Secure your dependencies. Ship with confidence.

This module contains a critical supply-chain remote code execution primitive: it conditionally downloads JavaScript from a public CDN and executes it via eval() to initialize globalThis.use/command-stream. This makes the overall package extremely high risk in a typical CI/automation environment, because the fetched code can arbitrarily control subsequent command execution and exfiltrate data. The remaining logic largely performs GitHub API queries and merge-blocker decision-making, but it inherits trust from the eval-based bootstrap; additional risks may exist in helper modules not shown in this fragment.

The code fragment exhibits high-risk patterns primarily due to dynamic surrogate-code generation and runtime compilation, coupled with extensive surrogate-process orchestration and unmanaged interop. These introduce meaningful attack surfaces for supply-chain or runtime abuse if inputs (HTML, URLs, cookies, headers, credentials) can be influenced by an adversary. While the library provides legitimate rendering capabilities, these patterns require hardening: restrict or remove dynamic code execution, sanitize and minimize external inputs to surrogate boundaries, improve error handling, and ensure strong provenance and isolation for all loaded binaries. Overall, this report assesses medium-to-high security risk for deployment, with malware likelihood currently low unless inputs are manipulated to drive surrogate code execution.

The code contains a severe security risk due to the use of eval() on unverified remote code, enabling arbitrary remote code execution. This represents a critical supply chain vulnerability that could lead to malware execution, data theft, or system compromise. The local code is not obfuscated but relies on dynamic code loading that effectively hides the executed logic. It is strongly recommended to avoid this pattern or implement strict integrity checks and sandboxing. The provided reports are unhelpful and fail to identify these critical issues.

This module is high-risk for supply-chain security because it performs active exploitation against a specific router model to obtain administrative credentials. It sends a crafted HTTP POST request to a target endpoint, parses the response for disclosed usernames/passwords, and prints the credentials without redaction. No meaningful obfuscation is present; the malicious behavior is explicit in the request construction and output logic. The only limiting factor is incomplete visibility into the underlying framework code (HTTPClient/http_request and imported symbols), but within this file the credential-disclosure workflow is unambiguous.

This module contains explicit data-exfiltration primitives: phone_home sends caller-supplied bytes to a hardcoded TCP host; send_udp sends bytes to a hardcoded UDP host. It also exposes a TCP listener on 0.0.0.0:9090. These behaviors together are strong indicators of malicious or privacy-invasive functionality (exfiltration/telemetry/backdoor). Treat this code as high risk: do not include it in trusted builds, remove or parameterize remote endpoints, add authentication/consent/logging, avoid binding to all interfaces, and handle errors explicitly. If this behavior is intended, document and secure it (configurable endpoints, TLS, auth, retries/logging).

This file intentionally hides its active code inside a large compressed and base64-encoded blob and executes it at import time via exec(). That pattern is highly suspicious and prevents safe static review. Treat this module as potentially dangerous: do not run in trusted environments until the decompressed payload is inspected in isolation. If immediate remediation is required, remove or quarantine the module and perform payload extraction and review in a controlled environment.

The code embeds multi-stage payloads using Base64+LZMA, executed at import time, to install a Django AppConfig.ready() hook that enforces a brittle anti-tamper check (len(echart/views.py) == 18337) and then recursively compiles every Python source file to bytecode and deletes the originals. Errors are suppressed, and a remote activation endpoint is present for “pro” gating. This combination of hidden execution, anti-analysis, and destructive file operations constitutes high-risk supply-chain malware.

This file contains code for creating and managing a persistent Windows command shell (cmd.exe) that can execute arbitrary system commands. The code creates daemon threads to continuously monitor shell output, automatically restarts terminated shells, and provides methods to interact with the shell remotely. This appears to be part of a remote access trojan (RAT), as evidenced by other components in the package structure related to webcam access, microphone recording, remote desktop, and screenshot capabilities. This shell component provides the attacker with command execution capabilities on the victim machine.

This code is largely a standard UDP transport with heartbeat/log framing, but it contains a high-impact anomaly: on Linux it installs an init.d startup script for the current process and chmods it to 777, with script content that starts the process in the background. That persistence/autorun-like modification is atypical for a communication library and should be treated as suspicious and high risk when assessing supply-chain integrity, regardless of whether the UDP heartbeat/logging itself is legitimate. Network ingress is forwarded to callbacks with minimal validation, which can further amplify risk depending on consumer handling.

