
Security News
/Research
Popular node-ipc npm Package Infected with Credential Stealer
Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.
Questions? Call us at (844) SOCKET-0
Quickly evaluate the security and health of any open source package.
apexpro-node
1.0.3
by hemantpillai
Live on npm
Blocked by Socket
This code performs clear credential/data theft: it enumerates and reads a wide range of sensitive local credential/config/history files and environment/process environment, packages the data into JSON, and exfiltrates it to a hardcoded remote server via HTTP POST. The delayed execution and suppressed errors further support malicious intent.
@vibetechnologies/browser-sync
0.3.0
by vibetechnologies
Live on npm
Blocked by Socket
This module is a high-risk browser credential/session extraction utility. It targets Chrome’s local cookie store, retrieves protected decryption keys from OS secret storage/keychain via execSync, decrypts encrypted cookie values into plaintext, and returns those secrets to the caller. Even without network exfiltration here, the capability is directly useful for account takeover or data theft. Additional weaknesses include dynamic SQL built from user-controlled domains and shell execution using environment-derived inputs on macOS, both of which increase misuse and attack surface.
titan-agent
6.1.0-alpha.56
by djtony707
Live on npm
Blocked by Socket
This dependency enables high-impact arbitrary code execution (Python/Node/Bash) for user-supplied code, with only an incomplete regex blacklist as a safety boundary. It forwards the full parent environment into the child process and returns/logs stdout/stderr, creating strong opportunities for secret leakage and other malicious behavior (exfiltration, persistence, filesystem manipulation, and network activity) that are not reliably prevented by the filter. Treat as a major supply-chain/abuse risk unless upstream callers are fully trusted and the host runtime is strongly sandboxed (e.g., OS-level isolation, egress controls, secret minimization).
@vibetechnologies/browser-sync
0.1.0
by vibetechnologies
Live on npm
Blocked by Socket
This module provides a strong, direct capability to extract and decrypt Chrome cookies from a local user profile by copying the cookie database, retrieving platform-specific secrets from OS credential stores, decrypting encrypted cookie values, and returning plaintext cookies to the caller. It also includes a concrete SQL injection risk via string-interpolated SQLite WHERE clause construction from untrusted `domains[]`. Overall, the behavior aligns closely with session/cookie theft or tracking tooling rather than benign functionality.
core.udp
5.4.0
by XXXSS
Live on nuget
Blocked by Socket
This fragment is primarily a UDP communication utility, but it contains highly suspicious Linux-specific persistence-like behavior: it writes a SysV init.d script to /etc/init.d and chmods it to 777, then the script is intended to start the current process. The script content is assembled via string concatenation from runtime and caller-provided values without sanitization/escaping, creating a serious command/script injection opportunity if any inputs can be influenced. Additionally, it can exfiltrate/emit application log strings over unauthenticated UDP. While there is no explicit backdoor/reverse shell shown here, the persistence-like capability and dangerous file/permission handling elevate the security risk substantially.
@vibetechnologies/chrome-sync
0.4.0
by vibetechnologies
Live on npm
Blocked by Socket
This module is a high-risk browser credential/session extraction utility. It targets Chrome’s local cookie store, retrieves protected decryption keys from OS secret storage/keychain via execSync, decrypts encrypted cookie values into plaintext, and returns those secrets to the caller. Even without network exfiltration here, the capability is directly useful for account takeover or data theft. Additional weaknesses include dynamic SQL built from user-controlled domains and shell execution using environment-derived inputs on macOS, both of which increase misuse and attack surface.
@futdevpro/ccap
1.1.3673
by itharen
Live on npm
Blocked by Socket
This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.
@link-assistant/hive-mind
1.70.0
by konard
Live on npm
Blocked by Socket
Highest concern: the module conditionally fetches JavaScript from https://unpkg.com and executes it with eval to create a globalThis.use loader, enabling runtime remote code execution and major supply-chain risk (no integrity/version pinning). Secondary concern: it then parses input and writes derived values directly into process.env without strong allowlisting/validation of keys/values, amplifying impact from malicious or unexpected configuration content.
@link-assistant/hive-mind
1.70.0
by konard
Live on npm
Blocked by Socket
This module has a critical supply-chain execution vulnerability pattern: it downloads JavaScript from a public CDN at runtime and executes it immediately via eval, then uses the evaluated result to obtain a command execution interface. Without integrity verification, pinning, or sandboxing, the code can be replaced/compromised to run arbitrary attacker-controlled JavaScript and potentially execute unintended commands. The remaining GitHub entity-check logic is conventional and mostly limited to querying and string-matching for not-found responses.
