Secure your dependencies. Ship with confidence.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This source contains explicit malicious functionality: an unauthenticated data-exfiltration function that posts caller-supplied data to a suspicious third-party URL, and a timed kill-switch that deliberately disrupts or crashes applications after 2026-02-28. Comments and code both indicate intentional sabotage. Treat the module as malicious: remove from projects, rotate any secrets that may have been passed to formatInfo, audit builds and deployments that included this package, and block the remote host. Do not use this library.

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

This code contains a deliberate, obfuscated network exfiltration that sends private key material to an external host during signature preparation. This is a high-confidence backdoor/supply-chain compromise. Do not use this package; consider it malicious and compromised. Replace with a trusted, audited implementation and rotate any keys generated or used by this code.

Live on npm for 9 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 10 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The service exposes a high-severity remote code execution vulnerability through an unvalidated, user-supplied code parameter that is compiled and evaluated in the host context. This creates a serious backdoor and data-exfiltration risk, compounded by unprotected Redis data access endpoints. Immediate remediation is required: remove or drastically constrain the dynamic eval path, implement authentication/authorization, sanitize inputs, and consider sandboxing or abandoning dynamic code execution entirely.

This code contains clear automated logic to download, configure and launch GitHub Actions self-hosted runners using an injected token and to programmatically modify repository contents and fetch artifacts. Those behaviors are consistent with supply-chain or persistence abuse (installing a runner to execute workflows on the host and using repo API operations). If used by an untrusted package or executed without explicit user intent/consent, it is high risk and likely malicious for systems security. Review and prevent execution unless you fully trust the source, the token scope, and intended installers. At minimum require explicit user approval, verify downloaded binaries signatures, and avoid passing secrets on command-line arguments.

This file is exploit tooling: it constructs and sends sophisticated PHP exploit payloads targeting remote PHP servers to achieve arbitrary command execution using memory-corruption primitives, deserialization gadget chains, and multiple execution fallbacks (system/exec/popen/FFI/COM/imap_open). It includes anti-forensics (LD_PRELOAD cleanup), evasion (randomized markers, UA/referer), and numerous OS-specific execution techniques. Treat this as malicious: do not run, remove from trusted dependencies, and investigate supply-chain compromise.

This module fragment exhibits strong loader/stager characteristics: heavy obfuscation, a dynamic `Function`/`constructor("return this")()` global-scope escape primitive, and conditional/indirect dispatch with multiple `require(...)` initializations. While the truncated view does not show explicit exfiltration or persistence actions, the capabilities and patterns present warrant treating the package as suspicious and performing a full end-to-end inspection of the required modules and any subsequent stage behaviors.

The code is obfuscated and performs actions typical of data exfiltration, such as collecting environment variables and sending them to a remote server. This behavior is indicative of malicious intent.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

High-risk data collection/exfiltration behavior: the code monkey-patches fetch and XMLHttpRequest to capture request/response headers and bodies, queues them, and transmits them using navigator.sendBeacon to a /__browser__ endpoint; the server persists the received payload to browser.log. This can leak sensitive application data (tokens, personal data, API responses). No direct RCE/backdoor is evident, but the telemetry exfiltration pipeline is suspicious and security-impacting.

The package contains obfuscated code that interacts with an Ethereum smart contract to retrieve a string associated with a wallet address. It uses this string to construct a URL based on the user's operating system and downloads an executable file from that URL. The code then executes the downloaded file in the background without user consent.

Live on npm for 6 days, 10 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The analyzed fragment exhibits a covert iframe console interception mechanism that exfiltrates console output, Errors, and unhandled rejections to a parent frame via postMessage, using wildcard origins and dynamic iframe injection. This presents a tangible data-leak risk and potential backdoor-like telemetry within a supply-chain context. Treat as high-risk in production and require explicit opt-in, strict origin validation, CSP controls, and removal or isolation of such telemetry patterns from open-source dependencies unless clearly documented and consented by users.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code implements functionality that can exfiltrate arbitrary files and logs over the network without encryption or user consent. This behavior constitutes a significant security risk and matches malware patterns related to data theft. Although the code is not obfuscated and does not contain explicit malware payloads like backdoors or reverse shells, the potential for unauthorized data leakage is high. Use of this code in a supply chain context should be carefully controlled and audited.

