Secure your dependencies. Ship with confidence.

The code contains suspicious and potentially malicious behavior. Notably, it embeds hard-coded superadmin credentials and makes an unconditional HTTP POST to an external IP (139.196.154.85:20024) with a superadmin account and a hard-coded password hash, storing the returned token as 'magicToken' in sessionStorage. Requiring that external call (Z()) succeed along with local authentication before completing login suggests a possible backdoor, secret exfiltration, or unauthorized remote dependency. The presence of hard-coded credentials, external non-domain IP, and dual token storage are strong red flags for supply-chain/backdoor behavior. I recommend not using this package until owners explain the external call and remove hard-coded credentials; audit all network endpoints and secrets handling.

This file is part of a malicious package that exploits software distribution infrastructure for social engineering attacks. The assembly metadata contains extensive promotional content advertising illegal Snapchat account hacking services, including detailed descriptions of traffic-based attack methods against Snapchat servers. The file directs users to visit an external malicious website at hacksgames[.]online/Snap-Hack/ through embedded URLs in assembly descriptions. While containing no executable malicious code (only empty class implementations), it serves as a delivery mechanism to redirect users to potentially harmful external sites that could distribute malware, conduct phishing attacks, or engage in other malicious activities. This represents supply chain pollution by abusing legitimate package repositories to promote illegal services and poses significant security risks to users who may follow the embedded malicious links.

This code poses a serious security risk and should not be used.

Live on npm for 48 minutes before removal. Socket users were protected even while the package was live.

This file is a DNS-based command-and-control server component: it accepts DNS queries carrying segmented/encoded payloads, performs RSA/GCM decryption using server/private certificates, establishes encrypted sessions, dispatches decrypted envelopes to server handlers, and returns encrypted responses via DNS TXT records. Functionally this enables covert remote control and data exfiltration over DNS. The code itself is not obfuscated, but it implements clearly dual-use/malicious functionality (C2). There are some implementation concerns (predictable IDs via math/rand, lack of replay protection for RSA session init noted in comments, reliance on global maps which must be initialized elsewhere). If encountered in a dependency, treat it as high-risk/malicious-capable and review usage context carefully.

This code is malicious. It harvests system info and browser credentials, writes them to temporary files, downloads and executes remote binaries, and exfiltrates collected files to a hardcoded Discord webhook. The combination of credential harvesting, remote downloads/execution, and data exfiltration constitutes clear malware and a supply-chain/backdoor risk. Do not run or install this package; treat as high-risk and remove any copies from systems.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

This code contains explicit in-memory code execution and stealthy library sideloading capabilities. LocalTask executes arbitrary byte slices as native code inside the current process; Sideload writes provided bytes into a memfd and sets LD_PRELOAD to inject that library into a spawned process. Both behaviors are high-risk and constitute clear supply-chain malicious capability if used without explicit consent. Use of this code in a dependency for general-purpose software would be highly dangerous.

This code contains an embedded, targeted, malicious/sabotage behavior: for Russian-language users on Russian TLDs it persistently (after ~3 days) disables page pointer interactions and injects/plays an externally hosted audio file (Ukrainian anthem) from a hardcoded URL. This is an intentional, non-consensual, politically motivated payload unrelated to a UI alert library and constitutes a supply-chain/embedded malware-like behavior. The package should be considered malicious and untrustworthy.

**nblog\_duo** presents itself as a Windows-only automation utility for Naver Blog, offering bulk posting and engagement features aimed at grey-hat marketers. When executed, it displays a Korean-language Glimmer-DSL-LibUI dialog prompting the user for their Naver ID and password. As soon as the credentials are entered (before any content automation begins), the script silently collects the plaintext ID, password, and the host’s MAC address, then exfiltrates the data via HTTP POST to `http://appspace.kr/bbs/login_check.php`, a credential-harvesting endpoint operated by the *zon* threat actor. The MAC address serves as a device fingerprint, enabling victim correlation across multiple installations and campaigns. Although **nblog\_duo** delivers its promised automation, the hidden exfiltration of sensitive credentials makes it an infostealer: users hoping to game Naver Blog instead expose their accounts to the threat actor behind the wider *zon* malware cluster.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This install script is highly malicious as it downloads and executes a cryptocurrency miner without user consent, potentially leading to unauthorized resource usage and system compromise.

