Secure your dependencies. Ship with confidence.

This module exhibits strong indicators of a hostile or at least high-risk runtime installer: it obfuscates strings, conditionally downloads platform-specific precompiled native artifacts over the network, installs them into local cache directories, and dynamically loads them. It also implements filesystem lock takeover and heartbeat-based coordination with behavior controlled by environment variables. This is inconsistent with benign dependency code and substantially increases the supply-chain threat surface. Treat as dangerous: block/quarantine, inspect network domains/URLs used, verify downloaded artifact hashes/signatures against expected values, and compare with trusted upstream versions.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

This configuration is for an email-sending/automation tool with many features commonly used by phishing and spam operators (bulk SMTP, IP rotation, obfuscation, disguising attachments, proxy support). The JSON itself is not executable code or obviously obfuscated, but it enables a high-risk activity (bulk delivery of potentially deceptive emails). Treat this package and its upstream application as high-risk for abuse; if you did not expect or authorize mass-mailing functionality, do not deploy it and audit surrounding code. If present in a public package, consider it suspicious and review repository history and maintainers.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This extension code implements full remote debugging/control: it can attach to arbitrary tabs, enable powerful CDP domains (including Runtime and DOM), forward all CDP events to a remote relay, and accept commands (from the relay) to execute CDP commands against tabs. That capability can be used to read page content (including credentials), execute scripts in page contexts, and exfiltrate data. Because messages from the remote relay are persisted and auto-reconnected on startup, this provides a persistent remote control/backdoor capability. If the relay or token is controlled by an attacker, the extension can be used maliciously to harvest data or perform actions in user tabs. The code as shown contains no safeguards (validation, explicit user consent per operation, origin checks) around relay commands, making it high risk. Recommend treating this as potentially malicious/backdoor functionality and auditing the missing/truncated message-handling code and the origin/authorization of the relay before using.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

This code performs targeted credential/token harvesting from Cursor IDE’s local SQLite state database (including accessToken and machineId) and exfiltrates the results by returning them in a network-facing Next.js GET JSON response. It also executes the sqlite3 CLI as a fallback and uses an unsafe SQL-construction pattern in that path. This is highly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality.

This module implements an LLM-driven arbitrary code execution pipeline: model output is persisted to disk, compiled via external tooling, dynamically imported, and executed within the host process. The implemented safety checks are narrow and do not provide real sandboxing or comprehensive malicious-behavior prevention. From a supply-chain/security standpoint, this is a high-risk design that should only run with strong isolation/allowlisting and strict trust in the model/provider outputs.

This module contains high-severity security issues. The most critical anomaly is a hard-coded password embedded in client code and sent via axios.post to an authentik authentication-flow executor endpoint during user interaction, indicating credential misuse/sabotage/credential harvesting potential. Independently, it uses dangerouslySetInnerHTML to render icon HTML from application data, creating a direct DOM XSS primitive if upstream content can be influenced. It also performs dynamic navigation (window.open/Link) built from unvalidated URL fields, enabling open-redirect/phishing risk. Immediate remediation should include removing the hard-coded secret from the frontend, replacing client-initiated auth-flow execution with properly authenticated backend mediation, sanitizing/avoiding dangerouslySetInnerHTML for icons, and enforcing strict allowlisting/validation for navigation URLs.

This module contains multiple high-impact security red flags. Most critically, it hardcodes a password-like secret in client-side code and sends it via axios to an external authentik flow executor endpoint when triggering SSO, indicating credential abuse or an embedded authentication backdoor/test left in production. Additionally, it renders server-provided HTML using dangerouslySetInnerHTML (childSys.icon) without visible sanitization, enabling DOM XSS if the icon content is not strictly trusted. Finally, it navigates using dynamically composed URLs from server/environment values, which can become an open-redirect/phishing vector if upstream data is compromised. Treat this dependency as high risk and require immediate remediation (remove embedded secrets, eliminate/sanitize innerHTML, and strictly validate navigation targets).

High security risk. This module provides a remote, WebSocket-connected control/telemetry bridge that includes arbitrary dynamic code execution (new Function on RPC-provided expressions and a globalThis.eval fallback in the fake-timer path) and forwards console/error data over the network. If an attacker can influence the RPC traffic or WebSocket configuration/endpoint, it becomes a powerful browser-side remote execution and information disclosure mechanism. Even in legitimate testing contexts, the execution/exfiltration capabilities require strict trust boundaries and authentication.

