Secure your dependencies. Ship with confidence.

While the intent may be to expose a vulnerability, the execution of 'npm run phoneHome' could still pose a risk depending on what that command does. The overall behavior raises concerns about data exfiltration.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The source code is a configuration for a cryptocurrency miner using the Coinhive script. While the code itself is not obfuscated or directly malicious, it enables cryptomining which is considered malware if done without explicit user consent. The existing reports are invalid and provide no useful information. This package poses a high security risk due to unauthorized cryptomining behavior.

This code provides a tool that directly evaluates untrusted expression strings via eval(), resulting in remote code execution risk. An attacker who can supply the 'expression' can execute arbitrary Python code on the host, read/write files, run system commands, access environment variables, or perform network operations. The code should not be used as-is; sanitize or strictly parse expressions (or use a safe math parser/environment) and avoid eval. The LangChain tool exposure increases the practical risk.

This source is the core of a remote access implant (Sliver). It collects host and user identifiers, marshals them, and sends them to remote C2; it maintains persistent/reconnecting C2 channels, supports DLL/sharedlib loading, performs Windows token impersonation for privileged actions, and dispatches remote commands including pivoting/tunneling. This is an offensive/backdoor implant and should be treated as malicious in most production contexts.

The analyzed fragment shows strong indicators of potential remote command execution capabilities (RCE/backdoor). It obfuscates intent, builds commands from external input, and invokes child processes with a tailored environment. While parts could support legitimate orchestration in a controlled tool, the combination of dynamic command construction, environment manipulation, and stdout handling tied to external input represents a significant security risk. Treat as potentially malicious until a thorough, transparent audit is performed; if found in a dependency, flag for removal or substitution with a well-documented, verifiable implementation.

This module is malicious: it fingerprints the host, searches for and reads local environment files, checks for browser credential stores, attempts to establish persistence (pm2 or crontab), and exfiltrates collected data to a hardcoded Discord webhook. It should be treated as a backdoor/data-stealer. Remove it immediately, and perform forensic analysis on any system where it executed.

This module contains explicit data-exfiltration functionality: a DNS covert channel using nslookup and an HTTP exfiltration to a hard-coded Discord webhook. The code demonstrates clear malicious intent or a severe supply-chain compromise. Do not use this package; remove it from deployments, rotate any possibly leaked credentials, and treat repositories containing it as compromised until root cause is determined.

This file defines a large local dumpJSON array and then, unconditionally when imported, uses a hard-coded cookie (including a login_token JWT) plus static aiStudioUrl (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio) and datasetId to authenticate and issue fetch GET to /api/datasets/{datasetId}/documents?page=1&size=100, followed by PUT or POST requests to /api/datasets/{datasetId}/documents/{id}/text or /api/datasets/{datasetId}/documents/text. Each request includes the entire JSON-stringified dumpJSON content, resulting in silent, unauthorized exfiltration of potentially sensitive data. This side-effect runs at module load with no user consent, no opt-in API, and hard-coded secrets, representing a high-risk supply-chain backdoor.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

Live on npm for 6 hours and 50 minutes before removal. Socket users were protected even while the package was live.

This assembly contains strongly malicious/loader-like behavior. It embeds and decrypts payloads, allocates/writes executable memory, performs process/module inspection, and dynamically constructs and invokes delegates to execute in-memory code. It also includes anti-tamper and obfuscation features. For a library intended as an MVC image component, these behaviors are unexpected and highly suspicious and should be treated as a supply-chain compromise or embedded malware. Do not use this package; remove it and investigate the build/publish pipeline and any systems where it was run.

The code is a shell script intended to deploy a Docker-based Monero miner using XMRig. It first detects the underlying operating system and accordingly installs Docker while removing potential package conflicts on Ubuntu. The script manages a sensitive configuration passphrase—either using an environment variable or by retrieving it from AWS Secrets Manager—and stores it securely on disk. It then creates and enables a systemd service that runs the miner container in privileged mode. The design of the script poses a high risk if executed without proper authorization, as it illicitly commandeers system resources for cryptocurrency mining. Furthermore, the use of privileged Docker execution introduces a serious security vulnerability that could allow an attacker to escape the container environment and compromise the host system.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This script intentionally intercepts checkout-related navigation on Shopify-like sites, fetches the site's /cart.js (cart contents), posts that cart JSON to a localhost backend (http://127.0.0.1:3000/checkout), and redirects the user to a localhost-served checkout URL. It monkey-patches many browser APIs to ensure interception across navigation vectors. This behavior is indicative of malicious checkout hijacking or unauthorized data collection (cart exfiltration), and it represents a significant privacy and integrity risk. If this code is not from a trusted local agent (developer tool or explicitly installed extension that the operator expects), treat it as malicious and remove/block it.

