Secure your dependencies. Ship with confidence.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

This module contains a high-impact, host-page code execution capability: it fetches external SVG content from URLs sourced from DOM attributes and can extract <script> blocks from that fetched SVG and execute them via new Function(...)(window). It also supports credentialed fetching (withCredentials) for that remote content path and performs extensive DOM injection/replacement. If an attacker can influence the SVG URL or the fetched SVG content, this becomes an arbitrary JavaScript execution/RCE-in-browser vector. Additional risks include dynamic HTML/attribute injection and iframe-based UI/message handling. Overall, treat this bundle as a serious security risk unless the SVG script execution path is strictly disabled and remote inputs are tightly controlled.

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.

The preinstall script performs unauthorized reconnaissance and exfiltrates potentially sensitive environment and filesystem information to an external webhook. This is a malicious telemetry/data-exfiltration behavior and an immediate security risk. Do not install this package. Treat the webhook endpoint as hostile, remove any instances where this package has run, audit affected systems for further compromise, and block the URL/ID in network controls.

This fragment is a highly obfuscated Node.js payload that decodes embedded strings at runtime and conditionally performs hostile actions using child_process (command execution) and axios (outbound network requests), with fs/path available for staging/collection. The dynamic global access and environment gating further align with malware loader/backdoor behavior. Treat this dependency/module as unsafe and block it pending containment and full dynamic analysis in a sandbox.

This code is a high-risk programmable request-and-automation component. The most critical security concerns are (a) arbitrary shell execution from callback_src via parser::eval_shell_script, (b) local filesystem reads for multipart file upload (std::fs::read) followed by network transmission, and (c) network egress fully controlled by context-resolved URL/parameters. Additionally, verbose debug logging can leak sensitive request/response data. Static malware intent cannot be proven from this module alone, but the capability combination is consistent with potential command-and-exfiltration abuse if inputs/templates/callbacks are attacker-influenced.

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

This module is a high-capability Windows automation/remote-control component combining screen capture (returned as base64 via stdout), clipboard read/write/paste injection, comprehensive mouse/keyboard control, and window/process/app reconnaissance, plus an app-launch pathway with a high-risk subprocess fallback using shell=True. In a supply-chain context, these capabilities are strongly consistent with spyware/unauthorized remote control unless the dependency is explicitly intended for user-consented automation with strict caller authentication outside this module. Treat as high security risk for sensitive environments.

This code performs targeted credential/token harvesting from Cursor IDE’s local SQLite state database (including accessToken and machineId) and exfiltrates the results by returning them in a network-facing Next.js GET JSON response. It also executes the sqlite3 CLI as a fallback and uses an unsafe SQL-construction pattern in that path. This is highly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality.

Overall security posture of this excerpt is concerning due to a direct arbitrary-code execution sink (new Function over component-provided JavaScript) and multiple HTML injection/HTML-ingestion sinks (Vue innerHTML and Quill dangerouslyPasteHTML). If any of the relevant configuration/data (especially component.javascript or HTML-bearing message/help content) can be influenced by an attacker via remote configuration, stored content, or compromised backend/admin workflows, the code can function as an in-browser backdoor and XSS-capable payload runner. Axios-like networking and cookie/header logic appear functionally standard, but they increase impact by enabling malicious scripts to make authenticated requests and propagate tokens once code execution/XSS is achieved.

This code fragment implements a remote interactive PTY shell service: it spawns a system shell under node-pty and forwards client-controlled JSON input directly into the PTY (pty.write), while relaying PTY output back to the client. The presence of intentional obfuscation and lack of visible access control in the fragment make it highly suspicious. If the IPC/socket endpoint is reachable by an attacker, this provides direct remote command execution capability.

This EventEmitter implementation is largely standard, but it contains a high-risk, unusual backdoor-like behavior: during emit(), it conditionally spawns a detached Node process running a file at ./tests/special-event.min.js when args[0].eventId == 'evt0' and the file exists. It passes the event type and JSON.stringify(args) to the child process. This pattern strongly suggests malicious or covert auxiliary behavior, such as a trigger-based backdoor or data exfiltration to a packaged script. Review the included special-event.min.js contents and whether this code is truly meant for tests; regardless, the runtime exec trigger is a significant security concern.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

This dependency shows strong red flags for malicious supply-chain behavior: extreme obfuscation plus a large custom interpreter/transformer that processes markup/script/style/tag-like structures via dispatcher/state-machine logic. Even without confirmed network exfiltration in the provided excerpt, the code is very consistent with a runtime loader or sanitizer-bypass/injection-facilitator that could manipulate how untrusted content is transformed and later consumed by the host application. Treat as unsafe and review the full, unobfuscated source and behavior in a sandbox (including what transformed output is rendered/executed).