Live on npm for 5 hours and 46 minutes before removal. Socket users were protected even while the package was live.

This source file is generally a benign utility library, but contains a dangerous destructive routine: standard_tools.suicider. That method constructs and executes a batch file which runs rmdir /s /q on the parent directory of the running assembly and on a temp\temp path; executing it will delete files/directories and is potentially sabotaging. No network exfiltration, credential harvesting, or obfuscated code was found. Treat this package as high risk if that method might be invoked (or present without visibility); remove or neutralize suicider() before use.

This script performs an explicit, high-impact destructive operation: it replaces cilium-related images in a target registry with busybox by tagging and pushing. It lacks input validation, safeguards, logging, and does not verify intent or authorization. In contexts where it can be run with registry push credentials (e.g., CI/CD runners, developer machines), it represents a severe supply-chain sabotage risk and should be treated as malicious/untrusted unless its use is tightly controlled and authorized. Remove from automation or add strict validation, authentication checks, confirmation, and non-destructive alternatives (e.g., using registry lifecycle APIs with auditability).

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

This module locates a local Cursor IDE state SQLite DB, extracts an access token and machine ID, and returns them in an HTTP response. Functionally this is credential harvesting: it reads local sensitive data and exposes it to whoever can call the GET endpoint. If deployed in a server or in any context where untrusted clients can reach it, it will leak credentials and can lead to account compromise. The code is not obfuscated and the behavior is clear; the primary risk is data exfiltration of local secrets. Treat this as high security risk unless strict access controls and user consent are enforced around the endpoint.

Live on npm for 1 day, 10 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 29 minutes before removal. Socket users were protected even while the package was live.

No clear sign of intentional malware (no backdoor primitives, no obfuscation, no remote shelling). However, the file contains severe security issues: hardcoded Feishu app credentials (app_id and app_secret) and printing of tokens/data which can leak sensitive credentials and data. There are also multiple functional bugs (undefined variable 'range' in get_document_content, incorrect contains_forbidden_string return value, use of undefined feishu_sheet_name in common_read) that will cause runtime errors. Treat this code as insecure: remove hardcoded secrets, avoid printing tokens/data, fix logic bugs, and audit the imported data_process_utils.log_utils functions for additional risks before using in production.

This code is high risk: it implements a persistent remote-control agent that fetches and directly evals server-supplied JavaScript and provides an unrestricted event exfiltration helper. Without strong, explicit authentication and integrity protections around the /command and /event endpoints, this effectively functions as a backdoor capable of arbitrary client-side data access and exfiltration. Treat as malicious/untrusted unless its remote-execution purpose is documented, authenticated, and constrained by additional safeguards.

This module is designed to sabotage a Windows NTFS volume by locating the MFT and MFT mirror using raw reads of disk sectors, computing the corresponding LBAs, and then performing repeated LBA-level overwrite operations with fixed destructive patterns and random high-entropy data. It includes weak/unsafe operational handling (broad exception suppression, no safety/authorization checks) and appears to contain a minor return typo (`return Tru`), but the core destructive capability is unambiguous. Treat as high-risk malware/destructive tooling if shipped in a dependency.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

[Skill Scanner] Credential file access detected (AITech 8.2.3) [DE002]

This file embeds and dynamically executes compressed/encoded Python payloads via base64 + LZMA and exec(), and uses obfuscated identifiers for subsequent calls. This is a highly suspicious pattern consistent with a loader/dropper or backdoor. Treat this module as high risk: do not run it in production or on sensitive hosts without first decompressing and auditing the payloads in a safe, isolated environment.