High supply-chain and remote-code-execution risk. The pattern of auto-installing a suspiciously named third-party package and then trusting it to provide runtime symbols (color) creates a direct and dangerous execution vector. The code also passes potentially sensitive command-line arguments into functions supplied by the external package, increasing the chance of data exposure. Fixes: do not auto-install packages at runtime; require explicit, audited dependencies and pinned versions; avoid bare excepts; explicitly import and validate expected symbols; and avoid trusting packages with typosquat-prone names without verification.

This module is not obfuscated and shows no explicit backdoor or exfiltration code, but it performs many shell-based filesystem operations using user-controlled strings with shell=True and insufficient sanitization — creating high risk of command injection and accidental or malicious destructive actions (rm -fr, mv, cp). Treat this code as unsafe for use in untrusted contexts; it should be refactored to avoid shell=True, use list-argument subprocess calls, and properly validate/escape inputs before filesystem operations.

Live on pypi for 5 days, 19 hours and 38 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This program transfers a portion of the balance of the provided private key to a newly generated key and logs key info. The main risks are secret exposure (providing a private key on the command line and logging key info) and automatic fund transfer with no confirmation. The code is not obfuscated and contains no low-level unsafe or FFI code, but its behavior is dangerous and could be used to steal funds if run by an unsuspecting user. Treat this code as high risk: do not run it with real private keys or on real funds without fully understanding and auditing its behavior.

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

The file implements Beam Coders and contains multiple unsafe deserialization sinks (pickle.loads, dill.loads, pickler.loads) reachable from runner API payloads and base64-encoded pickles. There is no evidence of embedded malicious functionality (exfiltration, reverse shell, hard-coded secrets). The primary risk is that if an attacker can supply or tamper with serialized payloads (runner API coder payloads, Base64PickleCoder inputs, or other pickled bytes), they can achieve arbitrary code execution in any process that deserializes them. Use these coders only with trusted inputs or replace with a safe serialization mechanism (e.g., JSON, protobufs, or a restricted unpickler).

Live on pypi for 17 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This file is a straightforward implementation of a stager generator front-end for the Sliver framework: it collects user input, optionally resolves hostnames interactively, and requests a Metasploit-based stager from an RPC backend, then writes or displays the result. There is no evidence in this snippet of obfuscation, credential theft, or hidden backdoors; however, its intended functionality is offensive (implant/payload generation) and therefore poses a significant security risk in most benign environments. Treat inclusion of this component in a supply chain with caution: it's designed to produce executable implants and depends on a backend that likely executes msfvenom/msfconsole.

The fragment appears to be an obfuscated Google Ads campaign creation handler that assembles mutate operations from configuration and two comma-separated input lists (positive and negative geo targets) and submits them to a Google Ads client. There is no direct evidence in the provided code of classic malware behaviors (data exfiltration, reverse shell, eval-based dynamic execution, or hard-coded secrets). Major concerns are the heavy obfuscation (which hinders auditing) and lack of input validation before embedding values into resource identifier strings. Recommend obtaining the unobfuscated source or auditing adjacent modules (helper functions and GoogleAdsClient) and implementing input validation/sanitization before using this in production.

Live on npm for 20 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This code enables arbitrary code execution from user-supplied strings via eval()/exec() and then runs the produced callable with arguments possibly resolved from external context. Because the execution namespace includes modules that permit filesystem, environment and process operations, and because there is no sandboxing, capability limitation, or rigorous validation, this is a high security risk for supply-chain or configuration-based attacks. The feature should only be used with fully trusted inputs; otherwise replace with a safe, sandboxed execution approach or remove eval/exec support entirely. Additionally, avoid mutating instance state when resolving inputs and validate/limit exposed modules and resources.

