Secure your dependencies. Ship with confidence.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file contains exploit code that attempts to manipulate snapd via a specially-named client UNIX socket and a raw POST request to '/v2/create-user' with 'force-managed': True. The code creates a temporary UNIX domain socket with a pathname containing ';uid=0;' in /tmp, then connects to '/run/snapd[.]socket' and sends a crafted HTTP request to create a managed user account. This technique exploits snapd's socket pathname parsing to potentially escalate privileges or create unauthorized user accounts. The code appears to be based on a proof-of-concept exploit and could be dangerous if executed on systems running snapd.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 2 hours before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated and contains several high-risk features like dynamic code execution, accessing sensitive OS-level features, and networking capabilities that are often associated with malicious scripts or modules in a node environment. It should be considered unsafe without further context or sanitization.

The code is clearly engaging in malicious activities by exfiltrating system and user data to external servers without consent. This poses a significant security risk.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The analyzed code contains a high-risk dynamic code execution pathway via a Web Worker that evaluates incoming payloads with a sandbox wrapper. While there may be legitimate uses for dynamic scripting, the current setup exposes a robust.remote-code-execution surface, enabling potential data exfiltration (especially tokens in sessionStorage) and persistent data leakage via IndexedDB. Given the presence of legitimate libraries within the bundle, this pattern markedly increases supply chain risk and warrants immediate hardening or removal of the dynamic evaluation mechanism, along with stronger isolation and stricter controls over any data accessible to the worker.

This file executes opaque, compressed Python code and uses obfuscated function names to process another embedded blob. This is a highly suspicious supply-chain pattern (obfuscation + exec at import). Without decoding the LZMA blobs we cannot state exact payload actions, but the structure is consistent with malware/backdoor/exfiltration or other unauthorized behaviors. Do not import or run this module in any environment where it can access sensitive data, network, or production systems. Treat it as potentially malicious and investigate the decompressed payload in a safe, isolated environment (offline sandbox) to determine precise behavior.

Live on PyPI for 3 days, 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

This code is a clear implementation of a remote interactive terminal listener / backdoor pattern. It provides unauthenticated, unencrypted bidirectional terminal access when connected, and executes local shell commands to enumerate terminal metadata. The snippet as provided contains multiple syntax errors (non-executable), but intent is obvious and high-risk. Treat as a potential supply-chain backdoor; do not run in production, audit repository history and maintainers, and remove or sandbox immediately if found in a dependency.

This module is a configuration/payload repository intended for automated scanning, exploitation (SQLi/XSS), admin panel discovery and many forms of DDoS/amplification attacks. The file itself is non‑executable but is a clear building block for malicious tooling. Treat the containing package as malicious/unsafe and remove or isolate it; investigate upstream supply‑chain and any consumers of these constants.

The majority of the code is legitimate UI/modal functionality. However, there is an explicit malicious/disruptive snippet that targets users based on navigator.language and host TLDs: it disables page interaction and injects/plays a looping audio file from a hardcoded external URL after a 3-day delay. This is a politically motivated, supply-chain style malicious behavior and should be considered malicious. Remove or patch this code and treat the package as compromised.

This Action reads an arbitrary file path supplied via input and uploads the full file contents to a hardcoded ngrok-style external endpoint. That is a clear exfiltration pattern and poses a high supply-chain risk. Unless there is a well-documented, trusted, and authenticated reason for sending repository files to that specific external service, this code should be treated as malicious or extremely negligent and not used in workflows that have access to secrets or run on shared runners.

I found no direct indicators of classical malware (no eval/exec, no reverse shell, no obfuscated payload, no hardcoded secrets). However, the module constructs very large prompts containing repository trees and raw file contents and sends them to an external AI gateway (AIGateway.stream_prompt) without redaction, filtering, or explicit consent checks. This creates a high risk of accidental data exfiltration (source code, credentials, PII) to third-party services. The sys.path modification is an additional supply-chain concern because it changes import resolution and can enable unexpected local module loads. Recommended mitigations: add allow/deny lists and redaction for sensitive file paths, avoid sending entire repo contents by default, require explicit user consent, and do not modify sys.path in production code. Overall: not obviously malicious code but moderate-to-high supply-chain/data-exfiltration risk.

