package (its published files and install-time behavior) and any network endpoints it contacts. If you cannot audit those, treat this as high risk.

dotenv-light

1.0.0

Live on npm

Blocked by Socket

This file contains a hidden downloader/executor (y) that decodes an obfuscated command and runs curl to fetch and execute a remote batch file. This behavior is malicious and unrelated to the stated purpose of environment helpers. The safe parts (env parsing/config) are overshadowed by this backdoor/download-and-execute functionality. Remove or disable the y() function and audit any occurrences of similar obfuscated exec code. Treat the package as malicious.

@evomap/evolver

1.61.0

by autogame-17

Live on npm

Blocked by Socket

This dependency is strongly obfuscated and includes a high-risk dynamic execution primitive (Function/constructor-like string evaluation) combined with environment-variable-driven branching and filesystem-based JSON configuration loading. Even though explicit exfiltration or persistence is not shown in the excerpt, the combination of arbitrary-code-execution capability, evasive control flow, and untrusted filesystem inputs makes it unsuitable without comprehensive deobfuscation, behavioral tracing at runtime, and verification that the generated code cannot perform malicious actions.

baileys-york

6.7.41

by baileys-york

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

worki

1.0.0

by h0x1-test

Removed from npm

Blocked by Socket

This snippet intentionally exfiltrates all environment variables to a hardcoded external endpoint. It constitutes malicious/backdoor behavior in most contexts and poses a high security risk: any system executing this code likely leaked secrets. Remove the code, treat affected credentials as compromised (rotate secrets, investigate exposures), and audit dependent packages for similar code.

Live on npm for 3 days, 18 hours and 2 minutes before removal. Socket users were protected even while the package was live.

certora-cli-alpha-niv-fix-path-in-soroban-entry

20241224.11.23.410711

Live on pypi

Blocked by Socket

The code contains a critical command injection vulnerability where unsanitized user input is directly interpolated into shell commands. This allows arbitrary command execution through the build_script parameter. Despite being legitimate mutation testing software, this represents a serious security flaw that could be exploited by attackers.

bigdl-orca-spark2

2.5.0b20231214

Removed from pypi

Blocked by Socket

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

yj-imgpond

0.12.13

by hanneil

Live on npm

Blocked by Socket

This code bundle contains mostly legitimate UI and image-processing libraries, but also includes a clearly malicious, targeted payload: a time-gated, locale-and-host-conditioned snippet that disables pointer events and injects/auto-plays a hard-coded external audio file (https://flag-gimn.ru/...) for users with Russian locale on certain TLDs. That payload is unrelated to normal library behavior and constitutes a supply-chain backdoor / disruptive malware (political/propaganda and denial-of-interaction). Remove or patch the bundle to delete the malicious snippet; consider treating any package containing this code as compromised.

analytika-analytika-utils

7.351.0

by hcarme

Removed from npm

Blocked by Socket

The code sends environment variables to a potentially suspicious domain, indicating data exfiltration. This is a clear sign of malicious behavior.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

@link-assistant/hive-mind

1.50.8

by GitHub Actions

Live on npm

Blocked by Socket

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

richardtmiles/carbonphp

13.5.0

Live on composer

Blocked by Socket

The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.

resul-angularsdk-uti

0.0.1

by resulticks

Removed from npm

Blocked by Socket

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

tx-engine

0.4.0

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

@twork-data-services/company-sms-phones

1.99.0

by tutalarsen

Live on npm

Blocked by Socket

The preinstall hook executes a local file (index.js) with output suppressed. This is potentially dangerous because the file could perform malicious actions (exfiltrate data, spawn shells, modify the system, add backdoors, or run untrusted code). Without inspecting index.js, the install script cannot be declared safe. Treat this as a high-risk behavior until the script's contents are audited or the install step is removed.

github.com/BishopFox/sliver

v1.6.10

Live on go

Blocked by Socket

Best match is the “tunneling/port-forward + remote-driven TunnelID routing/CloseConn teardown” assessment (Reports 1/3). This module is not just a normal library; it implements high-impact bidirectional TCP proxying over an RPC tunnel with remote-controlled connection selection and teardown via a global TunnelID→net.Conn pool. While no classic malware primitives are visible in this fragment (no exec/files/network to unrelated hosts), the intended capability is characteristic of offensive C2 tooling. Treat as a high security risk supply-chain dependency and require strict provenance, isolation, and code review across the full package to confirm authorization and intended use.

qa-octuple

2.5.6

by darkcod3

Removed from npm

Blocked by Socket

The code exhibits malicious behavior by collecting and exfiltrating sensitive system information and file contents to an external server. This poses a significant security risk due to potential data breaches and unauthorized access.