@vibetechnologies/chrome-sync
0.4.1
by vibetechnologies
Live on npm
Blocked by Socket
This module is a high-sensitivity browser credential/session theft primitive: it reads Chrome’s local cookie database, retrieves/derives OS-protected decryption keys (macOS keychain / Linux secret store), decrypts encrypted cookie values into plaintext, and returns them to the caller (optionally filtered by domain). While there is no explicit network exfiltration in this snippet, the returned decrypted cookies directly enable downstream theft or session replay. Additionally, it builds the SQLite WHERE clause via string interpolation of `domains`, which introduces query-manipulation risk in the local database query logic.
animica
0.1.11
Live on pypi
Blocked by Socket
Within this file, the behavior is that of a CPU cryptomining client: it connects to a user-configured Stratum pool, continuously scans nonces/hashes in parallel across multiple processes, and submits computed shares back to the pool. No direct indicators of credential theft, backdoors, command execution, or secret exfiltration are present. The primary security concern is harmful/unauthorized compute usage (cryptomining) plus supply-chain risk from the optional mining.template_block dependency that can influence mining/hash-candidate logic. Additional minor risks include unbounded JSON parsing from the Stratum socket and noisy local logging that may reveal worker/runtime details.
cloud-pc-templates
1.2.2
by devashish234073
Live on npm
Blocked by Socket
This module is a high-risk supply-chain/bootstrapper: it downloads executable JavaScript from a public URL at runtime, writes it to a temp file, and immediately executes it via a child Node process. It passes a user API key as a command-line argument and logs all child stdout/stderr, creating both secret-exposure and uncontrolled-code-execution risk. Even though a local /health check is performed, it is not enforced as a hard gate. Without integrity verification (hash/signature) and safer secret handling, this should be treated as a serious security alert in hardened environments.
titan-agent
6.1.0-alpha.55
by djtony707
Live on npm
Blocked by Socket
This module implements an LLM-driven arbitrary code execution pipeline: model output is persisted to disk, compiled via external tooling, dynamically imported, and executed within the host process. The implemented safety checks are narrow and do not provide real sandboxing or comprehensive malicious-behavior prevention. From a supply-chain/security standpoint, this is a high-risk design that should only run with strong isolation/allowlisting and strict trust in the model/provider outputs.
titan-agent
6.1.0-alpha.53
by djtony707
Live on npm
Blocked by Socket
This dependency enables high-impact arbitrary code execution (Python/Node/Bash) for user-supplied code, with only an incomplete regex blacklist as a safety boundary. It forwards the full parent environment into the child process and returns/logs stdout/stderr, creating strong opportunities for secret leakage and other malicious behavior (exfiltration, persistence, filesystem manipulation, and network activity) that are not reliably prevented by the filter. Treat as a major supply-chain/abuse risk unless upstream callers are fully trusted and the host runtime is strongly sandboxed (e.g., OS-level isolation, egress controls, secret minimization).
bits-ai-gateway
0.4.46
by bantenitsolutions
Live on npm
Blocked by Socket
This bundled dependency contains strong, concrete indicators of malicious or at least highly intrusive behavior: it enumerates and forcefully kills gateway-related processes, stages/copies an updater script into a user directory, then spawns a detached updater with relaunch control via environment variables, and exposes an API route that triggers shutdown and forces process exit. While it is packaged inside Next.js/webpack runtime code (which can reduce clarity), the operational intent (process sabotage + self-updater + shutdown endpoint) is highly suspicious. Further review of the referenced updater.js and w.l() implementation is necessary, but within this fragment the behavior aligns with malware-like process control.
openclaw-acp-bridge
0.4.0
Live on pypi
Blocked by Socket
High-confidence malicious/suspicious behavior. This module executes a shell command, proxies bidirectional JSON traffic to that process, and—most importantly—intercepts client prompts containing '/filerequest' to read arbitrary local files/directories, compress directories, base64-encode contents or serve them via an internal HTTP server, and then send the data back to the client. Auth appears optional, and the HTTP server is exposed on 0.0.0.0. Overall, it is consistent with backdoor/exfiltration tooling rather than a legitimate dependency component.
icoa-cli
2.19.151
by icoa
Live on npm
Blocked by Socket
This dependency is high-risk because it contains a direct, user-controlled arbitrary command execution feature (“!” → child_process.execSync). It also performs outbound HTTPS telemetry POSTs containing usage metadata (tokensUsed/solved/timestamp) to a hardcoded external endpoint. While much of the surrounding logic is framed as a CTF/prompt-injection demo, the execSync capability materially increases compromise, sabotage, or unintended RCE risk in real deployments unless tightly sandboxed and access-controlled.