Overall, this code fragment shows several high-risk behaviors that are inconsistent with a benign utility library: (1) runtime download and extraction of a native binary (ripgrep) without integrity verification; (2) dynamic JavaScript execution for workflows (vm.runInContext) potentially influenced by configuration/user-controlled data; (3) PTY-based execution of workflow commands; and (4) a full tunneling/VPN-like networking subsystem (HTTP/TCP/HTTPS tunnel/TUN packet forwarding). These patterns match capability-rich remote access tooling more than a standard dependency. While parts of the system appear to enforce authorization via userService checks, the presence of RCE-capable workflow execution and remote tunneling makes the security posture extremely sensitive. Additional context (how workflow YAML/step content is sourced and permissioned; whether proxy/tunnel endpoints are restricted) is required to determine exploitability, but malicious intent or compromise risk is substantial.

This module is highly indicative of malicious supply-chain/exfiltration behavior. It hardcodes a Telegram bot token, gathers local host/user identity via OS command execution, and exfiltrates that data to Telegram over the network. The content also claims dependency-confusion/RCE verification, and build-script-like output suggests it may run during Cargo build/packaging. This should be treated as unsafe and not used without full provenance and sandboxed inspection.

This module performs high-risk remote code execution by fetching JavaScript from a URL provided via DOM configuration (api-js-url) and executing it with eval.apply in the page/global context, followed by dynamic instantiation of an API constructor by name. Additionally, routing/redirect behavior and page loading URLs are driven by DOM attributes and query-derived input, and the module widens the global surface by copying HotStaqWeb onto window. If api-js-url (or the markup supplying api-name/api-library/api-js-url) is not strictly controlled and integrity-pinned, the risk is substantial (supply-chain compromise/backdoor capability).

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

Overall, this module presents a high supply-chain risk: it is heavily obfuscated and contains a dynamic execution primitive, while also implementing encrypted credential caching, authenticated outbound API communication, and authenticated file upload/download plus exec-like remote interactions. Even if some behavior could be legitimate for an orchestration SDK, the combination of (1) Function/constructor runtime execution with (2) remote file transfer and (3) token persistence materially raises the likelihood of covert payload activation or exfiltration. This should be manually reviewed in a deobfuscated form and run in a sandbox to confirm endpoints and execution paths.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

Attributed by the Socket Threat Research Team to North Korea’s **“Contagious Interview”** operation, this package is a **multi-stage Node.js infostealer/loader** that executes immediately on install, steals **browser credentials**, **crypto-wallet data**, and **macOS keychain** items, enables **clipboard monitoring and keylogging** with **screen capture** (Windows), and **executes commands** via a backdoor. It **downloads and runs BeaverTail** as a secondary payload, **persists and expands** via a Python agent, and **exfiltrates** sensitive data to hardcoded C2 endpoints over HTTP. **C2 Endpoints:** - `hxxp://146[.]70[.]253[.]107:1224/uploads` - `hxxp://146[.]70[.]253[.]107:1224/client` - `hxxp://146[.]70[.]253[.]107:1224/pdown`

This module introduces a significant supply-chain security red flag by overwriting process.env with hardcoded Git metadata at import time, including a credential-like token embedded in DD_GIT_REPOSITORY_URL. While the fragment itself shows no explicit exfiltration, the injected secret-bearing value in a process-wide environment variable can enable unauthorized access or leak through downstream telemetry/logging/tooling. Treat this as suspicious and review how DD_GIT_* variables are used across the dependency graph before trusting the package.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This fragment contains strong indicators of malicious behavior: automatic startup triggers host reconnaissance for secret-bearing files (.env/.env* and other config/doc-like artifacts), reads their contents (including base64-encoded documents), and exfiltrates them to a remote server via multiple POST endpoints with OS/IP/username metadata. A Linux-only authorized_keys modification call further suggests persistence. Treat as high-risk malware/supply-chain steal/exfiltration rather than a benign logging/CLI utility.

This fragment is a high-confidence malicious dropper/stager: it downloads an attacker-controlled Windows executable from a hardcoded external URL into the system temporary directory and immediately executes it, hiding the window on Windows and suppressing output on other platforms. There are no integrity/authenticity checks before execution, and the stealth-oriented launch settings further increase risk. Even though there is a likely typo in the exception return (`Fals`), the core malicious behavior is explicit and central.

Live on pypi for 3 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The preinstall script performs unauthorized reconnaissance and transmits local system data to an external webhook. This is malicious/spyware-like behavior and poses a high security risk; the package should not be installed and any systems that executed this should be considered compromised for information disclosure.

This module is highly security-sensitive. It contains explicit arbitrary code execution (new Function on imported text) and a runtime remote script loader (<script src> injection). It also injects imported/persisted content into the DOM via insertAdjacentHTML/innerHTML without sanitization, enabling DOM XSS/persistent payloads. Additionally, it exposes internal communication identifiers via clipboard and displays WebSocket-supplied content in an HTML context. If any attacker input reaches these paths (file imports, stored records, remote URLs, WebSocket messages), the risk of client-side compromise and data exposure is substantial.

