Secure your dependencies. Ship with confidence.

Malicious code in brave-core (npm) Source: ghsa-malware (64124298f67bb4effd7c57f151d40e754666278b542f85d9f4f78b80309c5201) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code exhibits several potential security risks, particularly with subprocess usage and file handling. There is a need for improved input validation and error handling to mitigate these risks. Overall, the code should be reviewed for security best practices, especially concerning sensitive data management.

Live on PyPI for 16 days, 15 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Malicious code in custom-url-paging (npm) Source: ghsa-malware (39e397694336c75c27beb5bb64c17cb7c8cd6d0f48d05514e6c0c46bafe304f7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

Malicious code in custom-url-paging (npm) Source: ghsa-malware (39e397694336c75c27beb5bb64c17cb7c8cd6d0f48d05514e6c0c46bafe304f7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 hour and 33 minutes before removal. Socket users were protected even while the package was live.

Malicious code in gd-apm (npm) Source: ghsa-malware (cdb0c6775c03fb9327f05303d6bcc013bc19e762778b6d1f7eea89ada7bd49f4) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in zift123 (npm) Source: ghsa-malware (c48f4df7865ce07447c8df1d09811162d0b300dd123551f84a49f7112a1b7753) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons. Latest version removed from the npm registry due to the presence of malicious code.

Live on npm for 5 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @qw-app/modules (npm) Source: ghsa-malware (d45dadc6c0d3ec96d7cce0e5627717c32ca87ad34f248c77e958f64a3f258a26) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is highly likely to be malicious. It leaks the system hostname to a suspicious domain via a DNS lookup, probably to fingerprint the system or establish a command and control channel. The domain name appears intentionally designed to be covert. This code poses a severe security risk and should not be run under any circumstances. The suspicious domain should be reported and investigated.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

Malicious code in com.unity.collab-proxy (npm) Source: ghsa-malware (9219cfc9bd0563c6ac493a1cbb26323647e27a6bfd6877bae34131c362ad7650) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 6 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This script is downloading a file from a remote server http://wp.bizzor.com/xman-internal. This behavior is considered suspicious and potentially malicious. The user should examine this script carefully.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code is highly obfuscated and employs techniques such as dynamic code execution with `eval`, complex string manipulations, and decoding routines that are characteristic of malicious behavior. The presence of obfuscation combined with these techniques indicates a high risk of hidden malicious activity.

Live on npm for 70 days, 12 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The provided source code is performing several malicious activities, including sending system data and the contents of `package.json` files to external servers. This poses a significant security risk.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

Malicious code in shopee-ui-react (npm) Source: ghsa-malware (80845246a6fd9c6cdc2638d9ac464a4353a8687bcb7ad02430731c0646d9d312) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

While the commands appear to be for setting up a CLI tool, the global installation and subsequent commands could pose a risk if the package or its plugins contain malicious code.

Live on npm for 7 hours and 45 minutes before removal. Socket users were protected even while the package was live.

Malicious code in sc-libraries (npm) Source: ghsa-malware (e685150357e5118f6b99d29dcc954b4c5e33389fc7764e15ac72be42fbc1e27a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. Source: ossf-package-analysis (b01099b8afa6b2a046c24c74b6cf3296af8085d167c8445142899277ba60b54c) The OpenSSF Package Analysis project identified 'sc-libraries' @ 1.1.9 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Live on npm for 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits clear malicious behavior by sending sensitive system information and file contents to external servers. This poses a significant security risk due to unauthorized data transmission and potential data theft.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

Malicious code in brave-core (npm) Source: ghsa-malware (64124298f67bb4effd7c57f151d40e754666278b542f85d9f4f78b80309c5201) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in yargs-parxe (npm) Source: ghsa-malware (cfd542fba026c32cc65a6a7b1ea5d51d650de75248275d8463a485ffb37ffcaf) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in esintpluginreacthooks (npm) Source: ghsa-malware (41dcbddbba754a82b71fb3a08f0be0c776e8c6f510535d70f500f2829cdb7004) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in patientenapp (npm) Source: ghsa-malware (708bc8bdf8730a184009ee3363ba9be2659973fccd06d072c4b206ff1fdd180a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 10 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in angular-adaptive-detection (npm) Source: ghsa-malware (6ef5a782277c13787d004612468885fc405f98e447a1f8e80c4f93b27ca5299d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 hour and 24 minutes before removal. Socket users were protected even while the package was live.