@futdevpro/ccap
1.1.3670
by itharen
Live on npm
Blocked by Socket
This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.
cloud-pc-templates
1.3.0
by devashish234073
Live on npm
Blocked by Socket
This module is a high-risk supply-chain/bootstrapper: it downloads executable JavaScript from a public URL at runtime, writes it to a temp file, and immediately executes it via a child Node process. It passes a user API key as a command-line argument and logs all child stdout/stderr, creating both secret-exposure and uncontrolled-code-execution risk. Even though a local /health check is performed, it is not enforced as a hard gate. Without integrity verification (hash/signature) and safer secret handling, this should be treated as a serious security alert in hardened environments.
@thinkingai/ae-cli
1.0.18
by thinkingai
Live on npm
Blocked by Socket
This module performs highly sensitive authentication token handling and—on macOS—automates extraction of an ACCESS_TOKEN from Google Chrome’s localStorage via Apple Events/osascript. It then stores the extracted token in plaintext tokens.json and validates it by sending the token in a URL query string to a remote endpoint. The behavior is strongly indicative of credential-harvesting capability in a supply-chain context and should only be used with strong trust, clear documentation, and least-privilege controls. No strong obfuscation is present, but the functional risk is high.
animica
0.1.13
Live on pypi
Blocked by Socket
This module is a full CPU cryptomining client (Stratum subscription/authorization, continuous nonce scanning, and mining.submit share submission). From a supply-chain perspective, it presents a high likelihood of malicious/unwanted behavior when embedded in non-mining software due to sustained resource abuse and network communications to external mining infrastructure. Within this snippet, there is no clear evidence of stealth, credential theft, persistence, reverse shells, or arbitrary data exfiltration beyond sending mining protocol messages and polling pool status; the primary risk is the explicit mining workflow and its operational impact, plus a minor supply-chain surface via the optional mining.template_block import.
smbls
3.14.42
by nikoloza
Live on npm
Blocked by Socket
High security risk. This module bundle contains explicit runtime code execution via eval-based destringification (turning stringified content into executable values/functions) and also provides dynamic DOM script injection utilities (including inline embedding from fetched responseText). If attacker-controlled inputs can reach the eval/destringify inputs or the script loader URLs/content, this enables arbitrary JavaScript execution in the consumer’s browser context. While other parts resemble legitimate framework/network/adapters, the combined presence of eval + script injection in a supply-chain dependency warrants urgent review, restriction of inputs, and ideally removal/disablement of dynamic execution features.
apex-connector
1.0.0
by hemantpillai
Live on npm
Blocked by Socket
This code fragment is highly indicative of malicious activity. It delays execution, harvests likely secrets from environment variables, additionally captures the full process environment via '/proc/self/environ', and exfiltrates the collected data to a hardcoded remote server over HTTP POST. Error suppression and targeted keyword matching further support stealthy credential theft rather than legitimate functionality.
nuguard
0.4.5
Live on pypi
Blocked by Socket
This module is highly suspicious and appears designed to facilitate credential/verification-data harvesting via conversational social engineering. It detects credential-seeking intent, provides credential values (including insecure hardcoded defaults), generates plaintext credential-disclosing responses, and can further drive compliance by calling an external LLM with an instruction to complete the task without explanation. Although direct malware behavior (e.g., persistence, shell, or filesystem abuse) is not evident in this snippet, the intent and capabilities strongly warrant security review and likely rejection or containment.
radia
4.50.1
Live on pypi
Blocked by Socket
This module is a high-risk dynamic loader. It unconditionally reads a Python source file from a hardcoded UNC network share and executes it via exec, while also manipulating sys.path to influence subsequent imports. The absence of integrity checks and the use of private network locations make this strongly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality. Treat as critical and block/inspect the referenced network content and the environment for compromise.
apexpro-node
1.0.3
by hemantpillai
Live on npm
Blocked by Socket
This code performs clear credential/data theft: it enumerates and reads a wide range of sensitive local credential/config/history files and environment/process environment, packages the data into JSON, and exfiltrates it to a hardcoded remote server via HTTP POST. The delayed execution and suppressed errors further support malicious intent.
