Secure your dependencies. Ship with confidence.

This module should be treated as malicious/untrusted. It embeds hardcoded credentials, self-modifies its source, modifies stdlib/site files for persistence, executes numerous unsanitized shell commands (including network uploads to PyPI), and registers an exit handler that appends payloads and auto-installs packages. Do not run or install this package; remove any artifacts created by it and audit affected systems. Treat any PyPI packages published by the same author/name as suspicious and consider revoking credentials and rotating any exposed secrets.

The code is designed to collect and send system information to a remote server, which is a behavior commonly associated with malicious intent or a reconnaissance phase of an attack. The hard-coded URL and the specific data points collected raise significant security concerns.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive AWS credentials and system information to an external server, which is a clear security risk. The use of a domain associated with security testing (burpcollaborator.net) further indicates potential malicious intent.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

High risk of arbitrary code execution via eval of external command output. This pattern is dangerous for supply-chain and runtime security; avoid evaluating untrusted data. Replace with explicit, trusted invocation patterns, input validation, or sandboxed/external command separation with non-evaluated data transfer.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 11 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This file forcibly terminates Chrome processes to enable collecting data from browser databases (cookies, history, passwords, and more) without user permission. It then transmits the harvested information via network calls using client connections and local debugging ports (e.g., http://localhost:9222/json). Although no explicit malicious domain is specified, the unauthorized extraction and transmission of user credentials and browser data constitute a severe privacy and security risk consistent with malware.

This module contains high-risk behavior: it executes shell commands and spawns processes using content supplied by the remote 3270/DDM data stream (via JSON present in SPECIAL data). It also opens and writes files based on remote-supplied filenames. These are direct remote-to-sink flows enabling arbitrary command execution and arbitrary file access. Unless the runtime environment and upstream protocol are strictly trusted and controlled, this is a severe supply-chain / remote code execution risk. Do not use this package in untrusted contexts; audit and remove/mitigate the os.system/os.popen/subprocess calls or enforce strict validation and authentication of the remote data before allowing file/command operations.

The code poses a high security risk due to hardcoded credentials and automated publishing, which could be exploited for spamming or malicious distribution. The intent and use of the code are questionable.

Live on npm for 15 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This fragment performs unsolicited outbound HTTPS POST requests to a hardcoded external webhook endpoint, sending environment-derived package metadata and a timestamp. The destination is external and static, and error handling/response handling is suppressed, consistent with telemetry/tracking or supply-chain exfiltration rather than legitimate application behavior. While only minimal metadata is sent, the pattern is a strong security red flag for unexpected third-party reporting.

This module is a highly obfuscated runtime loader: it reconstructs an embedded JavaScript payload from encoded strings using a custom decoder, caches the decoded payload in the top window, and immediately executes the reconstructed code via eval. The overall behavior is strongly consistent with malware/backdoor delivery rather than benign library code. Treat the package/module as unsafe and do not execute it without isolation and full payload inspection.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

The JavaScript portion appears to be a compact host glue that embeds a WebAssembly parser to extract exports and re-exports from JavaScript source. The visible risks in this file are low: no network/file/process access and eval is used only to unquote string literals. The main remaining risk is the opaque WebAssembly binary — it could contain arbitrary behavior but the JS wrapper does not itself perform malicious actions. Audit or provenance-check the wasm blob before trusting it.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module functions as an active webshell probe/exploitation helper: it reads target entries from 'webshell.log', crafts a known-output payload ('print(md5(1));'), optionally applies configurable encoders, and sends the payload to remote URLs to detect execution. The behavior is consistent with offensive tooling that can verify and interact with webshell backdoors. Treat as high-risk if present in general-purpose packages; acceptable only in controlled, authorized security testing contexts.

This package performs automatic telemetry/exfiltration during installation by sending local user, host, and working-directory information to an external HTTP endpoint in both preinstall and postinstall hooks. The use of plain HTTP, silenced requests, and the suspicious same-name dependency make this highly likely to be malicious or at least privacy-invading and unsafe. Immediate remediation: do not install from this package, block the domain/network calls, and inspect package ownership and source. Treat as high-risk/malicious.

