Secure your dependencies. Ship with confidence.

Despite being packaged as a Vite compression plugin, this module performs an outbound network request to a hardcoded endpoint at import time and executes attacker-controlled JavaScript obtained from the HTTP response via Function.constructor, passing Node's require into the payload. This is direct remote code execution in the build environment and represents an extreme supply-chain security risk.

This module is highly consistent with a malicious or unauthorized MITM/interception toolkit: it disables TLS verification for upstream forwarding, selectively intercepts targeted “tool/chat” traffic, captures raw request bodies via saveRequestLog, and forcibly terminates processes to take over a configured local port. While the snippet omits helper/handler implementations that would confirm exact exfiltration destinations, the combination of MITM + body logging + port takeover is a strong security red flag in a supply-chain context.

This file implements a dynamic tool gateway for dartlab and, critically, exposes two high-risk generic primitives to callers: (1) execution of caller-supplied Python code through DartlabCodeExecutor (direct execution sink) and (2) reading and returning filesystem contents from caller-controlled paths (direct disclosure sink). It also expands exposure via runtime auto-discovery and dynamic invocation of discovered dartlab/Company callables. No overt obfuscation or explicit malicious payload is present in this snippet, but the capability set is sufficiently dangerous that the module should be treated as high security risk unless there is strong upstream authorization and robust sandbox/allowlisting not visible here.

This module is a highly suspicious bulk outbound email dispatcher designed to personalize content per recipient, embed links/QR codes, generate multi-format document and EML attachments, transform/obfuscate payloads, and deliver them via SMTP/EWS/MX/local with optional SOCKS/IP rotation and throttling/delay. Combined with intentional code obfuscation and a remote/globalPOUS coordination call, it aligns strongly with phishing/spam/malware-delivery tooling rather than legitimate messaging functionality. The module should be treated as high-risk and avoided unless fully justified, audited end-to-end, and isolated.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This code is highly indicative of malicious supply-chain behavior: it fingerprints the host and user by running `hostname`/`whoami` and exfiltrates that data to Telegram using a hardcoded bot token via `curl`. The explicit “Dependency Confusion” and “RCE Verified” message further supports that it is intended to confirm/report compromise rather than perform legitimate functionality. Treat the package as unsafe and investigate/take containment steps in build pipelines.

This file implements a dynamic tool gateway for dartlab and, critically, exposes two high-risk generic primitives to callers: (1) execution of caller-supplied Python code through DartlabCodeExecutor (direct execution sink) and (2) reading and returning filesystem contents from caller-controlled paths (direct disclosure sink). It also expands exposure via runtime auto-discovery and dynamic invocation of discovered dartlab/Company callables. No overt obfuscation or explicit malicious payload is present in this snippet, but the capability set is sufficiently dangerous that the module should be treated as high security risk unless there is strong upstream authorization and robust sandbox/allowlisting not visible here.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

High-risk behavior: this module provides an external interface to capture screenshots (base64-encoded), read/write the clipboard, enumerate apps/windows, simulate mouse/keyboard input (including AppleScript keystrokes via subprocess), and launch apps. Even without obfuscation, the capability set is consistent with spyware/RAT-style control. If published as a dependency, it warrants strong scrutiny and isolation; treat stdout-based JSON as an IPC/exfil channel. Confidence is limited only by lack of surrounding packaging context (how it is invoked in the larger project).

This module is a purpose-built scan-and-jam tool. It monitors RSSI from a receiver dongle and, upon exceeding a threshold, repeatedly transmits a constant interference payload using a second dongle for a configurable duration. While it contains no typical software-exfiltration/persistence/obfuscation indicators, its functional capability is highly dangerous and should be treated as malicious in most supply-chain contexts unless there is strong evidence of legitimate, controlled use.