@vibetechnologies/browser-sync
0.3.0
by vibetechnologies
Live on npm
Blocked by Socket
This module is a high-risk browser credential/session extraction utility. It targets Chrome’s local cookie store, retrieves protected decryption keys from OS secret storage/keychain via execSync, decrypts encrypted cookie values into plaintext, and returns those secrets to the caller. Even without network exfiltration here, the capability is directly useful for account takeover or data theft. Additional weaknesses include dynamic SQL built from user-controlled domains and shell execution using environment-derived inputs on macOS, both of which increase misuse and attack surface.
titan-agent
6.1.0-alpha.56
by djtony707
Live on npm
Blocked by Socket
This dependency enables high-impact arbitrary code execution (Python/Node/Bash) for user-supplied code, with only an incomplete regex blacklist as a safety boundary. It forwards the full parent environment into the child process and returns/logs stdout/stderr, creating strong opportunities for secret leakage and other malicious behavior (exfiltration, persistence, filesystem manipulation, and network activity) that are not reliably prevented by the filter. Treat as a major supply-chain/abuse risk unless upstream callers are fully trusted and the host runtime is strongly sandboxed (e.g., OS-level isolation, egress controls, secret minimization).
@vibetechnologies/browser-sync
0.1.0
by vibetechnologies
Live on npm
Blocked by Socket
This module provides a strong, direct capability to extract and decrypt Chrome cookies from a local user profile by copying the cookie database, retrieving platform-specific secrets from OS credential stores, decrypting encrypted cookie values, and returning plaintext cookies to the caller. It also includes a concrete SQL injection risk via string-interpolated SQLite WHERE clause construction from untrusted `domains[]`. Overall, the behavior aligns closely with session/cookie theft or tracking tooling rather than benign functionality.
core.udp
5.4.0
by XXXSS
Live on nuget
Blocked by Socket
This fragment is primarily a UDP communication utility, but it contains highly suspicious Linux-specific persistence-like behavior: it writes a SysV init.d script to /etc/init.d and chmods it to 777, then the script is intended to start the current process. The script content is assembled via string concatenation from runtime and caller-provided values without sanitization/escaping, creating a serious command/script injection opportunity if any inputs can be influenced. Additionally, it can exfiltrate/emit application log strings over unauthenticated UDP. While there is no explicit backdoor/reverse shell shown here, the persistence-like capability and dangerous file/permission handling elevate the security risk substantially.
@vibetechnologies/chrome-sync
0.4.0
by vibetechnologies
Live on npm
Blocked by Socket
This module is a high-risk browser credential/session extraction utility. It targets Chrome’s local cookie store, retrieves protected decryption keys from OS secret storage/keychain via execSync, decrypts encrypted cookie values into plaintext, and returns those secrets to the caller. Even without network exfiltration here, the capability is directly useful for account takeover or data theft. Additional weaknesses include dynamic SQL built from user-controlled domains and shell execution using environment-derived inputs on macOS, both of which increase misuse and attack surface.
@futdevpro/ccap
1.1.3673
by itharen
Live on npm
Blocked by Socket
This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.
@link-assistant/hive-mind
1.70.0
by konard
Live on npm
Blocked by Socket
Highest concern: the module conditionally fetches JavaScript from https://unpkg.com and executes it with eval to create a globalThis.use loader, enabling runtime remote code execution and major supply-chain risk (no integrity/version pinning). Secondary concern: it then parses input and writes derived values directly into process.env without strong allowlisting/validation of keys/values, amplifying impact from malicious or unexpected configuration content.
@link-assistant/hive-mind
1.70.0
by konard
Live on npm
Blocked by Socket
This module has a critical supply-chain execution vulnerability pattern: it downloads JavaScript from a public CDN at runtime and executes it immediately via eval, then uses the evaluated result to obtain a command execution interface. Without integrity verification, pinning, or sandboxing, the code can be replaced/compromised to run arbitrary attacker-controlled JavaScript and potentially execute unintended commands. The remaining GitHub entity-check logic is conventional and mostly limited to querying and string-matching for not-found responses.
@vibetechnologies/chrome-sync
0.4.1
by vibetechnologies
Live on npm
Blocked by Socket
This module is a high-sensitivity browser credential/session theft primitive: it reads Chrome’s local cookie database, retrieves/derives OS-protected decryption keys (macOS keychain / Linux secret store), decrypts encrypted cookie values into plaintext, and returns them to the caller (optionally filtered by domain). While there is no explicit network exfiltration in this snippet, the returned decrypted cookies directly enable downstream theft or session replay. Additionally, it builds the SQLite WHERE clause via string interpolation of `domains`, which introduces query-manipulation risk in the local database query logic.
