Secure your dependencies. Ship with confidence.

The file contains code that creates a temporary file (with delete set to false) and writes to it a payload that is fetched from a remote URL. The payload is acquired via a call to urlopen against the URL 'https://pub-6604e90a2a124b9a829b977f9fe4aeec[r2][.]dev/W0IyaBV1wrUvm' (with all periods sanitized as '[.]'). Following this, the code attempts to start a process by invoking a system command which executes a modified Python executable (by replacing '.exe' with 'w[.]exe') and passing the temporary file’s name as an argument. The use of obfuscated aliases for standard functions, silent exception handling, and execution of remotely fetched code are red flags for executing arbitrary code. Such behavior fits the profile of malware designed to execute potentially harmful code on the host system.

Live on pypi for 139 days, 9 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This module implements P2P HLS functionality and contains a standard set of P2P/WebRTC features. However there is clear evidence of intentional obfuscation and direct dynamic execution (eval) of code derived from tracker/network responses. That creates a remote-code-execution backdoor: the tracker can deliver JavaScript payloads that will be executed in the client page context. Additionally the code contacts a third-party geo IP API with a hardcoded key. Because of the eval-on-response pattern and obfuscation, this package is high-risk to include in client sites — it allows server-side actors (tracker) to run arbitrary code in users' browsers. I recommend not using this package in untrusted environments, and treat it as likely malicious or backdoor-capable until proven otherwise (remove eval paths or audit/replace the tracker endpoint and the obfuscated code).

The module is highly obfuscated and implements a runtime unpacker/patcher with native calls to allocate/write/execute memory, dynamic method injection via Reflection/DynamicMethod, and networking/server components that accept commands and broadcast messages. These capabilities enable in-memory code injection, runtime method replacement, remote command execution, service/process control, and filesystem staging — all common in backdoors/loaders. Treat this package as high-risk for supply-chain abuse. It should be removed or sandboxed and investigated further (full binary analysis, dynamic runtime monitoring, provenance checks).

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

This code performs immediate, unconditional collection of local environment and package metadata and exfiltrates it to a hard-coded external domain. The behavior is consistent with malicious telemetry/backdoor activity. Remove or isolate the package, audit upstream sources and recent changes, and consider revoking any credentials that may have been exposed. Treat as high-risk and avoid running on production or sensitive systems.

Live on npm for 2 days, 18 hours and 46 minutes before removal. Socket users were protected even while the package was live.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The postinstall hook will load and execute a local ./send-stats.js if present. This is a potentially risky behavior because that file can execute arbitrary code (telemetry, data exfiltration, or other malicious actions). The risk depends entirely on the contents of send-stats.js; review that file before installing or remove/disable the postinstall hook if you cannot inspect or trust it.

This module is an offensive toolkit for interacting with and compromising Jupyter notebook sessions: it enables arbitrary code execution on target kernels, stealthy injections, spawning a network-accessible Jupyter backdoor, dumping histories, snooping activity, and enumerating/exfiltrating model and filesystem artifacts. It should be considered malicious or at minimum a high-risk dual-use offensive tool. Do not install or run this code in trusted environments; audit provenance and intended use carefully.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The code is mostly standard Vue components and a bundled SweetAlert2 library. However, there is a clear malicious snippet inside the SweetAlert2 bundle that, under specific locale/host conditions, disables pointer events and loads/plays an external audio file from 'flag-gimn.ru'. This is unauthorized behavior (audio autoplay and DOM modification, fetching remote resource) and likely a malicious or prank injection in the library. Aside from that, the app performs sensitive network operations (deleting files via server endpoints, fetching files from FTP) which are legitimate for the app but should be secured. I recommend removing or replacing the compromised SweetAlert2 bundle with a verified official release and auditing build/distribution pipelines. Also review server-side authorization for delete endpoints and sanitize any content before writing it into document.write.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 1 day, 7 hours and 37 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file collects system environment data (environment variables, hostname, current working directory), encodes portions of it, and sends it via an HTTP POST request to example[.]com (or its subdomains) without user consent. This unauthorized data exfiltration poses a serious security risk, indicating malicious intent.