Live on npm for 14 days, 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

github-badge-bot

1.1.0

by kingtiger19990427

Live on npm

Blocked by Socket

This script functions as a credential/session stealer: it enumerates and extracts Discord tokens and Telegram sessions, validates Discord tokens, and exfiltrates the stolen data to a Telegram-based receiver. The behavior is malicious (unauthorized credential harvesting and data exfiltration); the package should be treated as malicious and not used. Review and remove any deployments where this code is present and investigate any systems where it executed.

goldsaxanalyticsenginemarkets

0.012

Live on pypi

Blocked by Socket

This module reads local sqlite price/time-series data and unconditionally transmits constructed event payloads (symbol, database identifier, prices, timestamps) to a hard-coded external HTTP endpoint. The external-reporting channel is unencrypted, unauthenticated, and likely to leak sensitive internal data. Combined with unsafe SQL string composition, inconsistent threading usage, undefined variables, and syntactic errors, the code presents a significant security risk. Treat the external reporting behavior as an exfiltration/backdoor indicator: either remove or make it explicitly opt-in, switch to HTTPS with authentication, fix SQL concatenation and threading issues, and correct the syntactic errors before use. Until then, do not trust this package for production use.

mtmai

0.3.921

Live on pypi

Blocked by Socket

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

@anhackle/test

1.0.0

by anhackle

Live on npm

Blocked by Socket

The code is malicious in intent: it attempts to exfiltrate browser cookies to an external webhook. In its exact form it contains a coding error (document.cookie()), which likely prevents successful exfiltration, but the intent is clear and dangerous. Treat this as a compromise indicator, remove the code, and remediate exposed credentials and cookie configuration.

sbcli-down-lba

0.0.5

Live on pypi

Blocked by Socket

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

node-calculator-0c8f

3.0.4

Live on npm

Blocked by Socket

This code intentionally harvests sensitive environment data (FLAG or all environment variables) and transmits it to a hardcoded external webhook via a shell-executed curl POST. It is a direct data exfiltration backdoor and should be considered malicious. Do not execute in any environment containing secrets; remove or isolate the package and investigate any runtime that executed it for potential data leakage.

@volcenjine/rtc

89.3.5

by mtdev008742

Live on npm

Blocked by Socket

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

@rstreamlabs/rstream-cli

1.10.0

by GitHub Actions

Live on npm

Blocked by Socket

This package runs an installer binary during npm install which executes code from the @rstreamlabs/installer dependency. Combined with the package-specified custom registry (https://rstream.io), this is a significant supply-chain risk: the installer could fetch and execute remote code, collect telemetry, exfiltrate data, modify git hooks or system configuration, or otherwise perform malicious actions. You should not install without auditing the @rstreamlabs/installer package (its published files and install-time behavior) and any network endpoints it contacts. If you cannot audit those, treat this as high risk.

dotenv-light

1.0.0

Live on npm

Blocked by Socket

This file contains a hidden downloader/executor (y) that decodes an obfuscated command and runs curl to fetch and execute a remote batch file. This behavior is malicious and unrelated to the stated purpose of environment helpers. The safe parts (env parsing/config) are overshadowed by this backdoor/download-and-execute functionality. Remove or disable the y() function and audit any occurrences of similar obfuscated exec code. Treat the package as malicious.