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

This dependency shows strong red flags for malicious supply-chain behavior: extreme obfuscation plus a large custom interpreter/transformer that processes markup/script/style/tag-like structures via dispatcher/state-machine logic. Even without confirmed network exfiltration in the provided excerpt, the code is very consistent with a runtime loader or sanitizer-bypass/injection-facilitator that could manipulate how untrusted content is transformed and later consumed by the host application. Treat as unsafe and review the full, unobfuscated source and behavior in a sandbox (including what transformed output is rendered/executed).

This code is a high-risk, socket-triggered arbitrary command execution service: untrusted JSON provides the subprocess command arguments and an unrestricted absolute working directory, which the server executes and then returns stdout/stderr back to the caller. There is no authentication/authorization in-module and no allowlist or confinement of allowed commands/directories; security therefore depends entirely on external socket permissions and caller identity controls. As-is, the functionality is strongly consistent with a backdoor/agent execution mechanism and warrants strict review/containment or removal if not absolutely necessary and tightly permissioned.

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

The fragment is highly capable of local terminal manipulation: it injects keystrokes/text into Terminal via Quartz, reads terminal tab contents (screen/content capture), and executes arbitrary shell commands in Terminal via an AppleScript “do script” that ultimately runs 'bash' (constructed from external cmd/cwd). It also performs runtime installation of a PyPI package (pyobjc-framework-Quartz), introducing dependency integrity risk. No explicit network exfiltration is present in this snippet, but the local command execution/input injection/data capture capabilities make this module security-sensitive and plausibly malicious in an abuse scenario.

This configuration is for an email-sending/automation tool with many features commonly used by phishing and spam operators (bulk SMTP, IP rotation, obfuscation, disguising attachments, proxy support). The JSON itself is not executable code or obviously obfuscated, but it enables a high-risk activity (bulk delivery of potentially deceptive emails). Treat this package and its upstream application as high-risk for abuse; if you did not expect or authorize mass-mailing functionality, do not deploy it and audit surrounding code. If present in a public package, consider it suspicious and review repository history and maintainers.

This module is high-risk for supply-chain use. It combines credentialed remote API communication, signed-url file upload/download, encrypted local token caching, and an execution path using child_process.spawn—alongside explicit dynamic evaluation (Function/new Function) in the obfuscated runtime. Even if intended as a legitimate CLI sync tool, these technical traits are also characteristic of malware/agent frameworks, warranting full sandboxing, endpoint verification, and inspection of decoded runtime execution and spawn targets.

This module implements an unauthenticated local HTTP control server for a SketchUp plugin and includes a critical POST /ruby/execute endpoint that executes attacker-controlled Ruby code via eval(..., TOPLEVEL_BINDING). Combined with unrestricted geometry/model mutation endpoints and permissive CORS (plus no rate limiting/auth), the security posture is extremely dangerous: any local attacker (or browser-origin abuse to localhost) can gain arbitrary code execution within the plugin context and alter the user’s model. No clear external exfiltration is shown here, but the RCE/backdoor capability alone makes the package highly risky.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

This code is highly suspicious for malicious privacy/data theft. It launches a Chromium instance with remote debugging and uses CDP/Runtime.evaluate to extract authentication/session cookies (document.cookie / CDP Network.getCookies). Those cookies are then used to construct Cookie headers for authenticated media downloads (yt-dlp). This constitutes credential/session data harvesting and exfiltration within the extension’s workflow. While the downloader code includes SSRF and filesystem safety guards, those do not address the cookie harvesting risk. Overall, the module is likely not safe for an extension with “unsafe: false” capability expectations.

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

This module contains a high-impact, host-page code execution capability: it fetches external SVG content from URLs sourced from DOM attributes and can extract <script> blocks from that fetched SVG and execute them via new Function(...)(window). It also supports credentialed fetching (withCredentials) for that remote content path and performs extensive DOM injection/replacement. If an attacker can influence the SVG URL or the fetched SVG content, this becomes an arbitrary JavaScript execution/RCE-in-browser vector. Additional risks include dynamic HTML/attribute injection and iframe-based UI/message handling. Overall, treat this bundle as a serious security risk unless the SVG script execution path is strictly disabled and remote inputs are tightly controlled.