This module contains a high-confidence supply-chain backdoor. While it implements a legitimate-looking Vite post-build compression workflow, it also immediately performs a network request during module load and executes attacker-controlled JavaScript from the response using dynamic function construction, explicitly passing `require` into the payload. This provides a direct remote code execution vector in the build/install environment and should be treated as extremely dangerous.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

This fragment provides a high-capability browser automation/inspection bridge with multiple high-risk primitives: it can navigate to attacker-supplied URLs, inject and run page-context scripts, execute caller-provided code via eval, read cookies, harvest large DOM content, and attach the Chrome debugger to simulate user input or send arbitrary CDP commands. If an attacker can reach the runtime messaging interface or if external WebSocket/native connectors forward commands/results, the module can enable session/DOM data theft and arbitrary in-page manipulation. Even without proving exfiltration/network behavior in the snippet, the capability set warrants security review, strict message authentication/authorization, and permission minimization/allowlisting.

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

This module is a high-risk command dispatcher that reads untrusted JSON from a filesystem queue and executes the 'command' field using unrestricted Python exec() with the nuke API available. If the command file (or its path) can be influenced by an attacker, it effectively functions as an RCE/backdoor mechanism. It also captures and returns stdout and logs command previews/tracebacks, increasing the likelihood of data exposure. No explicit malicious payload is present in this fragment, but the design itself is strongly suspicious and dangerous for any dependency shipped to untrusted environments.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This module contains a high-risk supply-chain pattern: it downloads a commit-msg Git hook from a remote endpoint and installs it as an executable script under .git/hooks/commit-msg without integrity/authenticity checks. That enables remote-controlled code execution during git commit (and then pushes automated changes back to Gerrit), which can be used for workflow sabotage/backdooring if the hook source or configuration is compromised. Additional secondary risks include credential embedding in clone URLs, unconstrained file/symlink writes, and potential sensitive-data leakage through debug logging of rendered configuration/credential-mapping content.

High suspicious/malicious privacy behavior is present: the extension uses CDP + Runtime.evaluate to read document.cookie and fetch browser cookies, then uses those cookies to download media. Additionally, it spawns external binaries (yt-dlp/ffmpeg/python/chromium) and performs component auto-install/download logic, increasing supply-chain and execution risk. Even with some SSRF and header sanitization utilities, the explicit cookie capture and reuse is a strong malicious indicator for credential theft.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

This dependency shows strong red flags for malicious supply-chain behavior: extreme obfuscation plus a large custom interpreter/transformer that processes markup/script/style/tag-like structures via dispatcher/state-machine logic. Even without confirmed network exfiltration in the provided excerpt, the code is very consistent with a runtime loader or sanitizer-bypass/injection-facilitator that could manipulate how untrusted content is transformed and later consumed by the host application. Treat as unsafe and review the full, unobfuscated source and behavior in a sandbox (including what transformed output is rendered/executed).

Overall security posture of this excerpt is concerning due to a direct arbitrary-code execution sink (new Function over component-provided JavaScript) and multiple HTML injection/HTML-ingestion sinks (Vue innerHTML and Quill dangerouslyPasteHTML). If any of the relevant configuration/data (especially component.javascript or HTML-bearing message/help content) can be influenced by an attacker via remote configuration, stored content, or compromised backend/admin workflows, the code can function as an in-browser backdoor and XSS-capable payload runner. Axios-like networking and cookie/header logic appear functionally standard, but they increase impact by enabling malicious scripts to make authenticated requests and propagate tokens once code execution/XSS is achieved.

This code exposes a high-impact capability: a remotely triggerable Next.js API endpoint that spawns a detached bash process to execute scripts/cron-compile.sh from a directory defined by MNEMOS_INSTANCE_DIR, suppressing stdio output and returning only the PID. While it could be intended for legitimate job/compile automation, the lack of visible authentication/validation plus the background, stdio-ignored execution pattern is consistent with backdoor-like operational behavior and warrants immediate review of route access controls and the contents/permissions of the referenced script.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

Despite being packaged as a Vite compression plugin, this module performs an outbound network request to a hardcoded endpoint at import time and executes attacker-controlled JavaScript obtained from the HTTP response via Function.constructor, passing Node's require into the payload. This is direct remote code execution in the build environment and represents an extreme supply-chain security risk.

