Secure your dependencies. Ship with confidence.

The code implements an SMS bombing tool designed to abuse public OTP/SMS endpoints to send repeated messages to target phone numbers. It is malicious/abusive by intent and likely illegal in many jurisdictions. Additional supply-chain risk exists due to remote fetching of a 'protected numbers' list, and the presence of hardcoded OAuth credentials is a sensitive secret leakage. Do not run this code; it poses high legal and security risk.

This module contains a native process loader which implements patterns consistent with process injection / process hollowing: creating a (likely suspended) process, allocating memory in it, writing an image (from a supplied byte[]), setting the thread context, and resuming execution. As written, ProcessManager.Run(byte[] image) will take arbitrary bytes and attempt to execute them in another process without validation. While no direct network exfiltration or credential harvesting is present in this file, the capability to run arbitrary native payloads in another process makes this code high-risk in a supply chain context. Only use this package if you expect and trust this behavior (e.g., a legitimate in-memory loader). Otherwise treat it as dangerous and consider removing or isolating it.

This module fragment is not overtly malicious (no direct backdoor or destructive actions) but embodies a high-risk data-exfiltration pattern: it sends full repository contents and user prompts to an external AI gateway without redaction, and logs/resends model outputs without strong validation. This creates substantial supply-chain and privacy risk (exposing secrets, intellectual property, or PII). Remediation: avoid sending raw repo contents to external services; implement strict redaction/allow-listing of files, filter secrets, minimize logging of prompts/responses, treat AIGateway as a high-sensitivity sink, and validate/sanitize model outputs before use.

Live on PyPI for 6 days, 1 hour and 56 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The script collects information like hostname, IP addresses, system path, public IP, username, and package name and sends it to a remote server (monkfish-app-brmld.ondigitalocean.app).

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code is a cross-server tool orchestrator with nested invocation support. The primary security risk stems from evaluating transform expressions via eval, which could enable arbitrary code execution if untrusted inputs are supplied. While there are safeguards (identifier checks, limited builtins), the approach remains risky for open-source or supply chain contexts. The incomplete main block hints at potential syntax issues or truncation. Overall, moderate risk with a notable high-risk vector (transform expression evaluation) that warrants safer evaluation or formal sandboxing before deployment.

Live on PyPI for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This code implements a classic reverse shell/backdoor: it connects to a hardcoded remote IP:port, redirects standard IO to the network socket, disables bash history, and spawns an interactive bash shell via pty.spawn. The snippet enables remote arbitrary command execution and should be treated as malicious. Do not execute or include this code in trusted software; treat any package containing it as compromised and remove or remediate immediately.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This file is malicious. It collects sensitive local system and environment information and exfiltrates it to a hardcoded remote server, and — more critically — contains and by default enables a reverse shell mechanism that will create a TCP-connected interactive shell to a remote host. The use of backgrounded detached shell execution and mild obfuscation increases the risk. Do not run this script on any system; treat any package containing it as compromised and remove it from your environment. Immediate remediation: isolate affected hosts, terminate processes spawned by this script, rotate any secrets that may have been exposed, and block the listed remote IP and ports.

This module harvests sensitive local environment and package metadata including username, home directory, hostname, DNS servers, module directory path, and complete package.json contents. The collected data is automatically exfiltrated via HTTPS POST request to a hardcoded external domain d2os8ntsvpatcif1pgkgqrxy7ite8iqni[.]oast[.]live without user consent or notification. The target domain uses the oast[.]live TLD which is commonly associated with out-of-band interaction testing services (OAST/Interactsh/Burp Collaborator) typically used for covert data exfiltration. The module executes this data collection immediately upon loading with suppressed error handling to reduce detection visibility. This constitutes unauthorized data exfiltration and represents a significant supply-chain security risk that could enable targeted attacks, system fingerprinting, or credential harvesting from exposed package metadata.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This file implements a one-time backdoor that scans environment variables whose names contain “tok” (case-insensitive), base64-encodes their values, and sends them in a JSON POST to a hard-coded Discord webhook. The webhook URL is stored as a base64 literal and decodes to https://discord[.]com/api/webhooks/1414549488915185765/fS4eVw4E1Rue1cFSGAmtuIjzM96xkcMb_PS9LYc5Jvtdy93zEkbTAoLNV4ol5yHQGvUy. The payload embeds the encoded data in a Markdown code block, uses a fake User-Agent (“Mozilla/5.0”), and silently suppresses all exceptions. This covert exfiltration of tokens/credentials poses a high risk to confidentiality and supply-chain integrity.

