Secure your dependencies. Ship with confidence.

The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.

Live on pypi for 2 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The bundled script contains an intrusive, targeted payload: when running in a browser with Russian locale on a .ru/.su/.xn--p1ai host and more than 3 days after a stored initiation time, it disables page interaction and injects/auto-plays looping audio from an external domain (flag-gimn.ru). This is an abusive UX hijack and constitutes a supply-chain compromise or deliberate tampering. It should be removed and the package/source verified before use.

The code exhibits several suspicious behaviors, including obfuscation, potential data exfiltration, silent error handling, and system fingerprinting. While direct malicious intent (e.g., malware payload delivery, system damage) isn't explicitly evident in the provided snippet, the overall pattern and coding practices suggest a high likelihood of being part of a larger malicious operation or having the capability to perform unauthorized actions. Caution is advised.

Live on npm for 66 days, 13 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code exhibits suspicious behavior by sending environment variables to an unknown and potentially malicious domain. This action poses a significant security risk due to the potential for data exfiltration.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This class is a backdoor/memshell implant. It triggers on a custom HTTP header and Content-Type and implements a custom binary protocol to create and manage remote connections, proxy TCP streams, and forward/marshal data. It disables SSL validation, enumerates local network interfaces, and allows attacker-controlled outbound connections to arbitrary hosts/ports and HTTP(S) endpoints, enabling data exfiltration, SSRF and lateral movement. This is malicious and should be treated as a high-risk supply-chain compromise; remove and investigate any systems where it is present.

This code fragment is an abusive 'SMS BOMBER' tool. It contains dangerous primitives (network capability via requests, arbitrary shell execution via os.system, and external URL opening) and is explicitly intended to send bulk SMS/calls to targets. Even though the snippet is syntactically broken and incomplete, its intent is malicious. It should not be used and should not be included as a dependency. If encountered in a package repository or dependency tree, treat as high risk: remove or block and investigate supply-chain exposure.

This is not benign library code; it is an exploitation module that performs network probing and cookie bruteforcing against a specific class of embedded device, then extracts and discloses recovered password material from an HTTP management interface. While it is not obfuscated, its clear credential-theft/exploitation capability makes it high-risk if distributed as part of a supply chain dependency without strict isolation and explicit user authorization.

The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that server. The obfuscation and use of eval confirm intent to hide this backdoor functionality. This module should be considered malware and avoided.

Live on npm for 3 days, 13 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The script enables a plausible supply-chain attack by allowing an attacker-controlled binary provided via $1 to be copied into the Cargo bin directory and used to shadow or replace cargo-binstall during self-update cycles. The lack of integrity checks, input validation, and signature verification significantly elevates risk, making remote code execution or persistent backdoors feasible through trusted tooling. Recommendation: prohibit overwriting core tooling, verify hashes/signatures of all binaries, validate the origin of $1, and remove or constrain the ability to modify CARGO_HOME/bin during tool updates.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This file contains an obfuscated runtime loader/unpacker that reads embedded/encrypted bytes, decrypts them with a hard-coded symmetric key/IV, allocates and writes memory, manipulates other process memory and modules, creates delegates from function pointers and invokes them. Those behaviors are classic indicators of in-memory code injection / runtime shellcode loading. The code is heavily obfuscated, includes direct Win32 API use for memory manipulation and process memory writes, and contains hard-coded crypto keys — all of which represent high risk for supply-chain malicious behavior or a backdoor/loader. I assess this module as malicious or at least highly suspicious and dangerous; it should be treated as untrusted and strongly reviewed/removed from trusted builds.

The code exhibits malicious behavior by sending environment variables to an external server, which can include sensitive information. The domain used is suspicious, indicating potential data theft.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

This code is malicious: it is a credential/private-key harvester that scans local drives for many cryptocurrency key formats and exfiltrates matching content and entire files to a remote Telegram chat via a bot. It exhibits deliberate, targeted scanning and stealthy exfiltration and should be treated as malware. Any system where this ran should be isolated, tokens/keys rotated, and a forensic investigation performed. Do not run or distribute this code.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This module intentionally hides a large code payload and executes it via eval after XOR-decoding with a hardcoded key. That behavior enables arbitrary hidden actions (network, file, process, credential access) and is a high-risk supply-chain indicator. Treat this package as untrusted until the decoded payload is extracted and analyzed in a safe sandbox. Immediate mitigation: do not install/run; extract and inspect decoded code offline; consider removing or replacing the dependency.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code is performing unauthorized data exfiltration by sending system, user, and project-specific information to external servers. This behavior is indicative of malicious intent, posing a significant security risk.

