Sample Malware Packages
Here are some example packages you can use to test out Socket (all examples are safe to install):
- Typosquats: We recommend installing
browserlist
which is a typo ofbrowserslist
- Native code + install script: We recommend installing
bufferutil
which is a legitimate package that uses native code - Telemetry: We recommend installing
angular-calendar
which includes code that pings a server to track when the package is installed - Protestware/Troll package: We recommend installing
styled-components
which contains an install script that prints a (harmless) protestware message
You can also see real-world examples of Socket scans detecting bad packages at our sample repo: SocketDemo/bitmidi.com.
If you want to see how Socket would perform on real malware npm packages, you can also look through our list of removed npm packages. For example, here are several real typosquat examples from the past month:
Updated 8 months ago