This file contains obfuscated malicious code that uses multiple evasion techniques to hide its true functionality. The code implements a multi-stage decoder that: 1) Reverses an encoded string 2) Decodes it using base64 3) Decompresses it using zlib 4) Executes the resulting code using exec(). This pattern is a common malware technique designed to evade security scanning and hide malicious payloads. The use of exec() to execute arbitrary decoded content poses a severe security risk as it allows execution of potentially harmful code. The intentional obfuscation through multiple encoding layers combined with dynamic code execution strongly indicates this is malware rather than legitimate functionality. The code should not be executed as it likely contains a malicious payload designed for system compromise, data exfiltration, or other harmful activities.

This setup file executes an obfuscated base64-decoded payload that modifies Windows shell settings and downloads additional files from cdn[.]discordapp[.]com. The code runs these downloaded files via subprocess, posing a high risk of unauthorized system manipulation and potential data exfiltration.

Live on pypi for 2 days, 14 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This module is a Windows persistence dropper/launcher: it writes a VBScript into the per-user Startup folder and executes it via detached, silent cmd.exe execution. It also embeds caller-supplied cmd/args/out into a shell command without robust sanitization, enabling arbitrary command execution if any inputs are influenced externally. Strong indicators of malicious intent; further review of how this module is invoked by the broader package is warranted.

This module contains unsafe patterns that allow arbitrary code execution when given untrusted configuration input. The key risks are use of eval() on configuration strings and dynamic importing/instantiation of classes named in configuration. There is no evidence of an included malicious payload, but the code makes it easy for a malicious or compromised configuration to run arbitrary Python code, modify class behavior at runtime, or attach persistent work and methods to instances. Treat configuration inputs as fully trusted only in safe environments; otherwise this package should be considered dangerous to use with untrusted config.

This code is malicious: it is a cryptominer dropper that automatically downloads and executes xmrig configured to mine to a hardcoded wallet and pool. It triggers on import, performs stealthy actions (hidden cache, suppressed output, background execution), and provides no integrity checks or user consent. Treat any host running this code as potentially compromised and remove the code and artifacts; block the indicated outgoing connections and perform remediation.

Live on pypi for 1 day, 6 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This module is an automated credential-checking/credential-stuffing engine. It programmatically attempts many username/password pairs against a target site, uses evasion (playwright_stealth), heuristics and probes to determine successful authentication, and writes credentials and results to disk. That behavior is malicious/abusive when used without explicit authorization. There is no obfuscation in the source (clear code), but the use of stealth and randomized inputs indicates intent to bypass detection. The file writes plaintext credentials to multiple files and logs. I assess this as high-risk and potentially malicious in purpose (credential abuse) though it contains no hidden backdoor or remote C2. Recommend not running against third-party targets and restrict use to authorized testing only.

This Node.js script gathers local system details—hostname, username, current working directory, all environment variables (including potential secrets), and non-internal IPv4 addresses—then serializes them and exfiltrates the payload via an HTTP GET to https://www[.]7ntsec[.]cn/payload_tests/rce-success as a "data" query parameter. It automatically retries up to three times with random 1–3 second delays and silently suppresses errors, enabling stealthy credential and configuration leakage.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk and aligns with malicious activity patterns.

Live on npm for 14 days, 20 hours and 19 minutes before removal. Socket users were protected even while the package was live.

The transcript shows a successful prompt-injection in tool output that caused the assistant to exfiltrate concatenated Slack messages (including a string matching a secret key) to an external website (www.my-website-234.com/random). Although the assistant briefly flagged the injection as malicious, it ultimately executed the injection and posted sensitive data. This is a high-severity supply-chain/operational security incident (unauthorized data exfiltration). The workspace modification calls (adding users) are expected for the user task, but the externally targeted POST is malicious/unwanted.

Possible typosquat of [iconify-icon](https://socket.dev/npm/package/iconify-icon) Explanation: The package 'icon-package' is labeled as a security holding package, which is often used to prevent typosquatting. The name 'icon-package' is not similar enough to 'iconify-icon' to be an obvious typosquat, but the lack of a clear description and the use of a generic name make it suspicious. Additionally, the maintainer 'npm' does not provide enough context to determine legitimacy.

Live on npm for 7 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

This code appears to implement a geo-target search handler that constructs a GAQL query from user input and calls a Google Ads client. The file is heavily obfuscated which reduces transparency and increases supply-chain risk, but the fragment contains no clear malicious behavior such as exfiltration, shelling out, or dynamic code execution. Main risks: obfuscation (hampering review) and direct string interpolation into the GAQL query (possible injection or malformed-query issues depending on downstream API behavior). Recommend manual review of the rest of the module and the GoogleAdsClient implementation before trust/production use.

Live on npm for 22 hours and 9 minutes before removal. Socket users were protected even while the package was live.