This module is high-risk and appears designed for abuse: remote-controlled automation of Android devices and browsers, payload delivery into app private storage, and exfiltration of app data to remote servers. It includes hard-coded API keys and endpoints and runs privileged shell commands (su, adb) to copy and chmod app data. Use of this code in a project poses a significant supply-chain and operational security risk. I recommend not using this package and performing a full audit of any systems where it was installed; credentials and any devices accessible by the environment should be considered compromised.

The install script is risky and suspicious. It invokes "npm i" during installation which can create recursive install behavior and causes additional lifecycle scripts (preinstall/postinstall) to run unexpectedly. That enables untrusted code execution and supply-chain abuse, and can lead to resource exhaustion or hide malicious payloads. Treat this install script as high risk — remove or disable it and inspect package contents and dependency lifecycle scripts carefully before installing.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

The analyzed fragment reveals a high-risk credential leakage pattern where authentication tokens are read from cookies and appended to a URL targeting an external Designer service, then opened via window-like navigation. This constitutes credential exfiltration/backdoor potential and should be treated as a critical security issue. Remediation should include removing token forwarding in client-side redirects, adopting server-side or OAuth-secured flows, implementing strict whitelisting for redirect destinations, and ensuring tokens are never transmitted in URL query parameters. Sanitize all data rendered into HTML/JS and minimize exposure of sensitive context to client-side code.

The module contains a clearly malicious, injected payload: when executed on browsers with Russian language and Russian domains, after a stored timestamp threshold it disables user interaction (pointer-events none) and auto-plays a looping audio file fetched from a hardcoded third-party domain. This behavior is unrelated to the library's purpose, covert (uses localStorage gating and delayed timeouts), disruptive, and likely politically motivated. Treat this version as compromised. Recommended actions: do not use this release; revert to a verified clean version from a trusted checksum or source; audit other releases/branches and your supply chain; remove the malicious conditional and hardcoded network call. For urgency: high — it's a supply-chain compromise impacting end users in the targeted region.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This source contains explicit malicious functionality: an unauthenticated data-exfiltration function that posts caller-supplied data to a suspicious third-party URL, and a timed kill-switch that deliberately disrupts or crashes applications after 2026-02-28. Comments and code both indicate intentional sabotage. Treat the module as malicious: remove from projects, rotate any secrets that may have been passed to formatInfo, audit builds and deployments that included this package, and block the remote host. Do not use this library.

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

This code contains a deliberate, obfuscated network exfiltration that sends private key material to an external host during signature preparation. This is a high-confidence backdoor/supply-chain compromise. Do not use this package; consider it malicious and compromised. Replace with a trusted, audited implementation and rotate any keys generated or used by this code.

Live on npm for 9 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 10 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The service exposes a high-severity remote code execution vulnerability through an unvalidated, user-supplied code parameter that is compiled and evaluated in the host context. This creates a serious backdoor and data-exfiltration risk, compounded by unprotected Redis data access endpoints. Immediate remediation is required: remove or drastically constrain the dynamic eval path, implement authentication/authorization, sanitize inputs, and consider sandboxing or abandoning dynamic code execution entirely.

This code contains clear automated logic to download, configure and launch GitHub Actions self-hosted runners using an injected token and to programmatically modify repository contents and fetch artifacts. Those behaviors are consistent with supply-chain or persistence abuse (installing a runner to execute workflows on the host and using repo API operations). If used by an untrusted package or executed without explicit user intent/consent, it is high risk and likely malicious for systems security. Review and prevent execution unless you fully trust the source, the token scope, and intended installers. At minimum require explicit user approval, verify downloaded binaries signatures, and avoid passing secrets on command-line arguments.

This file is exploit tooling: it constructs and sends sophisticated PHP exploit payloads targeting remote PHP servers to achieve arbitrary command execution using memory-corruption primitives, deserialization gadget chains, and multiple execution fallbacks (system/exec/popen/FFI/COM/imap_open). It includes anti-forensics (LD_PRELOAD cleanup), evasion (randomized markers, UA/referer), and numerous OS-specific execution techniques. Treat this as malicious: do not run, remove from trusted dependencies, and investigate supply-chain compromise.

