Secure your dependencies. Ship with confidence.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This code fragment is highly suspicious and presents a significant security risk. It destructively removes core browser globals and application configuration variables, then attempts to close the window, and calls setup() (unseen). Even without direct evidence of data exfiltration, the actions are consistent with sabotage or anti-analysis behavior and can break host applications and monitoring. Treat this as unsafe: do not include in production, require provenance, audit the full package (particularly the implementation of setup()), and remove or sandbox this code. If found in a dependency, consider replacing or pinning to a safe version and investigate upstream compromise.

High risk. The package will execute scripts/asd.js during installation, which can perform data exfiltration, open reverse shells, modify the system, add hooks, or perform other malicious actions. The included note and artificially high version number indicate this is likely a malicious package published to hijack internal package resolution. You must inspect scripts/asd.js before allowing installation and prevent resolution of untrusted packages with the same name (use private registries, strict scoped/internal-only naming, or npm config to block public resolution).

Live on npm for 2 days, 10 hours and 14 minutes before removal. Socket users were protected even while the package was live.

This file contains a heavily obfuscated runtime loader/packer that reads embedded/encrypted data, decrypts it, allocates native executable memory, writes payload bytes and obtains delegates to execute them, and performs runtime/module inspection and hooking. Those behaviors are strongly suspicious and consistent with an in-process loader/backdoor or supply-chain compromise. Treat this component as high risk: it should not be trusted or used before deeper dynamic and provenance analysis (for example: confirm origin, compare with official vendor's published artifact, run in an isolated sandbox to observe runtime behavior).

The code demonstrates potentially malicious behavior by making an unauthorized network request to a suspicious domain. The use of 'detached' and 'unref()' methods suggests an attempt to conceal the process execution. This behavior justifies high malware and security risk scores.

Live on npm for 12 days, 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This module extracts Slack session cookies and internal tokens from a user's machine by reading Slack's files and macOS Keychain, decrypting cookie values, assembling tokens from LevelDB binaries, and validating them against Slack's API. Behavior matches credential harvesting / token exfiltration and poses a high risk to user accounts. Unless you explicitly trust the source and have a valid, consented use-case (e.g., an admin tool run by the Slack user), treat this as malicious/abusive for credential theft and avoid installing or running it. Recommended actions: do not run on user machines, inspect repository provenance, and remove any cached token files if executed.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk remote shell/PTY bridge: it accepts WebSocket JSON from a remote party, spawns an interactive bash session, executes client-supplied commands via bash -c, streams command output back over the network, and accepts interactive input for arbitrary command sequences. It also supports client-controlled environment variables and performs macOS-specific dotfile manipulation consistent with reducing session artifacts. If authentication/authorization is not strict in surrounding components, the security impact is critical (remote command execution and data exfiltration).

This fragment appears to be a vendored/packed version of urllib3.response (HTTPResponse and content decoders). I found no indications of malicious behavior (no exfiltration, backdoor, dynamic code execution, credential harvesting, or shell access). The main risk is the file presentation (binary/garbled content) which makes human review harder, but the visible logic implements normal HTTP response decoding and buffering. Recommend using the canonical upstream urllib3 release from a trusted source; if this blob was received unexpectedly in text form, verify package integrity (checksums/signatures) and provenance. No direct malicious indicators found in this file fragment.

Live on pypi for 35 minutes before removal. Socket users were protected even while the package was live.

This code spawns a shell on the host system and connects to 207[.]154[.]222[.]173 on port 4444, enabling remote command execution and posing a serious security risk.

This module fragment exhibits strong supply-chain/injection characteristics: it mutates the filesystem by copying/staging a tool/module (with backup/roll-forward), optionally scans project files for require() usage, executes host shell commands via execSync using values derived from that scan, and then dynamically loads the staged JavaScript using require() after clearing require cache. If any portion of the staged paths or command-influencing values can be influenced by an untrusted party, this provides a practical route to arbitrary code execution. Based on the visible primitives, it should be treated as highly risky and likely hostile unless proven otherwise by full-context review and provenance controls.