This file implements a covert surveillance agent that: 1) prepends environment-controlled directories (SITE_ROOT, AGENT_PATH) to Python’s import path (supply-chain/import risk); 2) silently injects “export PROMPT_COMMAND='history -a'” into /etc/bash.bashrc and users’ ~/.bashrc to force real-time shell history flushing; 3) tracks user sign-in/sign-out via `who`, reads and aggregates shell histories (~/.bash_history, ~/.zsh_history, fish history) and session metadata into agent-controlled JSON logs under comm_path/<universal_id>/sessions; 4) monitors highly sensitive files/directories (/etc/passwd, /etc/shadow, /root/.ssh, /home, /var/www) via inotify and logs or alerts on access, writes, and deletions; 5) computes SHA-256 hashes of commands and flags those matching high-risk patterns (rm -rf, scp, curl, wget, sudo, chmod 777, systemctl stop, service stop); and 6) packages structured reports via get_delivery_packet()/pass_packet() calls to configured remote nodes, constituting an exfiltration channel. These behaviors constitute unauthorized host persistence, privacy violation, and potential data exfiltration, and should be treated as malware.

This module automatically collects error information and system telemetry and sends it to a hardcoded remote endpoint, including clientKey and secretKey read from a local fillblock.credentials.json file. That behavior constitutes credential exfiltration and privacy-invasive telemetry without configuration or opt-out. Treat this package as high-risk; do not use until the endpoint's ownership and purpose are verified and until reporting is made configurable/opt-in. If you already have this package in your environment, consider rotating any secrets stored in fillblock.credentials.json and audit outgoing connections to the listed endpoint.

This module contains explicit instructions and code paths to exfiltrate Slack messages to an attacker-controlled website and to create transient attacker accounts in a Slack workspace. It includes hardcoded attacker identifiers and direct FunctionCall sequences that, when executed with a live Slack environment or an agent capable of calling those functions, would perform malicious actions (data exfiltration, phishing link posting, unauthorized account provisioning). There is a coding error in InjectionTask1 (self._ATTACKER_WEB is referenced but not defined), which might prevent immediate execution, but the intent is clear and dangerous. Treat this package as malicious test code and do not run it in production or with real credentials; remove or restrict it to isolated, instrumented test environments only.

This module should be treated as malicious/untrusted. It embeds hardcoded credentials, self-modifies its source, modifies stdlib/site files for persistence, executes numerous unsanitized shell commands (including network uploads to PyPI), and registers an exit handler that appends payloads and auto-installs packages. Do not run or install this package; remove any artifacts created by it and audit affected systems. Treat any PyPI packages published by the same author/name as suspicious and consider revoking credentials and rotating any exposed secrets.

The code is designed to collect and send system information to a remote server, which is a behavior commonly associated with malicious intent or a reconnaissance phase of an attack. The hard-coded URL and the specific data points collected raise significant security concerns.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive AWS credentials and system information to an external server, which is a clear security risk. The use of a domain associated with security testing (burpcollaborator.net) further indicates potential malicious intent.

Live on npm for 1 hour and 59 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

High risk of arbitrary code execution via eval of external command output. This pattern is dangerous for supply-chain and runtime security; avoid evaluating untrusted data. Replace with explicit, trusted invocation patterns, input validation, or sandboxed/external command separation with non-evaluated data transfer.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 11 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This file forcibly terminates Chrome processes to enable collecting data from browser databases (cookies, history, passwords, and more) without user permission. It then transmits the harvested information via network calls using client connections and local debugging ports (e.g., http://localhost:9222/json). Although no explicit malicious domain is specified, the unauthorized extraction and transmission of user credentials and browser data constitute a severe privacy and security risk consistent with malware.

This module contains high-risk behavior: it executes shell commands and spawns processes using content supplied by the remote 3270/DDM data stream (via JSON present in SPECIAL data). It also opens and writes files based on remote-supplied filenames. These are direct remote-to-sink flows enabling arbitrary command execution and arbitrary file access. Unless the runtime environment and upstream protocol are strictly trusted and controlled, this is a severe supply-chain / remote code execution risk. Do not use this package in untrusted contexts; audit and remove/mitigate the os.system/os.popen/subprocess calls or enforce strict validation and authentication of the remote data before allowing file/command operations.

The code poses a high security risk due to hardcoded credentials and automated publishing, which could be exploited for spamming or malicious distribution. The intent and use of the code are questionable.

