Sarah Gooding
@sarahgooding.bsky.social
Head of Content Marketing at Socket (socket.dev). Open source advocate, runner, knitter. Find me at sarahgooding.dev
Reposted by Sarah Gooding
Webhooks for Alert Changes just dropped 🎉
No more refreshing dashboards. Socket now pushes every new, updated, or cleared alert straight into your workflow in real time.
Perfect way to wrap Launch Week: Ruby reachability, Certified Patches, Bun/vlt, OpenVSX… and now this ⚡️
No more refreshing dashboards. Socket now pushes every new, updated, or cleared alert straight into your workflow in real time.
Perfect way to wrap Launch Week: Ruby reachability, Certified Patches, Bun/vlt, OpenVSX… and now this ⚡️
November 22, 2025 at 12:33 AM
Webhooks for Alert Changes just dropped 🎉
No more refreshing dashboards. Socket now pushes every new, updated, or cleared alert straight into your workflow in real time.
Perfect way to wrap Launch Week: Ruby reachability, Certified Patches, Bun/vlt, OpenVSX… and now this ⚡️
No more refreshing dashboards. Socket now pushes every new, updated, or cleared alert straight into your workflow in real time.
Perfect way to wrap Launch Week: Ruby reachability, Certified Patches, Bun/vlt, OpenVSX… and now this ⚡️
Reposted by Sarah Gooding
IDE extensions are a silent nightmare.
VS Code extensions get full access to your code and creds, and attackers have already slipped malware into VS Code Marketplace and OpenVSX.
So Socket now scans OpenVSX extensions before they ever hit your machine. 🔍⚡️
VS Code extensions get full access to your code and creds, and attackers have already slipped malware into VS Code Marketplace and OpenVSX.
So Socket now scans OpenVSX extensions before they ever hit your machine. 🔍⚡️
November 20, 2025 at 5:39 PM
IDE extensions are a silent nightmare.
VS Code extensions get full access to your code and creds, and attackers have already slipped malware into VS Code Marketplace and OpenVSX.
So Socket now scans OpenVSX extensions before they ever hit your machine. 🔍⚡️
VS Code extensions get full access to your code and creds, and attackers have already slipped malware into VS Code Marketplace and OpenVSX.
So Socket now scans OpenVSX extensions before they ever hit your machine. 🔍⚡️
Reposted by Sarah Gooding
🚀 Big news for JavaScript teams: Socket now supports Bun and vlt in beta.
You no longer have to choose between innovation and security. Commit a bun.lock or vlt-lock.json and Socket gives you full supply chain protection.
You no longer have to choose between innovation and security. Commit a bun.lock or vlt-lock.json and Socket gives you full supply chain protection.
November 19, 2025 at 5:21 PM
🚀 Big news for JavaScript teams: Socket now supports Bun and vlt in beta.
You no longer have to choose between innovation and security. Commit a bun.lock or vlt-lock.json and Socket gives you full supply chain protection.
You no longer have to choose between innovation and security. Commit a bun.lock or vlt-lock.json and Socket gives you full supply chain protection.
This is a novel technique attackers are using to distribute browser-executed malware through npm.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 New npm malware campaign uncovered: 7 malicious packages use Adspect cloaking and fake CAPTCHAs to hide redirects to #crypto scam sites.
Read the full analysis → socket.dev/blog/npm-mal...
Read the full analysis → socket.dev/blog/npm-mal...
npm Malware Campaign Uses Adspect Cloaking to Deliver Malici...
Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.
socket.dev
November 19, 2025 at 3:20 AM
This is a novel technique attackers are using to distribute browser-executed malware through npm.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
Reposted by Sarah Gooding
I had the pleasure of being on-call for a lot of what Elizabeth talked about on this (love is blind & the Tyson fight). It's fun to hear such a polished, clear, and positive message about the absolute *madness* (aka fun) it was to be involved as an engineer on the ground.
What’s it like to work as a software engineer at Netflix? In this special episode recorded at Netflix’s headquarters in Los Gatos, I sat down with Elizabeth Stone, CTO at the company - in the signature Netflix director chairs (and with a pro Netflix camera crew!)
(cont'd)
(cont'd)
November 12, 2025 at 10:39 PM
I had the pleasure of being on-call for a lot of what Elizabeth talked about on this (love is blind & the Tyson fight). It's fun to hear such a polished, clear, and positive message about the absolute *madness* (aka fun) it was to be involved as an engineer on the ground.
