Secure your dependencies. Ship with confidence.

This file is a web shell/backdoor providing unauthenticated remote command execution and arbitrary file upload with no sanitization. It is malicious and should be removed; systems where this was deployed should be assumed compromised and investigated. Immediate action: remove the file, rotate credentials, inspect for additional persistence, and restore from a trusted backup if necessary.

This dependency/module exposes multiple high-impact host-control primitives: arbitrary command execution (unvalidated interpolation), clipboard read/write (including direct clipboard exfiltration to the caller), and writing attacker-influenced base64 content to a filesystem path influenced by remote filename plus cwd. It also forwards bearer tokens to external services. While the code is not visibly obfuscated, the capability set is sufficiently dangerous that the module should be treated as security-critical and requires strict access control, input validation, and path hardening around tool invocation and remote filename handling.

High-risk behavior exists in this dependency bundle: gray-matter includes a `javascript` engine that directly executes attacker-controlled input using `eval`, and js-yaml full schema supports constructing executable functions via `new Function` from YAML tags. This combination enables RCE/prototype-pollution-style impacts if untrusted content reaches these parsing paths and the consumer uses the unsafe/full options.

This file is a minimal loader that decodes and executes an opaque payload embedded as a base64/zlib blob. That design is strongly suspicious and constitutes a high supply-chain and runtime risk because the actual behavior is hidden and executes automatically on import. Treat as untrusted until the decoded payload is inspected in an isolated environment. Do not include in production systems without a full audit and provenance verification.

This module contains a DOM-injection script intended to capture extremely sensitive identity and 2FA values (Aadhaar, securityCode, OTP) via dynamically created dialogs, then automatically populate targeted form fields and trigger authentication submission clicks. Even without visible network exfiltration in the snippet, the credential/2FA capture and forced submission pattern is strongly malicious or at minimum represents a serious authentication-abuse risk. The surrounding React code appears benign, but the embedded myScript content is high-risk if executed in a WebView/DOM context.

This file is malicious. It intentionally harvests sensitive wallet data (seed phrases, private keys, passwords/passphrases) and user context, sending them to an attacker-controlled Telegram bot. It then proxies execution to the legitimate 'cast' binary to remain stealthy. Treat this as a credential-stealing backdoor: remove it, assume any exposed secrets are compromised, rotate keys/seeds/passwords, and inspect the system for other persistence mechanisms.

Live on npm for 1 day, 21 hours and 32 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

There is a clear anomalous pattern: the code forcibly redirects the generated client’s import from a legitimate core library to a local module hack.js. This constitutes a backdoor/vector for malicious behavior if hack.js is untrusted. Without integrity checks or vetting of hack.js, this practice introduces high security risk in a supply-chain context and should be halted or strictly audited.

No clear signs of intentional malware (no backdoors, no cryptomining, no remote shell). However the code contains serious security issues: hardcoded secrets (Cosmos DB key and IP API key), use of a client-side library to connect directly to a database with those secrets (likely exposing DB access), and exfiltration of client IP/geo to a third-party API. These make the package dangerous to publish or use in client-distributed bundles. Recommendation: remove hardcoded keys, move DB access to a trusted server-side component, avoid shipping primary DB keys to clients, and validate/sanitize reqbody before persisting. Also remove or protect third-party API keys and avoid logging PII to console in production.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code demonstrates multiple signs of malicious behavior, including downloading and executing remote scripts, collecting sensitive system information, and sending this information to an external server. It uses techniques to avoid detection, such as running in a background thread and executing scripts in a hidden window.

Live on pypi for 18 minutes before removal. Socket users were protected even while the package was live.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This package executes a local install-time script (dist/bin/preinstall.js) during npm install and depends on a local tarball via a file: reference. Together these are significant supply-chain risks: the preinstall script can perform arbitrary actions (data exfiltration, telemetry, filesystem changes, spawn shells, etc.), and the file: dependency bypasses registry verification. You should inspect the contents of dist/bin/preinstall.js and the referenced tarball (../ai-manager/...tgz) before installing. Treat this package as high risk until those files are audited.

Critical vulnerability: eval(self.data) on untrusted websocket input enables remote code execution. Even if subsequent 'path'/'key' checks fail, arbitrary code in the payload will have executed. Combined with invoking route handlers with attacker-controlled config and returning handler outputs to clients, this code poses a high security risk and should not be used in production. Immediate remediation: replace eval with a safe parser (e.g., json.loads) or ast.literal_eval if only literals are expected; perform input validation before any execution; never execute untrusted strings; use least-privilege runtime and sandboxing for handler execution; bind issued keys to client context and add proper error/edge-case handling (e.g., remove -> discard no-ops).