Live on npm for 15 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This fragment performs unsolicited outbound HTTPS POST requests to a hardcoded external webhook endpoint, sending environment-derived package metadata and a timestamp. The destination is external and static, and error handling/response handling is suppressed, consistent with telemetry/tracking or supply-chain exfiltration rather than legitimate application behavior. While only minimal metadata is sent, the pattern is a strong security red flag for unexpected third-party reporting.

This module is a highly obfuscated runtime loader: it reconstructs an embedded JavaScript payload from encoded strings using a custom decoder, caches the decoded payload in the top window, and immediately executes the reconstructed code via eval. The overall behavior is strongly consistent with malware/backdoor delivery rather than benign library code. Treat the package/module as unsafe and do not execute it without isolation and full payload inspection.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

The JavaScript portion appears to be a compact host glue that embeds a WebAssembly parser to extract exports and re-exports from JavaScript source. The visible risks in this file are low: no network/file/process access and eval is used only to unquote string literals. The main remaining risk is the opaque WebAssembly binary — it could contain arbitrary behavior but the JS wrapper does not itself perform malicious actions. Audit or provenance-check the wasm blob before trusting it.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module functions as an active webshell probe/exploitation helper: it reads target entries from 'webshell.log', crafts a known-output payload ('print(md5(1));'), optionally applies configurable encoders, and sends the payload to remote URLs to detect execution. The behavior is consistent with offensive tooling that can verify and interact with webshell backdoors. Treat as high-risk if present in general-purpose packages; acceptable only in controlled, authorized security testing contexts.

This package performs automatic telemetry/exfiltration during installation by sending local user, host, and working-directory information to an external HTTP endpoint in both preinstall and postinstall hooks. The use of plain HTTP, silenced requests, and the suspicious same-name dependency make this highly likely to be malicious or at least privacy-invading and unsafe. Immediate remediation: do not install from this package, block the domain/network calls, and inspect package ownership and source. Treat as high-risk/malicious.

This file implements a covert surveillance agent that: 1) prepends environment-controlled directories (SITE_ROOT, AGENT_PATH) to Python’s import path (supply-chain/import risk); 2) silently injects “export PROMPT_COMMAND='history -a'” into /etc/bash.bashrc and users’ ~/.bashrc to force real-time shell history flushing; 3) tracks user sign-in/sign-out via `who`, reads and aggregates shell histories (~/.bash_history, ~/.zsh_history, fish history) and session metadata into agent-controlled JSON logs under comm_path/<universal_id>/sessions; 4) monitors highly sensitive files/directories (/etc/passwd, /etc/shadow, /root/.ssh, /home, /var/www) via inotify and logs or alerts on access, writes, and deletions; 5) computes SHA-256 hashes of commands and flags those matching high-risk patterns (rm -rf, scp, curl, wget, sudo, chmod 777, systemctl stop, service stop); and 6) packages structured reports via get_delivery_packet()/pass_packet() calls to configured remote nodes, constituting an exfiltration channel. These behaviors constitute unauthorized host persistence, privacy violation, and potential data exfiltration, and should be treated as malware.

This module automatically collects error information and system telemetry and sends it to a hardcoded remote endpoint, including clientKey and secretKey read from a local fillblock.credentials.json file. That behavior constitutes credential exfiltration and privacy-invasive telemetry without configuration or opt-out. Treat this package as high-risk; do not use until the endpoint's ownership and purpose are verified and until reporting is made configurable/opt-in. If you already have this package in your environment, consider rotating any secrets stored in fillblock.credentials.json and audit outgoing connections to the listed endpoint.

This module contains explicit instructions and code paths to exfiltrate Slack messages to an attacker-controlled website and to create transient attacker accounts in a Slack workspace. It includes hardcoded attacker identifiers and direct FunctionCall sequences that, when executed with a live Slack environment or an agent capable of calling those functions, would perform malicious actions (data exfiltration, phishing link posting, unauthorized account provisioning). There is a coding error in InjectionTask1 (self._ATTACKER_WEB is referenced but not defined), which might prevent immediate execution, but the intent is clear and dangerous. Treat this package as malicious test code and do not run it in production or with real credentials; remove or restrict it to isolated, instrumented test environments only.