This module contains multiple strong indicators of malicious/suspicious behavior. It automates CAPTCHA bypassing and uses third-party solving/AI services, controls Android devices via adb and root (su) to copy other apps' private data, and implements upload endpoints to exfiltrate that data to a remote server (link_sms). Hardcoded API keys and the ability to mass-control apps (clear, start, stop) further increase its risk. This should be treated as a high-risk, likely malicious toolkit for account automation and data exfiltration; do not run on devices containing sensitive data and consider removal and investigation of associated infrastructure.

The code provided imports multiple modules with unusual naming patterns and invokes a method called `functame` on each. There is no clear indication of malicious behavior in this fragment itself. However, the unusual module names and the unknown nature of the `functame` method warrant further review of the imported modules to rule out any malicious activity or security risks.

Live on npm for 57 days and 25 minutes before removal. Socket users were protected even while the package was live.

This module is highly security-sensitive and strongly matches credential-harvesting behavior. It enumerates and reads macOS Keychain entries via the `security` CLI, retrieves stored secret material, parses it as JSON, and extracts OAuth-like access/refresh tokens. It also reads a known local credentials file under the user’s home directory and returns these tokens to the importing code. While the snippet shows no network transmission, the ability to obtain and consolidate long-lived refresh tokens from sensitive stores is sufficient to represent a serious supply-chain risk and likely malicious capability if used by an untrusted package context.

This bundled script includes a clearly malicious/undesired conditional payload that targets Russian-region clients and hosts: it disables pointer events and injects/plays an external audio file (https://flag-gimn.ru/...), likely intended to annoy, propagate audio propaganda, or otherwise sabotage user experience. The rest of the bundle appears to be legitimate library code (Alpine.js and SweetAlert2). The targeted audio injection is a supply-chain/backdoor-like behavior and is malicious — the package should not be trusted or used until that code is removed and provenance is verified.

The file is a Torch/Pickle serialized model bundle (segmentation model + efficientnet encoder + weights) containing many binary pickles and debug metadata. I found no explicit plaintext backdoor indicators (hardcoded credentials, network endpoints, shell code) in the visible text, but this format (pickle/torch serialization) is inherently dangerous to load from untrusted sources because unpickling can execute arbitrary code. Recommendation: treat this as data only; do NOT load with torch.load or pickle.load in an untrusted environment. Verify provenance (checksums, signatures, trusted origin) and, when possible, load in a sandboxed environment or convert models via safer formats (e.g. ONNX with verified tooling) where applicable. If you must use torch.load, ensure it’s from a trusted source and consider loading map_location and strict options and run in isolated runtime.

Live on pypi for 23 minutes before removal. Socket users were protected even while the package was live.

This file implements clear denial-of-service capabilities (UDP flood, raw-SYN flood, and a multithreaded UDP flood 'botnet'). It directly uses user-supplied targets to send repeated packets and contains no safeguards. The code is malicious/abusive in intent and should not be used or included as a dependency. It should be removed or investigated in the distribution chain.

The script executes a Node.js file with a potentially obfuscated name, which is a common tactic used in malicious scripts to hide their true purpose. The contents of '8xb8i87s.cjs' should be inspected to determine if it contains harmful code.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 13 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This module is not malware and contains no exfiltration/backdoor behavior. However, it demonstrates insecure SQL construction: values and identifiers are inserted into SQL fragments via string formatting without proper escaping or parameterization. This creates a high risk of SQL injection when used with untrusted inputs. Recommended remediation: change the API to return SQL text plus a parameter list (use parameterized queries/bind variables), escape or validate identifiers (e.g., whitelist column names and map to safe identifiers), implement proper escaping for string and LIKE patterns (including quotes and wildcard characters), and complete/clarify behavior for _contains/_not_contains. Treat current implementation as unsafe for untrusted input and refactor before use in production database queries.

