Secure your dependencies. Ship with confidence.

This file is encrypted with PyArmor

The script runs a custom command 'webrcli installFromPackageJson' which is not a standard npm or Node.js command. Further investigation is needed to determine the safety and purpose of this command.

Live on npm for 5 days, 2 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The script sends potentially sensitive system information over the network without clear user consent, indicating a privacy risk. No malicious intent or obfuscation is observed, but the privacy implications warrant a risk score of 0.6 and a malware score of 0.7.

Live on npm for 2 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package.json content, and sends it to a remote server.

Live on npm for 19 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious and poses a significant security risk. It should be removed immediately from any system it is found on.

The script collects information like package details, directory paths, hostname, username, DNS servers, and package.json contents and sends it to a remote server.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The provided code contains several anomalies, such as unusual module names and method calls, which could indicate potential obfuscation or non-standard behavior. Without more context or access to the imported modules, it's difficult to conclusively determine if the code is malicious. However, the irregularities suggest a need for further investigation.

Live on npm for 56 days, 16 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code appears to be exfiltrating sensitive information to a remote server with a suspicious domain name, indicating likely malicious intent or at least a serious privacy issue. It is sending detailed system and user information without apparent consent.

Live on npm for 2 days, 7 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior, specifically token and potential credential exfiltration to an external server. The presence of hardcoded URLs to post user tokens and the use of eval() function are definitive indicators of malicious intent.

Live on npm for 10 days, 4 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code's inclusion of a network communication sending encoded environment data to a suspiciously named domain raises concerns about data exfiltration. Given the sensitive nature of environment variables, this behavior could be potentially harmful.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code exhibits risky behavior with the automatic fetching and executing of updates from an untrusted source and insufficiently secure handling of sensitive data. The presence of system-level command execution based on network responses constitutes malware.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This code collects various system information and sends it to a remote server via an HTTPS request. The purpose of this tracking data collection is unclear from the provided code. However, it could potentially be used for legitimate analytics or monitoring purposes. The lack of error handling and the inclusion of sensitive information such as the user's home directory and DNS servers raise some security concerns. Further investigation and review of the remote server and its purpose are necessary to determine if this behavior is malicious or not.

Live on npm for 29 days and 16 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script collects system information, such as hostname, platform, user info, and current working directory, then sends it to a remote server.

Live on npm for 4 days, 14 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This script pings a remote URL using the 'ping' command. While this may not be malicious, it is suspicious and could be used to exfiltrate data or perform other malicious actions.

Live on npm for 30 days, 20 hours and 27 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several modules with unconventional and potentially suspicious names. The purpose of these modules is unclear without further inspection. The `createSentence` function is defined but not used. The code logs the output of a `functame` method from each module, which could be harmless or potentially malicious depending on the actual implementation of these modules. There is no direct evidence of malicious behavior in the given snippet, but further investigation into the imported modules is warranted.

Live on npm for 56 days, 13 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This file is encrypted with PyArmor

This file is encrypted with PyArmor

The script runs a custom command 'webrcli installFromPackageJson' which is not a standard npm or Node.js command. Further investigation is needed to determine the safety and purpose of this command.

Live on npm for 5 days, 2 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The script sends potentially sensitive system information over the network without clear user consent, indicating a privacy risk. No malicious intent or obfuscation is observed, but the privacy implications warrant a risk score of 0.6 and a malware score of 0.7.

Live on npm for 2 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package.json content, and sends it to a remote server.

Live on npm for 19 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious and poses a significant security risk. It should be removed immediately from any system it is found on.

The script collects information like package details, directory paths, hostname, username, DNS servers, and package.json contents and sends it to a remote server.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The provided code contains several anomalies, such as unusual module names and method calls, which could indicate potential obfuscation or non-standard behavior. Without more context or access to the imported modules, it's difficult to conclusively determine if the code is malicious. However, the irregularities suggest a need for further investigation.

Live on npm for 56 days, 16 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code appears to be exfiltrating sensitive information to a remote server with a suspicious domain name, indicating likely malicious intent or at least a serious privacy issue. It is sending detailed system and user information without apparent consent.

Live on npm for 2 days, 7 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior, specifically token and potential credential exfiltration to an external server. The presence of hardcoded URLs to post user tokens and the use of eval() function are definitive indicators of malicious intent.

Live on npm for 10 days, 4 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code's inclusion of a network communication sending encoded environment data to a suspiciously named domain raises concerns about data exfiltration. Given the sensitive nature of environment variables, this behavior could be potentially harmful.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code exhibits risky behavior with the automatic fetching and executing of updates from an untrusted source and insufficiently secure handling of sensitive data. The presence of system-level command execution based on network responses constitutes malware.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This code collects various system information and sends it to a remote server via an HTTPS request. The purpose of this tracking data collection is unclear from the provided code. However, it could potentially be used for legitimate analytics or monitoring purposes. The lack of error handling and the inclusion of sensitive information such as the user's home directory and DNS servers raise some security concerns. Further investigation and review of the remote server and its purpose are necessary to determine if this behavior is malicious or not.

Live on npm for 29 days and 16 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script collects system information, such as hostname, platform, user info, and current working directory, then sends it to a remote server.

Live on npm for 4 days, 14 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This script pings a remote URL using the 'ping' command. While this may not be malicious, it is suspicious and could be used to exfiltrate data or perform other malicious actions.

Live on npm for 30 days, 20 hours and 27 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several modules with unconventional and potentially suspicious names. The purpose of these modules is unclear without further inspection. The `createSentence` function is defined but not used. The code logs the output of a `functame` method from each module, which could be harmless or potentially malicious depending on the actual implementation of these modules. There is no direct evidence of malicious behavior in the given snippet, but further investigation into the imported modules is warranted.

Live on npm for 56 days, 13 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This file is encrypted with PyArmor