Secure your dependencies. Ship with confidence.

This component sends supplied credentials (user and api) to a hardcoded third‑party endpoint and uses the returned token as a Bearer Authorization header for subsequent requests. That behavior constitutes high risk: if the endpoint is untrusted or controlled by an attacker, credentials can be exfiltrated and authentication can be delegated to an attacker-controlled token provider. No direct active system compromise code is present, but this is effectively a credential‑harvesting/credential‑broker pattern and should not be used unless the remote service is fully audited and trusted. Recommend replacing with standard OAuth flows using trusted endpoints, removing synchronous network I/O from constructors, and avoiding indiscriminate pickling of credential state.

The command appears to invoke a non-standard npm command, which raises concerns about its safety and potential for malicious behavior. Further investigation into the 'go-npm' package is necessary.

Live on npm for 1 day, 2 hours and 9 minutes before removal. Socket users were protected even while the package was live.

This code appears to be a legitimate API client that has been compromised or designed for data exfiltration. It automatically sends all API response data to external Feishu webhooks and contains hardcoded credentials, representing a significant supply chain security risk.

The script attempts to install a commit message hook from a specified URL. If the source is not trusted, this could lead to malicious behavior.

Live on npm for 37 minutes before removal. Socket users were protected even while the package was live.

This code implements a malicious IoT credential-harvesting framework. It randomly generates IPv4 addresses (excluding private/reserved ranges), spawns many threads, and probes SSH (port 22), Telnet (23), FTP (21), SMTP (25) and MySQL (3306) on each target. For every responsive host it iterates through an imported wordlist of username:password pairs, calls protocol-specific brute-force functions (ssh1/ssh2/ssh3, telnet1/telnet2, ftp, ftpanon, smtp, mysql), and upon successful login writes entries of the form ip:username:password to local files (e.g., sshbots.txt, telnetbots.txt, ftpbots.txt, smtpbots.txt, mysqlbots.txt). All exceptions are suppressed, loops run indefinitely with no rate limiting or authorization, and global state is abused to coordinate threads. Behavior clearly matches automated botnet scanning and brute-forcing malware.

The snippet automates credential retrieval, form autofill, submission, and redirection to an external domain, accompanied by storage clearing. While usable in controlled SSO or legitimate automation, the combination of automated credential handling, external navigation, and trace cleanup strongly suggests potential credential harvesting or data exfiltration risks in a browser extension context. Recommend rigorous review of extension permissions, user consent prompts, destination trust, and provenance before enabling this behavior in production.

The source code exhibits clear signs of malicious behavior by sending environment variables to an obfuscated external server. This poses a significant security risk as it can lead to data breaches.

Live on npm for 1 hour and 12 minutes before removal. Socket users were protected even while the package was live.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

The code exhibits behavior consistent with a backdoor designed for unauthorized data collection and exfiltration. The collection of sensitive data and its transmission to a suspicious domain without user consent suggests malicious intent. The package should be considered compromised and not used in any production environment.

Live on npm for 14 hours and 43 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module persistently records credentials (including plaintext passwords) and logs them to console/logs. The code exhibits clear credential-capture behavior. There is no sign of network exfiltration or dynamic obfuscation in this fragment, but the lack of encryption, access controls, and the explicit logging and database storage of secrets make it high-risk for misuse or accidental leakage. If this package is intended as an offensive tool (credential capture), it is malicious by purpose in many contexts; if intended for legitimate auditing, it still poses significant security and privacy concerns and must be used with strong access controls and consent. The db_schema stubs (empty cursor.execute calls) are anomalous and indicate either an incomplete snippet or tampering.

This MSBuild file contains an explicit malicious backdoor: an inline Roslyn task that runs during the build to download and execute remote scripts on both Unix-like and Windows systems. It enables remote code execution in the build environment, uses obfuscation (base64 PowerShell), and is triggered automatically without user consent. Treat it as active malware: remove the file, blacklist the package, audit build systems and artifact repositories for builds that executed it, and investigate any network endpoints referenced. Do not use this package.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This script is functionally legitimate for provisioning GitHub Actions self-hosted GPU runners but contains several high-impact security risks. Primary concerns: it passes the full GitHub token into containers (exposing org-level credentials), mounts the host Docker socket into those containers (giving containers effectively full control over the host), and builds/executes docker commands via eval using unsanitized fields from the JSON spec (shell injection risk). If attacker-controlled inputs (spec file, image, or token) are present, an attacker could execute arbitrary host commands, exfiltrate secrets, or compromise the GitHub organization. Recommend refusing to run this script in untrusted environments, removing/avoiding docker.sock mount, avoiding eval (use arrays or exec directly), sanitizing spec values, limiting container network/capabilities, and using short-lived, least-privilege tokens or ephemeral registration mechanisms.

