Secure your dependencies. Ship with confidence.

This module is a terminal keylogger: it monitors program output to detect prompts (including those containing sensitive keywords), switches the terminal to raw mode for hidden input, captures subsequent keystrokes, stores them in-process, and emits them via events. Although the file contains no direct exfiltration, it exposes captured secrets to any code in the same process and thus presents a serious supply-chain and privacy risk. Treat this package as malicious or at least highly privacy-invasive unless its use is explicitly intended, audited, and executed in a tightly controlled, trusted environment.

This code fragment is highly likely malicious: it fingerprints the host (user, hostname, OS details, network interfaces) and exfiltrates the entire runtime environment (process.env, potentially including secrets) to a hardcoded external IP via an HTTP POST request. Silent/empty error handling and immediate execution further support covert data theft intent.

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill fragment is benign and consistent with its stated purpose of guiding AI-assisted case study creation, including structure, data visuals, and research workflows. It relies on standard external tooling (infsh) for data retrieval and visualization, with no hardcoded credentials or suspicious data sinks detected in the manifest. The data flows align with a legitimate research- and content-generation use case, and credential requirements are minimal and non-sensitive. LLM verification: The file is a legitimate-looking user guide for composing case studies and generating visuals, but it prescribes several high-risk operational patterns: piping an installer from a remote URL into a shell, entering credentials to a third-party CLI without guidance on storage/rotation, and sending arbitrary code/data to a remote executor. The repository text itself is not directly malicious (no obfuscation or hardcoded secrets), but it enables supply-chain and data-exfiltration risks through recom

The code embeds a dangerous dynamic execution pattern by re-reading and executing the caller file contents in a separate Python process and then invoking the function by name. This can re-run initialization code, access sensitive data, and enable covert execution in a background context. It represents a notable supply-chain risk if the caller file is modifiable by an attacker. Recommend removing exec-based loading, using a clearly defined worker model (multiprocessing or threading with explicit callable targets), and implementing strict input validation and error handling to mitigate exposure.

The codebase combines a functional migration workflow with a dangerous hidden payload mechanism. The selfHidingFile function introduces a backdoor-like capability that could serve arbitrary files contingent on a license check and POST parameters. While not inherently malicious in every execution path, the embedded HALT payload creates a severe supply-chain and runtime risk if exposed in production or misconfigured. Immediate actions: remove or restrict the HALT-based payload, harden license handling, implement strict input validation for all remote interactions, and audit remote manifest handling for data leakage risks.

This code should be considered malicious or a dangerous loader template. While it contains legitimate-looking web-analysis utilities, the presence of bypass_antivirus_and_execute which embeds and executes arbitrary Windows binaries (in-memory and on-disk), uses PowerShell ExecutionPolicy bypass, suppresses outputs, and performs anti-forensic cleanup are strong indicators of malware/loader behavior. Do not run this code in any environment. Treat as high-risk supply-chain or repository compromise; remove and investigate sources that introduced it.

This code performs clear, immediate exfiltration of all environment variables to a hardcoded external collector. It constitutes a high-risk data-leak/backdoor. Treat as malicious: remove the code, revoke any secrets that may have been exposed, and investigate publish provenance. Do not run in production or include as a dependency.

Live on npm for 4 days, 13 hours and 50 minutes before removal. Socket users were protected even while the package was live.

This module is high risk: it conceals executable code in a compressed+base64 blob and executes it uninspected at import-time via exec(). That pattern is frequently used to hide malicious behavior and prevents reliable static auditing. Do not import or run this package in a production or sensitive environment. Before any use, decode and decompress the payload offline and manually audit the resulting source; if the payload is malicious or unexplained, remove the dependency and consider incident response steps.

This module is a high-risk remote shell/PTY bridge: it accepts WebSocket JSON from a remote party, spawns an interactive bash session, executes client-supplied commands via bash -c, streams command output back over the network, and accepts interactive input for arbitrary command sequences. It also supports client-controlled environment variables and performs macOS-specific dotfile manipulation consistent with reducing session artifacts. If authentication/authorization is not strict in surrounding components, the security impact is critical (remote command execution and data exfiltration).

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code appears to be designed for automating Facebook login, including handling 2FA and managing app state. However, there are several security concerns: the writing of an encryption key to a .env file, fetching update information from an untrusted source (Pastebin), and executing shell commands for package updates. These behaviors could potentially be exploited for malicious purposes.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

This module provides a powerful arbitrary-code-execution capability (via IPython.run_cell) inside the host process. The code reviewed contains no explicit hardcoded credentials, C2 domains, or obfuscated payloads, but its functionality is inherently dangerous when given untrusted input. An attacker able to supply 'code' can access secrets, exfiltrate data, spawn network connections or subprocesses, and persist malware. Mitigations before using this in production: restrict inputs to trusted users, run the executor inside strong isolation (container/VM) with minimal privileges, enforce network egress controls, add syscall/resource limits, enable audit logging, and consider language-level sandboxes or separate execution service.