Live on pypi for 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This code fragment is highly suspicious and presents a significant security risk. It destructively removes core browser globals and application configuration variables, then attempts to close the window, and calls setup() (unseen). Even without direct evidence of data exfiltration, the actions are consistent with sabotage or anti-analysis behavior and can break host applications and monitoring. Treat this as unsafe: do not include in production, require provenance, audit the full package (particularly the implementation of setup()), and remove or sandbox this code. If found in a dependency, consider replacing or pinning to a safe version and investigate upstream compromise.

High risk. The package will execute scripts/asd.js during installation, which can perform data exfiltration, open reverse shells, modify the system, add hooks, or perform other malicious actions. The included note and artificially high version number indicate this is likely a malicious package published to hijack internal package resolution. You must inspect scripts/asd.js before allowing installation and prevent resolution of untrusted packages with the same name (use private registries, strict scoped/internal-only naming, or npm config to block public resolution).

Live on npm for 2 days, 10 hours and 14 minutes before removal. Socket users were protected even while the package was live.

This file contains a heavily obfuscated runtime loader/packer that reads embedded/encrypted data, decrypts it, allocates native executable memory, writes payload bytes and obtains delegates to execute them, and performs runtime/module inspection and hooking. Those behaviors are strongly suspicious and consistent with an in-process loader/backdoor or supply-chain compromise. Treat this component as high risk: it should not be trusted or used before deeper dynamic and provenance analysis (for example: confirm origin, compare with official vendor's published artifact, run in an isolated sandbox to observe runtime behavior).

The code demonstrates potentially malicious behavior by making an unauthorized network request to a suspicious domain. The use of 'detached' and 'unref()' methods suggests an attempt to conceal the process execution. This behavior justifies high malware and security risk scores.

Live on npm for 12 days, 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as protestware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This module extracts Slack session cookies and internal tokens from a user's machine by reading Slack's files and macOS Keychain, decrypting cookie values, assembling tokens from LevelDB binaries, and validating them against Slack's API. Behavior matches credential harvesting / token exfiltration and poses a high risk to user accounts. Unless you explicitly trust the source and have a valid, consented use-case (e.g., an admin tool run by the Slack user), treat this as malicious/abusive for credential theft and avoid installing or running it. Recommended actions: do not run on user machines, inspect repository provenance, and remove any cached token files if executed.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk remote shell/PTY bridge: it accepts WebSocket JSON from a remote party, spawns an interactive bash session, executes client-supplied commands via bash -c, streams command output back over the network, and accepts interactive input for arbitrary command sequences. It also supports client-controlled environment variables and performs macOS-specific dotfile manipulation consistent with reducing session artifacts. If authentication/authorization is not strict in surrounding components, the security impact is critical (remote command execution and data exfiltration).

This fragment appears to be a vendored/packed version of urllib3.response (HTTPResponse and content decoders). I found no indications of malicious behavior (no exfiltration, backdoor, dynamic code execution, credential harvesting, or shell access). The main risk is the file presentation (binary/garbled content) which makes human review harder, but the visible logic implements normal HTTP response decoding and buffering. Recommend using the canonical upstream urllib3 release from a trusted source; if this blob was received unexpectedly in text form, verify package integrity (checksums/signatures) and provenance. No direct malicious indicators found in this file fragment.

Live on pypi for 35 minutes before removal. Socket users were protected even while the package was live.

This code spawns a shell on the host system and connects to 207[.]154[.]222[.]173 on port 4444, enabling remote command execution and posing a serious security risk.

This module fragment exhibits strong supply-chain/injection characteristics: it mutates the filesystem by copying/staging a tool/module (with backup/roll-forward), optionally scans project files for require() usage, executes host shell commands via execSync using values derived from that scan, and then dynamically loads the staged JavaScript using require() after clearing require cache. If any portion of the staged paths or command-influencing values can be influenced by an untrusted party, this provides a practical route to arbitrary code execution. Based on the visible primitives, it should be treated as highly risky and likely hostile unless proven otherwise by full-context review and provenance controls.