This code intentionally provides capabilities to execute arbitrary native code: LocalTask executes raw bytes in-process by marking memory executable and calling it; Sideload writes bytes to /tmp and uses dynamic loader environment variables to inject a library into a spawned process. These are canonical implant/loader behaviors and present a high risk of misuse. The code lacks validation, signing, or safety checks. Given the header referencing an implant framework and the explicit execution/injection functionality, treat this package as malicious/offensive in nature and high-risk for inclusion in a supply chain unless used in a controlled, trusted red-team context.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The fragment contains a clear source-to-sink path enabling remote code execution: the server executes arbitrary code provided by the client via a WebSocket message with type 'eval'. This is the primary malicious/malpractice indicator and represents a high-risk vulnerability if inputs can be influenced by an attacker. Other notable concerns include the potential bypass of CSRF protection in native mode, heavy dynamic HTML/JS injection without explicit sanitization, and the use of subprocesses for reloads which could be abused under certain conditions. Overall, the presence of the eval sink and token handling weaknesses constitute a meaningful security risk requiring remediation (remove or harden eval usage, enforce strict input validation, ensure CSRF/native-token policies are consistently enforced, and audit reload mechanisms).

This module is a credential-extraction utility for Notion: it accesses local Notion state and cookie databases, decrypts protected cookie values using platform-specific mechanisms (macOS Keychain, Windows DPAPI, Linux PBKDF2 fallback), and returns authentication tokens and user IDs. It does not itself exfiltrate data over the network, but it provides high-value secrets to the caller and executes system commands to unprotect secrets. Therefore it poses a high security risk if included in code that runs on user machines (it can be used for token theft). Treat as potentially malicious/abusive when used without explicit user consent.

This is active data exfiltration code executed at module load: it collects hostname, working directory, current user, a marker string, and the public IP, encodes the data, and leaks it via DNS lookups to an external domain (and makes an HTTP request to ifconfig.me). This matches malicious supply-chain/backdoor behavior. The package should be considered compromised and removed; investigate impacted hosts and block the destination domain(s).

This manifest is suspicious: it appears to be a legitimate Python indent extension but quietly uses extensionPack to install a single, cross‑publisher extension. Because the pack is concealed inside a featureful extension and not openly disclosed as a bundle, this pattern is consistent with covert installation behavior and warrants manual review.

Live on openvsx for 8 days, 20 hours and 46 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code snippet poses security risks due to its use of dynamic script evaluation and cross-domain requests. These practices can lead to remote code execution if not properly controlled. While the code is not heavily obfuscated, its complexity and use of dynamic evaluations could obscure malicious intent.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

This file is a web shell/backdoor providing unauthenticated remote command execution and arbitrary file upload with no sanitization. It is malicious and should be removed; systems where this was deployed should be assumed compromised and investigated. Immediate action: remove the file, rotate credentials, inspect for additional persistence, and restore from a trusted backup if necessary.

This dependency/module exposes multiple high-impact host-control primitives: arbitrary command execution (unvalidated interpolation), clipboard read/write (including direct clipboard exfiltration to the caller), and writing attacker-influenced base64 content to a filesystem path influenced by remote filename plus cwd. It also forwards bearer tokens to external services. While the code is not visibly obfuscated, the capability set is sufficiently dangerous that the module should be treated as security-critical and requires strict access control, input validation, and path hardening around tool invocation and remote filename handling.

High-risk behavior exists in this dependency bundle: gray-matter includes a `javascript` engine that directly executes attacker-controlled input using `eval`, and js-yaml full schema supports constructing executable functions via `new Function` from YAML tags. This combination enables RCE/prototype-pollution-style impacts if untrusted content reaches these parsing paths and the consumer uses the unsafe/full options.

This file is a minimal loader that decodes and executes an opaque payload embedded as a base64/zlib blob. That design is strongly suspicious and constitutes a high supply-chain and runtime risk because the actual behavior is hidden and executes automatically on import. Treat as untrusted until the decoded payload is inspected in an isolated environment. Do not include in production systems without a full audit and provenance verification.

This module contains a DOM-injection script intended to capture extremely sensitive identity and 2FA values (Aadhaar, securityCode, OTP) via dynamically created dialogs, then automatically populate targeted form fields and trigger authentication submission clicks. Even without visible network exfiltration in the snippet, the credential/2FA capture and forced submission pattern is strongly malicious or at minimum represents a serious authentication-abuse risk. The surrounding React code appears benign, but the embedded myScript content is high-risk if executed in a WebView/DOM context.

This file is malicious. It intentionally harvests sensitive wallet data (seed phrases, private keys, passwords/passphrases) and user context, sending them to an attacker-controlled Telegram bot. It then proxies execution to the legitimate 'cast' binary to remain stealthy. Treat this as a credential-stealing backdoor: remove it, assume any exposed secrets are compromised, rotate keys/seeds/passwords, and inspect the system for other persistence mechanisms.

