Secure your dependencies. Ship with confidence.

While the code is designed for a specific purpose, it has several security risks including potential for code injection, unsecured handling of sensitive data, and allowing unvalidated AppState changes. Users of this code should be aware of these risks.

Live on npm for 16 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

The code is exfiltrating sensitive system information and file contents to remote servers, which is a clear indication of malicious behavior. The risk is high due to the unauthorized data exfiltration and potential for misuse.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates potentially malicious behavior by exfiltrating system data to an external server and disabling TLS verification, posing a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The script sends system information to a potentially illegitimate remote server without user consent, making it a security risk and should not be used.

This code poses a serious security risk and should not be used.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

The code is malicious as it exfiltrates sensitive system and user data to external servers without user consent. This poses a significant security risk.

Live on npm for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.

The script performs system reconnaissance and exfiltrates sensitive data to a remote server. While it doesn't perform system damage or unauthorized control, it does invade privacy and steals sensitive data, hence it can be considered malicious. Caution is advised when dealing with this script.

Malicious code in consumerweb-analytics (npm) Source: ghsa-malware (8a305f82cc2741c2ae03cb5ca5d121a5a1005f11980a47e2f69a8e18dae7036f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The code imports modules for HTTP requests (axios), form data handling (form-data), and ZIP file creation (jszip). It defines functions that collect data—including zipped image files from 'runners' and JSON data containing 'minimizer' and 'fuzzer' information—and sends it to an external server using HTTP POST requests via axios. The destination URL is constructed by reversing and Base64-decoding an encoded string, resulting in an obfuscated URL that resolves to an external server at IP address 135[.]148[.]42[.]232 on port 443 (e.g., 'http://135[.]148[.]42[.]232:443/api1'). This obfuscation hides the true destination of the data, making it difficult to verify the legitimacy of the server receiving the information. The code's behavior indicates potential data exfiltration and malicious intent, aligning with the characteristics of malware.

Possible typosquat of azure azure-graphrbac is a malicious package that exfiltrates system (Ex - hostname) and project details to external servers.

Live on npm for 7 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate environment variables to a remote server, which is a clear indication of malicious behavior. The reports provided were not useful and did not contain any meaningful analysis or scores.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code exhibits highly malicious behavior consistent with information-stealing malware. It is designed to collect sensitive data from a user's system and exfiltrate it to an attacker-controlled server. This code should not be used under any circumstances.

Live on PyPI for 8 days, 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to a remote server without user consent. The use of 'rejectUnauthorized: false' further increases the security risk. The domain used for data transmission is potentially suspicious, warranting a high malware and security risk score.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

The code is malicious, performing data exfiltration by sending environment variables to a remote server. It is heavily obfuscated and engages in suspicious network activity, including fallback mechanisms to ensure data exfiltration.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is potentially harmful as it collects sensitive system information and sends it to a remote server without explicit user consent. The remote server URL is hard-coded and looks suspicious, which increases the risk of data leakage or cyber attack.

The analyzed code is a module that provides functions for retrieving information from Instagram and Facebook URLs. It uses the 'instatouch' and 'axios' libraries to make HTTP requests and extract the desired information. The code includes some anomalies such as the cloning of a GitHub repository and the execution of shell commands, as well as direct access to stdout and string manipulation without proper validation. These anomalies could indicate potentially suspicious behavior or security risks. However, without further context about the purpose and usage of this code, it is difficult to determine the exact intention or assess the overall security risk. Further investigation and analysis would be necessary to make a more accurate assessment.

Live on npm for 29 days, 9 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The script is engaging in potentially malicious activities by collecting sensitive information and sending it to suspicious external domains. This poses a significant security risk and should be addressed immediately.

Live on npm for 12 days, 13 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 2 hours and 49 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk due to potential command injection vulnerabilities from unvalidated inputs. There is no indication of malicious intent, but the risk is high due to the use of os.system() with user-provided inputs.

The source code exhibits multiple malicious behaviors typical of a Remote Access Trojan (RAT), including data exfiltration, remote command execution, and unauthorized access to system resources. The use of obfuscation further suggests an intent to conceal these activities. This code poses a significant security risk and should be treated as a serious threat.

Live on npm for 1 hour and 20 minutes before removal. Socket users were protected even while the package was live.