New research from @socket.dev: a malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions. Wild on-chain exfiltration technique. Still live on the Chrome Web Store.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 Socket’s Threat Research Team uncovered a malicious Chrome extension posing as an #Ethereum wallet. It steals seed phrases by encoding them into #Sui transactions and leaks them on-chain - no C2 needed.
→ socket.dev/blog/malicio... #crypto
→ socket.dev/blog/malicio... #crypto
Malicious Chrome Extension Exfiltrates Seed Phrases, Enablin...
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
socket.dev
November 13, 2025 at 2:55 AM
New research from @socket.dev: a malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions. Wild on-chain exfiltration technique. Still live on the Chrome Web Store.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
Thrilled to have Jordan joining us at @socket.dev! 💜
Excited to announce I've joined @socket.dev as an Open Source Architect :-)
November 6, 2025 at 9:42 PM
Thrilled to have Jordan joining us at @socket.dev! 💜
This is wild. 99% of the code is legit, with just 20 malicious lines buried in thousands of lines of working code.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 New from Socket Threat Research: 9 malicious #NuGet packages deliver time-delayed destructive payloads, designed to crash apps and sabotage industrial control systems.
Read the full analysis → socket.dev/blog/9-malic... #dotnet
Read the full analysis → socket.dev/blog/9-malic... #dotnet
9 Malicious NuGet Packages Deliver Time-Delayed Destructive ...
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control system...
socket.dev
November 6, 2025 at 9:41 PM
This is wild. 99% of the code is legit, with just 20 malicious lines buried in thousands of lines of working code.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
Reposted by Sarah Gooding
Five practical steps to stay safe on npm
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
The Changelog Podcast: Practical Steps to Stay Safe on npm -...
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
socket.dev
November 3, 2025 at 6:53 PM
Five practical steps to stay safe on npm
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
@sarahgooding.bsky.social @socket.dev
socket.dev/blog/the-cha...
#ECMAScript #JavaScript
Reposted by Sarah Gooding
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.
November 1, 2025 at 4:00 AM
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.
Reposted by Sarah Gooding
Still installing npm packages like it’s 2020? Not all npm installs are treats. 🎃
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
The Changelog Podcast: Practical Steps to Stay Safe on npm -...
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
socket.dev
October 31, 2025 at 6:46 PM
Still installing npm packages like it’s 2020? Not all npm installs are treats. 🎃
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
On the @changelog.com podcast, @feross.bsky.social shares practical steps every developer should take to reduce exposure to supply chain attacks on npm. →
socket.dev/blog/the-cha... #NodeJS #JavaScript
Reposted by Sarah Gooding
That MIT report is absolutely bonkers btw - it classifies 80% of ransomware groups as using GenAI (made up btw), then says things like Emotet uses AI (what? It’s a banking trojan from years ago), Ryuk uses AI (?!?!) etc etc.
And it’s published via MIT with their chief security persons name on it.
And it’s published via MIT with their chief security persons name on it.
October 31, 2025 at 11:36 AM
That MIT report is absolutely bonkers btw - it classifies 80% of ransomware groups as using GenAI (made up btw), then says things like Emotet uses AI (what? It’s a banking trojan from years ago), Ryuk uses AI (?!?!) etc etc.
And it’s published via MIT with their chief security persons name on it.
And it’s published via MIT with their chief security persons name on it.
Reposted by Sarah Gooding
This is really well written, if you want to scare your CISO, send them this for Halloween. 🎃
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 11:32 AM
This is really well written, if you want to scare your CISO, send them this for Halloween. 🎃
There’s a real conversation to be had about how AI has found real-world use cases across cybercrime, but there’s no way in heck that “80 percent of ransomware attacks are AI-driven,” as this report claims. 🤑
h/t @doublepulsar.com
cc: @campuscodi.risky.biz
h/t @doublepulsar.com
cc: @campuscodi.risky.biz
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 2:03 AM
There’s a real conversation to be had about how AI has found real-world use cases across cybercrime, but there’s no way in heck that “80 percent of ransomware attacks are AI-driven,” as this report claims. 🤑
h/t @doublepulsar.com
cc: @campuscodi.risky.biz
h/t @doublepulsar.com
cc: @campuscodi.risky.biz
Some fairly convincing typosquats in this campaign - a reminder that typosquatting is still an effective attack vector on npm.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
Socket threat researchers found 10 typosquatted npm packages that auto-run via postinstall, display fake CAPTCHAs, fingerprint IPs, and install a cross-platform credential stealer. Together, they’ve been downloaded ~9,900 times. Read the report → socket.dev/blog/10-npm-...
