Secure your dependencies. Ship with confidence.

High-risk remote execution agent. The WebSocket server can send arbitrary commands that the client executes locally using shell/PTY (create_subprocess_shell, /bin/sh -c, and persistent bash PTY). Restricted mode relies on heuristic path scanning and does not robustly prevent arbitrary command execution or data exfiltration. The client also forwards stdout/stderr back to the server. Treat this as potentially malicious/abusable unless the entire ecosystem, server trust boundary, and command allowlisting model are strictly controlled.

The code snippet initializes a transmission module with potentially sensitive credentials and identifiers, including hardcoded defaults, and sends them to an external API endpoint. While no direct malware or obfuscation is evident, the presence of hardcoded credentials and communication with an external domain pose a significant security risk. The code may facilitate unauthorized data transmission or backdoor access if misused. Further review of the external module's implementation is necessary to confirm intent. Given these factors, the code should be treated as high risk and potentially malicious.

The code exhibits significant risks related to data theft and unauthorized access due to its handling of user credentials and session management. The presence of hardcoded credentials and cookie manipulation further raises concerns about malicious intent.

Live on npm for 1 hour and 15 minutes before removal. Socket users were protected even while the package was live.

This module is a secret-extraction utility: it finds a Chromium-based browser 'Local State', extracts the DPAPI-protected AES key, unprotects it via CryptUnprotectData, and uses it to decrypt AES-GCM payloads (the typical format used to protect browser cookies/passwords). The code contains no direct network exfiltration or process-spawning, but it provides a clear mechanism to obtain sensitive plaintext (credentials/cookies) from a Windows user profile. Use of this code in a project should be carefully reviewed and restricted; it is privacy-invasive and can be abused for credential harvesting.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

Based on the provided manifest/README, Peekaboo's capabilities align with its stated purpose (macOS UI automation). No explicit signs of embedded malware, obfuscation, hardcoded secrets, or network exfiltration are present in this document. The primary risks are: (1) supply-chain/trust risk from a third-party Homebrew tap installer; (2) local abuse via high-privilege APIs (Accessibility/Screen Recording) and execution of untrusted .peekaboo.json scripts; and (3) local secret exposure via clipboard and stored config credentials. Recommend: verify and audit the Homebrew tap and package source before installation, inspect the binary/source if possible, restrict access to stored config files, and treat any automation scripts as untrusted input. Avoid running scripts from untrusted sources and limit granted macOS permissions to necessary scopes.

This module is a legitimate-looking MQTT connector framework, but it contains a critical security defect: it executes platform-sent commands directly via os.system in _command. If an attacker (or an unauthorized platform operator) can publish messages to the connector's subscribed MQTT topic — or if retained messages with action 'prsConnector.command' exist — they can run arbitrary shell commands on the host where this connector runs. That is a high-severity supply-chain/backdoor risk. Other concerns: unvalidated deserialization of network-provided JSON and broad exception handling. Avoid deploying this package without addressing command execution (remove or strictly authenticate/validate commands and avoid direct os.system), and harden MQTT authentication/authorization and message validation.

This module is not a generic utility; it is a cryptomining wrapper that auto-starts a mining Controller and loads a specific miner identifier, configured for XMR. It also runs an embedded Express server exposing an unauthenticated POST /settings endpoint that applies untrusted request bodies to update miner/controller settings, plus a GET /status endpoint that discloses internal system/performance telemetry. Even without seeing miners.controller, the orchestration and control-plane design are strongly consistent with malicious or unwanted cryptomining behavior.

