Socket @SocketSecurity
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware socket.dev https://socket.dev/careers Joined November 2021-
Tweets2K
-
Followers5K
-
Following5K
-
Likes2K
An @npmjs package designed to steal credentials hid its malicious payload in a QR code image, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity bit.ly/42OytYv
An @npmjs package designed to steal credentials hid its malicious payload in a QR code image, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity bit.ly/42OytYv
Malware in QR codes 🤯
An @npmjs package designed to steal credentials hid its malicious payload in a QR code image, @SocketSecurity reported. #cybersecurity #infosec #ITsecurity bit.ly/42OytYv
Historic npm hijack & only $500 in ETH stolen. But the real story isn’t the money, it’s the fragility of open source supply chains. @feross shares what went wrong and how to stay secure. YT: buff.ly/Rkyi9Sc Apple: buff.ly/N7b6FAD Spotify: buff.ly/MnjihMK
We’ve seen QR codes in scams before, but those relied on people scanning them. @SocketSecurity's new find is scarier: malware using QR codes to talk to its C2 server — traffic that to security tools looks like harmless image exchanges. bleepingcomputer.com/news/security/…
⚡️ Follow us on Instagram! instagram.com/socketsecurity/
given the increasing amount of supply chain attacks you should npm i -g socket and add the following aliases
We won't rest until everyone can install software safely
We won't rest until everyone can install software safely
@SocketSecurity has the most comprehensive list that I’ve seen so far for the compromised packages on NPM as a result of the Shai-Hulud worm
@SocketSecurity has the most comprehensive list that I’ve seen so far for the compromised packages on NPM as a result of the Shai-Hulud worm
The gift that keeps on giving... Please devs, be extra cautious. Pin your dependency versions, look into Lavamoat (cc @naugtur), try @SocketSecurity. It’s a protection for our end users, but also for our own projects and our own keys. Stay safu 🙏
The gift that keeps on giving... Please devs, be extra cautious. Pin your dependency versions, look into Lavamoat (cc @naugtur), try @SocketSecurity. It’s a protection for our end users, but also for our own projects and our own keys. Stay safu 🙏
@feross This is why I endorse socket.dev at our company 🤙
Today we’re publishing research on 80 confirmed fraudulent candidates who applied for Socket engineering roles in the past 2 months. They’re part of a coordinated campaign, including suspected North Korean operators, aiming to infiltrate hiring pipelines. socket.dev/blog/fraudulen…
Should npm require Face ID or Touch ID (i.e. a passkey) in order to run `npm publish`?
🚨 The list of malicious npm packages in this attack has grown to 500 🚨 Follow the thread below for the latest in this developing story...
🚨 The list of malicious npm packages in this attack has grown to 500 🚨 Follow the thread below for the latest in this developing story...
Video featuring @0xTib3rius @lintile and of course @SocketSecurity youtu.be/vuPLmzKUIlc
We detect 1,000 supply chain attacks *weekly* across npm, PyPI, Rubygems, Cargo, Go, Maven, and Nuget.
We detect 1,000 supply chain attacks *weekly* across npm, PyPI, Rubygems, Cargo, Go, Maven, and Nuget.
. @pnpmjs is a strong option for protecting against supply chain attacks, and the DX is excellent too they removed postinstall scripts a while back, cutting one big attack path now they’ve introduced `minimumReleaseAge` which lets you hold off on new versions for a day or more
. @pnpmjs is a strong option for protecting against supply chain attacks, and the DX is excellent too they removed postinstall scripts a while back, cutting one big attack path now they’ve introduced `minimumReleaseAge` which lets you hold off on new versions for a day or more
More supply chain attacks on NPM packages socket.dev/blog/tinycolor… socket.dev/blog/ongoing-s…

Matteo Collina @matteocollina
49K Followers 4K Following @platformatic Co-Founder & CTO, @nodejs TSC Chair, Lead maintainer @fastifyjs, Board @OpenJSF, Conference Speaker, Ph.D. Past: @nearform. Views are my own.
Theo - t3.gg @theo
247K Followers 4K Following Full time CEO @t3dotchat. Part time YouTuber, investor, and developer
Feross @feross
29K Followers 2K Following ⚡️ Founder + CEO @SocketSecurity (https://t.co/7g1opA8rgG) • 🌲 Visiting lecturer @Stanford (https://t.co/yw9prxLQAM) • ❤️ Open source @WebTorrentApp + @StandardJS
Seb ⚛️ ThisWeekIn... @sebastienlorber
50K Followers 5K Following 🔥 Join 40k devs - Stay up-to-date with React: • 📨 https://t.co/DvLGHeLY5G • @ThisWeekInReact • @docusaurus maintainer • 🇫🇷
Evan You @youyuxi
293K Followers 2K Following Husband / Father of two / Founder @voidzerodev / Creator @vuejs & @vite_js. Chinese-only alt: @yuxiyou
patagucci perf papi @ken_wheeler
57K Followers 3K Following practically irresistible. violently suburban. sealand nobleman. user @openai @meta @anthropic @netflix
Jordan Harband @ljharb
9K Followers 2K Following software engineer/nerd/teacher/will try anything once; surgeon with git rebase. @TC39 ex @Coinbase/@Airbnb/@Twitter/@MobBase. Fav punctuation ⸮, scent petrichor
ベフェル @beffell
773 Followers 2K Following 株式会社 https://t.co/P7il9BRmAK CTO / フロントエンド・バックエンド・サーバ構築の全てを担当するフルスタックエンジニア歴13年目(2025年現在)のWebエンジニアです。
Angy Mulope @AngyMulope
28 Followers 250 Following
entropy @crypto_entropy
0 Followers 515 Following A democracy cannot survive in a world where the lie and the truth stand equally
Nicholas Nick @TheNicholasNick
502 Followers 2K Following “The eighties” are way more than 10yrs ago, brain takes a while to catch up when doing the math on that…
MONICE RECORDS @monicerecordssa
310 Followers 2K Following Monice Records is a South African all music recording label.
Håkan Save Hansson �... @savehansson
593 Followers 2K Following Hypoactive human. Grumpy. Software developer, designer and IT person. Slowly losing grip of my sanity. | Search for @savehansson on other platforms.
sean yu @sean_yuxg
4 Followers 192 Following
SL @Lowy_SL
124 Followers 865 Following
CLINSIXSA @clinsixsa
339 Followers 3K Following CLINSIXSA is a South African medical research and development company.
〔Timelock〕 @TimelockApp
156 Followers 36 Following Turning every critical onchain action into an auditable, delayable, and reversible second chance 🕰️ Built for the next gen of Web3 security 🛡️
Hugo Angelo @hugolangelo
8 Followers 60 Following
加菲猫守望者 @PoozFree
5 Followers 181 Following
3ric @L0V3W3LL
594 Followers 3K Following Solo Cristo. #Cybersecurity, #InfoSec, #Crypto, #BlockChain, #Cycling, #BayArea, #Bass
Lars Kåre Skjøresta... @larskaare
403 Followers 1K Following Easy going, curious and pragmatic. Passionate about people, Appsec and Software Development. Following Jesus, fishing Salmon and riding my Bicycle. @equinor
Cristian Garcia @Cristiansec809
0 Followers 10 Following
Rion @ri0n_dev
420 Followers 868 Following I'm a web developer focusing on both front-end and back-end. I founded @teamzisty @bakey_pro https://t.co/N6KbNBTz2X . I like the monochrome design.
Abdelrahman Youssef @Boodyy24
120 Followers 3K Following
Mark Norgren @marknorgren
552 Followers 2K Following Software Engineer, iOS, Swift https://t.co/8I2UO87lEf
Clay Keller @clay_keller
606 Followers 890 Following IT Security, Threat Intelligence, Vulnerability Management, container security, cloud security, MBA, SSL/TLS, 20 years at Walmart, 5 at Oracle, Views my own.
Story大番茄.ip🍅... @Oooz233_btc
1K Followers 1K Following Story is the World's Blockchain. | @storyprotocol|@storyChina_| Story华语区MOD|IT @UofGlasgow
Supriya 👩🏽�... @SupriyaMaz
2K Followers 969 Following Now @GoogleCloud, fmrly @GreyNoiseIO and @RecordedFuture, @SAISHopkins alumna | Doing fun things @DistrictCon | ♡s & rts are my own
amir @cawntent
0 Followers 474 Following
Hassan Saeed @HassanS96922773
146 Followers 3K Following
Yusef Habib ∞ @yhabibf
83 Followers 363 Following Wannabe cyclist 🚴♂️ | Engineering @dfinity | Tech. Instructor
Firefan00 @firefan00
0 Followers 3K Following
Matthias Kroeger @m_kroeger
173 Followers 411 Following Software Developer, PL/SQL, PowerBuilder, SaaS, of course some AI stuff
. @onesilverpill
0 Followers 2K Following
Elio C. @ElioC2056
1 Followers 159 Following
Neko7sora / ねこそ... @Neko7sora
325 Followers 1K Following
Coinspect Security @coinspect
3K Followers 692 Following You Build. We Defend. Since 2014 protecting critical decentralized systems: L1 nodes, smart contracts audits, wallets, web3 dApps, exchanges, bridges.
hahowe @hahowe_0
14 Followers 284 Following
falsepromise @avinoleumm
3 Followers 385 Following
Jack Fake-Killer @Phish_Destroy
35K Followers 431 Following ⚔Stop #fraud and #phishing in #cryptocommunity 🐟Send link to TG Bot PhishDestroy_bot ❗You find scam or phishing? - Send to bot #fake #malware #Scam
isenhu @isenhu
40 Followers 2K Following
bluntworks @bluntworks
184 Followers 4K Following
emregency 🥐 @J_Emre_J
92 Followers 1K Following Bored by content, now telling tech in stories. | Product,Engineering,Systems and People Guy | Former SaaS Founder
bruno @brunos3d
309 Followers 812 Following YEs, I do Cod3 Web2 Speed Runner Senior Web3 50% in Progress to beat AI Masterchief Proompt Engineer
Gergely Orosz @GergelyOrosz
292K Followers 3K Following Writing @Pragmatic_Eng, the #1 technology newsletter on Substack. Author of @EngGuidebook. Formerly Uber & Skype.
Wes Bos @wesbos
412K Followers 2K Following Fullstack JS Dev ❯ https://t.co/6heZ7gZqg1 ❯ https://t.co/lOo3xh23G1 ❯ https://t.co/XYbxq79WBS ❯ Posts 🔥 Tips ❯ Co-hosts @SyntaxFM
Sarah Drasner @sarah_edo
283K Followers 3K Following opinions my own. Director of Eng- Web, iOS, Android & Multiplat Infra @google, O'Reilly Author • https://t.co/HhzYWwxYAH, https://t.co/SOjL0RQsDl she/her BLM
Jarred Sumner @jarredsumner
129K Followers 766 Following building @bunjavascript. formerly: @stripe (twice) @thielfellowship. high school dropout. npm i -g bun
Matteo Collina @matteocollina
49K Followers 4K Following @platformatic Co-Founder & CTO, @nodejs TSC Chair, Lead maintainer @fastifyjs, Board @OpenJSF, Conference Speaker, Ph.D. Past: @nearform. Views are my own.
Jake Archibald @jaffathecake
105K Followers 2K Following Developer of sorts at @firefox. No thought goes unpublished. He/him. Also jaffathecake on Mastodon, bsky, Threads etc.
Theo - t3.gg @theo
247K Followers 4K Following Full time CEO @t3dotchat. Part time YouTuber, investor, and developer
Feross @feross
29K Followers 2K Following ⚡️ Founder + CEO @SocketSecurity (https://t.co/7g1opA8rgG) • 🌲 Visiting lecturer @Stanford (https://t.co/yw9prxLQAM) • ❤️ Open source @WebTorrentApp + @StandardJS
Rich Harris @Rich_Harris
96K Followers 2K Following Cheese fan. I work on @sveltejs at @vercel. Mostly posting at https://t.co/1DNxt27Pks
Dan Lorenc @lorenc_dan
11K Followers 2K Following OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kv
Jason Miller 🦊⚛ @_developit
62K Followers 2K Following Platform DX @Shopify. Created @preactjs. Do more with less. https://t.co/z1d6J24DlE @[email protected]
Suhail @Suhail
388K Followers 509 Following Founder: @mixpanel, next: 🤖🦾🦿 Pizzatarian, programmer, music maker
Addy Osmani @addyosmani
354K Followers 2K Following Engineering leader, @GoogleChrome • Author • Great user, developer & AI experiences • @ChromiumDev @ChromeDevTools • @GoogleDeepMind
Sindre Sorhus @sindresorhus
64K Followers 514 Following I make apps and open source. Made @awesome__re. Also: @sindre_gh_repos @[email protected]
Liran Tal @liran_tal
13K Followers 1K Following 🧠 MCP 🍩 Socially Engineering LLM 🤖 Hacking AI Agents 🦄 Node.js Secure Coding 🌟 @GitHub Star 🏅 @OpenJS Pathfinder award for Security 🥑 DevRel @snyksec
Devon Govett @devongovett
39K Followers 1K Following Creator of @parceljs. Engineer @adobe working on React Aria and React Spectrum.