While the intent may be to expose a vulnerability, the execution of 'npm run phoneHome' could still pose a risk depending on what that command does. The overall behavior raises concerns about data exfiltration.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The source code is a configuration for a cryptocurrency miner using the Coinhive script. While the code itself is not obfuscated or directly malicious, it enables cryptomining which is considered malware if done without explicit user consent. The existing reports are invalid and provide no useful information. This package poses a high security risk due to unauthorized cryptomining behavior.

This code provides a tool that directly evaluates untrusted expression strings via eval(), resulting in remote code execution risk. An attacker who can supply the 'expression' can execute arbitrary Python code on the host, read/write files, run system commands, access environment variables, or perform network operations. The code should not be used as-is; sanitize or strictly parse expressions (or use a safe math parser/environment) and avoid eval. The LangChain tool exposure increases the practical risk.

This source is the core of a remote access implant (Sliver). It collects host and user identifiers, marshals them, and sends them to remote C2; it maintains persistent/reconnecting C2 channels, supports DLL/sharedlib loading, performs Windows token impersonation for privileged actions, and dispatches remote commands including pivoting/tunneling. This is an offensive/backdoor implant and should be treated as malicious in most production contexts.

The analyzed fragment shows strong indicators of potential remote command execution capabilities (RCE/backdoor). It obfuscates intent, builds commands from external input, and invokes child processes with a tailored environment. While parts could support legitimate orchestration in a controlled tool, the combination of dynamic command construction, environment manipulation, and stdout handling tied to external input represents a significant security risk. Treat as potentially malicious until a thorough, transparent audit is performed; if found in a dependency, flag for removal or substitution with a well-documented, verifiable implementation.

This module is malicious: it fingerprints the host, searches for and reads local environment files, checks for browser credential stores, attempts to establish persistence (pm2 or crontab), and exfiltrates collected data to a hardcoded Discord webhook. It should be treated as a backdoor/data-stealer. Remove it immediately, and perform forensic analysis on any system where it executed.

This module contains explicit data-exfiltration functionality: a DNS covert channel using nslookup and an HTTP exfiltration to a hard-coded Discord webhook. The code demonstrates clear malicious intent or a severe supply-chain compromise. Do not use this package; remove it from deployments, rotate any possibly leaked credentials, and treat repositories containing it as compromised until root cause is determined.

This file defines a large local dumpJSON array and then, unconditionally when imported, uses a hard-coded cookie (including a login_token JWT) plus static aiStudioUrl (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio) and datasetId to authenticate and issue fetch GET to /api/datasets/{datasetId}/documents?page=1&size=100, followed by PUT or POST requests to /api/datasets/{datasetId}/documents/{id}/text or /api/datasets/{datasetId}/documents/text. Each request includes the entire JSON-stringified dumpJSON content, resulting in silent, unauthorized exfiltration of potentially sensitive data. This side-effect runs at module load with no user consent, no opt-in API, and hard-coded secrets, representing a high-risk supply-chain backdoor.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

Live on npm for 6 hours and 50 minutes before removal. Socket users were protected even while the package was live.

This assembly contains strongly malicious/loader-like behavior. It embeds and decrypts payloads, allocates/writes executable memory, performs process/module inspection, and dynamically constructs and invokes delegates to execute in-memory code. It also includes anti-tamper and obfuscation features. For a library intended as an MVC image component, these behaviors are unexpected and highly suspicious and should be treated as a supply-chain compromise or embedded malware. Do not use this package; remove it and investigate the build/publish pipeline and any systems where it was run.

The code is a shell script intended to deploy a Docker-based Monero miner using XMRig. It first detects the underlying operating system and accordingly installs Docker while removing potential package conflicts on Ubuntu. The script manages a sensitive configuration passphrase—either using an environment variable or by retrieving it from AWS Secrets Manager—and stores it securely on disk. It then creates and enables a systemd service that runs the miner container in privileged mode. The design of the script poses a high risk if executed without proper authorization, as it illicitly commandeers system resources for cryptocurrency mining. Furthermore, the use of privileged Docker execution introduces a serious security vulnerability that could allow an attacker to escape the container environment and compromise the host system.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This script intentionally intercepts checkout-related navigation on Shopify-like sites, fetches the site's /cart.js (cart contents), posts that cart JSON to a localhost backend (http://127.0.0.1:3000/checkout), and redirects the user to a localhost-served checkout URL. It monkey-patches many browser APIs to ensure interception across navigation vectors. This behavior is indicative of malicious checkout hijacking or unauthorized data collection (cart exfiltration), and it represents a significant privacy and integrity risk. If this code is not from a trusted local agent (developer tool or explicitly installed extension that the operator expects), treat it as malicious and remove/block it.