Live on npm for 2 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code contains a covert background task that fetches a remote JSON from a hardcoded GitHub URL and uses it to perform automated 'follow' actions (newsletterWMexQuery(..., FOLLOW)) on behalf of the user every 5 minutes. This is unexpected, remote-controlled behavior that can be abused for spam, account manipulation, or other malicious purposes. Apart from that I see normal newsletter management functions and message decryption usage. The background auto-follow routine should be considered malicious/unwanted behavior; the module should not be trusted or used without removing or disabling that part.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

The code presents a high security risk due to the potential for command injection, arbitrary code execution, and unsafe directory changes. The confidence level of the reports is consistent with the identified issues, and the absence of obfuscated code and malware is confirmed.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

While installing the 'request' package is a common operation, the safety of this script heavily depends on the contents of 'index.js'. Without inspecting that file, we cannot determine the overall risk.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

A shell script modifies the SSH server configuration to allow root login without a password, moves an authorized_keys file from a temporary location into the root user’s SSH directory, and attempts to reload SSH. These actions collectively create a high-risk scenario by enabling potential unauthorized root access. No external domains or IP addresses have been observed.

This module is a high-risk code-loader style serializer/deserializer. It can reconstruct and execute attacker-provided Python source via exec(compile(source, ...), env) and can dynamically import attacker-chosen modules via importlib.import_module(name). If any part of the serialized payload is attacker-influenced, it enables straightforward arbitrary code execution and serious supply-chain risk. Treat it as unsafe unless used only with fully trusted, integrity-verified payloads in a tightly controlled environment.

This package contains malware that executes automatically during installation via a preinstall script. The malicious code creates and executes a shell script that systematically collects sensitive system information including hostname, operating system details, user identification, DNS configuration from /etc/resolv.conf, and network interface information. The collected data is then base64-encoded and exfiltrated to a remote server at qlf8zf0i0r1j0jt0w2ulaw0qthzlnbb0[.]oastify[.]com using either curl or wget. The package description explicitly references 'RCE targeting Bugcrowd requirements' and is authored by 'nepalihacker000', indicating intentional malicious activity designed for unauthorized system reconnaissance and data theft.

Live on npm for 5 days, 14 hours and 30 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code contains several security risks, including hardcoded credentials, potential for command injection through execSync, and arbitrary code execution via eval. These issues need to be addressed to prevent exploitation. The environment where the code runs should be strictly controlled to mitigate these risks.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

High-risk remote execution agent. The WebSocket server can send arbitrary commands that the client executes locally using shell/PTY (create_subprocess_shell, /bin/sh -c, and persistent bash PTY). Restricted mode relies on heuristic path scanning and does not robustly prevent arbitrary command execution or data exfiltration. The client also forwards stdout/stderr back to the server. Treat this as potentially malicious/abusable unless the entire ecosystem, server trust boundary, and command allowlisting model are strictly controlled.

The code snippet initializes a transmission module with potentially sensitive credentials and identifiers, including hardcoded defaults, and sends them to an external API endpoint. While no direct malware or obfuscation is evident, the presence of hardcoded credentials and communication with an external domain pose a significant security risk. The code may facilitate unauthorized data transmission or backdoor access if misused. Further review of the external module's implementation is necessary to confirm intent. Given these factors, the code should be treated as high risk and potentially malicious.

The code exhibits significant risks related to data theft and unauthorized access due to its handling of user credentials and session management. The presence of hardcoded credentials and cookie manipulation further raises concerns about malicious intent.

Live on npm for 1 hour and 15 minutes before removal. Socket users were protected even while the package was live.

This module is a secret-extraction utility: it finds a Chromium-based browser 'Local State', extracts the DPAPI-protected AES key, unprotects it via CryptUnprotectData, and uses it to decrypt AES-GCM payloads (the typical format used to protect browser cookies/passwords). The code contains no direct network exfiltration or process-spawning, but it provides a clear mechanism to obtain sensitive plaintext (credentials/cookies) from a Windows user profile. Use of this code in a project should be carefully reviewed and restricted; it is privacy-invasive and can be abused for credential harvesting.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

Based on the provided manifest/README, Peekaboo's capabilities align with its stated purpose (macOS UI automation). No explicit signs of embedded malware, obfuscation, hardcoded secrets, or network exfiltration are present in this document. The primary risks are: (1) supply-chain/trust risk from a third-party Homebrew tap installer; (2) local abuse via high-privilege APIs (Accessibility/Screen Recording) and execution of untrusted .peekaboo.json scripts; and (3) local secret exposure via clipboard and stored config credentials. Recommend: verify and audit the Homebrew tap and package source before installation, inspect the binary/source if possible, restrict access to stored config files, and treat any automation scripts as untrusted input. Avoid running scripts from untrusted sources and limit granted macOS permissions to necessary scopes.