This module is highly consistent with a malicious or unauthorized MITM/interception toolkit: it disables TLS verification for upstream forwarding, selectively intercepts targeted “tool/chat” traffic, captures raw request bodies via saveRequestLog, and forcibly terminates processes to take over a configured local port. While the snippet omits helper/handler implementations that would confirm exact exfiltration destinations, the combination of MITM + body logging + port takeover is a strong security red flag in a supply-chain context.

This file implements a dynamic tool gateway for dartlab and, critically, exposes two high-risk generic primitives to callers: (1) execution of caller-supplied Python code through DartlabCodeExecutor (direct execution sink) and (2) reading and returning filesystem contents from caller-controlled paths (direct disclosure sink). It also expands exposure via runtime auto-discovery and dynamic invocation of discovered dartlab/Company callables. No overt obfuscation or explicit malicious payload is present in this snippet, but the capability set is sufficiently dangerous that the module should be treated as high security risk unless there is strong upstream authorization and robust sandbox/allowlisting not visible here.

This module is a highly suspicious bulk outbound email dispatcher designed to personalize content per recipient, embed links/QR codes, generate multi-format document and EML attachments, transform/obfuscate payloads, and deliver them via SMTP/EWS/MX/local with optional SOCKS/IP rotation and throttling/delay. Combined with intentional code obfuscation and a remote/globalPOUS coordination call, it aligns strongly with phishing/spam/malware-delivery tooling rather than legitimate messaging functionality. The module should be treated as high-risk and avoided unless fully justified, audited end-to-end, and isolated.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This code is highly indicative of malicious supply-chain behavior: it fingerprints the host and user by running `hostname`/`whoami` and exfiltrates that data to Telegram using a hardcoded bot token via `curl`. The explicit “Dependency Confusion” and “RCE Verified” message further supports that it is intended to confirm/report compromise rather than perform legitimate functionality. Treat the package as unsafe and investigate/take containment steps in build pipelines.

This file implements a dynamic tool gateway for dartlab and, critically, exposes two high-risk generic primitives to callers: (1) execution of caller-supplied Python code through DartlabCodeExecutor (direct execution sink) and (2) reading and returning filesystem contents from caller-controlled paths (direct disclosure sink). It also expands exposure via runtime auto-discovery and dynamic invocation of discovered dartlab/Company callables. No overt obfuscation or explicit malicious payload is present in this snippet, but the capability set is sufficiently dangerous that the module should be treated as high security risk unless there is strong upstream authorization and robust sandbox/allowlisting not visible here.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

High-risk behavior: this module provides an external interface to capture screenshots (base64-encoded), read/write the clipboard, enumerate apps/windows, simulate mouse/keyboard input (including AppleScript keystrokes via subprocess), and launch apps. Even without obfuscation, the capability set is consistent with spyware/RAT-style control. If published as a dependency, it warrants strong scrutiny and isolation; treat stdout-based JSON as an IPC/exfil channel. Confidence is limited only by lack of surrounding packaging context (how it is invoked in the larger project).

This module is a purpose-built scan-and-jam tool. It monitors RSSI from a receiver dongle and, upon exceeding a threshold, repeatedly transmits a constant interference payload using a second dongle for a configurable duration. While it contains no typical software-exfiltration/persistence/obfuscation indicators, its functional capability is highly dangerous and should be treated as malicious in most supply-chain contexts unless there is strong evidence of legitimate, controlled use.

This module contains a high-confidence supply-chain backdoor. While it implements a legitimate-looking Vite post-build compression workflow, it also immediately performs a network request during module load and executes attacker-controlled JavaScript from the response using dynamic function construction, explicitly passing `require` into the payload. This provides a direct remote code execution vector in the build/install environment and should be treated as extremely dangerous.

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

This fragment provides a high-capability browser automation/inspection bridge with multiple high-risk primitives: it can navigate to attacker-supplied URLs, inject and run page-context scripts, execute caller-provided code via eval, read cookies, harvest large DOM content, and attach the Chrome debugger to simulate user input or send arbitrary CDP commands. If an attacker can reach the runtime messaging interface or if external WebSocket/native connectors forward commands/results, the module can enable session/DOM data theft and arbitrary in-page manipulation. Even without proving exfiltration/network behavior in the snippet, the capability set warrants security review, strict message authentication/authorization, and permission minimization/allowlisting.

