Secure your dependencies. Ship with confidence.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The script redirects Git hook execution to an external directory, creating a high-risk supply-chain and runtime vector. It is dangerous in most environments unless the external hooks are tightly controlled, versioned, and validated. Best practice would be to avoid such redirection; if necessary, implement explicit user consent, integrity verification (e.g., signed hooks), and allowlisting of trusted hooks, or revert to repository-contained hooks.

This code performs unsolicited and immediate exfiltration of identifying environment data (hostname, username, working directory, plus package metadata) to a hardcoded remote host and also overwrites/creates a Makefile in the local directory. The behavior is malicious or indicates a compromised package: it leaks potentially sensitive information without consent and mutates repository files. Treat this package as compromised: do not run or install it, revoke any credentials used on affected hosts if exposures are possible, and investigate other versions and repository integrity.

This code implements a network backdoor that creates a TCP server listening on a configurable host and port (default localhost:9940). The server accepts unauthenticated connections and executes arbitrary commands received as JSON payloads through an imported execute_action() function. Key malicious behaviors include: accepting network connections without authentication or authorization, parsing received data as JSON commands and executing them via execute_action(), allowing remote termination of the server via a 'quit_server' command, and sending command execution results back to network clients. The code lacks any input validation, sanitization, or access controls, making it a classic remote access backdoor that could enable complete system compromise.

This file is a thin loader that hides executable code inside a compressed base64 blob and runs it using exec() at import time. That pattern prevents static auditing and is a high supply-chain risk. Without decompressing and inspecting the embedded payload, the module's precise behavior is unknown. Treat this package as suspicious: block or audit it in sensitive environments, and inspect the decompressed payload in an isolated analysis environment before trusting or installing it.

Live on pypi for 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This module contains backdoor functionality with multiple malicious components: (1) Obfuscated decoding function d() that reconstructs strings from 7-character binary-encoded chunks, used to decode content from models.models.f747DebugLabel (a persistent database field or configuration value). (2) Runtime modification of models.logger.info to execute eval() on the decoded payload whenever logging occurs, creating a persistent backdoor that executes arbitrary code derived from the f747DebugLabel field. The eval is triggered on future log calls, making it a deferred execution mechanism. (3) Host-targeted conditional behavior in readyLoggers() that compares the system's machine ID to hardcoded value '534d99b372d61249ade303f9fb4255e3e552e2731f8c455ba42b8f3bef19d8d2' and, when the sentinel string '-_-' is logged, triggers 100 repetitions of 'WE HAVE BEEN COMPROMISED!!!!!' warnings. This allows targeted activation on specific hosts. The combination of obfuscated decoding, eval() of external/persistent data, and host-specific triggers enables stealthy remote code execution and persistent compromise of the server. Any party able to control models.models.f747DebugLabel can inject arbitrary code that will be executed in the server context.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This snippet contains a critical supply-chain/code-execution risk: it fetches JavaScript from https://unpkg.com/use-m/use.js at runtime and executes it via eval() to define globalThis.use, which then provides the command execution wrapper used for gh/git/fs operations. This pattern is highly consistent with malicious loader/sabotage and makes the remainder of the module’s behavior untrustworthy (including potential command injection, credential/env access, and data exfiltration) depending on what that remote script does. Additionally, the module can perform destructive git operations (hard reset and force pushes) which increases impact if the command wrapper is compromised.

This module implements a plugin loader that installs wheel packages into a local prefix and imports their entry points. It does not contain obvious intentionally malicious code in itself, but it performs high-risk operations: installing arbitrary wheel files at runtime and importing their modules, and it deletes and recreates a local prefix directory. Those behaviors create a significant supply-chain execution risk because malicious or tampered packages could execute arbitrary code during pip install or when imported. Recommend treating wheel files and distributions as untrusted: verify package signatures/checksums, restrict network access during install, run installs in an isolated/sandboxed environment, and harden environment variable handling before calling pip.

This file is a malicious web shell/backdoor. It provides a full set of attacker capabilities: arbitrary shell command execution, arbitrary PHP evaluation, file upload/download and overwrite, and installation of a bind-shell backdoor. It should be treated as malicious, removed from any production system, and incident response performed (remove, identify ingress path, rotate credentials, investigate lateral movement). Do not run or host this file.

This file is a malicious web shell/backdoor. It collects server/environment information and sends it to a hardcoded external email address, and exposes multiple high-risk capabilities to unauthenticated HTTP clients: arbitrary shell command execution, arbitrary PHP eval execution, unrestricted file read/write/ deletion, and direct SQL execution. It should be treated as a compromise artifact and removed; any systems where this was present must be assumed breached and investigated for further persistence or additional payloads.