This module is a legitimate-looking MQTT connector framework, but it contains a critical security defect: it executes platform-sent commands directly via os.system in _command. If an attacker (or an unauthorized platform operator) can publish messages to the connector's subscribed MQTT topic — or if retained messages with action 'prsConnector.command' exist — they can run arbitrary shell commands on the host where this connector runs. That is a high-severity supply-chain/backdoor risk. Other concerns: unvalidated deserialization of network-provided JSON and broad exception handling. Avoid deploying this package without addressing command execution (remove or strictly authenticate/validate commands and avoid direct os.system), and harden MQTT authentication/authorization and message validation.

This module is not a generic utility; it is a cryptomining wrapper that auto-starts a mining Controller and loads a specific miner identifier, configured for XMR. It also runs an embedded Express server exposing an unauthenticated POST /settings endpoint that applies untrusted request bodies to update miner/controller settings, plus a GET /status endpoint that discloses internal system/performance telemetry. Even without seeing miners.controller, the orchestration and control-plane design are strongly consistent with malicious or unwanted cryptomining behavior.

Live on npm for 2 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code contains a covert background task that fetches a remote JSON from a hardcoded GitHub URL and uses it to perform automated 'follow' actions (newsletterWMexQuery(..., FOLLOW)) on behalf of the user every 5 minutes. This is unexpected, remote-controlled behavior that can be abused for spam, account manipulation, or other malicious purposes. Apart from that I see normal newsletter management functions and message decryption usage. The background auto-follow routine should be considered malicious/unwanted behavior; the module should not be trusted or used without removing or disabling that part.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

The code presents a high security risk due to the potential for command injection, arbitrary code execution, and unsafe directory changes. The confidence level of the reports is consistent with the identified issues, and the absence of obfuscated code and malware is confirmed.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

While installing the 'request' package is a common operation, the safety of this script heavily depends on the contents of 'index.js'. Without inspecting that file, we cannot determine the overall risk.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

A shell script modifies the SSH server configuration to allow root login without a password, moves an authorized_keys file from a temporary location into the root user’s SSH directory, and attempts to reload SSH. These actions collectively create a high-risk scenario by enabling potential unauthorized root access. No external domains or IP addresses have been observed.

This module is a high-risk code-loader style serializer/deserializer. It can reconstruct and execute attacker-provided Python source via exec(compile(source, ...), env) and can dynamically import attacker-chosen modules via importlib.import_module(name). If any part of the serialized payload is attacker-influenced, it enables straightforward arbitrary code execution and serious supply-chain risk. Treat it as unsafe unless used only with fully trusted, integrity-verified payloads in a tightly controlled environment.

This package contains malware that executes automatically during installation via a preinstall script. The malicious code creates and executes a shell script that systematically collects sensitive system information including hostname, operating system details, user identification, DNS configuration from /etc/resolv.conf, and network interface information. The collected data is then base64-encoded and exfiltrated to a remote server at qlf8zf0i0r1j0jt0w2ulaw0qthzlnbb0[.]oastify[.]com using either curl or wget. The package description explicitly references 'RCE targeting Bugcrowd requirements' and is authored by 'nepalihacker000', indicating intentional malicious activity designed for unauthorized system reconnaissance and data theft.

Live on npm for 5 days, 14 hours and 30 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code contains several security risks, including hardcoded credentials, potential for command injection through execSync, and arbitrary code execution via eval. These issues need to be addressed to prevent exploitation. The environment where the code runs should be strictly controlled to mitigate these risks.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]