Secure your dependencies. Ship with confidence.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

This script downloads a file from a remote server while leaking sensitive user and system information. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The code collects a large amount of system information and sends it to a remote server. This is often a sign of a backdoor or spyware, particularly given the obfuscation present in the code. Given these facts, and the fact that the IP address is hard-coded and does not point to a well-known service, it's very likely that this script is malicious.

This code poses a serious security risk and should not be used.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

The code is vulnerable to command injection due to lack of input sanitization on the 'url' parameter before it is used in the 'exec' function. An attacker could exploit this vulnerability to execute arbitrary commands on the host system.

Due to the lack of detailed information in the reports, it is not possible to accurately assess the security risks, malware presence, or obfuscation in the code. Further clarification and complete reports are necessary to make a proper evaluation.

Live on npm for 1 hour and 12 minutes before removal. Socket users were protected even while the package was live.

This script downloads a remote file from the IP address '121.196.214.81' and then executes it using Python. This behavior is considered highly suspicious and potentially malicious.

Live on npm for 109 days, 19 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code appears to be executing a potentially malicious command on the host system and sending system information to a remote server without clear disclosure or user consent. It poses a potential security risk as it can leak sensitive system information and may be part of a larger attack or data exfiltration scheme.

The code appears to be obfuscated and has several unusual patterns and hardcoded values. It sends a POST request to a remote server with data encoded in base64. The purpose of this request is not clear and could potentially be malicious. Further investigation and analysis are recommended.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potentially malicious behavior by decoding and executing a script from an obfuscated source. This poses a significant security risk as the actual content of the script is hidden and could be malicious.

This script is installing a package from a remote URL, which introduces potential security risks. The package could contain malicious code or dependencies that could compromise the system.

Live on npm for 32 days, 3 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious and likely malicious. It downloads and executes code from a remote server, which can lead to various security risks including data exfiltration, system damage, and untrusted code execution.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

The code collects detailed system information and sends it to an external endpoint without user consent, which is highly suspicious and indicative of potentially malicious behavior. The hardcoded endpoint is particularly concerning.

Live on npm for 57 minutes before removal. Socket users were protected even while the package was live.

This script copies a configuration file to a higher directory and then navigates to the parent directory and runs a script. This behavior is potentially suspicious and should be reviewed further.

Live on npm for 40 days, 20 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits behaviors typical of malware, such as collecting and sending system data to external servers without user consent. The use of DNS queries for data exfiltration is particularly concerning. This poses a significant security risk to users.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potentially malicious behavior by collecting and sending sensitive system information to an external endpoint without clear user consent. It poses a high security risk due to the potential privacy violations and unauthorized data disclosure.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code contains a serious security issue by sending system data to an external server, which is a clear indication of malicious activity. The arithmetic functions are safe, but the 'add' function poses a significant security risk.

Live on npm for 1 hour and 17 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior by exfiltrating system and user data to external servers without user consent. This poses a significant privacy and security risk.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The code is malicious and exfiltrates sensitive system data to a remote server. This poses a significant security risk due to the potential for data theft and unauthorized access.

Live on npm for 1 hour and 32 minutes before removal. Socket users were protected even while the package was live.

The provided source code exhibits clear signs of malicious behavior, including sending sensitive data to a remote server and being heavily obfuscated. The high malware and risk scores are justified based on these findings.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends data to multiple remote domains. The purpose of this data collection is unclear, but it may be part of a supply chain attack or data exfiltration attempt. The code should be reviewed and the domains it sends data to should be investigated.

Live on npm for 1 day, 10 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

This script downloads a file from a remote server while leaking sensitive user and system information. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The code collects a large amount of system information and sends it to a remote server. This is often a sign of a backdoor or spyware, particularly given the obfuscation present in the code. Given these facts, and the fact that the IP address is hard-coded and does not point to a well-known service, it's very likely that this script is malicious.

This code poses a serious security risk and should not be used.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

The code is vulnerable to command injection due to lack of input sanitization on the 'url' parameter before it is used in the 'exec' function. An attacker could exploit this vulnerability to execute arbitrary commands on the host system.

Due to the lack of detailed information in the reports, it is not possible to accurately assess the security risks, malware presence, or obfuscation in the code. Further clarification and complete reports are necessary to make a proper evaluation.

Live on npm for 1 hour and 12 minutes before removal. Socket users were protected even while the package was live.

This script downloads a remote file from the IP address '121.196.214.81' and then executes it using Python. This behavior is considered highly suspicious and potentially malicious.

Live on npm for 109 days, 19 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code appears to be executing a potentially malicious command on the host system and sending system information to a remote server without clear disclosure or user consent. It poses a potential security risk as it can leak sensitive system information and may be part of a larger attack or data exfiltration scheme.

The code appears to be obfuscated and has several unusual patterns and hardcoded values. It sends a POST request to a remote server with data encoded in base64. The purpose of this request is not clear and could potentially be malicious. Further investigation and analysis are recommended.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potentially malicious behavior by decoding and executing a script from an obfuscated source. This poses a significant security risk as the actual content of the script is hidden and could be malicious.

This script is installing a package from a remote URL, which introduces potential security risks. The package could contain malicious code or dependencies that could compromise the system.

Live on npm for 32 days, 3 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious and likely malicious. It downloads and executes code from a remote server, which can lead to various security risks including data exfiltration, system damage, and untrusted code execution.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

The code collects detailed system information and sends it to an external endpoint without user consent, which is highly suspicious and indicative of potentially malicious behavior. The hardcoded endpoint is particularly concerning.

Live on npm for 57 minutes before removal. Socket users were protected even while the package was live.

This script copies a configuration file to a higher directory and then navigates to the parent directory and runs a script. This behavior is potentially suspicious and should be reviewed further.

Live on npm for 40 days, 20 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits behaviors typical of malware, such as collecting and sending system data to external servers without user consent. The use of DNS queries for data exfiltration is particularly concerning. This poses a significant security risk to users.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potentially malicious behavior by collecting and sending sensitive system information to an external endpoint without clear user consent. It poses a high security risk due to the potential privacy violations and unauthorized data disclosure.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code contains a serious security issue by sending system data to an external server, which is a clear indication of malicious activity. The arithmetic functions are safe, but the 'add' function poses a significant security risk.

Live on npm for 1 hour and 17 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior by exfiltrating system and user data to external servers without user consent. This poses a significant privacy and security risk.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The code is malicious and exfiltrates sensitive system data to a remote server. This poses a significant security risk due to the potential for data theft and unauthorized access.

Live on npm for 1 hour and 32 minutes before removal. Socket users were protected even while the package was live.

The provided source code exhibits clear signs of malicious behavior, including sending sensitive data to a remote server and being heavily obfuscated. The high malware and risk scores are justified based on these findings.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends data to multiple remote domains. The purpose of this data collection is unclear, but it may be part of a supply chain attack or data exfiltration attempt. The code should be reviewed and the domains it sends data to should be investigated.

Live on npm for 1 day, 10 hours and 12 minutes before removal. Socket users were protected even while the package was live.