Live on PyPI for 32 minutes before removal. Socket users were protected even while the package was live.

This workflow is intentionally insecure and contains many clear supply-chain and CI/CD attack vectors: command injection (eval/exec/Invoke-Expression/pipe-to-bash), remote script execution (curl | bash), use of untrusted/typosquatted/unpinned actions, secrets passed to untrusted actions or printed, cross-repo access with tokens, and risky self-hosted privileged operations. It should not be used as-is in production. Mitigations include: never execute untrusted event data, avoid pull_request_target for running untrusted code, pin and verify actions, do not pass secrets to third-party or unverified actions, avoid curl|bash and running untrusted docker images privileged, and restrict self-hosted runners. Treat this workflow as malicious/insecure.

The module contains unsafe use of eval() and exec() executing dynamically constructed strings based on Parameter keys/values and decoded attribute paths. This enables code injection if an attacker can control lmfit.Parameters or the contents of parameter values/names. I did not find explicit malicious payloads in this file, but the dynamic execution pattern is a serious supply-chain/security risk: an attacker could craft Parameters to execute arbitrary code on any system that runs LMFIT_min_function (or related update functions) with untrusted input. Recommendation: avoid exec/eval, validate/sanitize parameter names and values, restrict to numeric types, or map parameters to attributes using safe attribute access (getattr/setattr) instead of string eval/exec.

Live on PyPI for 13 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code contains a clear malicious backdoor that exfiltrates local data to an external server without user consent. This is a serious security risk and constitutes malware behavior. The code is not obfuscated but is highly dangerous and should be considered untrusted and unsafe.

Live on npm for 55 days, 20 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

The code collects sensitive system data and sends it to a remote server without user consent. This behavior raises privacy concerns and potential unauthorized data transmission, which poses a security risk.

Live on npm for 4 days, 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code implements covert data collection and exfiltration of machine-identifying information (local username, OS type, public IP) to a hard-coded third-party domain. The use of synchronous shell execution (curl) and HTTP (unprotected) transport, combined with silent behavior and no consent, constitute clear malicious/backdoor-like behavior. The module should be treated as malicious and not used; investigate any projects depending on this code and remove/replace it immediately.

The code exhibits a deliberate backdoor-like payload: obfuscated dynamic module loading, environment-aware command execution, and DNS-based data exfiltration tailored to the package context. This indicates malicious intent and constitutes a severe supply-chain risk if present in an open-source dependency. Immediate remediation should include removal, integrity verification, and enabling tamper-evident signing and strict dependency auditing.

Live on npm for 18 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This module purposefully enables command execution and remote downloads during LaTeX rendering. The transformation that replaces \includegraphics{http...} with a write18 wget call and the use of pdflatex --shell-escape are unsafe when any part of the LaTeX input (exam or subs) is or can be attacker-controlled. The code permits arbitrary command execution and network fetches with no sanitization or sandboxing — a high-risk behavior in a supply-chain context. Do not run this on untrusted input; if retained, restrict inputs strictly or remove the write18/wget mechanism and avoid --shell-escape. Use subprocess with sanitized args and sandboxing instead.

The code has significant security risks due to the dynamic execution of user-defined code and the potential for command injection through subprocess calls. Proper validation and sanitization of user inputs are essential to mitigate these risks.

This install script performs a destructive filesystem operation (removing the katex directory) and then executes an unknown command. Even if not overtly labeled as malware, it poses a high risk: it can cause data loss and enables execution of arbitrary code. You should not run this without inspecting the package contents and verifying what `copy-files-from-to` refers to and why katex is being removed.

