Secure your dependencies. Ship with confidence.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

The code snippet primarily involves calling functions from various imported modules with unconventional names, which raises suspicion due to the lack of context and standard practices. The invalid syntax and undefined methods further suggest potential obfuscation or errors. However, without more information about these modules and their implementations, it's challenging to definitively determine malicious intent. There are no clear sources or sinks within this snippet alone.

Live on npm for 57 days, 18 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This code fragment is an unmistakable malicious supply-chain/exfiltration payload. It executes a shell command that enumerates all non-node_modules files in a project directory, exfiltrates each file’s raw contents to a hardcoded external HTTPS webhook, and includes host/user and full file-path metadata in custom HTTP headers. It also suppresses output, parallelizes requests, and sends a completion beacon. This module should be treated as malware and not used.

Live on npm for 4 days, 23 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The fragment exhibits high-risk indicators: heavily obfuscated/packed payload blocks embedded with numerous external-endpoint references, suggesting potential remote code loading, data exfiltration, or covert configuration fetched at runtime. The visible AuthService methods themselves align with normal patterns, but the surrounding content warrants immediate containment, deep static/dynamic analysis, and likely removal from production builds until proven benign. Recommend isolating, auditing, or replacing with a clean, well-documented implementation.

The script is a self-destructing file deletion tool designed to recursively wipe all files in the current working directory after a set delay (default: 2 minutes). The script does not display any warning after execution beyond the initial console message, making it highly destructive if executed unknowingly.

This module appears to be a legitimate auto-update helper for the 'dreame-claude' package. It is obfuscated via a string table but performs expected tasks: checking versions via npm, comparing versions, detecting installation type (global vs local via ~/.claude marker), and running npm install commands to update. The main security consideration is the use of shell-mode exec/spawn to run npm commands — a standard pattern for updaters but one that requires trust in the package name and the npm ecosystem. I find no direct signs of malware, credential theft, or data exfiltration in this file.

The source code is malicious and constitutes a clear supply chain attack vector by exfiltrating sensitive system and environment data to a suspicious external server without user consent. This poses a high security risk and privacy violation. The code should be flagged and removed immediately from any trusted software supply chain.

Live on npm for 1 hour and 36 minutes before removal. Socket users were protected even while the package was live.

This module is a malicious reverse backdoor. It provides remote command execution, arbitrary file exfiltration and file write (dropping), and installs persistent startup via Windows registry. It lacks authentication or encryption, making it highly dangerous if executed. Do not run this code on any system you care about; treat it as malware and remove/block it.

This code implements a high-confidence remote command execution backdoor. When the backdoor flag is enabled and the requester passes an IP-based trust check, the server executes the HTTP request body via `sh -c` and returns the resulting output (and error details) to the requester. The lack of sanitization, allowlisting, or strong authentication makes abuse straightforward for any party that can satisfy the trust gate.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.

High supply-chain malware risk. The module embeds a large base64-encoded JavaScript worker payload as a data:text/javascript;base64 URL (an execution sink) inside a UI/library bundle. This pattern is a well-known way to smuggle hidden logic that can run with the site’s trust level once the PDF renderer creates a Worker. Additionally, the module previews and downloads attacker-influenced content via derived URLs/blobs, further increasing impact if the payload is malicious.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

This code performs continuous, automated screenshot capture and exfiltration to a Telegram chat, along with host metadata. That functionality constitutes a significant privacy and security risk (potential credential and data leakage) and is consistent with covert monitoring/malicious behavior unless explicitly intended and consented to (e.g., endpoint management with transparent consent). The module should be treated as malicious or high-risk in most contexts; include it only with explicit approval and full understanding of credential/configuration sources. Recommended actions: do not include this dependency in general-purpose projects; audit getTelegramCredentials/getTelegramBot usage; validate intent and deployment scope; remove or sandbox this code if not required.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

Live on npm for 7 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code exhibits multiple malicious behaviors, including data exfiltration via DNS, disabling TLS verification, and executing remote code. These actions pose significant security risks.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The code is explicitly malicious or designed to facilitate malware creation and distribution (botnet builder). It packages, obfuscates, and produces executable clients that embed marshalled/compressed payloads executed via eval/exec. It also runs shell commands to obfuscate and build artifacts and constructs a loader with a base_url for likely command-and-control. Do not run or include this code in any trusted environment.

