Sample Malware Packages

Here are some example packages you can use to test out Socket (all examples are safe to install):

  • Typosquats: We recommend installing browserlist which is a typo of browserslist
  • Native code + install script: We recommend installing bufferutil which is a legitimate package that uses native code
  • Telemetry: We recommend installing angular-calendar which includes code that pings a server to track when the package is installed
  • Protestware/Troll package: We recommend installing styled-components which contains an install script that prints a (harmless) protestware message

You can also see real-world examples of Socket scans detecting bad packages at our sample repo: SocketDemo/

If you want to see how Socket would perform on real malware npm packages, you can also look through our list of removed npm packages. For example, here are several real typosquat examples from the past month: