| Block |
 |
Obfuscated code: npm ethers is 90.0% likely obfuscated
Confidence: 0.90
Location: Package overview
From: ? → npm/@ledgerhq/context-module@2.0.0 → npm/@ledgerhq/device-signer-kit-ethereum@1.16.0 → npm/@metamask-previews/eth-ledger-bridge-keyring@12.3.0-1fa477f → npm/ethers@6.14.1
ℹ Read more on: This package | This alert | What is obfuscated code?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/ethers@6.14.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Block |
 |
Network access: npm @metamask-previews/eth-ledger-bridge-keyring in module globalThis["fetch"]
Module: globalThis["fetch"]
Location: Package overview
From: package.json → npm/@metamask-previews/eth-ledger-bridge-keyring@12.3.0-1fa477f
ℹ Read more on: This package | This alert | What is network access?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@metamask-previews/eth-ledger-bridge-keyring@12.3.0-1fa477f. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Block |
 |
Network access: npm @sentry/utils in module globalThis["fetch"]
Module: globalThis["fetch"]
Location: Package overview
From: ? → npm/@ledgerhq/device-transport-kit-react-native-ble@1.3.2 → npm/@ledgerhq/device-management-kit@1.5.0 → npm/@metamask-previews/eth-ledger-bridge-keyring@12.3.0-1fa477f → npm/@sentry/utils@6.19.7
ℹ Read more on: This package | This alert | What is network access?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@sentry/utils@6.19.7. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Warn |
 |
Potential code anomaly (AI signal): npm @babel/helper-module-imports is 78.0% likely to have a medium risk anomaly
Notes: The analyzed code is a Babel AST helper (ImportBuilder) used to construct import statements and interop-wrapped imports. It contains no indicators of malicious behavior, data exfiltration, backdoors, or runtime abuses. It operates within a compiler/transpiler context to produce code, not to execute arbitrary user data. Therefore, the code itself does not present security risks or malware indicators under normal usage. This is benign library behavior intended for code transformation.
Confidence: 0.78
Severity: 0.55
From: ? → npm/expo@55.0.26 → npm/@babel/helper-module-imports@7.27.1
ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@babel/helper-module-imports@7.27.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Warn |
 |
Potential code anomaly (AI signal): npm @babel/helper-module-transforms is 80.0% likely to have a medium risk anomaly
Notes: The code is a legitimate, static-code transformation utility used in Babel to ensure proper behavior of ES module bindings after transforms. There is no evidence of malicious behavior, data leakage, or external communications within this fragment. It operates purely on AST-level transformations consistent with module import/export handling.
Confidence: 0.80
Severity: 0.50
From: ? → npm/expo@55.0.26 → npm/@babel/helper-module-transforms@7.27.1
ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@babel/helper-module-transforms@7.27.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Warn |
 |
Potential code anomaly (AI signal): npm @babel/helper-string-parser is 78.0% likely to have a medium risk anomaly
Notes: The analyzed code is a standard, well-structured parsing utility for JavaScript string literals and escapes (consistent with Babel’s helper-string-parser). It includes thorough validation, proper Unicode handling, and defensive error reporting. There is no evidence of malicious behavior, data leakage, or network activity within this fragment. The security risk is low when used as part of a trusted toolchain; the code otherwise poses no evident supply-chain threat based on the provided snippet.
Confidence: 0.78
Severity: 0.55
From: ? → npm/@react-native/metro-config@0.83.0 → npm/@react-native/babel-preset@0.83.0 → npm/react-native@0.83.6 → npm/expo@55.0.26 → npm/depcheck@1.4.7 → npm/@babel/preset-env@7.26.9 → npm/@babel/core@7.27.1 → npm/babel-jest@29.7.0 → npm/metro-react-native-babel-preset@0.76.9 → npm/metro-react-native-babel-transformer@0.76.9 → npm/@babel/helper-string-parser@7.27.1
ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@babel/helper-string-parser@7.27.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Warn |
 |
Potential code anomaly (AI signal): npm @babel/plugin-syntax-typescript is 72.0% likely to have a medium risk anomaly
Notes: The code is a standard Babel plugin fragment that configures syntax support for TypeScript by manipulating parser plugins. There is no malicious logic, no data exfiltration, and no unsafe operations. It appears to be a legitimate helper for enabling TypeScript syntax in Babel pipelines.
Confidence: 0.72
Severity: 0.50
From: ? → npm/expo@55.0.26 → npm/@babel/plugin-syntax-typescript@7.25.9
ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@babel/plugin-syntax-typescript@7.25.9. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Warn |
 |
Potential code anomaly (AI signal): npm @sentry/utils is 68.0% likely to have a medium risk anomaly
Notes: The code is a conventional utility module for an error-tracking SDK. No malicious behavior detected. The only notable concern is the Math.random() fallback in UUID generation when crypto is unavailable, which is a known compromise and should be documented if cryptographic strength is required in a given deployment. Overall security risk is low to moderate depending on use case, with no external data leakage evident in this fragment.
Confidence: 0.68
Severity: 0.50
From: ? → npm/@ledgerhq/device-transport-kit-react-native-ble@1.3.2 → npm/@ledgerhq/device-management-kit@1.5.0 → npm/@metamask-previews/eth-ledger-bridge-keyring@12.3.0-1fa477f → npm/@sentry/utils@6.19.7
ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@sentry/utils@6.19.7. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Warn |
 |
Potential code anomaly (AI signal): npm @sentry/utils is 61.0% likely to have a medium risk anomaly
Notes: The code provides environment detection and dynamic module loading designed to support mixed bundler environments. It does not itself implement malicious logic, but its dynamic loading paths present a non-trivial supply-chain risk: if moduleName is influenced by untrusted input, arbitrary modules may be loaded at runtime. A critical reliability issue is the undefined 'module' reference in loadModule’s first call, which should be addressed. Implement input validation, restrict loading to a whitelist of allowed modules, explicitly pass a safe module context, and ensure 'module' is defined or replaced with a controlled loader interface.
Confidence: 0.61
Severity: 0.52
From: ? → npm/@ledgerhq/device-transport-kit-react-native-ble@1.3.2 → npm/@ledgerhq/device-management-kit@1.5.0 → npm/@metamask-previews/eth-ledger-bridge-keyring@12.3.0-1fa477f → npm/@sentry/utils@6.19.7
ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@sentry/utils@6.19.7. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|
| Warn |
 |
Potential code anomaly (AI signal): npm ethers is 68.0% likely to have a medium risk anomaly
Notes: The analyzed code fragment appears to be a conventional ABI interface utility (likely from a library like ethers.js) used to parse, encode, and decode Ethereum function calls, events, and errors. There is no evidence of malicious behavior such as data exfiltration, remote control, or code injection. Minor anomalies (typo in an error message and a partially commented/unfinished block) are present but do not constitute malicious activity. Overall security risk from this fragment is low, assuming it is used as intended within a trusted library context.
Confidence: 0.68
Severity: 0.55
From: ? → npm/@ledgerhq/context-module@2.0.0 → npm/@ledgerhq/device-signer-kit-ethereum@1.16.0 → npm/@metamask-previews/eth-ledger-bridge-keyring@12.3.0-1fa477f → npm/ethers@6.14.1
ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/ethers@6.14.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
|