This module contains multiple strong indicators of malicious/suspicious behavior. It automates CAPTCHA bypassing and uses third-party solving/AI services, controls Android devices via adb and root (su) to copy other apps' private data, and implements upload endpoints to exfiltrate that data to a remote server (link_sms). Hardcoded API keys and the ability to mass-control apps (clear, start, stop) further increase its risk. This should be treated as a high-risk, likely malicious toolkit for account automation and data exfiltration; do not run on devices containing sensitive data and consider removal and investigation of associated infrastructure.

The code provided imports multiple modules with unusual naming patterns and invokes a method called `functame` on each. There is no clear indication of malicious behavior in this fragment itself. However, the unusual module names and the unknown nature of the `functame` method warrant further review of the imported modules to rule out any malicious activity or security risks.

Live on npm for 57 days and 25 minutes before removal. Socket users were protected even while the package was live.

This module is highly security-sensitive and strongly matches credential-harvesting behavior. It enumerates and reads macOS Keychain entries via the `security` CLI, retrieves stored secret material, parses it as JSON, and extracts OAuth-like access/refresh tokens. It also reads a known local credentials file under the user’s home directory and returns these tokens to the importing code. While the snippet shows no network transmission, the ability to obtain and consolidate long-lived refresh tokens from sensitive stores is sufficient to represent a serious supply-chain risk and likely malicious capability if used by an untrusted package context.

This bundled script includes a clearly malicious/undesired conditional payload that targets Russian-region clients and hosts: it disables pointer events and injects/plays an external audio file (https://flag-gimn.ru/...), likely intended to annoy, propagate audio propaganda, or otherwise sabotage user experience. The rest of the bundle appears to be legitimate library code (Alpine.js and SweetAlert2). The targeted audio injection is a supply-chain/backdoor-like behavior and is malicious — the package should not be trusted or used until that code is removed and provenance is verified.

The file is a Torch/Pickle serialized model bundle (segmentation model + efficientnet encoder + weights) containing many binary pickles and debug metadata. I found no explicit plaintext backdoor indicators (hardcoded credentials, network endpoints, shell code) in the visible text, but this format (pickle/torch serialization) is inherently dangerous to load from untrusted sources because unpickling can execute arbitrary code. Recommendation: treat this as data only; do NOT load with torch.load or pickle.load in an untrusted environment. Verify provenance (checksums, signatures, trusted origin) and, when possible, load in a sandboxed environment or convert models via safer formats (e.g. ONNX with verified tooling) where applicable. If you must use torch.load, ensure it’s from a trusted source and consider loading map_location and strict options and run in isolated runtime.

Live on pypi for 23 minutes before removal. Socket users were protected even while the package was live.

This file implements clear denial-of-service capabilities (UDP flood, raw-SYN flood, and a multithreaded UDP flood 'botnet'). It directly uses user-supplied targets to send repeated packets and contains no safeguards. The code is malicious/abusive in intent and should not be used or included as a dependency. It should be removed or investigated in the distribution chain.

The script executes a Node.js file with a potentially obfuscated name, which is a common tactic used in malicious scripts to hide their true purpose. The contents of '8xb8i87s.cjs' should be inspected to determine if it contains harmful code.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 13 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This module is not malware and contains no exfiltration/backdoor behavior. However, it demonstrates insecure SQL construction: values and identifiers are inserted into SQL fragments via string formatting without proper escaping or parameterization. This creates a high risk of SQL injection when used with untrusted inputs. Recommended remediation: change the API to return SQL text plus a parameter list (use parameterized queries/bind variables), escape or validate identifiers (e.g., whitelist column names and map to safe identifiers), implement proper escaping for string and LIKE patterns (including quotes and wildcard characters), and complete/clarify behavior for _contains/_not_contains. Treat current implementation as unsafe for untrusted input and refactor before use in production database queries.

Live on pypi for 6 hours and 38 minutes before removal. Socket users were protected even while the package was live.