This module contains a critical supply-chain remote code execution primitive: it conditionally downloads JavaScript from a public CDN and executes it via eval() to initialize globalThis.use/command-stream. This makes the overall package extremely high risk in a typical CI/automation environment, because the fetched code can arbitrarily control subsequent command execution and exfiltrate data. The remaining logic largely performs GitHub API queries and merge-blocker decision-making, but it inherits trust from the eval-based bootstrap; additional risks may exist in helper modules not shown in this fragment.

The code fragment exhibits high-risk patterns primarily due to dynamic surrogate-code generation and runtime compilation, coupled with extensive surrogate-process orchestration and unmanaged interop. These introduce meaningful attack surfaces for supply-chain or runtime abuse if inputs (HTML, URLs, cookies, headers, credentials) can be influenced by an adversary. While the library provides legitimate rendering capabilities, these patterns require hardening: restrict or remove dynamic code execution, sanitize and minimize external inputs to surrogate boundaries, improve error handling, and ensure strong provenance and isolation for all loaded binaries. Overall, this report assesses medium-to-high security risk for deployment, with malware likelihood currently low unless inputs are manipulated to drive surrogate code execution.

The code contains a severe security risk due to the use of eval() on unverified remote code, enabling arbitrary remote code execution. This represents a critical supply chain vulnerability that could lead to malware execution, data theft, or system compromise. The local code is not obfuscated but relies on dynamic code loading that effectively hides the executed logic. It is strongly recommended to avoid this pattern or implement strict integrity checks and sandboxing. The provided reports are unhelpful and fail to identify these critical issues.

This module is high-risk for supply-chain security because it performs active exploitation against a specific router model to obtain administrative credentials. It sends a crafted HTTP POST request to a target endpoint, parses the response for disclosed usernames/passwords, and prints the credentials without redaction. No meaningful obfuscation is present; the malicious behavior is explicit in the request construction and output logic. The only limiting factor is incomplete visibility into the underlying framework code (HTTPClient/http_request and imported symbols), but within this file the credential-disclosure workflow is unambiguous.

This module contains explicit data-exfiltration primitives: phone_home sends caller-supplied bytes to a hardcoded TCP host; send_udp sends bytes to a hardcoded UDP host. It also exposes a TCP listener on 0.0.0.0:9090. These behaviors together are strong indicators of malicious or privacy-invasive functionality (exfiltration/telemetry/backdoor). Treat this code as high risk: do not include it in trusted builds, remove or parameterize remote endpoints, add authentication/consent/logging, avoid binding to all interfaces, and handle errors explicitly. If this behavior is intended, document and secure it (configurable endpoints, TLS, auth, retries/logging).

This file intentionally hides its active code inside a large compressed and base64-encoded blob and executes it at import time via exec(). That pattern is highly suspicious and prevents safe static review. Treat this module as potentially dangerous: do not run in trusted environments until the decompressed payload is inspected in isolation. If immediate remediation is required, remove or quarantine the module and perform payload extraction and review in a controlled environment.

The code embeds multi-stage payloads using Base64+LZMA, executed at import time, to install a Django AppConfig.ready() hook that enforces a brittle anti-tamper check (len(echart/views.py) == 18337) and then recursively compiles every Python source file to bytecode and deletes the originals. Errors are suppressed, and a remote activation endpoint is present for “pro” gating. This combination of hidden execution, anti-analysis, and destructive file operations constitutes high-risk supply-chain malware.

This file contains code for creating and managing a persistent Windows command shell (cmd.exe) that can execute arbitrary system commands. The code creates daemon threads to continuously monitor shell output, automatically restarts terminated shells, and provides methods to interact with the shell remotely. This appears to be part of a remote access trojan (RAT), as evidenced by other components in the package structure related to webcam access, microphone recording, remote desktop, and screenshot capabilities. This shell component provides the attacker with command execution capabilities on the victim machine.

This code is largely a standard UDP transport with heartbeat/log framing, but it contains a high-impact anomaly: on Linux it installs an init.d startup script for the current process and chmods it to 777, with script content that starts the process in the background. That persistence/autorun-like modification is atypical for a communication library and should be treated as suspicious and high risk when assessing supply-chain integrity, regardless of whether the UDP heartbeat/logging itself is legitimate. Network ingress is forwarded to callbacks with minimal validation, which can further amplify risk depending on consumer handling.