High supply-chain and remote-code-execution risk. The pattern of auto-installing a suspiciously named third-party package and then trusting it to provide runtime symbols (color) creates a direct and dangerous execution vector. The code also passes potentially sensitive command-line arguments into functions supplied by the external package, increasing the chance of data exposure. Fixes: do not auto-install packages at runtime; require explicit, audited dependencies and pinned versions; avoid bare excepts; explicitly import and validate expected symbols; and avoid trusting packages with typosquat-prone names without verification.

This module is not obfuscated and shows no explicit backdoor or exfiltration code, but it performs many shell-based filesystem operations using user-controlled strings with shell=True and insufficient sanitization — creating high risk of command injection and accidental or malicious destructive actions (rm -fr, mv, cp). Treat this code as unsafe for use in untrusted contexts; it should be refactored to avoid shell=True, use list-argument subprocess calls, and properly validate/escape inputs before filesystem operations.

Live on pypi for 5 days, 19 hours and 38 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This program transfers a portion of the balance of the provided private key to a newly generated key and logs key info. The main risks are secret exposure (providing a private key on the command line and logging key info) and automatic fund transfer with no confirmation. The code is not obfuscated and contains no low-level unsafe or FFI code, but its behavior is dangerous and could be used to steal funds if run by an unsuspecting user. Treat this code as high risk: do not run it with real private keys or on real funds without fully understanding and auditing its behavior.

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

The file implements Beam Coders and contains multiple unsafe deserialization sinks (pickle.loads, dill.loads, pickler.loads) reachable from runner API payloads and base64-encoded pickles. There is no evidence of embedded malicious functionality (exfiltration, reverse shell, hard-coded secrets). The primary risk is that if an attacker can supply or tamper with serialized payloads (runner API coder payloads, Base64PickleCoder inputs, or other pickled bytes), they can achieve arbitrary code execution in any process that deserializes them. Use these coders only with trusted inputs or replace with a safe serialization mechanism (e.g., JSON, protobufs, or a restricted unpickler).

Live on pypi for 17 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This file is a straightforward implementation of a stager generator front-end for the Sliver framework: it collects user input, optionally resolves hostnames interactively, and requests a Metasploit-based stager from an RPC backend, then writes or displays the result. There is no evidence in this snippet of obfuscation, credential theft, or hidden backdoors; however, its intended functionality is offensive (implant/payload generation) and therefore poses a significant security risk in most benign environments. Treat inclusion of this component in a supply chain with caution: it's designed to produce executable implants and depends on a backend that likely executes msfvenom/msfconsole.

The fragment appears to be an obfuscated Google Ads campaign creation handler that assembles mutate operations from configuration and two comma-separated input lists (positive and negative geo targets) and submits them to a Google Ads client. There is no direct evidence in the provided code of classic malware behaviors (data exfiltration, reverse shell, eval-based dynamic execution, or hard-coded secrets). Major concerns are the heavy obfuscation (which hinders auditing) and lack of input validation before embedding values into resource identifier strings. Recommend obtaining the unobfuscated source or auditing adjacent modules (helper functions and GoogleAdsClient) and implementing input validation/sanitization before using this in production.

Live on npm for 20 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This code enables arbitrary code execution from user-supplied strings via eval()/exec() and then runs the produced callable with arguments possibly resolved from external context. Because the execution namespace includes modules that permit filesystem, environment and process operations, and because there is no sandboxing, capability limitation, or rigorous validation, this is a high security risk for supply-chain or configuration-based attacks. The feature should only be used with fully trusted inputs; otherwise replace with a safe, sandboxed execution approach or remove eval/exec support entirely. Additionally, avoid mutating instance state when resolving inputs and validate/limit exposed modules and resources.