This module exhibits multiple high-confidence malicious supply-chain/agent characteristics: strong obfuscation, dynamic runtime evaluation (Function), dynamic side-loading via computed require paths, token/key handling, hardcoded remote endpoint communication (including a t1.ru host), and orchestration of additional execution via child_process.spawn with sensitive environment injection. Even without deobfuscating every identifier, the combined behavior pattern is consistent with credential/token stealing or remote automation/backdoor staging rather than legitimate dependency functionality.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The source code exhibits clear signs of malicious behavior, primarily through unauthorized data exfiltration of system and project metadata. The code is not obfuscated, but its actions pose a significant security risk.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module contains deliberate data-exfiltration behavior: it sends an externally-supplied token to a hard-coded Telegram bot/chat and archives plus uploads a local 'Accounts' directory to a specific Telegram user, then attempts to delete the archive. Treat as malicious backdoor: remove from systems, investigate for additional compromisation, rotate any potentially leaked credentials, and block the hard-coded bot token/recipient IDs. Forensic recovery of deleted files may be required.

The code contains several potential sources of data leakage, such as monitoring mouse movements and network status, and the potential for abusing notifications. The obfuscated parts and unusual usage of async/await and generator functions raise concerns about the intent of the code. Overall, the code presents a moderate security risk and should be reviewed carefully.

Live on npm for 16 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This module is highly suspicious due to a runtime supply-chain backdoor pattern: it fetches JavaScript from a public CDN and executes it via eval to populate globalThis.use, which then controls how commands are executed. While the remainder of the logic appears consistent with PR watching/auto-restart, it also posts PR comments and uploads local logs and execution metadata, creating potential data leakage if logs contain secrets. Treat the package as unsafe unless the remote-eval bootstrap is removed/replaced with a pinned, integrity-verified dependency and uploads are carefully sanitized and access-controlled.

This module is a high-risk supply-chain configuration/credential injection tool. It embeds a hardcoded API key and writes it into the target project configuration while overriding provider/model defaults (and deleting any existing mapping for the same model key). Although the snippet does not itself perform network exfiltration, it implants credentials and redirects how the host application will authenticate and call an external API endpoint, creating significant likelihood of unauthorized usage and potential data exposure depending on downstream request behavior.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The script redirects Git hook execution to an external directory, creating a high-risk supply-chain and runtime vector. It is dangerous in most environments unless the external hooks are tightly controlled, versioned, and validated. Best practice would be to avoid such redirection; if necessary, implement explicit user consent, integrity verification (e.g., signed hooks), and allowlisting of trusted hooks, or revert to repository-contained hooks.

This code performs unsolicited and immediate exfiltration of identifying environment data (hostname, username, working directory, plus package metadata) to a hardcoded remote host and also overwrites/creates a Makefile in the local directory. The behavior is malicious or indicates a compromised package: it leaks potentially sensitive information without consent and mutates repository files. Treat this package as compromised: do not run or install it, revoke any credentials used on affected hosts if exposures are possible, and investigate other versions and repository integrity.

This code implements a network backdoor that creates a TCP server listening on a configurable host and port (default localhost:9940). The server accepts unauthenticated connections and executes arbitrary commands received as JSON payloads through an imported execute_action() function. Key malicious behaviors include: accepting network connections without authentication or authorization, parsing received data as JSON commands and executing them via execute_action(), allowing remote termination of the server via a 'quit_server' command, and sending command execution results back to network clients. The code lacks any input validation, sanitization, or access controls, making it a classic remote access backdoor that could enable complete system compromise.

This file is a thin loader that hides executable code inside a compressed base64 blob and runs it using exec() at import time. That pattern prevents static auditing and is a high supply-chain risk. Without decompressing and inspecting the embedded payload, the module's precise behavior is unknown. Treat this package as suspicious: block or audit it in sensitive environments, and inspect the decompressed payload in an isolated analysis environment before trusting or installing it.