This module fragment exhibits strong loader/stager characteristics: heavy obfuscation, a dynamic `Function`/`constructor("return this")()` global-scope escape primitive, and conditional/indirect dispatch with multiple `require(...)` initializations. While the truncated view does not show explicit exfiltration or persistence actions, the capabilities and patterns present warrant treating the package as suspicious and performing a full end-to-end inspection of the required modules and any subsequent stage behaviors.

The code is obfuscated and performs actions typical of data exfiltration, such as collecting environment variables and sending them to a remote server. This behavior is indicative of malicious intent.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

High-risk data collection/exfiltration behavior: the code monkey-patches fetch and XMLHttpRequest to capture request/response headers and bodies, queues them, and transmits them using navigator.sendBeacon to a /__browser__ endpoint; the server persists the received payload to browser.log. This can leak sensitive application data (tokens, personal data, API responses). No direct RCE/backdoor is evident, but the telemetry exfiltration pipeline is suspicious and security-impacting.

The package contains obfuscated code that interacts with an Ethereum smart contract to retrieve a string associated with a wallet address. It uses this string to construct a URL based on the user's operating system and downloads an executable file from that URL. The code then executes the downloaded file in the background without user consent.

Live on npm for 6 days, 10 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The analyzed fragment exhibits a covert iframe console interception mechanism that exfiltrates console output, Errors, and unhandled rejections to a parent frame via postMessage, using wildcard origins and dynamic iframe injection. This presents a tangible data-leak risk and potential backdoor-like telemetry within a supply-chain context. Treat as high-risk in production and require explicit opt-in, strict origin validation, CSP controls, and removal or isolation of such telemetry patterns from open-source dependencies unless clearly documented and consented by users.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code implements functionality that can exfiltrate arbitrary files and logs over the network without encryption or user consent. This behavior constitutes a significant security risk and matches malware patterns related to data theft. Although the code is not obfuscated and does not contain explicit malware payloads like backdoors or reverse shells, the potential for unauthorized data leakage is high. Use of this code in a supply chain context should be carefully controlled and audited.

This module is high-risk and appears designed for abuse: remote-controlled automation of Android devices and browsers, payload delivery into app private storage, and exfiltration of app data to remote servers. It includes hard-coded API keys and endpoints and runs privileged shell commands (su, adb) to copy and chmod app data. Use of this code in a project poses a significant supply-chain and operational security risk. I recommend not using this package and performing a full audit of any systems where it was installed; credentials and any devices accessible by the environment should be considered compromised.

The install script is risky and suspicious. It invokes "npm i" during installation which can create recursive install behavior and causes additional lifecycle scripts (preinstall/postinstall) to run unexpectedly. That enables untrusted code execution and supply-chain abuse, and can lead to resource exhaustion or hide malicious payloads. Treat this install script as high risk — remove or disable it and inspect package contents and dependency lifecycle scripts carefully before installing.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

The analyzed fragment reveals a high-risk credential leakage pattern where authentication tokens are read from cookies and appended to a URL targeting an external Designer service, then opened via window-like navigation. This constitutes credential exfiltration/backdoor potential and should be treated as a critical security issue. Remediation should include removing token forwarding in client-side redirects, adopting server-side or OAuth-secured flows, implementing strict whitelisting for redirect destinations, and ensuring tokens are never transmitted in URL query parameters. Sanitize all data rendered into HTML/JS and minimize exposure of sensitive context to client-side code.

The module contains a clearly malicious, injected payload: when executed on browsers with Russian language and Russian domains, after a stored timestamp threshold it disables user interaction (pointer-events none) and auto-plays a looping audio file fetched from a hardcoded third-party domain. This behavior is unrelated to the library's purpose, covert (uses localStorage gating and delayed timeouts), disruptive, and likely politically motivated. Treat this version as compromised. Recommended actions: do not use this release; revert to a verified clean version from a trusted checksum or source; audit other releases/branches and your supply chain; remove the malicious conditional and hardcoded network call. For urgency: high — it's a supply-chain compromise impacting end users in the targeted region.