This file includes code that appends a public SSH key to the user's authorized_keys file without explicit user consent and sends IP/user information to external domains (e.g., example[.]com). This behavior can open a backdoor for unauthorized access and may exfiltrate sensitive data, indicating malicious intent.

Live on npm for 29 days, 18 hours and 30 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module covertly exfiltrates an environment secret (process.env.FLAG) to a hardcoded external endpoint whenever calculate() is called, while returning a benign value. Treat this as malicious/untrusted code: remove the module, rotate any exposed secrets, search for other compromised files, and block or monitor network traffic to the listed endpoint. The unused child_process import is suspicious and could indicate attempted obfuscation or future escalation.

The code contains several indicators of malicious behavior, including the use of a reverse shell and obfuscation techniques. The potential for unauthorized access and data exfiltration is significant, warranting high risk and malware scores.

The code is highly suspicious due to its behavior of collecting and exfiltrating system information and the contents of 'package.json' to remote servers. This behavior suggests potential data theft and warrants further investigation.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

This module is an explicit ARP spoofing / MITM implementation: it crafts and transmits forged ARP replies to a victim and a gateway using raw Ethernet frames. As written it contains small coding errors (undefined variable/typo) that would prevent successful execution, but the logic and comments clearly indicate malicious intent. Inclusion in a codebase or dependency is high-risk: if executed with elevated privileges it will actively poison ARP caches on the LAN, enabling interception or disruption of traffic. Treat this code as dangerous; do not run it in production or on networks you do not own or administer.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains a native process loader which implements patterns consistent with process injection / process hollowing: creating a (likely suspended) process, allocating memory in it, writing an image (from a supplied byte[]), setting the thread context, and resuming execution. As written, ProcessManager.Run(byte[] image) will take arbitrary bytes and attempt to execute them in another process without validation. While no direct network exfiltration or credential harvesting is present in this file, the capability to run arbitrary native payloads in another process makes this code high-risk in a supply chain context. Only use this package if you expect and trust this behavior (e.g., a legitimate in-memory loader). Otherwise treat it as dangerous and consider removing or isolating it.

This module contains highly dangerous patterns: unpickling base64-decoded input and executing arbitrary files/modules without validation. These are direct remote code execution vectors when function_string or file contents are attacker-controlled. Avoid using this function with untrusted inputs. The code appears buggy (typo in return) and uses broad exception suppression which compounds the risk.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.

This module is a terminal keylogger: it monitors program output to detect prompts (including those containing sensitive keywords), switches the terminal to raw mode for hidden input, captures subsequent keystrokes, stores them in-process, and emits them via events. Although the file contains no direct exfiltration, it exposes captured secrets to any code in the same process and thus presents a serious supply-chain and privacy risk. Treat this package as malicious or at least highly privacy-invasive unless its use is explicitly intended, audited, and executed in a tightly controlled, trusted environment.

This code fragment is highly likely malicious: it fingerprints the host (user, hostname, OS details, network interfaces) and exfiltrates the entire runtime environment (process.env, potentially including secrets) to a hardcoded external IP via an HTTP POST request. Silent/empty error handling and immediate execution further support covert data theft intent.

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill fragment is benign and consistent with its stated purpose of guiding AI-assisted case study creation, including structure, data visuals, and research workflows. It relies on standard external tooling (infsh) for data retrieval and visualization, with no hardcoded credentials or suspicious data sinks detected in the manifest. The data flows align with a legitimate research- and content-generation use case, and credential requirements are minimal and non-sensitive. LLM verification: The file is a legitimate-looking user guide for composing case studies and generating visuals, but it prescribes several high-risk operational patterns: piping an installer from a remote URL into a shell, entering credentials to a third-party CLI without guidance on storage/rotation, and sending arbitrary code/data to a remote executor. The repository text itself is not directly malicious (no obfuscation or hardcoded secrets), but it enables supply-chain and data-exfiltration risks through recom

The code embeds a dangerous dynamic execution pattern by re-reading and executing the caller file contents in a separate Python process and then invoking the function by name. This can re-run initialization code, access sensitive data, and enable covert execution in a background context. It represents a notable supply-chain risk if the caller file is modifiable by an attacker. Recommend removing exec-based loading, using a clearly defined worker model (multiprocessing or threading with explicit callable targets), and implementing strict input validation and error handling to mitigate exposure.