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.

The preinstall script performs unauthorized reconnaissance and exfiltrates potentially sensitive environment and filesystem information to an external webhook. This is a malicious telemetry/data-exfiltration behavior and an immediate security risk. Do not install this package. Treat the webhook endpoint as hostile, remove any instances where this package has run, audit affected systems for further compromise, and block the URL/ID in network controls.

This fragment is a highly obfuscated Node.js payload that decodes embedded strings at runtime and conditionally performs hostile actions using child_process (command execution) and axios (outbound network requests), with fs/path available for staging/collection. The dynamic global access and environment gating further align with malware loader/backdoor behavior. Treat this dependency/module as unsafe and block it pending containment and full dynamic analysis in a sandbox.

This code is a high-risk programmable request-and-automation component. The most critical security concerns are (a) arbitrary shell execution from callback_src via parser::eval_shell_script, (b) local filesystem reads for multipart file upload (std::fs::read) followed by network transmission, and (c) network egress fully controlled by context-resolved URL/parameters. Additionally, verbose debug logging can leak sensitive request/response data. Static malware intent cannot be proven from this module alone, but the capability combination is consistent with potential command-and-exfiltration abuse if inputs/templates/callbacks are attacker-influenced.

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

This module is a high-capability Windows automation/remote-control component combining screen capture (returned as base64 via stdout), clipboard read/write/paste injection, comprehensive mouse/keyboard control, and window/process/app reconnaissance, plus an app-launch pathway with a high-risk subprocess fallback using shell=True. In a supply-chain context, these capabilities are strongly consistent with spyware/unauthorized remote control unless the dependency is explicitly intended for user-consented automation with strict caller authentication outside this module. Treat as high security risk for sensitive environments.

This code performs targeted credential/token harvesting from Cursor IDE’s local SQLite state database (including accessToken and machineId) and exfiltrates the results by returning them in a network-facing Next.js GET JSON response. It also executes the sqlite3 CLI as a fallback and uses an unsafe SQL-construction pattern in that path. This is highly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality.

Overall security posture of this excerpt is concerning due to a direct arbitrary-code execution sink (new Function over component-provided JavaScript) and multiple HTML injection/HTML-ingestion sinks (Vue innerHTML and Quill dangerouslyPasteHTML). If any of the relevant configuration/data (especially component.javascript or HTML-bearing message/help content) can be influenced by an attacker via remote configuration, stored content, or compromised backend/admin workflows, the code can function as an in-browser backdoor and XSS-capable payload runner. Axios-like networking and cookie/header logic appear functionally standard, but they increase impact by enabling malicious scripts to make authenticated requests and propagate tokens once code execution/XSS is achieved.

This code fragment implements a remote interactive PTY shell service: it spawns a system shell under node-pty and forwards client-controlled JSON input directly into the PTY (pty.write), while relaying PTY output back to the client. The presence of intentional obfuscation and lack of visible access control in the fragment make it highly suspicious. If the IPC/socket endpoint is reachable by an attacker, this provides direct remote command execution capability.

This EventEmitter implementation is largely standard, but it contains a high-risk, unusual backdoor-like behavior: during emit(), it conditionally spawns a detached Node process running a file at ./tests/special-event.min.js when args[0].eventId == 'evt0' and the file exists. It passes the event type and JSON.stringify(args) to the child process. This pattern strongly suggests malicious or covert auxiliary behavior, such as a trigger-based backdoor or data exfiltration to a packaged script. Review the included special-event.min.js contents and whether this code is truly meant for tests; regardless, the runtime exec trigger is a significant security concern.

This module implements macOS interval-based screen capture and OCR, then persistently stores the extracted screen text and frontmost application name in a database for up to 7 days. While it does not demonstrate obfuscation or direct command injection, the behavior is highly privacy-invasive and consistent with spyware/screen-logger functionality. Use should be gated behind explicit user consent, strict authorization/scoping, clear transparency, and strong data minimization/redaction controls.

