Secure your dependencies. Ship with confidence.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 49 minutes before removal. Socket users were protected even while the package was live.

The provided source code is highly malicious as it sets up a reverse shell, allowing unauthorized remote access and control over the system. This poses a severe security risk.

Live on npm for 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated and performs suspicious activities such as copying a file to a system directory and executing it with elevated privileges. This behavior, combined with the obfuscation, suggests a high likelihood of malicious intent.

The 'commandSpawn' function is vulnerable to command injection and other shell-based exploits due to the lack of input validation and output sanitization. The package should be used with caution and additional security measures should be taken to mitigate the risk of shell-based exploits.

Live on npm for 9 hours and 35 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

The code is collecting and transmitting sensitive system and user data to an external server without user consent, which is indicative of malicious behavior. The use of HTTPS on port 80 is also suspicious. Immediate action is recommended to prevent potential data breaches.

Live on npm for 13 days, 13 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This install script poses a significant security risk as it downloads and executes a script from an untrusted source without any validation. This behavior is highly suspicious and likely malicious.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior consistent with data exfiltration, sending sensitive system and project information to external servers. This indicates a high risk of malicious activity.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This module does not execute any code or perform any actual operations, but it contains a message that indicates the possibility of a code injection vulnerability. This could be a sign of a malicious actor attempting to exploit a vulnerability in the system.

Live on npm for 12 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code is highly suspicious and likely malicious. It collects sensitive system information and attempts to send it to an external server via DNS queries using the ping command. The hardcoded ID and use of Base64 encoding further indicate an attempt to obfuscate the data being sent. Immediate review and remediation are recommended.

The code exhibits malicious behavior by collecting and exfiltrating sensitive system information to a remote server, posing a significant security risk.

Live on npm for 1 day, 2 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This script poses a high security risk as it downloads and executes a remote shell script. This behavior is commonly associated with malware and should be considered highly suspicious.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by exfiltrating system data to a suspicious domain. The hardcoded DNS server and the method of data transmission indicate a high risk of data theft and unauthorized access. The overall security posture of this code is extremely concerning.

Live on npm for 20 days, 17 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 18 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several external libraries with unusual names and calls a function `functame` from each one. Without access to the contents of these libraries, it's impossible to determine if this code has malicious intent. The unusual names and lack of clear functionality explanation raise a potential red flag, but there is insufficient information to conclude definitively. This fragment could be benign or it could be a wrapper for malicious activities hidden in the libraries.

Live on npm for 56 days, 15 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The script is likely malicious. It gathers extensive system information, including sensitive data, and sends it to an external server without consent. The presence of a hardcoded domain that is unrelated to the user or a known service is a strong indicator of a data exfiltration attempt.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 4 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code has several serious security concerns including the use of unsafe serialization via pickle, untrusted command execution, and a lack of validation for network inputs. Given the potential for arbitrary code execution and system compromise, this code should not be used as is.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 4 hours and 30 minutes before removal. Socket users were protected even while the package was live.

The script downloads a file from a remote server and includes system information in the URL. This behavior is highly suspicious and potentially malicious.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

This code fragment has a high security risk due to the potential privacy violation and the use of obfuscation. The code collects and sends potentially sensitive information to an unknown third-party server, which is a cause for concern. The use of a hidden property and the lack of an error handler also suggest that this code may be intentionally obfuscated. Caution should be exercised when using this code.

Live on npm for 4 days, 16 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior by sending local machine data and potentially sensitive project information (package.json content) to remote servers. This indicates potential data exfiltration.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 49 minutes before removal. Socket users were protected even while the package was live.

The provided source code is highly malicious as it sets up a reverse shell, allowing unauthorized remote access and control over the system. This poses a severe security risk.

Live on npm for 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated and performs suspicious activities such as copying a file to a system directory and executing it with elevated privileges. This behavior, combined with the obfuscation, suggests a high likelihood of malicious intent.

The 'commandSpawn' function is vulnerable to command injection and other shell-based exploits due to the lack of input validation and output sanitization. The package should be used with caution and additional security measures should be taken to mitigate the risk of shell-based exploits.

Live on npm for 9 hours and 35 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

The code is collecting and transmitting sensitive system and user data to an external server without user consent, which is indicative of malicious behavior. The use of HTTPS on port 80 is also suspicious. Immediate action is recommended to prevent potential data breaches.

Live on npm for 13 days, 13 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This install script poses a significant security risk as it downloads and executes a script from an untrusted source without any validation. This behavior is highly suspicious and likely malicious.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior consistent with data exfiltration, sending sensitive system and project information to external servers. This indicates a high risk of malicious activity.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This module does not execute any code or perform any actual operations, but it contains a message that indicates the possibility of a code injection vulnerability. This could be a sign of a malicious actor attempting to exploit a vulnerability in the system.

Live on npm for 12 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code is highly suspicious and likely malicious. It collects sensitive system information and attempts to send it to an external server via DNS queries using the ping command. The hardcoded ID and use of Base64 encoding further indicate an attempt to obfuscate the data being sent. Immediate review and remediation are recommended.

The code exhibits malicious behavior by collecting and exfiltrating sensitive system information to a remote server, posing a significant security risk.

Live on npm for 1 day, 2 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This script poses a high security risk as it downloads and executes a remote shell script. This behavior is commonly associated with malware and should be considered highly suspicious.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by exfiltrating system data to a suspicious domain. The hardcoded DNS server and the method of data transmission indicate a high risk of data theft and unauthorized access. The overall security posture of this code is extremely concerning.

Live on npm for 20 days, 17 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 18 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several external libraries with unusual names and calls a function `functame` from each one. Without access to the contents of these libraries, it's impossible to determine if this code has malicious intent. The unusual names and lack of clear functionality explanation raise a potential red flag, but there is insufficient information to conclude definitively. This fragment could be benign or it could be a wrapper for malicious activities hidden in the libraries.

Live on npm for 56 days, 15 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The script is likely malicious. It gathers extensive system information, including sensitive data, and sends it to an external server without consent. The presence of a hardcoded domain that is unrelated to the user or a known service is a strong indicator of a data exfiltration attempt.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 4 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code has several serious security concerns including the use of unsafe serialization via pickle, untrusted command execution, and a lack of validation for network inputs. Given the potential for arbitrary code execution and system compromise, this code should not be used as is.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 4 hours and 30 minutes before removal. Socket users were protected even while the package was live.

The script downloads a file from a remote server and includes system information in the URL. This behavior is highly suspicious and potentially malicious.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

This code fragment has a high security risk due to the potential privacy violation and the use of obfuscation. The code collects and sends potentially sensitive information to an unknown third-party server, which is a cause for concern. The use of a hidden property and the lack of an error handler also suggest that this code may be intentionally obfuscated. Caution should be exercised when using this code.

Live on npm for 4 days, 16 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior by sending local machine data and potentially sensitive project information (package.json content) to remote servers. This indicates potential data exfiltration.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.