The code contains suspicious and potentially malicious behavior. Notably, it embeds hard-coded superadmin credentials and makes an unconditional HTTP POST to an external IP (139.196.154.85:20024) with a superadmin account and a hard-coded password hash, storing the returned token as 'magicToken' in sessionStorage. Requiring that external call (Z()) succeed along with local authentication before completing login suggests a possible backdoor, secret exfiltration, or unauthorized remote dependency. The presence of hard-coded credentials, external non-domain IP, and dual token storage are strong red flags for supply-chain/backdoor behavior. I recommend not using this package until owners explain the external call and remove hard-coded credentials; audit all network endpoints and secrets handling.

This file is part of a malicious package that exploits software distribution infrastructure for social engineering attacks. The assembly metadata contains extensive promotional content advertising illegal Snapchat account hacking services, including detailed descriptions of traffic-based attack methods against Snapchat servers. The file directs users to visit an external malicious website at hacksgames[.]online/Snap-Hack/ through embedded URLs in assembly descriptions. While containing no executable malicious code (only empty class implementations), it serves as a delivery mechanism to redirect users to potentially harmful external sites that could distribute malware, conduct phishing attacks, or engage in other malicious activities. This represents supply chain pollution by abusing legitimate package repositories to promote illegal services and poses significant security risks to users who may follow the embedded malicious links.

This code poses a serious security risk and should not be used.

Live on npm for 48 minutes before removal. Socket users were protected even while the package was live.

This file is a DNS-based command-and-control server component: it accepts DNS queries carrying segmented/encoded payloads, performs RSA/GCM decryption using server/private certificates, establishes encrypted sessions, dispatches decrypted envelopes to server handlers, and returns encrypted responses via DNS TXT records. Functionally this enables covert remote control and data exfiltration over DNS. The code itself is not obfuscated, but it implements clearly dual-use/malicious functionality (C2). There are some implementation concerns (predictable IDs via math/rand, lack of replay protection for RSA session init noted in comments, reliance on global maps which must be initialized elsewhere). If encountered in a dependency, treat it as high-risk/malicious-capable and review usage context carefully.

This code is malicious. It harvests system info and browser credentials, writes them to temporary files, downloads and executes remote binaries, and exfiltrates collected files to a hardcoded Discord webhook. The combination of credential harvesting, remote downloads/execution, and data exfiltration constitutes clear malware and a supply-chain/backdoor risk. Do not run or install this package; treat as high-risk and remove any copies from systems.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

This code contains explicit in-memory code execution and stealthy library sideloading capabilities. LocalTask executes arbitrary byte slices as native code inside the current process; Sideload writes provided bytes into a memfd and sets LD_PRELOAD to inject that library into a spawned process. Both behaviors are high-risk and constitute clear supply-chain malicious capability if used without explicit consent. Use of this code in a dependency for general-purpose software would be highly dangerous.

This code contains an embedded, targeted, malicious/sabotage behavior: for Russian-language users on Russian TLDs it persistently (after ~3 days) disables page pointer interactions and injects/plays an externally hosted audio file (Ukrainian anthem) from a hardcoded URL. This is an intentional, non-consensual, politically motivated payload unrelated to a UI alert library and constitutes a supply-chain/embedded malware-like behavior. The package should be considered malicious and untrustworthy.

**nblog\_duo** presents itself as a Windows-only automation utility for Naver Blog, offering bulk posting and engagement features aimed at grey-hat marketers. When executed, it displays a Korean-language Glimmer-DSL-LibUI dialog prompting the user for their Naver ID and password. As soon as the credentials are entered (before any content automation begins), the script silently collects the plaintext ID, password, and the host’s MAC address, then exfiltrates the data via HTTP POST to `http://appspace.kr/bbs/login_check.php`, a credential-harvesting endpoint operated by the *zon* threat actor. The MAC address serves as a device fingerprint, enabling victim correlation across multiple installations and campaigns. Although **nblog\_duo** delivers its promised automation, the hidden exfiltration of sensitive credentials makes it an infostealer: users hoping to game Naver Blog instead expose their accounts to the threat actor behind the wider *zon* malware cluster.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This install script is highly malicious as it downloads and executes a cryptocurrency miner without user consent, potentially leading to unauthorized resource usage and system compromise.