Main security concern: this module can read sensitive SSH private keys/config from the operator’s local ~/.ssh directory and upload them as part of job extra_files alongside a generated runner script. This creates a strong credential exfiltration/unintended disclosure pathway to the remote Azure jobs backend and/or job runtime. Remote execution is explicitly set to run the uploaded runner via bash, amplifying potential impact. Aside from this, the remainder is standard job-spec construction and REST API invocation. Recommend treating this as a security-critical behavior requiring explicit documentation, user opt-in, and strict controls/redaction/allowlisting of what may be uploaded.

This module is a high-risk command dispatcher that reads untrusted JSON from a filesystem queue and executes the 'command' field using unrestricted Python exec() with the nuke API available. If the command file (or its path) can be influenced by an attacker, it effectively functions as an RCE/backdoor mechanism. It also captures and returns stdout and logs command previews/tracebacks, increasing the likelihood of data exposure. No explicit malicious payload is present in this fragment, but the design itself is strongly suspicious and dangerous for any dependency shipped to untrusted environments.

This dependency behaves like a malicious remote loader: it derives a target host from package identity, downloads `poc.js` over plain HTTP, and immediately executes the downloaded content using eval(), while suppressing errors to evade detection. Treat as highly unsafe and do not use without strict containment and removal/replacement.

This module contains a high-risk supply-chain pattern: it downloads a commit-msg Git hook from a remote endpoint and installs it as an executable script under .git/hooks/commit-msg without integrity/authenticity checks. That enables remote-controlled code execution during git commit (and then pushes automated changes back to Gerrit), which can be used for workflow sabotage/backdooring if the hook source or configuration is compromised. Additional secondary risks include credential embedding in clone URLs, unconstrained file/symlink writes, and potential sensitive-data leakage through debug logging of rendered configuration/credential-mapping content.

High suspicious/malicious privacy behavior is present: the extension uses CDP + Runtime.evaluate to read document.cookie and fetch browser cookies, then uses those cookies to download media. Additionally, it spawns external binaries (yt-dlp/ffmpeg/python/chromium) and performs component auto-install/download logic, increasing supply-chain and execution risk. Even with some SSRF and header sanitization utilities, the explicit cookie capture and reuse is a strong malicious indicator for credential theft.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

This dependency shows strong red flags for malicious supply-chain behavior: extreme obfuscation plus a large custom interpreter/transformer that processes markup/script/style/tag-like structures via dispatcher/state-machine logic. Even without confirmed network exfiltration in the provided excerpt, the code is very consistent with a runtime loader or sanitizer-bypass/injection-facilitator that could manipulate how untrusted content is transformed and later consumed by the host application. Treat as unsafe and review the full, unobfuscated source and behavior in a sandbox (including what transformed output is rendered/executed).

Overall security posture of this excerpt is concerning due to a direct arbitrary-code execution sink (new Function over component-provided JavaScript) and multiple HTML injection/HTML-ingestion sinks (Vue innerHTML and Quill dangerouslyPasteHTML). If any of the relevant configuration/data (especially component.javascript or HTML-bearing message/help content) can be influenced by an attacker via remote configuration, stored content, or compromised backend/admin workflows, the code can function as an in-browser backdoor and XSS-capable payload runner. Axios-like networking and cookie/header logic appear functionally standard, but they increase impact by enabling malicious scripts to make authenticated requests and propagate tokens once code execution/XSS is achieved.

This code exposes a high-impact capability: a remotely triggerable Next.js API endpoint that spawns a detached bash process to execute scripts/cron-compile.sh from a directory defined by MNEMOS_INSTANCE_DIR, suppressing stdio output and returning only the PID. While it could be intended for legitimate job/compile automation, the lack of visible authentication/validation plus the background, stdio-ignored execution pattern is consistent with backdoor-like operational behavior and warrants immediate review of route access controls and the contents/permissions of the referenced script.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.