Live on npm for 1 day, 21 hours and 32 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

There is a clear anomalous pattern: the code forcibly redirects the generated client’s import from a legitimate core library to a local module hack.js. This constitutes a backdoor/vector for malicious behavior if hack.js is untrusted. Without integrity checks or vetting of hack.js, this practice introduces high security risk in a supply-chain context and should be halted or strictly audited.

No clear signs of intentional malware (no backdoors, no cryptomining, no remote shell). However the code contains serious security issues: hardcoded secrets (Cosmos DB key and IP API key), use of a client-side library to connect directly to a database with those secrets (likely exposing DB access), and exfiltration of client IP/geo to a third-party API. These make the package dangerous to publish or use in client-distributed bundles. Recommendation: remove hardcoded keys, move DB access to a trusted server-side component, avoid shipping primary DB keys to clients, and validate/sanitize reqbody before persisting. Also remove or protect third-party API keys and avoid logging PII to console in production.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code demonstrates multiple signs of malicious behavior, including downloading and executing remote scripts, collecting sensitive system information, and sending this information to an external server. It uses techniques to avoid detection, such as running in a background thread and executing scripts in a hidden window.

Live on pypi for 18 minutes before removal. Socket users were protected even while the package was live.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This package executes a local install-time script (dist/bin/preinstall.js) during npm install and depends on a local tarball via a file: reference. Together these are significant supply-chain risks: the preinstall script can perform arbitrary actions (data exfiltration, telemetry, filesystem changes, spawn shells, etc.), and the file: dependency bypasses registry verification. You should inspect the contents of dist/bin/preinstall.js and the referenced tarball (../ai-manager/...tgz) before installing. Treat this package as high risk until those files are audited.

Critical vulnerability: eval(self.data) on untrusted websocket input enables remote code execution. Even if subsequent 'path'/'key' checks fail, arbitrary code in the payload will have executed. Combined with invoking route handlers with attacker-controlled config and returning handler outputs to clients, this code poses a high security risk and should not be used in production. Immediate remediation: replace eval with a safe parser (e.g., json.loads) or ast.literal_eval if only literals are expected; perform input validation before any execution; never execute untrusted strings; use least-privilege runtime and sandboxing for handler execution; bind issued keys to client context and add proper error/edge-case handling (e.g., remove -> discard no-ops).

This code intentionally provides capabilities to execute arbitrary native code: LocalTask executes raw bytes in-process by marking memory executable and calling it; Sideload writes bytes to /tmp and uses dynamic loader environment variables to inject a library into a spawned process. These are canonical implant/loader behaviors and present a high risk of misuse. The code lacks validation, signing, or safety checks. Given the header referencing an implant framework and the explicit execution/injection functionality, treat this package as malicious/offensive in nature and high-risk for inclusion in a supply chain unless used in a controlled, trusted red-team context.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The fragment contains a clear source-to-sink path enabling remote code execution: the server executes arbitrary code provided by the client via a WebSocket message with type 'eval'. This is the primary malicious/malpractice indicator and represents a high-risk vulnerability if inputs can be influenced by an attacker. Other notable concerns include the potential bypass of CSRF protection in native mode, heavy dynamic HTML/JS injection without explicit sanitization, and the use of subprocesses for reloads which could be abused under certain conditions. Overall, the presence of the eval sink and token handling weaknesses constitute a meaningful security risk requiring remediation (remove or harden eval usage, enforce strict input validation, ensure CSRF/native-token policies are consistently enforced, and audit reload mechanisms).

This module is a credential-extraction utility for Notion: it accesses local Notion state and cookie databases, decrypts protected cookie values using platform-specific mechanisms (macOS Keychain, Windows DPAPI, Linux PBKDF2 fallback), and returns authentication tokens and user IDs. It does not itself exfiltrate data over the network, but it provides high-value secrets to the caller and executes system commands to unprotect secrets. Therefore it poses a high security risk if included in code that runs on user machines (it can be used for token theft). Treat as potentially malicious/abusive when used without explicit user consent.

This is active data exfiltration code executed at module load: it collects hostname, working directory, current user, a marker string, and the public IP, encodes the data, and leaks it via DNS lookups to an external domain (and makes an HTTP request to ifconfig.me). This matches malicious supply-chain/backdoor behavior. The package should be considered compromised and removed; investigate impacted hosts and block the destination domain(s).

This manifest is suspicious: it appears to be a legitimate Python indent extension but quietly uses extensionPack to install a single, cross‑publisher extension. Because the pack is concealed inside a featureful extension and not openly disclosed as a bundle, this pattern is consistent with covert installation behavior and warrants manual review.

Live on openvsx for 8 days, 20 hours and 46 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code snippet poses security risks due to its use of dynamic script evaluation and cross-domain requests. These practices can lead to remote code execution if not properly controlled. While the code is not heavily obfuscated, its complexity and use of dynamic evaluations could obscure malicious intent.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.