This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Socket
socket.dev
did:plc:n6f3j47vjucu5ijwdmow7n2w
🚨 The popular PyPI package lightning has been compromised in a supply chain attack.
Socket detected malicious code in versions 2.6.2 and 2.6.3 that executes automatically on import, downloads Bun, and runs an 11 MB obfuscated JavaScript payload designed to steal credentials.
2026-04-30T14:19:07.967Z