While the code is designed for a specific purpose, it has several security risks including potential for code injection, unsecured handling of sensitive data, and allowing unvalidated AppState changes. Users of this code should be aware of these risks.

Live on npm for 16 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

The code is exfiltrating sensitive system information and file contents to remote servers, which is a clear indication of malicious behavior. The risk is high due to the unauthorized data exfiltration and potential for misuse.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates potentially malicious behavior by exfiltrating system data to an external server and disabling TLS verification, posing a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The script sends system information to a potentially illegitimate remote server without user consent, making it a security risk and should not be used.

This code poses a serious security risk and should not be used.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

The code is malicious as it exfiltrates sensitive system and user data to external servers without user consent. This poses a significant security risk.

Live on npm for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.

The script performs system reconnaissance and exfiltrates sensitive data to a remote server. While it doesn't perform system damage or unauthorized control, it does invade privacy and steals sensitive data, hence it can be considered malicious. Caution is advised when dealing with this script.

Malicious code in consumerweb-analytics (npm) Source: ghsa-malware (8a305f82cc2741c2ae03cb5ca5d121a5a1005f11980a47e2f69a8e18dae7036f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The code imports modules for HTTP requests (axios), form data handling (form-data), and ZIP file creation (jszip). It defines functions that collect data—including zipped image files from 'runners' and JSON data containing 'minimizer' and 'fuzzer' information—and sends it to an external server using HTTP POST requests via axios. The destination URL is constructed by reversing and Base64-decoding an encoded string, resulting in an obfuscated URL that resolves to an external server at IP address 135[.]148[.]42[.]232 on port 443 (e.g., 'http://135[.]148[.]42[.]232:443/api1'). This obfuscation hides the true destination of the data, making it difficult to verify the legitimacy of the server receiving the information. The code's behavior indicates potential data exfiltration and malicious intent, aligning with the characteristics of malware.

Possible typosquat of azure azure-graphrbac is a malicious package that exfiltrates system (Ex - hostname) and project details to external servers.

Live on npm for 7 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate environment variables to a remote server, which is a clear indication of malicious behavior. The reports provided were not useful and did not contain any meaningful analysis or scores.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code exhibits highly malicious behavior consistent with information-stealing malware. It is designed to collect sensitive data from a user's system and exfiltrate it to an attacker-controlled server. This code should not be used under any circumstances.

Live on PyPI for 8 days, 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to a remote server without user consent. The use of 'rejectUnauthorized: false' further increases the security risk. The domain used for data transmission is potentially suspicious, warranting a high malware and security risk score.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

The code is malicious, performing data exfiltration by sending environment variables to a remote server. It is heavily obfuscated and engages in suspicious network activity, including fallback mechanisms to ensure data exfiltration.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is potentially harmful as it collects sensitive system information and sends it to a remote server without explicit user consent. The remote server URL is hard-coded and looks suspicious, which increases the risk of data leakage or cyber attack.

The analyzed code is a module that provides functions for retrieving information from Instagram and Facebook URLs. It uses the 'instatouch' and 'axios' libraries to make HTTP requests and extract the desired information. The code includes some anomalies such as the cloning of a GitHub repository and the execution of shell commands, as well as direct access to stdout and string manipulation without proper validation. These anomalies could indicate potentially suspicious behavior or security risks. However, without further context about the purpose and usage of this code, it is difficult to determine the exact intention or assess the overall security risk. Further investigation and analysis would be necessary to make a more accurate assessment.

Live on npm for 29 days, 9 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The script is engaging in potentially malicious activities by collecting sensitive information and sending it to suspicious external domains. This poses a significant security risk and should be addressed immediately.

Live on npm for 12 days, 13 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 2 hours and 49 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk due to potential command injection vulnerabilities from unvalidated inputs. There is no indication of malicious intent, but the risk is high due to the use of os.system() with user-provided inputs.

The source code exhibits multiple malicious behaviors typical of a Remote Access Trojan (RAT), including data exfiltration, remote command execution, and unauthorized access to system resources. The use of obfuscation further suggests an intent to conceal these activities. This code poses a significant security risk and should be treated as a serious threat.

Live on npm for 1 hour and 20 minutes before removal. Socket users were protected even while the package was live.