The code exhibits potential security risks due to the use of 'eval', base64 encoding and decoding, and dynamic script creation. Caution is advised when using this code.

This module is a storage accessor that downloads blobs/objects and deserializes them using cloudpickle. I found no explicit backdoor or obfuscated malicious code, but the direct use of cloudpickle on remote data is dangerous: it permits remote code execution if an attacker can control or tamper with the stored blobs. Additionally, the Amazon implementation contains a clear bug/typo which would break execution. Overall: not overtly malicious, but high-risk due to unsafe deserialization.

The code is primarily intended for sending email notifications related to stock trading activities, but it includes hard-coded credentials and handles user data, raising potential security risks.

The code is highly suspicious due to its obfuscation, data exfiltration activities, and use of DNS tunneling. It collects environment variables and sends them to an external server without user consent, indicating malicious intent.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

This snippet exfiltrates an environment GitHub token to a hardcoded external endpoint using a shell-invoked curl command. The double base64 is trivial obfuscation; use of child_process.exec increases risk (command-line exposure and potential command injection). Treat this as malicious or highly dangerous: remove the code, revoke/rotate any tokens that may have been exposed, block the endpoint, and audit installations for further compromise.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

The code snippet primarily involves calling functions from various imported modules with unconventional names, which raises suspicion due to the lack of context and standard practices. The invalid syntax and undefined methods further suggest potential obfuscation or errors. However, without more information about these modules and their implementations, it's challenging to definitively determine malicious intent. There are no clear sources or sinks within this snippet alone.

Live on npm for 57 days, 18 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This code fragment is an unmistakable malicious supply-chain/exfiltration payload. It executes a shell command that enumerates all non-node_modules files in a project directory, exfiltrates each file’s raw contents to a hardcoded external HTTPS webhook, and includes host/user and full file-path metadata in custom HTTP headers. It also suppresses output, parallelizes requests, and sends a completion beacon. This module should be treated as malware and not used.

Live on npm for 4 days, 23 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The fragment exhibits high-risk indicators: heavily obfuscated/packed payload blocks embedded with numerous external-endpoint references, suggesting potential remote code loading, data exfiltration, or covert configuration fetched at runtime. The visible AuthService methods themselves align with normal patterns, but the surrounding content warrants immediate containment, deep static/dynamic analysis, and likely removal from production builds until proven benign. Recommend isolating, auditing, or replacing with a clean, well-documented implementation.

The script is a self-destructing file deletion tool designed to recursively wipe all files in the current working directory after a set delay (default: 2 minutes). The script does not display any warning after execution beyond the initial console message, making it highly destructive if executed unknowingly.

This module appears to be a legitimate auto-update helper for the 'dreame-claude' package. It is obfuscated via a string table but performs expected tasks: checking versions via npm, comparing versions, detecting installation type (global vs local via ~/.claude marker), and running npm install commands to update. The main security consideration is the use of shell-mode exec/spawn to run npm commands — a standard pattern for updaters but one that requires trust in the package name and the npm ecosystem. I find no direct signs of malware, credential theft, or data exfiltration in this file.

The source code is malicious and constitutes a clear supply chain attack vector by exfiltrating sensitive system and environment data to a suspicious external server without user consent. This poses a high security risk and privacy violation. The code should be flagged and removed immediately from any trusted software supply chain.

Live on npm for 1 hour and 36 minutes before removal. Socket users were protected even while the package was live.