Live on npm for 5 hours and 46 minutes before removal. Socket users were protected even while the package was live.

This source file is generally a benign utility library, but contains a dangerous destructive routine: standard_tools.suicider. That method constructs and executes a batch file which runs rmdir /s /q on the parent directory of the running assembly and on a temp\temp path; executing it will delete files/directories and is potentially sabotaging. No network exfiltration, credential harvesting, or obfuscated code was found. Treat this package as high risk if that method might be invoked (or present without visibility); remove or neutralize suicider() before use.

This script performs an explicit, high-impact destructive operation: it replaces cilium-related images in a target registry with busybox by tagging and pushing. It lacks input validation, safeguards, logging, and does not verify intent or authorization. In contexts where it can be run with registry push credentials (e.g., CI/CD runners, developer machines), it represents a severe supply-chain sabotage risk and should be treated as malicious/untrusted unless its use is tightly controlled and authorized. Remove from automation or add strict validation, authentication checks, confirmation, and non-destructive alternatives (e.g., using registry lifecycle APIs with auditability).

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

This module locates a local Cursor IDE state SQLite DB, extracts an access token and machine ID, and returns them in an HTTP response. Functionally this is credential harvesting: it reads local sensitive data and exposes it to whoever can call the GET endpoint. If deployed in a server or in any context where untrusted clients can reach it, it will leak credentials and can lead to account compromise. The code is not obfuscated and the behavior is clear; the primary risk is data exfiltration of local secrets. Treat this as high security risk unless strict access controls and user consent are enforced around the endpoint.

Live on npm for 1 day, 10 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 29 minutes before removal. Socket users were protected even while the package was live.

No clear sign of intentional malware (no backdoor primitives, no obfuscation, no remote shelling). However, the file contains severe security issues: hardcoded Feishu app credentials (app_id and app_secret) and printing of tokens/data which can leak sensitive credentials and data. There are also multiple functional bugs (undefined variable 'range' in get_document_content, incorrect contains_forbidden_string return value, use of undefined feishu_sheet_name in common_read) that will cause runtime errors. Treat this code as insecure: remove hardcoded secrets, avoid printing tokens/data, fix logic bugs, and audit the imported data_process_utils.log_utils functions for additional risks before using in production.

This code is high risk: it implements a persistent remote-control agent that fetches and directly evals server-supplied JavaScript and provides an unrestricted event exfiltration helper. Without strong, explicit authentication and integrity protections around the /command and /event endpoints, this effectively functions as a backdoor capable of arbitrary client-side data access and exfiltration. Treat as malicious/untrusted unless its remote-execution purpose is documented, authenticated, and constrained by additional safeguards.

This module is designed to sabotage a Windows NTFS volume by locating the MFT and MFT mirror using raw reads of disk sectors, computing the corresponding LBAs, and then performing repeated LBA-level overwrite operations with fixed destructive patterns and random high-entropy data. It includes weak/unsafe operational handling (broad exception suppression, no safety/authorization checks) and appears to contain a minor return typo (`return Tru`), but the core destructive capability is unambiguous. Treat as high-risk malware/destructive tooling if shipped in a dependency.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

[Skill Scanner] Credential file access detected (AITech 8.2.3) [DE002]

This file embeds and dynamically executes compressed/encoded Python payloads via base64 + LZMA and exec(), and uses obfuscated identifiers for subsequent calls. This is a highly suspicious pattern consistent with a loader/dropper or backdoor. Treat this module as high risk: do not run it in production or on sensitive hosts without first decompressing and auditing the payloads in a safe, isolated environment.