@evomap/evolver

1.61.0

by autogame-17

Live on npm

Blocked by Socket

This dependency is strongly obfuscated and includes a high-risk dynamic execution primitive (Function/constructor-like string evaluation) combined with environment-variable-driven branching and filesystem-based JSON configuration loading. Even though explicit exfiltration or persistence is not shown in the excerpt, the combination of arbitrary-code-execution capability, evasive control flow, and untrusted filesystem inputs makes it unsuitable without comprehensive deobfuscation, behavioral tracing at runtime, and verification that the generated code cannot perform malicious actions.

baileys-york

6.7.41

by baileys-york

Live on npm

Blocked by Socket

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

worki

1.0.0

by h0x1-test

Removed from npm

Blocked by Socket

This snippet intentionally exfiltrates all environment variables to a hardcoded external endpoint. It constitutes malicious/backdoor behavior in most contexts and poses a high security risk: any system executing this code likely leaked secrets. Remove the code, treat affected credentials as compromised (rotate secrets, investigate exposures), and audit dependent packages for similar code.

Live on npm for 3 days, 18 hours and 2 minutes before removal. Socket users were protected even while the package was live.

certora-cli-alpha-niv-fix-path-in-soroban-entry

20241224.11.23.410711

Live on pypi

Blocked by Socket

The code contains a critical command injection vulnerability where unsanitized user input is directly interpolated into shell commands. This allows arbitrary command execution through the build_script parameter. Despite being legitimate mutation testing software, this represents a serious security flaw that could be exploited by attackers.

bigdl-orca-spark2

2.5.0b20231214

Removed from pypi

Blocked by Socket

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

yj-imgpond

0.12.13

by hanneil

Live on npm

Blocked by Socket

This code bundle contains mostly legitimate UI and image-processing libraries, but also includes a clearly malicious, targeted payload: a time-gated, locale-and-host-conditioned snippet that disables pointer events and injects/auto-plays a hard-coded external audio file (https://flag-gimn.ru/...) for users with Russian locale on certain TLDs. That payload is unrelated to normal library behavior and constitutes a supply-chain backdoor / disruptive malware (political/propaganda and denial-of-interaction). Remove or patch the bundle to delete the malicious snippet; consider treating any package containing this code as compromised.

analytika-analytika-utils

7.351.0

by hcarme

Removed from npm

Blocked by Socket

The code sends environment variables to a potentially suspicious domain, indicating data exfiltration. This is a clear sign of malicious behavior.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

@link-assistant/hive-mind

1.50.8

by GitHub Actions

Live on npm

Blocked by Socket

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

richardtmiles/carbonphp

13.5.0

Live on composer

Blocked by Socket

The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.

resul-angularsdk-uti

0.0.1

by resulticks

Removed from npm

Blocked by Socket

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

tx-engine

0.4.0

Live on pypi

Blocked by Socket

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

Detect and block software supply chain attacks

Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.

Possible typosquat attack

Known malware

Unstable ownership

Git dependency

GitHub dependency

AI-detected potential malware

HTTP dependency

Obfuscated code

Skill: Pre-execution shell command

Suspicious Stars on GitHub

55 more alerts

Detect suspicious package updates in real-time

Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.

GitHub app screenshot

Developers love Socket

Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Even more developer love
Install GitHub AppRead the docs

Security teams trust Socket

The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Book a DemoRead the blog

Protect every package in your stack

Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.

View all integrations

RUST

crates.io

Rust Package Manager

PHP

Packagist

PHP Package Manager

GOLANG

Go Modules

Go Dependency Management

JAVA

Maven Central

JAVASCRIPT

npm

Node Package Manager

.NET

NuGet

.NET Package Manager

PYTHON

PyPI

Python Package Index

RUBY

RubyGems.org

Ruby Package Manager

SWIFT

Swift

AI

Hugging Face Hub

AI Model Hub

CI

GitHub Actions

CI/CD Workflows

EXTENSIONS

Chrome Web Store

Chrome Browser Extensions

EXTENSIONS

Open VSX

VS Code Extensions

Supply chain attacks are on the rise

Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.

Nov 23, 2025

Shai Hulud v2

Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.

Nov 05, 2025

Elves on npm

A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.

Jul 04, 2025

RubyGems Automation-Tool Infostealer

Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.

Mar 13, 2025

North Korea's Contagious Interview Campaign

Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.

Jul 23, 2024

Network Reconnaissance Campaign

A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.

Ready to dive in?

Get protected by Socket with just 2 clicks.

Install GitHub AppBook a Demo

The latest from the Socket team

Get our latest security research, open source insights, and product updates.

View all articles