10 npm Typosquatted Packages Deploy Multi-Stage Credential H...
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer...
socket.dev
October 29, 2025 at 2:49 AM
Some fairly convincing typosquats in this campaign - a reminder that typosquatting is still an effective attack vector on npm.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 #NuGet Malware: Our research team uncovered malicious NuGet packages impersonating Nethereum via a Cyrillic “e” (homoglyph). The packages XOR-decoded a C2 and exfiltrated mnemonics, private keys, and keystore data.
Read more: socket.dev/blog/malicio...
Read more: socket.dev/blog/malicio...
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate W...
The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.
socket.dev
October 22, 2025 at 4:20 AM
Reposted by Sarah Gooding
Can you believe it – we’re kicking off another Socket Launch Week! 🎉 We'll be announcing a new feature every day.
And we’re starting big: Today we're introducing malware scanning for the Hugging Face ecosystem! #HuggingFace
And we’re starting big: Today we're introducing malware scanning for the Hugging Face ecosystem! #HuggingFace
October 20, 2025 at 5:42 PM
Can you believe it – we’re kicking off another Socket Launch Week! 🎉 We'll be announcing a new feature every day.
And we’re starting big: Today we're introducing malware scanning for the Hugging Face ecosystem! #HuggingFace
And we’re starting big: Today we're introducing malware scanning for the Hugging Face ecosystem! #HuggingFace
Wow! I'm honored to receive this award from the @openjsf.org. It's a privilege to share stories that highlight the people and projects driving open source security forward. I'm thankful my work at @socket.dev lets me support the OSS maintainers and users at the heart of this community. 💜
Introducing 🥁🥁🥁 our JavaScriptLandia award recipients for this year!
Beyond building new features, our recipients guide others, maintain essential systems, document the hard parts, and strengthen the community every step of the way. 💙
Read more about our honorees here: hubs.la/Q03NQvx10
Beyond building new features, our recipients guide others, maintain essential systems, document the hard parts, and strengthen the community every step of the way. 💙
Read more about our honorees here: hubs.la/Q03NQvx10
October 16, 2025 at 4:08 PM
Wow! I'm honored to receive this award from the @openjsf.org. It's a privilege to share stories that highlight the people and projects driving open source security forward. I'm thankful my work at @socket.dev lets me support the OSS maintainers and users at the heart of this community. 💜
More malicious packages linked to North Korea, leveraging typosquatting.
Targets include Web3, cryptocurrency, and blockchain developers, as well as technical job seekers approached with recruiting lures, leading to multi-stage compromise and financial loss.
cc: @campuscodi.risky.biz
Targets include Web3, cryptocurrency, and blockchain developers, as well as technical job seekers approached with recruiting lures, leading to multi-stage compromise and financial loss.
cc: @campuscodi.risky.biz
North Korea’s “Contagious Interview” campaign continues to weaponize npm: 338 malicious packages, 50K+ downloads. Leveraging typosquats, loader tweaks, and new aliases, it targets #crypto devs and job seekers via recruiter lures.
Full Report →
socket.dev/blog/north-k... #NodeJS
Full Report →
socket.dev/blog/north-k... #NodeJS
North Korea’s Contagious Interview Campaign Escalates: 338 M...
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean...
socket.dev
October 15, 2025 at 1:17 AM
More malicious packages linked to North Korea, leveraging typosquatting.
Targets include Web3, cryptocurrency, and blockchain developers, as well as technical job seekers approached with recruiting lures, leading to multi-stage compromise and financial loss.
cc: @campuscodi.risky.biz
Targets include Web3, cryptocurrency, and blockchain developers, as well as technical job seekers approached with recruiting lures, leading to multi-stage compromise and financial loss.
cc: @campuscodi.risky.biz
Ruby Central’s incident report on the RubyGems.org access dispute sparks community backlash and renewed debate over project governance.
An overview on the latest news from the Ruby gems packaging ecosystem with comments from @indirect.io and @duckinator.bsky.social:
An overview on the latest news from the Ruby gems packaging ecosystem with comments from @indirect.io and @duckinator.bsky.social:
When a registry’s maintainers and stewards lose alignment, the entire ecosystem feels it. #Ruby Central’s report on the RubyGems.org access dispute has reopened hard questions about how open source infrastructure is governed. Here's the latest:
socket.dev/blog/ruby-ce...
cc: @shortruby.com
socket.dev/blog/ruby-ce...
cc: @shortruby.com
October 15, 2025 at 12:25 AM
Ruby Central’s incident report on the RubyGems.org access dispute sparks community backlash and renewed debate over project governance.