Live on PyPI for 5 days, 6 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This file implements a keylogger to capture keystrokes and gather sensitive data from browsers and other applications without user consent. It exfiltrates the stolen information to a hardcoded Telegram endpoint at api[.]example[.]com using a hardcoded bot token and chat ID. The code also includes functionality to run automatically on system startup, ensuring persistent unauthorized access to user data.

Live on PyPI for 1 day, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This code intentionally sends local files, request headers, cookies (including authentication tokens), server secret-key (if present), and fingerprint/device data to an external service api.qumra.cloud, and then uses the remote response to set cookies and inject content into responses. That pattern constitutes data exfiltration and remote-control of rendered content and cookies. If the remote endpoint is not fully trusted and audited, this is a high-risk supply-chain/third-party data-leak/backdoor vector. Recommend: do not include or enable this middleware unless the external service is explicitly trusted, remove sending of sensitive cookies/secret keys, sandbox or strictly sanitize remote-provided content, and avoid automatically setting cookies returned from external services.

The code performs various utility tasks and is not overtly malicious. However, the use of the `guan.statistics_of_guan_package()` function to potentially send data to an external server, including the MAC address of the machine, is a significant privacy concern. Caution is advised when using this code, especially if the `guan` library and its usage are not fully understood or trusted.

The code exhibits suspicious behavior by sending system-specific information (hostname and username) to an external domain via a DNS lookup. This could be used for tracking or data exfiltration, posing a privacy risk.

Live on npm for 12 days, 7 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk functionality: unauthenticated remote command execution (including shell mode), arbitrary file read/write and exfiltration, accessibility-driven extraction of on-screen/terminal contents, screen recording and GUI manipulation — all exposed over HTTP. The package should be treated as dangerous in a supply-chain context unless its deployment is strictly controlled and an authentication/authorization layer is added. Recommend not installing as a dependency in production; if intended, require strong authentication, input validation, least-privilege execution context, network access controls, and remove or restrict file-system and command-execution endpoints.

This code contains multiple high-risk behaviors consistent with a supply-chain/backdoor pattern: it retrieves a GitHub token from a remote service, uses it to create a repository webhook pointing to a hardcoded external IP (which will receive future repository webhook payloads), stores credentials locally, and implements a periodic contact to the same remote IP (beacon). Even if some file I/O has bugs, the intent and network interactions present a serious risk of data exfiltration and unauthorized repository modification. Avoid running this code; treat the package as malicious or compromised.

This module implements full remote interactive shell capability: it can spawn /bin/bash locally and forward stdin/stdout to a remote server controlled via WebSocket/HTTP. That behavior provides remote command execution and data exfiltration capability and therefore represents a high security risk if present in a dependency or used without strict operational controls (authentication, TLS, network isolation). Treat as malicious/untrusted in general-purpose environments unless its use is explicit, authenticated, and restricted.

This kernel module contains functionality that enables stealthy process hijacking and code injection: toggling write permissions on executable VMAs, saving/restoring another process's registers (including instruction pointer), and a signaling/waiting mechanism to coordinate injected shellcode execution. It lacks permission checks and contains implementation issues (missing kmalloc null checks, some logic bugs), making it a strong supply-chain backdoor indicator. Do not load or use this module in production; treat it as malicious/untrusted.

This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including all environment variables, platform details, hostname, username, and MAC addresses from network interfaces. This data is then transmitted via HTTP POST request to a suspicious remote server at https://log-server-lovat[.]vercel[.]app/api/ipcheck/703 with a custom header 'x-secret-header: secret'. After sending the collected data, the malware evaluates the server's response as JavaScript code using eval(), enabling arbitrary remote code execution. The code employs obfuscation by hex-encoding critical strings like 'require', 'axios', 'post', and the target URL to evade detection. Error handling is deliberately suppressed to prevent detection of failed operations. This represents a critical supply chain attack vector that compromises system security through both data theft and remote control capabilities.