animica
0.1.11
Live on pypi
Blocked by Socket
Within this file, the behavior is that of a CPU cryptomining client: it connects to a user-configured Stratum pool, continuously scans nonces/hashes in parallel across multiple processes, and submits computed shares back to the pool. No direct indicators of credential theft, backdoors, command execution, or secret exfiltration are present. The primary security concern is harmful/unauthorized compute usage (cryptomining) plus supply-chain risk from the optional mining.template_block dependency that can influence mining/hash-candidate logic. Additional minor risks include unbounded JSON parsing from the Stratum socket and noisy local logging that may reveal worker/runtime details.
cloud-pc-templates
1.2.2
by devashish234073
Live on npm
Blocked by Socket
This module is a high-risk supply-chain/bootstrapper: it downloads executable JavaScript from a public URL at runtime, writes it to a temp file, and immediately executes it via a child Node process. It passes a user API key as a command-line argument and logs all child stdout/stderr, creating both secret-exposure and uncontrolled-code-execution risk. Even though a local /health check is performed, it is not enforced as a hard gate. Without integrity verification (hash/signature) and safer secret handling, this should be treated as a serious security alert in hardened environments.
titan-agent
6.1.0-alpha.55
by djtony707
Live on npm
Blocked by Socket
This module implements an LLM-driven arbitrary code execution pipeline: model output is persisted to disk, compiled via external tooling, dynamically imported, and executed within the host process. The implemented safety checks are narrow and do not provide real sandboxing or comprehensive malicious-behavior prevention. From a supply-chain/security standpoint, this is a high-risk design that should only run with strong isolation/allowlisting and strict trust in the model/provider outputs.
titan-agent
6.1.0-alpha.53
by djtony707
Live on npm
Blocked by Socket
This dependency enables high-impact arbitrary code execution (Python/Node/Bash) for user-supplied code, with only an incomplete regex blacklist as a safety boundary. It forwards the full parent environment into the child process and returns/logs stdout/stderr, creating strong opportunities for secret leakage and other malicious behavior (exfiltration, persistence, filesystem manipulation, and network activity) that are not reliably prevented by the filter. Treat as a major supply-chain/abuse risk unless upstream callers are fully trusted and the host runtime is strongly sandboxed (e.g., OS-level isolation, egress controls, secret minimization).
bits-ai-gateway
0.4.46
by bantenitsolutions
Live on npm
Blocked by Socket
This bundled dependency contains strong, concrete indicators of malicious or at least highly intrusive behavior: it enumerates and forcefully kills gateway-related processes, stages/copies an updater script into a user directory, then spawns a detached updater with relaunch control via environment variables, and exposes an API route that triggers shutdown and forces process exit. While it is packaged inside Next.js/webpack runtime code (which can reduce clarity), the operational intent (process sabotage + self-updater + shutdown endpoint) is highly suspicious. Further review of the referenced updater.js and w.l() implementation is necessary, but within this fragment the behavior aligns with malware-like process control.
openclaw-acp-bridge
0.4.0
Live on pypi
Blocked by Socket
High-confidence malicious/suspicious behavior. This module executes a shell command, proxies bidirectional JSON traffic to that process, and—most importantly—intercepts client prompts containing '/filerequest' to read arbitrary local files/directories, compress directories, base64-encode contents or serve them via an internal HTTP server, and then send the data back to the client. Auth appears optional, and the HTTP server is exposed on 0.0.0.0. Overall, it is consistent with backdoor/exfiltration tooling rather than a legitimate dependency component.
icoa-cli
2.19.151
by icoa
Live on npm
Blocked by Socket
This dependency is high-risk because it contains a direct, user-controlled arbitrary command execution feature (“!” → child_process.execSync). It also performs outbound HTTPS telemetry POSTs containing usage metadata (tokensUsed/solved/timestamp) to a hardcoded external endpoint. While much of the surrounding logic is framed as a CTF/prompt-injection demo, the execSync capability materially increases compromise, sabotage, or unintended RCE risk in real deployments unless tightly sandboxed and access-controlled.
@futdevpro/ccap
1.1.3670
by itharen
Live on npm
Blocked by Socket
This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.
cloud-pc-templates
1.3.0
by devashish234073
Live on npm
Blocked by Socket