Live on npm for 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code contains risky operations that can enable supply-chain attacks and remote code execution: it downloads remote zip packages and extracts them without validation, and runs pip install/uninstall via shell subprocesses with unverified inputs. It also leaks host identification to an external notify endpoint. There is no evidence of deliberately hidden malware in this fragment (no obfuscation, no hardcoded credentials or reverse shell code), but the behavior (automatic fetching and installing of packages from remote URLs without integrity checks) presents a significant security risk. Recommend treating remote package sources as untrusted, adding integrity checks (hash/signature verification), avoiding shell=True, sanitizing zip entries before extraction, and limiting or requiring user confirmation for installs.

Live on pypi for 18 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This program transfers a portion of the balance of the provided private key to a newly generated key and logs key info. The main risks are secret exposure (providing a private key on the command line and logging key info) and automatic fund transfer with no confirmation. The code is not obfuscated and contains no low-level unsafe or FFI code, but its behavior is dangerous and could be used to steal funds if run by an unsuspecting user. Treat this code as high risk: do not run it with real private keys or on real funds without fully understanding and auditing its behavior.

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 4 hours and 44 minutes before removal. Socket users were protected even while the package was live.

The MongoDB wrapper portion looks standard, but this assembly also contains a highly obfuscated loader/unpacker with runtime decryption, dynamic method generation, and wrappers around dangerous native APIs (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect, LoadLibrary/GetProcAddress). Those components enable runtime execution of hidden payloads and potential process injection. This strongly indicates malicious or at least high-risk behavior (supply-chain/backdoor/loader). Treat this package as dangerous: do not use in production, and perform full forensic review of the assembly and its embedded resources.

The code implements a mock HTTP server that serves responses from mock files based on request data. It uses eval() unsafely on mock file content and request bodies, creating a significant security risk of code injection or remote code execution if inputs are attacker-controlled. No malicious behavior or obfuscation is detected, but the eval usage constitutes a high security risk. The reports provided are invalid and do not reflect these findings. Users should be warned about the eval usage and avoid exposing this server to untrusted inputs.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The file contains code that creates a temporary file (with delete set to false) and writes to it a payload that is fetched from a remote URL. The payload is acquired via a call to urlopen against the URL 'https://pub-6604e90a2a124b9a829b977f9fe4aeec[r2][.]dev/W0IyaBV1wrUvm' (with all periods sanitized as '[.]'). Following this, the code attempts to start a process by invoking a system command which executes a modified Python executable (by replacing '.exe' with 'w[.]exe') and passing the temporary file’s name as an argument. The use of obfuscated aliases for standard functions, silent exception handling, and execution of remotely fetched code are red flags for executing arbitrary code. Such behavior fits the profile of malware designed to execute potentially harmful code on the host system.

Live on pypi for 139 days, 9 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This module implements P2P HLS functionality and contains a standard set of P2P/WebRTC features. However there is clear evidence of intentional obfuscation and direct dynamic execution (eval) of code derived from tracker/network responses. That creates a remote-code-execution backdoor: the tracker can deliver JavaScript payloads that will be executed in the client page context. Additionally the code contacts a third-party geo IP API with a hardcoded key. Because of the eval-on-response pattern and obfuscation, this package is high-risk to include in client sites — it allows server-side actors (tracker) to run arbitrary code in users' browsers. I recommend not using this package in untrusted environments, and treat it as likely malicious or backdoor-capable until proven otherwise (remove eval paths or audit/replace the tracker endpoint and the obfuscated code).

The module is highly obfuscated and implements a runtime unpacker/patcher with native calls to allocate/write/execute memory, dynamic method injection via Reflection/DynamicMethod, and networking/server components that accept commands and broadcast messages. These capabilities enable in-memory code injection, runtime method replacement, remote command execution, service/process control, and filesystem staging — all common in backdoors/loaders. Treat this package as high-risk for supply-chain abuse. It should be removed or sandboxed and investigated further (full binary analysis, dynamic runtime monitoring, provenance checks).