Live on PyPI for 3 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This component sends supplied credentials (user and api) to a hardcoded third‑party endpoint and uses the returned token as a Bearer Authorization header for subsequent requests. That behavior constitutes high risk: if the endpoint is untrusted or controlled by an attacker, credentials can be exfiltrated and authentication can be delegated to an attacker-controlled token provider. No direct active system compromise code is present, but this is effectively a credential‑harvesting/credential‑broker pattern and should not be used unless the remote service is fully audited and trusted. Recommend replacing with standard OAuth flows using trusted endpoints, removing synchronous network I/O from constructors, and avoiding indiscriminate pickling of credential state.

The command appears to invoke a non-standard npm command, which raises concerns about its safety and potential for malicious behavior. Further investigation into the 'go-npm' package is necessary.

Live on npm for 1 day, 2 hours and 9 minutes before removal. Socket users were protected even while the package was live.

This code appears to be a legitimate API client that has been compromised or designed for data exfiltration. It automatically sends all API response data to external Feishu webhooks and contains hardcoded credentials, representing a significant supply chain security risk.

The script attempts to install a commit message hook from a specified URL. If the source is not trusted, this could lead to malicious behavior.

Live on npm for 37 minutes before removal. Socket users were protected even while the package was live.

This code implements a malicious IoT credential-harvesting framework. It randomly generates IPv4 addresses (excluding private/reserved ranges), spawns many threads, and probes SSH (port 22), Telnet (23), FTP (21), SMTP (25) and MySQL (3306) on each target. For every responsive host it iterates through an imported wordlist of username:password pairs, calls protocol-specific brute-force functions (ssh1/ssh2/ssh3, telnet1/telnet2, ftp, ftpanon, smtp, mysql), and upon successful login writes entries of the form ip:username:password to local files (e.g., sshbots.txt, telnetbots.txt, ftpbots.txt, smtpbots.txt, mysqlbots.txt). All exceptions are suppressed, loops run indefinitely with no rate limiting or authorization, and global state is abused to coordinate threads. Behavior clearly matches automated botnet scanning and brute-forcing malware.

The snippet automates credential retrieval, form autofill, submission, and redirection to an external domain, accompanied by storage clearing. While usable in controlled SSO or legitimate automation, the combination of automated credential handling, external navigation, and trace cleanup strongly suggests potential credential harvesting or data exfiltration risks in a browser extension context. Recommend rigorous review of extension permissions, user consent prompts, destination trust, and provenance before enabling this behavior in production.

The source code exhibits clear signs of malicious behavior by sending environment variables to an obfuscated external server. This poses a significant security risk as it can lead to data breaches.

Live on npm for 1 hour and 12 minutes before removal. Socket users were protected even while the package was live.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

The code exhibits behavior consistent with a backdoor designed for unauthorized data collection and exfiltration. The collection of sensitive data and its transmission to a suspicious domain without user consent suggests malicious intent. The package should be considered compromised and not used in any production environment.

Live on npm for 14 hours and 43 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module persistently records credentials (including plaintext passwords) and logs them to console/logs. The code exhibits clear credential-capture behavior. There is no sign of network exfiltration or dynamic obfuscation in this fragment, but the lack of encryption, access controls, and the explicit logging and database storage of secrets make it high-risk for misuse or accidental leakage. If this package is intended as an offensive tool (credential capture), it is malicious by purpose in many contexts; if intended for legitimate auditing, it still poses significant security and privacy concerns and must be used with strong access controls and consent. The db_schema stubs (empty cursor.execute calls) are anomalous and indicate either an incomplete snippet or tampering.

This MSBuild file contains an explicit malicious backdoor: an inline Roslyn task that runs during the build to download and execute remote scripts on both Unix-like and Windows systems. It enables remote code execution in the build environment, uses obfuscation (base64 PowerShell), and is triggered automatically without user consent. Treat it as active malware: remove the file, blacklist the package, audit build systems and artifact repositories for builds that executed it, and investigate any network endpoints referenced. Do not use this package.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This script is functionally legitimate for provisioning GitHub Actions self-hosted GPU runners but contains several high-impact security risks. Primary concerns: it passes the full GitHub token into containers (exposing org-level credentials), mounts the host Docker socket into those containers (giving containers effectively full control over the host), and builds/executes docker commands via eval using unsanitized fields from the JSON spec (shell injection risk). If attacker-controlled inputs (spec file, image, or token) are present, an attacker could execute arbitrary host commands, exfiltrate secrets, or compromise the GitHub organization. Recommend refusing to run this script in untrusted environments, removing/avoiding docker.sock mount, avoiding eval (use arrays or exec directly), sanitizing spec values, limiting container network/capabilities, and using short-lived, least-privilege tokens or ephemeral registration mechanisms.