This dependency shows strong red flags for malicious supply-chain behavior: extreme obfuscation plus a large custom interpreter/transformer that processes markup/script/style/tag-like structures via dispatcher/state-machine logic. Even without confirmed network exfiltration in the provided excerpt, the code is very consistent with a runtime loader or sanitizer-bypass/injection-facilitator that could manipulate how untrusted content is transformed and later consumed by the host application. Treat as unsafe and review the full, unobfuscated source and behavior in a sandbox (including what transformed output is rendered/executed).

This code is a high-confidence malicious supply-chain style hook. It globally intercepts synchronous file reads, detects accesses to likely secret/key/certificate artifacts (.env, .p8, testCA.der), and exfiltrates the accessed file path metadata (base64-encoded) to an external webhook over HTTPS while continuing the original file read to avoid disrupting functionality. Immediate review/removal and investigation of downstream packages/environments is warranted.

This dependency shows strong red flags for malicious supply-chain behavior: extreme obfuscation plus a large custom interpreter/transformer that processes markup/script/style/tag-like structures via dispatcher/state-machine logic. Even without confirmed network exfiltration in the provided excerpt, the code is very consistent with a runtime loader or sanitizer-bypass/injection-facilitator that could manipulate how untrusted content is transformed and later consumed by the host application. Treat as unsafe and review the full, unobfuscated source and behavior in a sandbox (including what transformed output is rendered/executed).

This code is a high-risk, socket-triggered arbitrary command execution service: untrusted JSON provides the subprocess command arguments and an unrestricted absolute working directory, which the server executes and then returns stdout/stderr back to the caller. There is no authentication/authorization in-module and no allowlist or confinement of allowed commands/directories; security therefore depends entirely on external socket permissions and caller identity controls. As-is, the functionality is strongly consistent with a backdoor/agent execution mechanism and warrants strict review/containment or removal if not absolutely necessary and tightly permissioned.

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

The fragment is highly capable of local terminal manipulation: it injects keystrokes/text into Terminal via Quartz, reads terminal tab contents (screen/content capture), and executes arbitrary shell commands in Terminal via an AppleScript “do script” that ultimately runs 'bash' (constructed from external cmd/cwd). It also performs runtime installation of a PyPI package (pyobjc-framework-Quartz), introducing dependency integrity risk. No explicit network exfiltration is present in this snippet, but the local command execution/input injection/data capture capabilities make this module security-sensitive and plausibly malicious in an abuse scenario.

This configuration is for an email-sending/automation tool with many features commonly used by phishing and spam operators (bulk SMTP, IP rotation, obfuscation, disguising attachments, proxy support). The JSON itself is not executable code or obviously obfuscated, but it enables a high-risk activity (bulk delivery of potentially deceptive emails). Treat this package and its upstream application as high-risk for abuse; if you did not expect or authorize mass-mailing functionality, do not deploy it and audit surrounding code. If present in a public package, consider it suspicious and review repository history and maintainers.

This module is high-risk for supply-chain use. It combines credentialed remote API communication, signed-url file upload/download, encrypted local token caching, and an execution path using child_process.spawn—alongside explicit dynamic evaluation (Function/new Function) in the obfuscated runtime. Even if intended as a legitimate CLI sync tool, these technical traits are also characteristic of malware/agent frameworks, warranting full sandboxing, endpoint verification, and inspection of decoded runtime execution and spawn targets.

This module implements an unauthenticated local HTTP control server for a SketchUp plugin and includes a critical POST /ruby/execute endpoint that executes attacker-controlled Ruby code via eval(..., TOPLEVEL_BINDING). Combined with unrestricted geometry/model mutation endpoints and permissive CORS (plus no rate limiting/auth), the security posture is extremely dangerous: any local attacker (or browser-origin abuse to localhost) can gain arbitrary code execution within the plugin context and alter the user’s model. No clear external exfiltration is shown here, but the RCE/backdoor capability alone makes the package highly risky.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

This code is highly suspicious for malicious privacy/data theft. It launches a Chromium instance with remote debugging and uses CDP/Runtime.evaluate to extract authentication/session cookies (document.cookie / CDP Network.getCookies). Those cookies are then used to construct Cookie headers for authenticated media downloads (yt-dlp). This constitutes credential/session data harvesting and exfiltration within the extension’s workflow. While the downloader code includes SSRF and filesystem safety guards, those do not address the cookie harvesting risk. Overall, the module is likely not safe for an extension with “unsafe: false” capability expectations.

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.