Malicious code in brave-core (npm) Source: ghsa-malware (64124298f67bb4effd7c57f151d40e754666278b542f85d9f4f78b80309c5201) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code exhibits several potential security risks, particularly with subprocess usage and file handling. There is a need for improved input validation and error handling to mitigate these risks. Overall, the code should be reviewed for security best practices, especially concerning sensitive data management.

Live on PyPI for 16 days, 15 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Malicious code in custom-url-paging (npm) Source: ghsa-malware (39e397694336c75c27beb5bb64c17cb7c8cd6d0f48d05514e6c0c46bafe304f7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

Malicious code in custom-url-paging (npm) Source: ghsa-malware (39e397694336c75c27beb5bb64c17cb7c8cd6d0f48d05514e6c0c46bafe304f7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 hour and 33 minutes before removal. Socket users were protected even while the package was live.

Malicious code in gd-apm (npm) Source: ghsa-malware (cdb0c6775c03fb9327f05303d6bcc013bc19e762778b6d1f7eea89ada7bd49f4) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in zift123 (npm) Source: ghsa-malware (c48f4df7865ce07447c8df1d09811162d0b300dd123551f84a49f7112a1b7753) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons. Latest version removed from the npm registry due to the presence of malicious code.

Live on npm for 5 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @qw-app/modules (npm) Source: ghsa-malware (d45dadc6c0d3ec96d7cce0e5627717c32ca87ad34f248c77e958f64a3f258a26) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is highly likely to be malicious. It leaks the system hostname to a suspicious domain via a DNS lookup, probably to fingerprint the system or establish a command and control channel. The domain name appears intentionally designed to be covert. This code poses a severe security risk and should not be run under any circumstances. The suspicious domain should be reported and investigated.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

Malicious code in com.unity.collab-proxy (npm) Source: ghsa-malware (9219cfc9bd0563c6ac493a1cbb26323647e27a6bfd6877bae34131c362ad7650) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 6 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This script is downloading a file from a remote server http://wp.bizzor.com/xman-internal. This behavior is considered suspicious and potentially malicious. The user should examine this script carefully.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code is highly obfuscated and employs techniques such as dynamic code execution with `eval`, complex string manipulations, and decoding routines that are characteristic of malicious behavior. The presence of obfuscation combined with these techniques indicates a high risk of hidden malicious activity.

Live on npm for 70 days, 12 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The provided source code is performing several malicious activities, including sending system data and the contents of `package.json` files to external servers. This poses a significant security risk.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

Malicious code in shopee-ui-react (npm) Source: ghsa-malware (80845246a6fd9c6cdc2638d9ac464a4353a8687bcb7ad02430731c0646d9d312) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

While the commands appear to be for setting up a CLI tool, the global installation and subsequent commands could pose a risk if the package or its plugins contain malicious code.

Live on npm for 7 hours and 45 minutes before removal. Socket users were protected even while the package was live.

Malicious code in sc-libraries (npm) Source: ghsa-malware (e685150357e5118f6b99d29dcc954b4c5e33389fc7764e15ac72be42fbc1e27a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. Source: ossf-package-analysis (b01099b8afa6b2a046c24c74b6cf3296af8085d167c8445142899277ba60b54c) The OpenSSF Package Analysis project identified 'sc-libraries' @ 1.1.9 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Live on npm for 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits clear malicious behavior by sending sensitive system information and file contents to external servers. This poses a significant security risk due to unauthorized data transmission and potential data theft.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

Malicious code in brave-core (npm) Source: ghsa-malware (64124298f67bb4effd7c57f151d40e754666278b542f85d9f4f78b80309c5201) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in yargs-parxe (npm) Source: ghsa-malware (cfd542fba026c32cc65a6a7b1ea5d51d650de75248275d8463a485ffb37ffcaf) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in esintpluginreacthooks (npm) Source: ghsa-malware (41dcbddbba754a82b71fb3a08f0be0c776e8c6f510535d70f500f2829cdb7004) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in patientenapp (npm) Source: ghsa-malware (708bc8bdf8730a184009ee3363ba9be2659973fccd06d072c4b206ff1fdd180a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 10 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in angular-adaptive-detection (npm) Source: ghsa-malware (6ef5a782277c13787d004612468885fc405f98e447a1f8e80c4f93b27ca5299d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 1 hour and 24 minutes before removal. Socket users were protected even while the package was live.