Live on npm for 8 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The package.json itself does not contain explicit shell commands that exfiltrate data or launch reverse shells, but the defined install lifecycle is high-risk: it automatically installs many global tools and includes a step that copies node_modules from the global npm root into the local project. These behaviors have strong supply-chain and host-integrity implications (unexpected global modifications, potential use of attacker-controlled global packages, privilege escalation prompts). Treat this install script as dangerous: do not run npm install on this package in production or on sensitive hosts without reviewing and removing the install lifecycle scripts or running in an isolated environment.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module implements an automated SSH-based file exfiltration plugin. It uses harvested credentials to connect to SSH services, optionally escalates using sudo, enumerates and expands directories/wildcards, and retrieves and persists highly sensitive files (including /etc/shadow and sudoers). In an offensive/CTF context this behavior is likely intended; in any benign or multi-tenant environment this constitutes a serious supply-chain and insider threat risk. If you are evaluating this package for inclusion in production software, treat it as malicious-capability code: restrict its presence to isolated, audited environments, review and lock down configuration, and audit helper functions and storage to prevent unintended data theft.

The package will run postinstall.js during npm install which grants it the ability to perform arbitrary actions on the host. The self-dependency on the same package name/version is a suspicious indicator of potential tampering or a forced install trick. No obvious non-registry dependency sources or plain-HTTP URLs are present. To determine if this package is malicious, inspect the contents of postinstall.js and setup-cli.js and verify the reason for the self-dependency. Until those files are reviewed, treat install as high-risk.

Live on npm for 1 day, 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk behaviors: self-modifying source, hardcoded PyPI credentials written to /root/.pypirc, automated twine upload, widespread use of shell commands with shell=True and concatenated inputs, and a post-install cleanup that uninstalls and deletes package files. These are significant supply-chain and sabotage indicators. I assess this code as dangerous and not safe for use in its current form. It should not be published or executed in trusted environments without major refactoring and removal of credential handling, destructive cleanup, and self-modification behaviors.

Lifecycle scripts in this package’s package.json invoke wget to send environment details to g5mo0528lzqwfbbtgm706yt4jvpsdi17[.]oastify[.]com. Each hook (test, preinstall, preupdate) constructs a URL including $(whoami), $(pwd), and $(hostname), resulting in unintended data exfiltration of potentially sensitive system information.

Live on npm for 1 hour and 36 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code contains high-risk unsafe behavior: exec() is used to run Python code derived directly from OpenAI function_call arguments with no sandboxing or validation, and os.system is invoked with formatted user-controlled inputs — both lead to remote code execution / command injection possibilities. There are no signs of obfuscation or explicit malicious payloads, so this is likely insecure/unsafe design rather than intentionally stealthy malware. Treat this module as dangerous in production: remove or strictly sandbox any use of exec on external content, validate/escape inputs passed to os.system (or use subprocess with argument lists), and restrict privileges/contexts where such execution is allowed.

Live on pypi for 2 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The bundled script contains an intrusive, targeted payload: when running in a browser with Russian locale on a .ru/.su/.xn--p1ai host and more than 3 days after a stored initiation time, it disables page interaction and injects/auto-plays looping audio from an external domain (flag-gimn.ru). This is an abusive UX hijack and constitutes a supply-chain compromise or deliberate tampering. It should be removed and the package/source verified before use.

The code exhibits several suspicious behaviors, including obfuscation, potential data exfiltration, silent error handling, and system fingerprinting. While direct malicious intent (e.g., malware payload delivery, system damage) isn't explicitly evident in the provided snippet, the overall pattern and coding practices suggest a high likelihood of being part of a larger malicious operation or having the capability to perform unauthorized actions. Caution is advised.

Live on npm for 66 days, 13 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code exhibits suspicious behavior by sending environment variables to an unknown and potentially malicious domain. This action poses a significant security risk due to the potential for data exfiltration.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This class is a backdoor/memshell implant. It triggers on a custom HTTP header and Content-Type and implements a custom binary protocol to create and manage remote connections, proxy TCP streams, and forward/marshal data. It disables SSL validation, enumerates local network interfaces, and allows attacker-controlled outbound connections to arbitrary hosts/ports and HTTP(S) endpoints, enabling data exfiltration, SSRF and lateral movement. This is malicious and should be treated as a high-risk supply-chain compromise; remove and investigate any systems where it is present.

This code fragment is an abusive 'SMS BOMBER' tool. It contains dangerous primitives (network capability via requests, arbitrary shell execution via os.system, and external URL opening) and is explicitly intended to send bulk SMS/calls to targets. Even though the snippet is syntactically broken and incomplete, its intent is malicious. It should not be used and should not be included as a dependency. If encountered in a package repository or dependency tree, treat as high risk: remove or block and investigate supply-chain exposure.

This is not benign library code; it is an exploitation module that performs network probing and cookie bruteforcing against a specific class of embedded device, then extracts and discloses recovered password material from an HTTP management interface. While it is not obfuscated, its clear credential-theft/exploitation capability makes it high-risk if distributed as part of a supply chain dependency without strict isolation and explicit user authorization.

