Log inSign up
Socket
3,193 posts
user avatar
Socket
@SocketSecurity
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
https://socket.dev/careers
socket.dev
Joined November 2021
4,604
Following
21.6K
Followers
  • Pinned
    user avatar
    Socket
    @SocketSecurity
    May 22
    Today is a big day for Socket.
    user avatar
    Feross
    Socket
    @feross
    May 20
    Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M. Four years ago, we started Socket because open source dependencies
    26K
  • Socket reposted
    user avatar
    Socket
    @SocketSecurity
    16h
    Every package install brings third-party code into your app. On the @riskybusiness podcast, Socket CEO @feross explains how AI coding agents are pulling in more dependencies, faster, often without a human in the loop. Watch the full episode: socket.dev/blog/risky-biz…
    00:00
    2.2K
  • user avatar
    Socket
    @SocketSecurity
    16h
    Every package install brings third-party code into your app. On the @riskybusiness podcast, Socket CEO @feross explains how AI coding agents are pulling in more dependencies, faster, often without a human in the loop. Watch the full episode: socket.dev/blog/risky-biz…
    00:00
    2.2K
  • Socket reposted
    user avatar
    John-David Dalton
    @jdalton
    20h
    Counting all Lodash package variants it's over 1 Billion npm downloads a week. We can blame it on the 🤖s
    user avatar
    Matteo Collina
    @matteocollina
    23h
    In the meanwhile… lodash almost doubled its downloads in 6 months.
    3.2K
  • Socket reposted
    user avatar
    Feross
    Socket
    @feross
    Jun 30
    A VPN extension is not supposed to read your clipboard every 500 milliseconds.
    user avatar
    Socket
    @SocketSecurity
    Jun 29
    A VPN extension is not supposed to read your clipboard every 500 milliseconds. Socket researchers found Chrome and Firefox extensions posing as free VPNs that added clipboard stealers in later updates and exfiltrated copied data. socket.dev/blog/chrome-an…
    32K
  • Socket reposted
    user avatar
    tuckner
    @tuckner
    Jun 29
    Imagine what the Free VPN is stealing if the extension is already blatantly exfiltrating your clipboard
    user avatar
    Socket
    @SocketSecurity
    Jun 29
    A VPN extension is not supposed to read your clipboard every 500 milliseconds. Socket researchers found Chrome and Firefox extensions posing as free VPNs that added clipboard stealers in later updates and exfiltrated copied data. socket.dev/blog/chrome-an…
    11K
  • user avatar
    Socket
    @SocketSecurity
    Jun 29
    A VPN extension is not supposed to read your clipboard every 500 milliseconds. Socket researchers found Chrome and Firefox extensions posing as free VPNs that added clipboard stealers in later updates and exfiltrated copied data.
    Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.
    Chrome and Firefox Extensions Posing as Free VPNs Add Clipbo...
    From socket.dev
    51K
  • Socket reposted
    user avatar
    Socket
    @SocketSecurity
    Jun 26
    Everyone’s got an opinion on #JavaScript build tooling this week. 😅 Rolldown pulled its Rust @reactjs Compiler integration after a 5MB binary size increase raised questions about framework-specific code in @vite_js. The details:
    Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
    Rolldown Pulls Rust React Compiler Integration After Binary ...
    From socket.dev
    3.3K
  • Socket reposted
    user avatar
    Socket
    @SocketSecurity
    Jun 26
    Miasma Mini Shai-Hulud has expanded again, this time hitting legitimate @​​immobiliarelabs Backstage plugins on npm. The latest wave compromised GitLab and LDAP auth plugin families used around internal developer portals.
    Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
    Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S...
    From socket.dev
    6.9K
  • Socket reposted
    user avatar
    tuckner
    @tuckner
    Jun 26
    Likely fallout from the codfish/semantic-release-version compromise earlier this week. Scheduled GitHub action runs on mutable tags allow for malware to steal credentials. The end result is package compromise.
    user avatar
    Socket
    @SocketSecurity
    Jun 26
    Miasma Mini Shai-Hulud has expanded again, this time hitting legitimate @​​immobiliarelabs Backstage plugins on npm. The latest wave compromised GitLab and LDAP auth plugin families used around internal developer portals. socket.dev/blog/miasma-mi…
    3K
  • user avatar
    Socket
    @SocketSecurity
    Jun 26
    Miasma Mini Shai-Hulud has expanded again, this time hitting legitimate @​​immobiliarelabs Backstage plugins on npm. The latest wave compromised GitLab and LDAP auth plugin families used around internal developer portals.
    Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
    Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S...
    From socket.dev
    6.9K
  • Socket reposted
    user avatar
    Boshen
    @boshen_c
    Jun 26
    Thank you @sarahgooding for covering us. Sorry for making such a controversial post. I want to emphasize that we take every change to Vite very seriously because it affects everyone in the ecosystem.
    Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
    Rolldown Pulls Rust React Compiler Integration After Binary ...
    From socket.dev
    8.1K
  • user avatar
    Socket
    @SocketSecurity
    Jun 26
    Everyone’s got an opinion on #JavaScript build tooling this week. 😅 Rolldown pulled its Rust @reactjs Compiler integration after a 5MB binary size increase raised questions about framework-specific code in @vite_js. The details:
    Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
    Rolldown Pulls Rust React Compiler Integration After Binary ...
    From socket.dev
    3.3K

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up