This module is a high-risk supply-chain/bootstrapper: it downloads executable JavaScript from a public URL at runtime, writes it to a temp file, and immediately executes it via a child Node process. It passes a user API key as a command-line argument and logs all child stdout/stderr, creating both secret-exposure and uncontrolled-code-execution risk. Even though a local /health check is performed, it is not enforced as a hard gate. Without integrity verification (hash/signature) and safer secret handling, this should be treated as a serious security alert in hardened environments.
@thinkingai/ae-cli
1.0.18
by thinkingai
Live on npm
Blocked by Socket
This module performs highly sensitive authentication token handling and—on macOS—automates extraction of an ACCESS_TOKEN from Google Chrome’s localStorage via Apple Events/osascript. It then stores the extracted token in plaintext tokens.json and validates it by sending the token in a URL query string to a remote endpoint. The behavior is strongly indicative of credential-harvesting capability in a supply-chain context and should only be used with strong trust, clear documentation, and least-privilege controls. No strong obfuscation is present, but the functional risk is high.
animica
0.1.13
Live on pypi
Blocked by Socket
This module is a full CPU cryptomining client (Stratum subscription/authorization, continuous nonce scanning, and mining.submit share submission). From a supply-chain perspective, it presents a high likelihood of malicious/unwanted behavior when embedded in non-mining software due to sustained resource abuse and network communications to external mining infrastructure. Within this snippet, there is no clear evidence of stealth, credential theft, persistence, reverse shells, or arbitrary data exfiltration beyond sending mining protocol messages and polling pool status; the primary risk is the explicit mining workflow and its operational impact, plus a minor supply-chain surface via the optional mining.template_block import.
smbls
3.14.42
by nikoloza
Live on npm
Blocked by Socket
High security risk. This module bundle contains explicit runtime code execution via eval-based destringification (turning stringified content into executable values/functions) and also provides dynamic DOM script injection utilities (including inline embedding from fetched responseText). If attacker-controlled inputs can reach the eval/destringify inputs or the script loader URLs/content, this enables arbitrary JavaScript execution in the consumer’s browser context. While other parts resemble legitimate framework/network/adapters, the combined presence of eval + script injection in a supply-chain dependency warrants urgent review, restriction of inputs, and ideally removal/disablement of dynamic execution features.
apex-connector
1.0.0
by hemantpillai
Live on npm
Blocked by Socket
This code fragment is highly indicative of malicious activity. It delays execution, harvests likely secrets from environment variables, additionally captures the full process environment via '/proc/self/environ', and exfiltrates the collected data to a hardcoded remote server over HTTP POST. Error suppression and targeted keyword matching further support stealthy credential theft rather than legitimate functionality.
nuguard
0.4.5
Live on pypi
Blocked by Socket
This module is highly suspicious and appears designed to facilitate credential/verification-data harvesting via conversational social engineering. It detects credential-seeking intent, provides credential values (including insecure hardcoded defaults), generates plaintext credential-disclosing responses, and can further drive compliance by calling an external LLM with an instruction to complete the task without explanation. Although direct malware behavior (e.g., persistence, shell, or filesystem abuse) is not evident in this snippet, the intent and capabilities strongly warrant security review and likely rejection or containment.
radia
4.50.1
Live on pypi
Blocked by Socket
This module is a high-risk dynamic loader. It unconditionally reads a Python source file from a hardcoded UNC network share and executes it via exec, while also manipulating sys.path to influence subsequent imports. The absence of integrity checks and the use of private network locations make this strongly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality. Treat as critical and block/inspect the referenced network content and the environment for compromise.
Socket detects traditional vulnerabilities (CVEs) but goes beyond that to scan the actual code of dependencies for malicious behavior. It proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection.
Possible typosquat attack
Known malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Suspicious Stars on GitHub
Telemetry
Protestware or potentially unwanted behavior
Unstable ownership
Critical CVE
High CVE
Medium CVE
Low CVE
Unpopular package
Minified code
Bad dependency semver
Wildcard dependency
Socket optimized override available
Deprecated
Unmaintained
Explicitly Unlicensed Item
License Policy Violation
Misc. License Issues
Non-permissive License
Ambiguous License Classifier
Copyleft License
License exception
No License Found
Unidentified License
Socket detects and blocks malicious dependencies, often within just minutes of them being published to public registries, making it the most effective tool for blocking zero-day supply chain attacks.
Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.