This module exhibits strong indicators of a hostile or at least high-risk runtime installer: it obfuscates strings, conditionally downloads platform-specific precompiled native artifacts over the network, installs them into local cache directories, and dynamically loads them. It also implements filesystem lock takeover and heartbeat-based coordination with behavior controlled by environment variables. This is inconsistent with benign dependency code and substantially increases the supply-chain threat surface. Treat as dangerous: block/quarantine, inspect network domains/URLs used, verify downloaded artifact hashes/signatures against expected values, and compare with trusted upstream versions.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

This configuration is for an email-sending/automation tool with many features commonly used by phishing and spam operators (bulk SMTP, IP rotation, obfuscation, disguising attachments, proxy support). The JSON itself is not executable code or obviously obfuscated, but it enables a high-risk activity (bulk delivery of potentially deceptive emails). Treat this package and its upstream application as high-risk for abuse; if you did not expect or authorize mass-mailing functionality, do not deploy it and audit surrounding code. If present in a public package, consider it suspicious and review repository history and maintainers.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This extension code implements full remote debugging/control: it can attach to arbitrary tabs, enable powerful CDP domains (including Runtime and DOM), forward all CDP events to a remote relay, and accept commands (from the relay) to execute CDP commands against tabs. That capability can be used to read page content (including credentials), execute scripts in page contexts, and exfiltrate data. Because messages from the remote relay are persisted and auto-reconnected on startup, this provides a persistent remote control/backdoor capability. If the relay or token is controlled by an attacker, the extension can be used maliciously to harvest data or perform actions in user tabs. The code as shown contains no safeguards (validation, explicit user consent per operation, origin checks) around relay commands, making it high risk. Recommend treating this as potentially malicious/backdoor functionality and auditing the missing/truncated message-handling code and the origin/authorization of the relay before using.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

This code performs targeted credential/token harvesting from Cursor IDE’s local SQLite state database (including accessToken and machineId) and exfiltrates the results by returning them in a network-facing Next.js GET JSON response. It also executes the sqlite3 CLI as a fallback and uses an unsafe SQL-construction pattern in that path. This is highly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality.

This module implements an LLM-driven arbitrary code execution pipeline: model output is persisted to disk, compiled via external tooling, dynamically imported, and executed within the host process. The implemented safety checks are narrow and do not provide real sandboxing or comprehensive malicious-behavior prevention. From a supply-chain/security standpoint, this is a high-risk design that should only run with strong isolation/allowlisting and strict trust in the model/provider outputs.

This module contains high-severity security issues. The most critical anomaly is a hard-coded password embedded in client code and sent via axios.post to an authentik authentication-flow executor endpoint during user interaction, indicating credential misuse/sabotage/credential harvesting potential. Independently, it uses dangerouslySetInnerHTML to render icon HTML from application data, creating a direct DOM XSS primitive if upstream content can be influenced. It also performs dynamic navigation (window.open/Link) built from unvalidated URL fields, enabling open-redirect/phishing risk. Immediate remediation should include removing the hard-coded secret from the frontend, replacing client-initiated auth-flow execution with properly authenticated backend mediation, sanitizing/avoiding dangerouslySetInnerHTML for icons, and enforcing strict allowlisting/validation for navigation URLs.

This module contains multiple high-impact security red flags. Most critically, it hardcodes a password-like secret in client-side code and sends it via axios to an external authentik flow executor endpoint when triggering SSO, indicating credential abuse or an embedded authentication backdoor/test left in production. Additionally, it renders server-provided HTML using dangerouslySetInnerHTML (childSys.icon) without visible sanitization, enabling DOM XSS if the icon content is not strictly trusted. Finally, it navigates using dynamically composed URLs from server/environment values, which can become an open-redirect/phishing vector if upstream data is compromised. Treat this dependency as high risk and require immediate remediation (remove embedded secrets, eliminate/sanitize innerHTML, and strictly validate navigation targets).

High security risk. This module provides a remote, WebSocket-connected control/telemetry bridge that includes arbitrary dynamic code execution (new Function on RPC-provided expressions and a globalThis.eval fallback in the fake-timer path) and forwards console/error data over the network. If an attacker can influence the RPC traffic or WebSocket configuration/endpoint, it becomes a powerful browser-side remote execution and information disclosure mechanism. Even in legitimate testing contexts, the execution/exfiltration capabilities require strict trust boundaries and authentication.