Live on npm for 1 day, 1 hour and 46 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file contains exploit code that attempts to manipulate snapd via a specially-named client UNIX socket and a raw POST request to '/v2/create-user' with 'force-managed': True. The code creates a temporary UNIX domain socket with a pathname containing ';uid=0;' in /tmp, then connects to '/run/snapd[.]socket' and sends a crafted HTTP request to create a managed user account. This technique exploits snapd's socket pathname parsing to potentially escalate privileges or create unauthorized user accounts. The code appears to be based on a proof-of-concept exploit and could be dangerous if executed on systems running snapd.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 2 hours before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated and contains several high-risk features like dynamic code execution, accessing sensitive OS-level features, and networking capabilities that are often associated with malicious scripts or modules in a node environment. It should be considered unsafe without further context or sanitization.

The code is clearly engaging in malicious activities by exfiltrating system and user data to external servers without consent. This poses a significant security risk.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The analyzed code contains a high-risk dynamic code execution pathway via a Web Worker that evaluates incoming payloads with a sandbox wrapper. While there may be legitimate uses for dynamic scripting, the current setup exposes a robust.remote-code-execution surface, enabling potential data exfiltration (especially tokens in sessionStorage) and persistent data leakage via IndexedDB. Given the presence of legitimate libraries within the bundle, this pattern markedly increases supply chain risk and warrants immediate hardening or removal of the dynamic evaluation mechanism, along with stronger isolation and stricter controls over any data accessible to the worker.

This file executes opaque, compressed Python code and uses obfuscated function names to process another embedded blob. This is a highly suspicious supply-chain pattern (obfuscation + exec at import). Without decoding the LZMA blobs we cannot state exact payload actions, but the structure is consistent with malware/backdoor/exfiltration or other unauthorized behaviors. Do not import or run this module in any environment where it can access sensitive data, network, or production systems. Treat it as potentially malicious and investigate the decompressed payload in a safe, isolated environment (offline sandbox) to determine precise behavior.

Live on PyPI for 3 days, 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

This code is a clear implementation of a remote interactive terminal listener / backdoor pattern. It provides unauthenticated, unencrypted bidirectional terminal access when connected, and executes local shell commands to enumerate terminal metadata. The snippet as provided contains multiple syntax errors (non-executable), but intent is obvious and high-risk. Treat as a potential supply-chain backdoor; do not run in production, audit repository history and maintainers, and remove or sandbox immediately if found in a dependency.

This module is a configuration/payload repository intended for automated scanning, exploitation (SQLi/XSS), admin panel discovery and many forms of DDoS/amplification attacks. The file itself is non‑executable but is a clear building block for malicious tooling. Treat the containing package as malicious/unsafe and remove or isolate it; investigate upstream supply‑chain and any consumers of these constants.

The majority of the code is legitimate UI/modal functionality. However, there is an explicit malicious/disruptive snippet that targets users based on navigator.language and host TLDs: it disables page interaction and injects/plays a looping audio file from a hardcoded external URL after a 3-day delay. This is a politically motivated, supply-chain style malicious behavior and should be considered malicious. Remove or patch this code and treat the package as compromised.

This Action reads an arbitrary file path supplied via input and uploads the full file contents to a hardcoded ngrok-style external endpoint. That is a clear exfiltration pattern and poses a high supply-chain risk. Unless there is a well-documented, trusted, and authenticated reason for sending repository files to that specific external service, this code should be treated as malicious or extremely negligent and not used in workflows that have access to secrets or run on shared runners.

I found no direct indicators of classical malware (no eval/exec, no reverse shell, no obfuscated payload, no hardcoded secrets). However, the module constructs very large prompts containing repository trees and raw file contents and sends them to an external AI gateway (AIGateway.stream_prompt) without redaction, filtering, or explicit consent checks. This creates a high risk of accidental data exfiltration (source code, credentials, PII) to third-party services. The sys.path modification is an additional supply-chain concern because it changes import resolution and can enable unexpected local module loads. Recommended mitigations: add allow/deny lists and redaction for sensitive file paths, avoid sending entire repo contents by default, require explicit user consent, and do not modify sys.path in production code. Overall: not obviously malicious code but moderate-to-high supply-chain/data-exfiltration risk.