Live on pypi for 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This module contains backdoor functionality with multiple malicious components: (1) Obfuscated decoding function d() that reconstructs strings from 7-character binary-encoded chunks, used to decode content from models.models.f747DebugLabel (a persistent database field or configuration value). (2) Runtime modification of models.logger.info to execute eval() on the decoded payload whenever logging occurs, creating a persistent backdoor that executes arbitrary code derived from the f747DebugLabel field. The eval is triggered on future log calls, making it a deferred execution mechanism. (3) Host-targeted conditional behavior in readyLoggers() that compares the system's machine ID to hardcoded value '534d99b372d61249ade303f9fb4255e3e552e2731f8c455ba42b8f3bef19d8d2' and, when the sentinel string '-_-' is logged, triggers 100 repetitions of 'WE HAVE BEEN COMPROMISED!!!!!' warnings. This allows targeted activation on specific hosts. The combination of obfuscated decoding, eval() of external/persistent data, and host-specific triggers enables stealthy remote code execution and persistent compromise of the server. Any party able to control models.models.f747DebugLabel can inject arbitrary code that will be executed in the server context.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This snippet contains a critical supply-chain/code-execution risk: it fetches JavaScript from https://unpkg.com/use-m/use.js at runtime and executes it via eval() to define globalThis.use, which then provides the command execution wrapper used for gh/git/fs operations. This pattern is highly consistent with malicious loader/sabotage and makes the remainder of the module’s behavior untrustworthy (including potential command injection, credential/env access, and data exfiltration) depending on what that remote script does. Additionally, the module can perform destructive git operations (hard reset and force pushes) which increases impact if the command wrapper is compromised.

This module implements a plugin loader that installs wheel packages into a local prefix and imports their entry points. It does not contain obvious intentionally malicious code in itself, but it performs high-risk operations: installing arbitrary wheel files at runtime and importing their modules, and it deletes and recreates a local prefix directory. Those behaviors create a significant supply-chain execution risk because malicious or tampered packages could execute arbitrary code during pip install or when imported. Recommend treating wheel files and distributions as untrusted: verify package signatures/checksums, restrict network access during install, run installs in an isolated/sandboxed environment, and harden environment variable handling before calling pip.

This file is a malicious web shell/backdoor. It provides a full set of attacker capabilities: arbitrary shell command execution, arbitrary PHP evaluation, file upload/download and overwrite, and installation of a bind-shell backdoor. It should be treated as malicious, removed from any production system, and incident response performed (remove, identify ingress path, rotate credentials, investigate lateral movement). Do not run or host this file.

This file is a malicious web shell/backdoor. It collects server/environment information and sends it to a hardcoded external email address, and exposes multiple high-risk capabilities to unauthenticated HTTP clients: arbitrary shell command execution, arbitrary PHP eval execution, unrestricted file read/write/ deletion, and direct SQL execution. It should be treated as a compromise artifact and removed; any systems where this was present must be assumed breached and investigated for further persistence or additional payloads.

This module exhibits multiple high-confidence malicious supply-chain/agent characteristics: strong obfuscation, dynamic runtime evaluation (Function), dynamic side-loading via computed require paths, token/key handling, hardcoded remote endpoint communication (including a t1.ru host), and orchestration of additional execution via child_process.spawn with sensitive environment injection. Even without deobfuscating every identifier, the combined behavior pattern is consistent with credential/token stealing or remote automation/backdoor staging rather than legitimate dependency functionality.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The source code exhibits clear signs of malicious behavior, primarily through unauthorized data exfiltration of system and project metadata. The code is not obfuscated, but its actions pose a significant security risk.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module contains deliberate data-exfiltration behavior: it sends an externally-supplied token to a hard-coded Telegram bot/chat and archives plus uploads a local 'Accounts' directory to a specific Telegram user, then attempts to delete the archive. Treat as malicious backdoor: remove from systems, investigate for additional compromisation, rotate any potentially leaked credentials, and block the hard-coded bot token/recipient IDs. Forensic recovery of deleted files may be required.

The code contains several potential sources of data leakage, such as monitoring mouse movements and network status, and the potential for abusing notifications. The obfuscated parts and unusual usage of async/await and generator functions raise concerns about the intent of the code. Overall, the code presents a moderate security risk and should be reviewed carefully.

Live on npm for 16 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This module is highly suspicious due to a runtime supply-chain backdoor pattern: it fetches JavaScript from a public CDN and executes it via eval to populate globalThis.use, which then controls how commands are executed. While the remainder of the logic appears consistent with PR watching/auto-restart, it also posts PR comments and uploads local logs and execution metadata, creating potential data leakage if logs contain secrets. Treat the package as unsafe unless the remote-eval bootstrap is removed/replaced with a pinned, integrity-verified dependency and uploads are carefully sanitized and access-controlled.

This module is a high-risk supply-chain configuration/credential injection tool. It embeds a hardcoded API key and writes it into the target project configuration while overriding provider/model defaults (and deleting any existing mapping for the same model key). Although the snippet does not itself perform network exfiltration, it implants credentials and redirects how the host application will authenticate and call an external API endpoint, creating significant likelihood of unauthorized usage and potential data exposure depending on downstream request behavior.