Secure your dependencies. Ship with confidence.

This script is attempting to exfiltrate sensitive access token information to a remote server. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 2 hours and 3 minutes before removal. Socket users were protected even while the package was live.

The source code is designed to exfiltrate sensitive system information to a remote server using a stealthy method (ping command). This behavior is consistent with malicious intent and poses a significant security risk.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 1 hour and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in numpy-selenium (PyPI) Source: ossf-package-analysis (dc92a371c845859241fd20b897b00c4b6c39fcc8ec83dfe9fbb0146c36d267c5) The OpenSSF Package Analysis project identified 'numpy-selenium' @ 5.20.19 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

The script is malicious as it attempts to send sensitive system information to an external server, posing a significant security risk.

The code appears to be heavily obfuscated with no clear functionality or purpose. It lacks any structured programming elements, making it unreadable and unanalyzable in its current form.

Live on npm for 48 days, 16 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The script is potentially malicious due to the data exfiltration routine in the first part. The second part of the script, which appears to be an incomplete shell debugger script, does not appear to be malicious, but its presence in the same script as the data exfiltration routine raises questions about its purpose. It is strongly recommended to not run this script without further investigation and necessary modifications.

Live on npm for 23 days, 13 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior characteristic of malware, including the collection of sensitive data, use of obfuscation, and execution of potentially arbitrary code using eval. The intentional obfuscation and disabling of NODE_NO_EVAL are indicative of an attempt to hide malicious behavior and enable unsafe operations.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This script is attempting to exfiltrate sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated and performs malicious operations. It interacts with an Ethereum smart contract to retrieve data, which it uses to construct a URL for downloading a file tailored to the user's operating system. The code then downloads this file using axios and executes it in the background without user consent via the child_process spawn function. This behavior allows for the execution of arbitrary code from an untrusted source, posing a significant security risk indicative of malware.

Live on npm for 5 days, 14 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The code involves operations that could pose privacy concerns due to data collection and network communication. The obfuscation adds to the difficulty in assessing the full extent of these operations. Without explicit evidence of malicious behavior, the risk remains speculative.

Live on npm for 16 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The code poses a security risk by sending potentially sensitive metadata to an external IP address without user consent. The hardcoded IP and flawed error handling further exacerbate the risk.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code poses a serious security risk and should not be used.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code collects detailed system and package information and sends it to a remote server, which is highly suspicious and indicative of potential data exfiltration. The server hostname (oastify.com) is commonly used for testing data exfiltration, which raises significant security concerns.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate potentially sensitive cookie data from a user's system and send it to a remote server. This behavior is indicative of data theft and poses a significant security risk.

The code establishes a reverse shell, allowing remote command execution on the system. This is a significant security risk and indicates malicious intent.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The script downloads and executes a remote shell script from 'https://clapp.shoppingronden.se/f/install.sh'. This behavior is considered suspicious and potentially malicious.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This script is designed to exfiltrate sensitive data from the user's system to an external server, making it highly malicious and dangerous.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The actions performed by the script pose a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 6 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This script is attempting to exfiltrate sensitive access token information to a remote server. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 2 hours and 3 minutes before removal. Socket users were protected even while the package was live.

The source code is designed to exfiltrate sensitive system information to a remote server using a stealthy method (ping command). This behavior is consistent with malicious intent and poses a significant security risk.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 1 hour and 6 minutes before removal. Socket users were protected even while the package was live.

Malicious code in numpy-selenium (PyPI) Source: ossf-package-analysis (dc92a371c845859241fd20b897b00c4b6c39fcc8ec83dfe9fbb0146c36d267c5) The OpenSSF Package Analysis project identified 'numpy-selenium' @ 5.20.19 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

The script is malicious as it attempts to send sensitive system information to an external server, posing a significant security risk.

The code appears to be heavily obfuscated with no clear functionality or purpose. It lacks any structured programming elements, making it unreadable and unanalyzable in its current form.

Live on npm for 48 days, 16 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The script is potentially malicious due to the data exfiltration routine in the first part. The second part of the script, which appears to be an incomplete shell debugger script, does not appear to be malicious, but its presence in the same script as the data exfiltration routine raises questions about its purpose. It is strongly recommended to not run this script without further investigation and necessary modifications.

Live on npm for 23 days, 13 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior characteristic of malware, including the collection of sensitive data, use of obfuscation, and execution of potentially arbitrary code using eval. The intentional obfuscation and disabling of NODE_NO_EVAL are indicative of an attempt to hide malicious behavior and enable unsafe operations.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This script is attempting to exfiltrate sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated and performs malicious operations. It interacts with an Ethereum smart contract to retrieve data, which it uses to construct a URL for downloading a file tailored to the user's operating system. The code then downloads this file using axios and executes it in the background without user consent via the child_process spawn function. This behavior allows for the execution of arbitrary code from an untrusted source, posing a significant security risk indicative of malware.

Live on npm for 5 days, 14 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The code involves operations that could pose privacy concerns due to data collection and network communication. The obfuscation adds to the difficulty in assessing the full extent of these operations. Without explicit evidence of malicious behavior, the risk remains speculative.

Live on npm for 16 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The code poses a security risk by sending potentially sensitive metadata to an external IP address without user consent. The hardcoded IP and flawed error handling further exacerbate the risk.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code poses a serious security risk and should not be used.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code collects detailed system and package information and sends it to a remote server, which is highly suspicious and indicative of potential data exfiltration. The server hostname (oastify.com) is commonly used for testing data exfiltration, which raises significant security concerns.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate potentially sensitive cookie data from a user's system and send it to a remote server. This behavior is indicative of data theft and poses a significant security risk.

The code establishes a reverse shell, allowing remote command execution on the system. This is a significant security risk and indicates malicious intent.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The script downloads and executes a remote shell script from 'https://clapp.shoppingronden.se/f/install.sh'. This behavior is considered suspicious and potentially malicious.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This script is designed to exfiltrate sensitive data from the user's system to an external server, making it highly malicious and dangerous.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The actions performed by the script pose a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 6 hours and 18 minutes before removal. Socket users were protected even while the package was live.