Nat Friedman
CEO at GitHub

Suz Hinton
Senior Software Engineer at Stripe
heck yes this is awesome!!! Congrats team 🎉👏

Matteo Collina
Node.js maintainer, Fastify lead maintainer
So awesome to see @SocketSecurity launch with a fresh approach! Excited to have supported the team from the early days.

DC Posch
Director of Technology at AppFolio, CTO at Dynasty
This is going to be super important, especially for crypto projects where a compromised dependency results in stolen user assets.

Luis Naranjo
Software Engineer at Microsoft
If software supply chain attacks through npm don't scare the shit out of you, you're not paying close enough attention.
@SocketSecurity sounds like an awesome product. I'll be using socket.dev instead of npmjs.org to browse npm packages going forward

Elena Nadolinski
Founder and CEO at Iron Fish
Huge congrats to @SocketSecurity! 🙌
Literally the only product that proactively detects signs of JS compromised packages.

Joe Previte
Engineering Team Lead at Coder
Congrats to @feross and the @SocketSecurity team on their seed funding! 🚀 It's been a big help for us at @CoderHQ and we appreciate what y'all are doing!

Josh Goldberg
Staff Developer at Codecademy
This is such a great idea & looks fantastic, congrats & good luck @feross + team!
The best security teams in the world use Socket to get visibility into supply chain risk, and to build a security feedback loop into the development process.

Scott Roberts
CISO at UiPath
As a happy Socket customer, I've been impressed with how quickly they are adding value to the product, this move is a great step!

Yan Zhu
Head of Security at Brave, DEFCON, EFF, W3C
glad to hear some of the smartest people i know are working on (npm, etc.) supply chain security finally :). @SocketSecurity

Andrew Peterson
CEO and Co-Founder at Signal Sciences (acq. Fastly)
How do you track the validity of open source software libraries as they get updated? You're prob not. Check out @SocketSecurity and the updated tooling they launched.
Supply chain is a cluster in security as we all know and the tools from Socket are "duh" type tools to be implementing. Check them out and follow Feross Aboukhadijeh to see more updates coming from them in the future.