Live on PyPI for 5 days, 6 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This file implements a keylogger to capture keystrokes and gather sensitive data from browsers and other applications without user consent. It exfiltrates the stolen information to a hardcoded Telegram endpoint at api[.]example[.]com using a hardcoded bot token and chat ID. The code also includes functionality to run automatically on system startup, ensuring persistent unauthorized access to user data.

Live on PyPI for 1 day, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This code intentionally sends local files, request headers, cookies (including authentication tokens), server secret-key (if present), and fingerprint/device data to an external service api.qumra.cloud, and then uses the remote response to set cookies and inject content into responses. That pattern constitutes data exfiltration and remote-control of rendered content and cookies. If the remote endpoint is not fully trusted and audited, this is a high-risk supply-chain/third-party data-leak/backdoor vector. Recommend: do not include or enable this middleware unless the external service is explicitly trusted, remove sending of sensitive cookies/secret keys, sandbox or strictly sanitize remote-provided content, and avoid automatically setting cookies returned from external services.

The code performs various utility tasks and is not overtly malicious. However, the use of the `guan.statistics_of_guan_package()` function to potentially send data to an external server, including the MAC address of the machine, is a significant privacy concern. Caution is advised when using this code, especially if the `guan` library and its usage are not fully understood or trusted.

The code exhibits suspicious behavior by sending system-specific information (hostname and username) to an external domain via a DNS lookup. This could be used for tracking or data exfiltration, posing a privacy risk.

Live on npm for 12 days, 7 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk functionality: unauthenticated remote command execution (including shell mode), arbitrary file read/write and exfiltration, accessibility-driven extraction of on-screen/terminal contents, screen recording and GUI manipulation — all exposed over HTTP. The package should be treated as dangerous in a supply-chain context unless its deployment is strictly controlled and an authentication/authorization layer is added. Recommend not installing as a dependency in production; if intended, require strong authentication, input validation, least-privilege execution context, network access controls, and remove or restrict file-system and command-execution endpoints.

This code contains multiple high-risk behaviors consistent with a supply-chain/backdoor pattern: it retrieves a GitHub token from a remote service, uses it to create a repository webhook pointing to a hardcoded external IP (which will receive future repository webhook payloads), stores credentials locally, and implements a periodic contact to the same remote IP (beacon). Even if some file I/O has bugs, the intent and network interactions present a serious risk of data exfiltration and unauthorized repository modification. Avoid running this code; treat the package as malicious or compromised.

This module implements full remote interactive shell capability: it can spawn /bin/bash locally and forward stdin/stdout to a remote server controlled via WebSocket/HTTP. That behavior provides remote command execution and data exfiltration capability and therefore represents a high security risk if present in a dependency or used without strict operational controls (authentication, TLS, network isolation). Treat as malicious/untrusted in general-purpose environments unless its use is explicit, authenticated, and restricted.

This kernel module contains functionality that enables stealthy process hijacking and code injection: toggling write permissions on executable VMAs, saving/restoring another process's registers (including instruction pointer), and a signaling/waiting mechanism to coordinate injected shellcode execution. It lacks permission checks and contains implementation issues (missing kmalloc null checks, some logic bugs), making it a strong supply-chain backdoor indicator. Do not load or use this module in production; treat it as malicious/untrusted.

This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including all environment variables, platform details, hostname, username, and MAC addresses from network interfaces. This data is then transmitted via HTTP POST request to a suspicious remote server at https://log-server-lovat[.]vercel[.]app/api/ipcheck/703 with a custom header 'x-secret-header: secret'. After sending the collected data, the malware evaluates the server's response as JavaScript code using eval(), enabling arbitrary remote code execution. The code employs obfuscation by hex-encoding critical strings like 'require', 'axios', 'post', and the target URL to evade detection. Error handling is deliberately suppressed to prevent detection of failed operations. This represents a critical supply chain attack vector that compromises system security through both data theft and remote control capabilities.

Live on npm for 1 day, 1 hour and 46 minutes before removal. Socket users were protected even while the package was live.