swyx @swyx
127K Followers 3K Following achieve ambition with intentionality, intensity, & integrity - @dxtipshq - @sveltesociety - @aidotengineer - @latentspacepod - @cognition + @smol_ai
Adrian Scott | LLMs A... @adrianscottcom
4K Followers 5K Following LLMs, ML, A.I.; Math PhD, nonlinear opt; I code. A social networking pioneer: Ryze; Napster; Longevity: Question assumptions - Opportunity. 🌱 🌊 ; next?
NullVoxPopuli @nullvoxpopuli
3K Followers 285 Following #OpenSource, #Signals, #StarbeamJS & #EmberJS enthusiast and advocate Former #ReactJS. #SwarmLyfe Queen of Blades. they/them
@[email protected]... @andrey_sitnik
23K Followers 2K Following Создатель PostCSS и https://t.co/hUfegeuR3I. Пишу про Барселону, Local-First, кинки-события, языки. 🦋 @ru.sitnik.ru In English: @sitnikcode
@[email protected]... @andreysitnik
4K Followers 433 Following The creator of PostCSS. I write about Barcelona, Local-First, languages. 🦋 @en.sitnik.ru Russian: @andrey_sitnik
@[email protected]... @sitnikcode
7K Followers 302 Following Author of @PostCSS. Russian: @andrey_sitnik 🦋 @ru.sitnik.ru 🐘 @[email protected]
Jeff Cross @jeffbcross
21K Followers 2K Following CEO of @nxdevtools. I ❤️ scale, performance, and security.
James Berthoty @JamesBerthoty
395 Followers 398 Following Security Engineer Turned Analyst @latiotech
Opengrep @opengrep
156 Followers 22 Following The most advanced code security (SAST) engine - fully open-source. No paywall, no login.
Jan-Niklas Wortmann @niklas_wortmann
4K Followers 1K Following Developer Advocate @JetBrains | #RxJS Core Team Member | Angular #GDE | Host @AngularShow | coffee snob | Opinions are my own!
a16z @a16z
881K Followers 52 Following we invest in software eating the world https://t.co/A9eTFq6plZ https://t.co/MXGUBJoesw Watch "The Ben & Marc Show": https://t.co/eRuDhx7kpe
Tony/Humpty @cyb3rjerry
425 Followers 1K Following @ https://t.co/HuR3g0HPkx on BlueSky Lead SOC analyst | Stumbling my way into RE | HAM nerd Opinions are my own
This Week in Rust @ThisWeekInRust
33K Followers 31 Following Cataloguing the Rust community's awesomeness. Also at https://t.co/nGTNd2tHk4 #rustlang
Matt Cowley @MattIPv4
2K Followers 537 Following Open-source Software Engineer by night @AlveusSanctuary 🌎 + @nodejs 💚 + @cdnjs 🛠️ | 24 | he/him | Tweets my own 💙
Ryan Cavanaugh 👉 s... @SeaRyanC
9K Followers 384 Following Engineering lead for @typescript. Now at https://t.co/uvEAuNf1VJ
Mert Can @mecaltin
1K Followers 5K Following Software Engineer & openSource Crafter & Developer @trendyoltech @openjsf, @Nodejs, Express.Js Member https://t.co/UOMxBKt4rR
Phil Gates-Idem @philidem
111 Followers 41 Following Chief Architect / Head of Engineering at JupiterOne
Anders Møller @amoellercsaudk
523 Followers 222 Following Co-founder @ Coana | Professor at Aarhus University ⇒ https://t.co/DKgUDms7HT
Lightning AI ⚡️ @LightningAI
46K Followers 90 Following The AI development platform - From idea to AI, Lightning fast ⚡️. Creators of AI Studio, PyTorch Lightning... Get help: https://t.co/a69wnEARV9
William Falcon ⚡️ @_willfalcon
15K Followers 479 Following CEO @LightningAI. Creator, PyTorch Lightning⚡, Former AI PhD student (pretraining, researcher) @metaAI w @kchonyc @ylecun
SC Media @SCMagazine
120K Followers 2K Following The official Twitter feed for all things IT security. A CyberRisk Alliance Resource.