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

This code performs immediate, unconditional collection of local environment and package metadata and exfiltrates it to a hard-coded external domain. The behavior is consistent with malicious telemetry/backdoor activity. Remove or isolate the package, audit upstream sources and recent changes, and consider revoking any credentials that may have been exposed. Treat as high-risk and avoid running on production or sensitive systems.

Live on npm for 2 days, 18 hours and 46 minutes before removal. Socket users were protected even while the package was live.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The postinstall hook will load and execute a local ./send-stats.js if present. This is a potentially risky behavior because that file can execute arbitrary code (telemetry, data exfiltration, or other malicious actions). The risk depends entirely on the contents of send-stats.js; review that file before installing or remove/disable the postinstall hook if you cannot inspect or trust it.

This module is an offensive toolkit for interacting with and compromising Jupyter notebook sessions: it enables arbitrary code execution on target kernels, stealthy injections, spawning a network-accessible Jupyter backdoor, dumping histories, snooping activity, and enumerating/exfiltrating model and filesystem artifacts. It should be considered malicious or at minimum a high-risk dual-use offensive tool. Do not install or run this code in trusted environments; audit provenance and intended use carefully.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The code is mostly standard Vue components and a bundled SweetAlert2 library. However, there is a clear malicious snippet inside the SweetAlert2 bundle that, under specific locale/host conditions, disables pointer events and loads/plays an external audio file from 'flag-gimn.ru'. This is unauthorized behavior (audio autoplay and DOM modification, fetching remote resource) and likely a malicious or prank injection in the library. Aside from that, the app performs sensitive network operations (deleting files via server endpoints, fetching files from FTP) which are legitimate for the app but should be secured. I recommend removing or replacing the compromised SweetAlert2 bundle with a verified official release and auditing build/distribution pipelines. Also review server-side authorization for delete endpoints and sanitize any content before writing it into document.write.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 1 day, 7 hours and 37 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file collects system environment data (environment variables, hostname, current working directory), encodes portions of it, and sends it via an HTTP POST request to example[.]com (or its subdomains) without user consent. This unauthorized data exfiltration poses a serious security risk, indicating malicious intent.

Live on npm for 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code contains risky operations that can enable supply-chain attacks and remote code execution: it downloads remote zip packages and extracts them without validation, and runs pip install/uninstall via shell subprocesses with unverified inputs. It also leaks host identification to an external notify endpoint. There is no evidence of deliberately hidden malware in this fragment (no obfuscation, no hardcoded credentials or reverse shell code), but the behavior (automatic fetching and installing of packages from remote URLs without integrity checks) presents a significant security risk. Recommend treating remote package sources as untrusted, adding integrity checks (hash/signature verification), avoiding shell=True, sanitizing zip entries before extraction, and limiting or requiring user confirmation for installs.

Live on pypi for 18 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This program transfers a portion of the balance of the provided private key to a newly generated key and logs key info. The main risks are secret exposure (providing a private key on the command line and logging key info) and automatic fund transfer with no confirmation. The code is not obfuscated and contains no low-level unsafe or FFI code, but its behavior is dangerous and could be used to steal funds if run by an unsuspecting user. Treat this code as high risk: do not run it with real private keys or on real funds without fully understanding and auditing its behavior.

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 4 hours and 44 minutes before removal. Socket users were protected even while the package was live.

The MongoDB wrapper portion looks standard, but this assembly also contains a highly obfuscated loader/unpacker with runtime decryption, dynamic method generation, and wrappers around dangerous native APIs (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect, LoadLibrary/GetProcAddress). Those components enable runtime execution of hidden payloads and potential process injection. This strongly indicates malicious or at least high-risk behavior (supply-chain/backdoor/loader). Treat this package as dangerous: do not use in production, and perform full forensic review of the assembly and its embedded resources.

The code implements a mock HTTP server that serves responses from mock files based on request data. It uses eval() unsafely on mock file content and request bodies, creating a significant security risk of code injection or remote code execution if inputs are attacker-controlled. No malicious behavior or obfuscation is detected, but the eval usage constitutes a high security risk. The reports provided are invalid and do not reflect these findings. Users should be warned about the eval usage and avoid exposing this server to untrusted inputs.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.