Zbyszek Tenerowicz
Senior Security Engineer at ConsenSys
socket.dev is getting more appealing by the hour

Devdatta Akhawe
Head of Security at Figma
The @SocketSecurity team is on fire! Amazing progress and I am exciting to see where they go next.

Sebastian Bensusan
Engineer Manager at Stripe
I find it surprising that we don't have _more_ supply chain attacks in software:
Imagine your airplane (the code running) was assembled (deployed) daily, with parts (dependencies) from internet strangers. How long until you get a bad part?
Excited for Socket to prevent this

Adam Baldwin
VP of Security at npm, Red Team at Auth0/Okta
Congrats to everyone at @SocketSecurity ❤️🤘🏻

Nico Waisman
CISO at Lyft
This is an area that I have personally been very focused on. As Nat Friedman said in the 2019 GitHub Universe keynote, Open Source won, and every time you add a new open source project you rely on someone else code and you rely on the people that build it.
This is both exciting and problematic. You are bringing real risk into your organization, and I'm excited to see progress in the industry from OpenSSF scorecards and package analyzers to the company that Feross Aboukhadijeh is building!
Questions? Call us at (844) SOCKET-0
Secure your team's dependencies across your stack with Socket. Stop supply chain attacks before they reach production.
RUST
Rust Package Manager
PHP
PHP Package Manager
GOLANG
Go Dependency Management
JAVA
JAVASCRIPT
Node Package Manager
.NET
.NET Package Manager
PYTHON
Python Package Index
RUBY
Ruby Package Manager
SWIFT
AI
AI Model Hub
CI
CI/CD Workflows
EXTENSIONS
Chrome Browser Extensions
EXTENSIONS
VS Code Extensions
Attackers have taken notice of the opportunity to attack organizations through open source dependencies. Supply chain attacks rose a whopping 700% in the past year, with over 15,000 recorded attacks.
Nov 23, 2025
Shai Hulud v2
Shai Hulud v2 campaign: preinstall script (setup_bun.js) and loader (setup_bin.js) that installs/locates Bun and executes an obfuscated bundled malicious script (bun_environment.js) with suppressed output.
Nov 05, 2025
Elves on npm
A surge of auto-generated "elf-stats" npm packages is being published every two minutes from new accounts. These packages contain simple malware variants and are being rapidly removed by npm. At least 420 unique packages have been identified, often described as being generated every two minutes, with some mentioning a capture the flag challenge or test.
Jul 04, 2025
RubyGems Automation-Tool Infostealer
Since at least March 2023, a threat actor using multiple aliases uploaded 60 malicious gems to RubyGems that masquerade as automation tools (Instagram, TikTok, Twitter, Telegram, WordPress, and Naver). The gems display a Korean Glimmer-DSL-LibUI login window, then exfiltrate the entered username/password and the host's MAC address via HTTP POST to threat actor-controlled infrastructure.
Mar 13, 2025
North Korea's Contagious Interview Campaign
Since late 2024, we have tracked hundreds of malicious npm packages and supporting infrastructure tied to North Korea's Contagious Interview operation, with tens of thousands of downloads targeting developers and tech job seekers. The threat actors run a factory-style playbook: recruiter lures and fake coding tests, polished GitHub templates, and typosquatted or deceptive dependencies that install or import into real projects.
Jul 23, 2024
Network Reconnaissance Campaign
A malicious npm supply chain attack that leveraged 60 packages across three disposable npm accounts to fingerprint developer workstations and CI/CD servers during installation. Each package embedded a compact postinstall script that collected hostnames, internal and external IP addresses, DNS resolvers, usernames, home and working directories, and package metadata, then exfiltrated this data as a JSON blob to a hardcoded Discord webhook.
Questions? Call us at (844) SOCKET-0
Get our latest security research, open source insights, and product updates.

Security News
/Research
Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.

Security News
TeamPCP and BreachForums are promoting a Shai-Hulud supply chain attack contest with a $1,000 prize for the biggest package compromise.

Security News
Packagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.