Boshen @boshen_c
7K Followers 525 Following VP of Engineering @voidzerodev, Creator of @OxcProject, @TC39 invited expert. Follow me for JavaScript and Rust news.
Biome @biomejs
10K Followers 9 Following Official account of the Biome project. Discord: https://t.co/yCYMQLPCUQ Github: https://t.co/KAFEnnsN8J
Google Cloud @googlecloud
567K Followers 1K Following Welcome to the new way to cloud. Qs? ➡️ https://t.co/BFKBu3t6xk For do-ers & makers ➡️ @GoogleCloudTech Watch Google's AI Builders Forum on demand ⬇️
Seal Security @SealSecurity_io
50 Followers 1 Following Stay up to date with open source security patches and protecting every layer of the software stack.
Infosecurity Magazine @InfosecurityMag
242K Followers 869 Following The only magazine dedicated to the strategy and technology of information security, delivering critical business and technical information for IT professionals.
Dark Reading @DarkReading
343K Followers 48 Following One of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.
Josh Goldberg 🦋 @JoshuaKGoldberg
10K Followers 2K Following Strongly prefer https://t.co/F6CfH0xOGo 🦋 👨💻 @tseslint, @geteslint, etc. 👪 @BosTypeScript 🪸 @SquiggleConf ✍ @LearningTSBook 🌟 Microsoft MVP 💌 TC39 Invited Expert
Boston TS Club @BosTypeScript
147 Followers 10 Following A meetup for JavaScript and TypeScript developers in the Boston, MA area.
Michigan TypeScript @MiTypeScript
3K Followers 116 Following A place for advanced TypeScript to call home.
Claudio Wunder @wunderacle
1K Followers 413 Following doing code at @HubSpot, governance at @openjsf, @nodejs core and @webpack maintainer. @gnome foundation emeritus.
Joyee Cheung @JoyeeCheung
5K Followers 780 Following She/Her. My brain is full of food, plants, museums, languages, and code fragments from V8 & Node.js..
TypeScript @typescript
398K Followers 50 Following TypeScript is a language for application-scale JavaScript development. It's a typed superset of JavaScript that compiles to plain JavaScript.
R M ⚡🇺🇦 @kingthorin_rm
2K Followers 454 Following IT Sec guy, @zaproxy co-lead, @owasp_wstg co-lead, VWAD co-lead, @owasp_ottawa volunteer, Hac≺3r, supporter of oxford commas, #INTJ. (Opinions == mine) 🍁
DefSecSentinel @DefSecSentinel
2K Followers 1K Following Senior Security Research Engineer, Threat Research and Detection Development @Elastic, 179CPT Cyber Operations Technician 170A @MOARNG
J⩜⃝mie Williams @jamieantisocial
10K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Jason D. Clinton 🔸 @JasonDClinton
2K Followers 235 Following Anthropic's first CISO, now Deputy CISO. Ex-Google Chrome. My views are not those of my employer.
Davey Winder @happygeek
15K Followers 3K Following Senior Contributor @Forbes Contributing Editor @pcpro - he/him - [email protected] - "All My Opinions Are Belong To Me"
Astral @astral_sh
8K Followers 0 Following High-performance developer tools for the Python ecosystem, starting with Ruff, an extremely fast Python linter, written in Rust.
Sukka / 毛绒绒的�... @isukkaw
7K Followers 419 Following zh/en / https://t.co/kruSrNDMxo / https://t.co/l3iv4nHg3A / Senior FE dev / Cloud Native / Contributing to OSS and creating PRs for fun / All opinions are my own, literally all of them.