Live on PyPI for 32 minutes before removal. Socket users were protected even while the package was live.

This workflow is intentionally insecure and contains many clear supply-chain and CI/CD attack vectors: command injection (eval/exec/Invoke-Expression/pipe-to-bash), remote script execution (curl | bash), use of untrusted/typosquatted/unpinned actions, secrets passed to untrusted actions or printed, cross-repo access with tokens, and risky self-hosted privileged operations. It should not be used as-is in production. Mitigations include: never execute untrusted event data, avoid pull_request_target for running untrusted code, pin and verify actions, do not pass secrets to third-party or unverified actions, avoid curl|bash and running untrusted docker images privileged, and restrict self-hosted runners. Treat this workflow as malicious/insecure.

The module contains unsafe use of eval() and exec() executing dynamically constructed strings based on Parameter keys/values and decoded attribute paths. This enables code injection if an attacker can control lmfit.Parameters or the contents of parameter values/names. I did not find explicit malicious payloads in this file, but the dynamic execution pattern is a serious supply-chain/security risk: an attacker could craft Parameters to execute arbitrary code on any system that runs LMFIT_min_function (or related update functions) with untrusted input. Recommendation: avoid exec/eval, validate/sanitize parameter names and values, restrict to numeric types, or map parameters to attributes using safe attribute access (getattr/setattr) instead of string eval/exec.

Live on PyPI for 13 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code contains a clear malicious backdoor that exfiltrates local data to an external server without user consent. This is a serious security risk and constitutes malware behavior. The code is not obfuscated but is highly dangerous and should be considered untrusted and unsafe.

Live on npm for 55 days, 20 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

The code collects sensitive system data and sends it to a remote server without user consent. This behavior raises privacy concerns and potential unauthorized data transmission, which poses a security risk.

Live on npm for 4 days, 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code implements covert data collection and exfiltration of machine-identifying information (local username, OS type, public IP) to a hard-coded third-party domain. The use of synchronous shell execution (curl) and HTTP (unprotected) transport, combined with silent behavior and no consent, constitute clear malicious/backdoor-like behavior. The module should be treated as malicious and not used; investigate any projects depending on this code and remove/replace it immediately.

The code exhibits a deliberate backdoor-like payload: obfuscated dynamic module loading, environment-aware command execution, and DNS-based data exfiltration tailored to the package context. This indicates malicious intent and constitutes a severe supply-chain risk if present in an open-source dependency. Immediate remediation should include removal, integrity verification, and enabling tamper-evident signing and strict dependency auditing.

Live on npm for 18 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This module purposefully enables command execution and remote downloads during LaTeX rendering. The transformation that replaces \includegraphics{http...} with a write18 wget call and the use of pdflatex --shell-escape are unsafe when any part of the LaTeX input (exam or subs) is or can be attacker-controlled. The code permits arbitrary command execution and network fetches with no sanitization or sandboxing — a high-risk behavior in a supply-chain context. Do not run this on untrusted input; if retained, restrict inputs strictly or remove the write18/wget mechanism and avoid --shell-escape. Use subprocess with sanitized args and sandboxing instead.

The code has significant security risks due to the dynamic execution of user-defined code and the potential for command injection through subprocess calls. Proper validation and sanitization of user inputs are essential to mitigate these risks.

This install script performs a destructive filesystem operation (removing the katex directory) and then executes an unknown command. Even if not overtly labeled as malware, it poses a high risk: it can cause data loss and enables execution of arbitrary code. You should not run this without inspecting the package contents and verifying what `copy-files-from-to` refers to and why katex is being removed.

Live on PyPI for 3 hours and 36 minutes before removal. Socket users were protected even while the package was live.