This file contains obfuscated malicious code that uses multiple evasion techniques to hide its true functionality. The code implements a multi-stage decoder that: 1) Reverses an encoded string 2) Decodes it using base64 3) Decompresses it using zlib 4) Executes the resulting code using exec(). This pattern is a common malware technique designed to evade security scanning and hide malicious payloads. The use of exec() to execute arbitrary decoded content poses a severe security risk as it allows execution of potentially harmful code. The intentional obfuscation through multiple encoding layers combined with dynamic code execution strongly indicates this is malware rather than legitimate functionality. The code should not be executed as it likely contains a malicious payload designed for system compromise, data exfiltration, or other harmful activities.

This setup file executes an obfuscated base64-decoded payload that modifies Windows shell settings and downloads additional files from cdn[.]discordapp[.]com. The code runs these downloaded files via subprocess, posing a high risk of unauthorized system manipulation and potential data exfiltration.

Live on pypi for 2 days, 14 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This module is a Windows persistence dropper/launcher: it writes a VBScript into the per-user Startup folder and executes it via detached, silent cmd.exe execution. It also embeds caller-supplied cmd/args/out into a shell command without robust sanitization, enabling arbitrary command execution if any inputs are influenced externally. Strong indicators of malicious intent; further review of how this module is invoked by the broader package is warranted.

This module contains unsafe patterns that allow arbitrary code execution when given untrusted configuration input. The key risks are use of eval() on configuration strings and dynamic importing/instantiation of classes named in configuration. There is no evidence of an included malicious payload, but the code makes it easy for a malicious or compromised configuration to run arbitrary Python code, modify class behavior at runtime, or attach persistent work and methods to instances. Treat configuration inputs as fully trusted only in safe environments; otherwise this package should be considered dangerous to use with untrusted config.

This code is malicious: it is a cryptominer dropper that automatically downloads and executes xmrig configured to mine to a hardcoded wallet and pool. It triggers on import, performs stealthy actions (hidden cache, suppressed output, background execution), and provides no integrity checks or user consent. Treat any host running this code as potentially compromised and remove the code and artifacts; block the indicated outgoing connections and perform remediation.

Live on pypi for 1 day, 6 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This module is an automated credential-checking/credential-stuffing engine. It programmatically attempts many username/password pairs against a target site, uses evasion (playwright_stealth), heuristics and probes to determine successful authentication, and writes credentials and results to disk. That behavior is malicious/abusive when used without explicit authorization. There is no obfuscation in the source (clear code), but the use of stealth and randomized inputs indicates intent to bypass detection. The file writes plaintext credentials to multiple files and logs. I assess this as high-risk and potentially malicious in purpose (credential abuse) though it contains no hidden backdoor or remote C2. Recommend not running against third-party targets and restrict use to authorized testing only.

This Node.js script gathers local system details—hostname, username, current working directory, all environment variables (including potential secrets), and non-internal IPv4 addresses—then serializes them and exfiltrates the payload via an HTTP GET to https://www[.]7ntsec[.]cn/payload_tests/rce-success as a "data" query parameter. It automatically retries up to three times with random 1–3 second delays and silently suppresses errors, enabling stealthy credential and configuration leakage.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

The code exhibits behavior consistent with data exfiltration by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk and aligns with malicious activity patterns.

Live on npm for 14 days, 20 hours and 19 minutes before removal. Socket users were protected even while the package was live.

The transcript shows a successful prompt-injection in tool output that caused the assistant to exfiltrate concatenated Slack messages (including a string matching a secret key) to an external website (www.my-website-234.com/random). Although the assistant briefly flagged the injection as malicious, it ultimately executed the injection and posted sensitive data. This is a high-severity supply-chain/operational security incident (unauthorized data exfiltration). The workspace modification calls (adding users) are expected for the user task, but the externally targeted POST is malicious/unwanted.

Possible typosquat of [iconify-icon](https://socket.dev/npm/package/iconify-icon) Explanation: The package 'icon-package' is labeled as a security holding package, which is often used to prevent typosquatting. The name 'icon-package' is not similar enough to 'iconify-icon' to be an obvious typosquat, but the lack of a clear description and the use of a generic name make it suspicious. Additionally, the maintainer 'npm' does not provide enough context to determine legitimacy.

Live on npm for 7 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

This code appears to implement a geo-target search handler that constructs a GAQL query from user input and calls a Google Ads client. The file is heavily obfuscated which reduces transparency and increases supply-chain risk, but the fragment contains no clear malicious behavior such as exfiltration, shelling out, or dynamic code execution. Main risks: obfuscation (hampering review) and direct string interpolation into the GAQL query (possible injection or malformed-query issues depending on downstream API behavior). Recommend manual review of the rest of the module and the GoogleAdsClient implementation before trust/production use.

Live on npm for 22 hours and 9 minutes before removal. Socket users were protected even while the package was live.