An overview on the latest news from the Ruby gems packaging ecosystem with comments from @indirect.io and @duckinator.bsky.social:
An overview on the latest news from the Ruby gems packaging ecosystem with comments from @indirect.io and @duckinator.bsky.social:
Big change in Google’s OSV that hasn’t gotten much attention: 500+ advisories just reappeared after a policy fix that had been hiding disputed CVEs.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
⚠️ Google’s OSV just added 500+ new advisories, not from new vulns, but from fixing a long-standing policy that made disputed CVEs invisible.
Learn more → socket.dev/blog/google-...
Learn more → socket.dev/blog/google-...
Google’s OSV Fix Just Added 500+ New Advisories — All Thanks...
A data handling bug in OSV.dev caused disputed CVEs to disappear from vulnerability feeds until a recent fix restored over 500 advisories.
socket.dev
October 10, 2025 at 4:01 AM
Big change in Google’s OSV that hasn’t gotten much attention: 500+ advisories just reappeared after a policy fix that had been hiding disputed CVEs.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
Reposted by Sarah Gooding
Introducing Socket Firewall: free, proactive protection for your software supply chain
@dale.link @socket.dev
socket.dev/blog/introdu...
#ECMAScript #JavaScript
@dale.link @socket.dev
socket.dev/blog/introdu...
#ECMAScript #JavaScript
Introducing Socket Firewall: Free, Proactive Protection for ...
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain atta...
socket.dev
October 7, 2025 at 2:22 AM
Introducing Socket Firewall: free, proactive protection for your software supply chain
@dale.link @socket.dev
socket.dev/blog/introdu...
#ECMAScript #JavaScript
@dale.link @socket.dev
socket.dev/blog/introdu...
#ECMAScript #JavaScript
Thrilled to have @ahmadnassri.com joining us at Socket! 🎉🎉🎉
Happy to share I'm getting back to my roots in open source, this time around on the side of protecting software development!
If you haven't yet, you should install @socket.dev for your team!
If you haven't yet, you should install @socket.dev for your team!
October 7, 2025 at 1:28 AM
Thrilled to have @ahmadnassri.com joining us at Socket! 🎉🎉🎉
Reposted by Sarah Gooding
🔥 Breaking: Former #RubyGems maintainers have launched the Gem Cooperative, a community-run RubyGems server with open governance.
We spoke with the team behind it. Read the full story on the Socket blog → socket.dev/blog/gem-coo... #RubyLang #Ruby #Rails
We spoke with the team behind it. Read the full story on the Socket blog → socket.dev/blog/gem-coo... #RubyLang #Ruby #Rails
Gem Cooperative Emerges as a Community-Run Alternative to Ru...
Former RubyGems maintainers have launched The Gem Cooperative, a new community-run project aimed at rebuilding open governance in the Ruby ecosystem.
socket.dev
October 6, 2025 at 4:28 AM
🔥 Breaking: Former #RubyGems maintainers have launched the Gem Cooperative, a community-run RubyGems server with open governance.
We spoke with the team behind it. Read the full story on the Socket blog → socket.dev/blog/gem-coo... #RubyLang #Ruby #Rails
We spoke with the team behind it. Read the full story on the Socket blog → socket.dev/blog/gem-coo... #RubyLang #Ruby #Rails
This week we released Socket Firewall, a free CLI tool that protects developers from malicious packages at install time. We're excited to extend protection beyond npm to other ecosystems like #Python and #Rust, with more rolling out soon!
@thisweekinrust.bsky.social @campuscodi.risky.biz
#rustlang
@thisweekinrust.bsky.social @campuscodi.risky.biz
#rustlang
🚨 Open source supply chain attacks are exploding.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
October 3, 2025 at 2:59 AM
This week we released Socket Firewall, a free CLI tool that protects developers from malicious packages at install time. We're excited to extend protection beyond npm to other ecosystems like #Python and #Rust, with more rolling out soon!
@thisweekinrust.bsky.social @campuscodi.risky.biz
#rustlang
@thisweekinrust.bsky.social @campuscodi.risky.biz
#rustlang