This module is a malicious reverse backdoor. It provides remote command execution, arbitrary file exfiltration and file write (dropping), and installs persistent startup via Windows registry. It lacks authentication or encryption, making it highly dangerous if executed. Do not run this code on any system you care about; treat it as malware and remove/block it.

This code implements a high-confidence remote command execution backdoor. When the backdoor flag is enabled and the requester passes an IP-based trust check, the server executes the HTTP request body via `sh -c` and returns the resulting output (and error details) to the requester. The lack of sanitization, allowlisting, or strong authentication makes abuse straightforward for any party that can satisfy the trust gate.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module implements a GUI chat application that integrates with OpenAI and provides features that allow arbitrary Python and shell command execution based on selected text or user input, and loads plugins from the filesystem. I did not find explicit hardcoded backdoor/network exfiltration to a suspicious external domain. However, the code exposes powerful dangerous sinks (exec, eval, subprocess.run(..., shell=True), os.system) directly to user-supplied or file-supplied content without sandboxing. This is a high security risk for accidental misuse or malicious plugins/content; treat the package as potentially dangerous in contexts where untrusted data or plugins may be present. Recommended mitigation: remove or require explicit confirmation for run-as-command features, sandbox or restrict exec/context, avoid shell=True, avoid eval, and never auto-run plugin code from untrusted locations.

High supply-chain malware risk. The module embeds a large base64-encoded JavaScript worker payload as a data:text/javascript;base64 URL (an execution sink) inside a UI/library bundle. This pattern is a well-known way to smuggle hidden logic that can run with the site’s trust level once the PDF renderer creates a Worker. Additionally, the module previews and downloads attacker-influenced content via derived URLs/blobs, further increasing impact if the payload is malicious.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

This code performs continuous, automated screenshot capture and exfiltration to a Telegram chat, along with host metadata. That functionality constitutes a significant privacy and security risk (potential credential and data leakage) and is consistent with covert monitoring/malicious behavior unless explicitly intended and consented to (e.g., endpoint management with transparent consent). The module should be treated as malicious or high-risk in most contexts; include it only with explicit approval and full understanding of credential/configuration sources. Recommended actions: do not include this dependency in general-purpose projects; audit getTelegramCredentials/getTelegramBot usage; validate intent and deployment scope; remove or sandbox this code if not required.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

Live on npm for 7 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code exhibits multiple malicious behaviors, including data exfiltration via DNS, disabling TLS verification, and executing remote code. These actions pose significant security risks.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The code is explicitly malicious or designed to facilitate malware creation and distribution (botnet builder). It packages, obfuscates, and produces executable clients that embed marshalled/compressed payloads executed via eval/exec. It also runs shell commands to obfuscate and build artifacts and constructs a loader with a base_url for likely command-and-control. Do not run or include this code in any trusted environment.

The code exhibits potential security risks due to the use of 'eval', base64 encoding and decoding, and dynamic script creation. Caution is advised when using this code.

This module is a storage accessor that downloads blobs/objects and deserializes them using cloudpickle. I found no explicit backdoor or obfuscated malicious code, but the direct use of cloudpickle on remote data is dangerous: it permits remote code execution if an attacker can control or tamper with the stored blobs. Additionally, the Amazon implementation contains a clear bug/typo which would break execution. Overall: not overtly malicious, but high-risk due to unsafe deserialization.

The code is primarily intended for sending email notifications related to stock trading activities, but it includes hard-coded credentials and handles user data, raising potential security risks.

The code is highly suspicious due to its obfuscation, data exfiltration activities, and use of DNS tunneling. It collects environment variables and sends them to an external server without user consent, indicating malicious intent.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

This snippet exfiltrates an environment GitHub token to a hardcoded external endpoint using a shell-invoked curl command. The double base64 is trivial obfuscation; use of child_process.exec increases risk (command-line exposure and potential command injection). Treat this as malicious or highly dangerous: remove the code, revoke/rotate any tokens that may have been exposed, block the endpoint, and audit installations for further compromise.