The fragment implements a file-system watcher that can execute arbitrary external scripts in response to file events. This is inherently risky: if the input scripts or monitored directories are compromised or misconfigured, this can lead to arbitrarily executing code on the host. The main risk is the direct invocation of os.system on externally supplied script paths without validation or restriction. This constitutes a potential backdoor-like capability and a significant supply-chain/runtime risk if the package is used in untrusted environments.

This module performs covert collection and exfiltration of sensitive files from the user's HOME directory to a remote HTTP endpoint. The use of base64-encoded literals to hide both the target filenames and the remote URL, recursive silent scanning, direct reading of file contents, and immediate transmission to the remote server constitute malicious behavior. Treat this code as a high-risk backdoor/data-exfiltration component and do not run or trust packages containing it.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

This module is a tool designed to perform unsolicited automated messaging on VK — effectively a spamming tool. It contains behaviors that facilitate abuse (automatic message sending, bypassing captchas, optional saving of plaintext credentials). It is malicious in intent from an abuse perspective and should not be used in legitimate projects. There is no hidden obfuscation or stealthy backdoor beyond the intended spam functionality, but credential storage and anti-captcha integration increase the severity of its abuse potential.

The code contains a significant security risk due to the use of eval() with untrusted input, and it should be considered a security threat.

Live on npm for 1 hour and 27 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, username, home directory, and current working directory and sends it to a remote server. While the author claims it is for bug bounty purposes, this behavior can still pose a privacy risk. The script also contains a blocking operation that can cause performance issues or unresponsiveness.

The code is designed to establish a reverse shell, which is a severe security risk as it allows unauthorized remote access to the system. This is a clear indicator of malicious intent.

Live on npm for 42 days, 22 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code implements an SMS bombing tool designed to abuse public OTP/SMS endpoints to send repeated messages to target phone numbers. It is malicious/abusive by intent and likely illegal in many jurisdictions. Additional supply-chain risk exists due to remote fetching of a 'protected numbers' list, and the presence of hardcoded OAuth credentials is a sensitive secret leakage. Do not run this code; it poses high legal and security risk.

This module contains a native process loader which implements patterns consistent with process injection / process hollowing: creating a (likely suspended) process, allocating memory in it, writing an image (from a supplied byte[]), setting the thread context, and resuming execution. As written, ProcessManager.Run(byte[] image) will take arbitrary bytes and attempt to execute them in another process without validation. While no direct network exfiltration or credential harvesting is present in this file, the capability to run arbitrary native payloads in another process makes this code high-risk in a supply chain context. Only use this package if you expect and trust this behavior (e.g., a legitimate in-memory loader). Otherwise treat it as dangerous and consider removing or isolating it.

This module fragment is not overtly malicious (no direct backdoor or destructive actions) but embodies a high-risk data-exfiltration pattern: it sends full repository contents and user prompts to an external AI gateway without redaction, and logs/resends model outputs without strong validation. This creates substantial supply-chain and privacy risk (exposing secrets, intellectual property, or PII). Remediation: avoid sending raw repo contents to external services; implement strict redaction/allow-listing of files, filter secrets, minimize logging of prompts/responses, treat AIGateway as a high-sensitivity sink, and validate/sanitize model outputs before use.

Live on PyPI for 6 days, 1 hour and 56 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The script collects information like hostname, IP addresses, system path, public IP, username, and package name and sends it to a remote server (monkfish-app-brmld.ondigitalocean.app).

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code is a cross-server tool orchestrator with nested invocation support. The primary security risk stems from evaluating transform expressions via eval, which could enable arbitrary code execution if untrusted inputs are supplied. While there are safeguards (identifier checks, limited builtins), the approach remains risky for open-source or supply chain contexts. The incomplete main block hints at potential syntax issues or truncation. Overall, moderate risk with a notable high-risk vector (transform expression evaluation) that warrants safer evaluation or formal sandboxing before deployment.