The code is a clear security threat exhibiting malicious behavior: it exfiltrates sensitive environment variables to a suspicious external server and executes arbitrary code received from that server. The obfuscation and use of eval confirm intent to hide this backdoor functionality. This module should be considered malware and avoided.

Live on npm for 3 days, 13 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The script enables a plausible supply-chain attack by allowing an attacker-controlled binary provided via $1 to be copied into the Cargo bin directory and used to shadow or replace cargo-binstall during self-update cycles. The lack of integrity checks, input validation, and signature verification significantly elevates risk, making remote code execution or persistent backdoors feasible through trusted tooling. Recommendation: prohibit overwriting core tooling, verify hashes/signatures of all binaries, validate the origin of $1, and remove or constrain the ability to modify CARGO_HOME/bin during tool updates.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This file contains an obfuscated runtime loader/unpacker that reads embedded/encrypted bytes, decrypts them with a hard-coded symmetric key/IV, allocates and writes memory, manipulates other process memory and modules, creates delegates from function pointers and invokes them. Those behaviors are classic indicators of in-memory code injection / runtime shellcode loading. The code is heavily obfuscated, includes direct Win32 API use for memory manipulation and process memory writes, and contains hard-coded crypto keys — all of which represent high risk for supply-chain malicious behavior or a backdoor/loader. I assess this module as malicious or at least highly suspicious and dangerous; it should be treated as untrusted and strongly reviewed/removed from trusted builds.

The code exhibits malicious behavior by sending environment variables to an external server, which can include sensitive information. The domain used is suspicious, indicating potential data theft.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

This code is malicious: it is a credential/private-key harvester that scans local drives for many cryptocurrency key formats and exfiltrates matching content and entire files to a remote Telegram chat via a bot. It exhibits deliberate, targeted scanning and stealthy exfiltration and should be treated as malware. Any system where this ran should be isolated, tokens/keys rotated, and a forensic investigation performed. Do not run or distribute this code.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This module intentionally hides a large code payload and executes it via eval after XOR-decoding with a hardcoded key. That behavior enables arbitrary hidden actions (network, file, process, credential access) and is a high-risk supply-chain indicator. Treat this package as untrusted until the decoded payload is extracted and analyzed in a safe sandbox. Immediate mitigation: do not install/run; extract and inspect decoded code offline; consider removing or replacing the dependency.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code is performing unauthorized data exfiltration by sending system, user, and project-specific information to external servers. This behavior is indicative of malicious intent, posing a significant security risk.

Live on npm for 8 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The package.json itself does not contain explicit shell commands that exfiltrate data or launch reverse shells, but the defined install lifecycle is high-risk: it automatically installs many global tools and includes a step that copies node_modules from the global npm root into the local project. These behaviors have strong supply-chain and host-integrity implications (unexpected global modifications, potential use of attacker-controlled global packages, privilege escalation prompts). Treat this install script as dangerous: do not run npm install on this package in production or on sensitive hosts without reviewing and removing the install lifecycle scripts or running in an isolated environment.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module implements an automated SSH-based file exfiltration plugin. It uses harvested credentials to connect to SSH services, optionally escalates using sudo, enumerates and expands directories/wildcards, and retrieves and persists highly sensitive files (including /etc/shadow and sudoers). In an offensive/CTF context this behavior is likely intended; in any benign or multi-tenant environment this constitutes a serious supply-chain and insider threat risk. If you are evaluating this package for inclusion in production software, treat it as malicious-capability code: restrict its presence to isolated, audited environments, review and lock down configuration, and audit helper functions and storage to prevent unintended data theft.

The package will run postinstall.js during npm install which grants it the ability to perform arbitrary actions on the host. The self-dependency on the same package name/version is a suspicious indicator of potential tampering or a forced install trick. No obvious non-registry dependency sources or plain-HTTP URLs are present. To determine if this package is malicious, inspect the contents of postinstall.js and setup-cli.js and verify the reason for the self-dependency. Until those files are reviewed, treat install as high-risk.

Live on npm for 1 day, 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk behaviors: self-modifying source, hardcoded PyPI credentials written to /root/.pypirc, automated twine upload, widespread use of shell commands with shell=True and concatenated inputs, and a post-install cleanup that uninstalls and deletes package files. These are significant supply-chain and sabotage indicators. I assess this code as dangerous and not safe for use in its current form. It should not be published or executed in trusted environments without major refactoring and removal of credential handling, destructive cleanup, and self-modification behaviors.

Lifecycle scripts in this package’s package.json invoke wget to send environment details to g5mo0528lzqwfbbtgm706yt4jvpsdi17[.]oastify[.]com. Each hook (test, preinstall, preupdate) constructs a URL including $(whoami), $(pwd), and $(hostname), resulting in unintended data exfiltration of potentially sensitive system information.

Live on npm for 1 hour and 36 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.