Overall, this code fragment shows several high-risk behaviors that are inconsistent with a benign utility library: (1) runtime download and extraction of a native binary (ripgrep) without integrity verification; (2) dynamic JavaScript execution for workflows (vm.runInContext) potentially influenced by configuration/user-controlled data; (3) PTY-based execution of workflow commands; and (4) a full tunneling/VPN-like networking subsystem (HTTP/TCP/HTTPS tunnel/TUN packet forwarding). These patterns match capability-rich remote access tooling more than a standard dependency. While parts of the system appear to enforce authorization via userService checks, the presence of RCE-capable workflow execution and remote tunneling makes the security posture extremely sensitive. Additional context (how workflow YAML/step content is sourced and permissioned; whether proxy/tunnel endpoints are restricted) is required to determine exploitability, but malicious intent or compromise risk is substantial.

This module is highly indicative of malicious supply-chain/exfiltration behavior. It hardcodes a Telegram bot token, gathers local host/user identity via OS command execution, and exfiltrates that data to Telegram over the network. The content also claims dependency-confusion/RCE verification, and build-script-like output suggests it may run during Cargo build/packaging. This should be treated as unsafe and not used without full provenance and sandboxed inspection.

This module performs high-risk remote code execution by fetching JavaScript from a URL provided via DOM configuration (api-js-url) and executing it with eval.apply in the page/global context, followed by dynamic instantiation of an API constructor by name. Additionally, routing/redirect behavior and page loading URLs are driven by DOM attributes and query-derived input, and the module widens the global surface by copying HotStaqWeb onto window. If api-js-url (or the markup supplying api-name/api-library/api-js-url) is not strictly controlled and integrity-pinned, the risk is substantial (supply-chain compromise/backdoor capability).

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

Overall, this module presents a high supply-chain risk: it is heavily obfuscated and contains a dynamic execution primitive, while also implementing encrypted credential caching, authenticated outbound API communication, and authenticated file upload/download plus exec-like remote interactions. Even if some behavior could be legitimate for an orchestration SDK, the combination of (1) Function/constructor runtime execution with (2) remote file transfer and (3) token persistence materially raises the likelihood of covert payload activation or exfiltration. This should be manually reviewed in a deobfuscated form and run in a sandbox to confirm endpoints and execution paths.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

Attributed by the Socket Threat Research Team to North Korea’s **“Contagious Interview”** operation, this package is a **multi-stage Node.js infostealer/loader** that executes immediately on install, steals **browser credentials**, **crypto-wallet data**, and **macOS keychain** items, enables **clipboard monitoring and keylogging** with **screen capture** (Windows), and **executes commands** via a backdoor. It **downloads and runs BeaverTail** as a secondary payload, **persists and expands** via a Python agent, and **exfiltrates** sensitive data to hardcoded C2 endpoints over HTTP. **C2 Endpoints:** - `hxxp://146[.]70[.]253[.]107:1224/uploads` - `hxxp://146[.]70[.]253[.]107:1224/client` - `hxxp://146[.]70[.]253[.]107:1224/pdown`

This module introduces a significant supply-chain security red flag by overwriting process.env with hardcoded Git metadata at import time, including a credential-like token embedded in DD_GIT_REPOSITORY_URL. While the fragment itself shows no explicit exfiltration, the injected secret-bearing value in a process-wide environment variable can enable unauthorized access or leak through downstream telemetry/logging/tooling. Treat this as suspicious and review how DD_GIT_* variables are used across the dependency graph before trusting the package.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This fragment contains strong indicators of malicious behavior: automatic startup triggers host reconnaissance for secret-bearing files (.env/.env* and other config/doc-like artifacts), reads their contents (including base64-encoded documents), and exfiltrates them to a remote server via multiple POST endpoints with OS/IP/username metadata. A Linux-only authorized_keys modification call further suggests persistence. Treat as high-risk malware/supply-chain steal/exfiltration rather than a benign logging/CLI utility.

This fragment is a high-confidence malicious dropper/stager: it downloads an attacker-controlled Windows executable from a hardcoded external URL into the system temporary directory and immediately executes it, hiding the window on Windows and suppressing output on other platforms. There are no integrity/authenticity checks before execution, and the stealth-oriented launch settings further increase risk. Even though there is a likely typo in the exception return (`Fals`), the core malicious behavior is explicit and central.

Live on pypi for 3 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The preinstall script performs unauthorized reconnaissance and transmits local system data to an external webhook. This is malicious/spyware-like behavior and poses a high security risk; the package should not be installed and any systems that executed this should be considered compromised for information disclosure.

This module is highly security-sensitive. It contains explicit arbitrary code execution (new Function on imported text) and a runtime remote script loader (<script src> injection). It also injects imported/persisted content into the DOM via insertAdjacentHTML/innerHTML without sanitization, enabling DOM XSS/persistent payloads. Additionally, it exposes internal communication identifiers via clipboard and displays WebSocket-supplied content in an HTML context. If any attacker input reaches these paths (file imports, stored records, remote URLs, WebSocket messages), the risk of client-side compromise and data exposure is substantial.