Live on PyPI for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This code implements a classic reverse shell/backdoor: it connects to a hardcoded remote IP:port, redirects standard IO to the network socket, disables bash history, and spawns an interactive bash shell via pty.spawn. The snippet enables remote arbitrary command execution and should be treated as malicious. Do not execute or include this code in trusted software; treat any package containing it as compromised and remove or remediate immediately.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This file is malicious. It collects sensitive local system and environment information and exfiltrates it to a hardcoded remote server, and — more critically — contains and by default enables a reverse shell mechanism that will create a TCP-connected interactive shell to a remote host. The use of backgrounded detached shell execution and mild obfuscation increases the risk. Do not run this script on any system; treat any package containing it as compromised and remove it from your environment. Immediate remediation: isolate affected hosts, terminate processes spawned by this script, rotate any secrets that may have been exposed, and block the listed remote IP and ports.

This module harvests sensitive local environment and package metadata including username, home directory, hostname, DNS servers, module directory path, and complete package.json contents. The collected data is automatically exfiltrated via HTTPS POST request to a hardcoded external domain d2os8ntsvpatcif1pgkgqrxy7ite8iqni[.]oast[.]live without user consent or notification. The target domain uses the oast[.]live TLD which is commonly associated with out-of-band interaction testing services (OAST/Interactsh/Burp Collaborator) typically used for covert data exfiltration. The module executes this data collection immediately upon loading with suppressed error handling to reduce detection visibility. This constitutes unauthorized data exfiltration and represents a significant supply-chain security risk that could enable targeted attacks, system fingerprinting, or credential harvesting from exposed package metadata.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This file implements a one-time backdoor that scans environment variables whose names contain “tok” (case-insensitive), base64-encodes their values, and sends them in a JSON POST to a hard-coded Discord webhook. The webhook URL is stored as a base64 literal and decodes to https://discord[.]com/api/webhooks/1414549488915185765/fS4eVw4E1Rue1cFSGAmtuIjzM96xkcMb_PS9LYc5Jvtdy93zEkbTAoLNV4ol5yHQGvUy. The payload embeds the encoded data in a Markdown code block, uses a fake User-Agent (“Mozilla/5.0”), and silently suppresses all exceptions. This covert exfiltration of tokens/credentials poses a high risk to confidentiality and supply-chain integrity.

The fragment implements a file-system watcher that can execute arbitrary external scripts in response to file events. This is inherently risky: if the input scripts or monitored directories are compromised or misconfigured, this can lead to arbitrarily executing code on the host. The main risk is the direct invocation of os.system on externally supplied script paths without validation or restriction. This constitutes a potential backdoor-like capability and a significant supply-chain/runtime risk if the package is used in untrusted environments.

This module performs covert collection and exfiltration of sensitive files from the user's HOME directory to a remote HTTP endpoint. The use of base64-encoded literals to hide both the target filenames and the remote URL, recursive silent scanning, direct reading of file contents, and immediate transmission to the remote server constitute malicious behavior. Treat this code as a high-risk backdoor/data-exfiltration component and do not run or trust packages containing it.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

This module is a tool designed to perform unsolicited automated messaging on VK — effectively a spamming tool. It contains behaviors that facilitate abuse (automatic message sending, bypassing captchas, optional saving of plaintext credentials). It is malicious in intent from an abuse perspective and should not be used in legitimate projects. There is no hidden obfuscation or stealthy backdoor beyond the intended spam functionality, but credential storage and anti-captcha integration increase the severity of its abuse potential.

The code contains a significant security risk due to the use of eval() with untrusted input, and it should be considered a security threat.

Live on npm for 1 hour and 27 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, username, home directory, and current working directory and sends it to a remote server. While the author claims it is for bug bounty purposes, this behavior can still pose a privacy risk. The script also contains a blocking operation that can cause performance issues or unresponsiveness.

The code is designed to establish a reverse shell, which is a severe security risk as it allows unauthorized remote access to the system. This is a clear indicator of malicious intent.

Live on npm for 42 days, 22 hours and 36 minutes before removal. Socket users were protected even while the package was live.