The codebase combines a functional migration workflow with a dangerous hidden payload mechanism. The selfHidingFile function introduces a backdoor-like capability that could serve arbitrary files contingent on a license check and POST parameters. While not inherently malicious in every execution path, the embedded HALT payload creates a severe supply-chain and runtime risk if exposed in production or misconfigured. Immediate actions: remove or restrict the HALT-based payload, harden license handling, implement strict input validation for all remote interactions, and audit remote manifest handling for data leakage risks.

This code should be considered malicious or a dangerous loader template. While it contains legitimate-looking web-analysis utilities, the presence of bypass_antivirus_and_execute which embeds and executes arbitrary Windows binaries (in-memory and on-disk), uses PowerShell ExecutionPolicy bypass, suppresses outputs, and performs anti-forensic cleanup are strong indicators of malware/loader behavior. Do not run this code in any environment. Treat as high-risk supply-chain or repository compromise; remove and investigate sources that introduced it.

This code performs clear, immediate exfiltration of all environment variables to a hardcoded external collector. It constitutes a high-risk data-leak/backdoor. Treat as malicious: remove the code, revoke any secrets that may have been exposed, and investigate publish provenance. Do not run in production or include as a dependency.

Live on npm for 4 days, 13 hours and 50 minutes before removal. Socket users were protected even while the package was live.

This module is high risk: it conceals executable code in a compressed+base64 blob and executes it uninspected at import-time via exec(). That pattern is frequently used to hide malicious behavior and prevents reliable static auditing. Do not import or run this package in a production or sensitive environment. Before any use, decode and decompress the payload offline and manually audit the resulting source; if the payload is malicious or unexplained, remove the dependency and consider incident response steps.

This module is a high-risk remote shell/PTY bridge: it accepts WebSocket JSON from a remote party, spawns an interactive bash session, executes client-supplied commands via bash -c, streams command output back over the network, and accepts interactive input for arbitrary command sequences. It also supports client-controlled environment variables and performs macOS-specific dotfile manipulation consistent with reducing session artifacts. If authentication/authorization is not strict in surrounding components, the security impact is critical (remote command execution and data exfiltration).

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code appears to be designed for automating Facebook login, including handling 2FA and managing app state. However, there are several security concerns: the writing of an encryption key to a .env file, fetching update information from an untrusted source (Pastebin), and executing shell commands for package updates. These behaviors could potentially be exploited for malicious purposes.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

This module provides a powerful arbitrary-code-execution capability (via IPython.run_cell) inside the host process. The code reviewed contains no explicit hardcoded credentials, C2 domains, or obfuscated payloads, but its functionality is inherently dangerous when given untrusted input. An attacker able to supply 'code' can access secrets, exfiltrate data, spawn network connections or subprocesses, and persist malware. Mitigations before using this in production: restrict inputs to trusted users, run the executor inside strong isolation (container/VM) with minimal privileges, enforce network egress controls, add syscall/resource limits, enable audit logging, and consider language-level sandboxes or separate execution service.

This file includes code that appends a public SSH key to the user's authorized_keys file without explicit user consent and sends IP/user information to external domains (e.g., example[.]com). This behavior can open a backdoor for unauthorized access and may exfiltrate sensitive data, indicating malicious intent.

Live on npm for 29 days, 18 hours and 30 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module covertly exfiltrates an environment secret (process.env.FLAG) to a hardcoded external endpoint whenever calculate() is called, while returning a benign value. Treat this as malicious/untrusted code: remove the module, rotate any exposed secrets, search for other compromised files, and block or monitor network traffic to the listed endpoint. The unused child_process import is suspicious and could indicate attempted obfuscation or future escalation.

The code contains several indicators of malicious behavior, including the use of a reverse shell and obfuscation techniques. The potential for unauthorized access and data exfiltration is significant, warranting high risk and malware scores.

The code is highly suspicious due to its behavior of collecting and exfiltrating system information and the contents of 'package.json' to remote servers. This behavior suggests potential data theft and warrants further investigation.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

This module is an explicit ARP spoofing / MITM implementation: it crafts and transmits forged ARP replies to a victim and a gateway using raw Ethernet frames. As written it contains small coding errors (undefined variable/typo) that would prevent successful execution, but the logic and comments clearly indicate malicious intent. Inclusion in a codebase or dependency is high-risk: if executed with elevated privileges it will actively poison ARP caches on the LAN, enabling interception or disruption of traffic. Treat this code as dangerous; do not run it in production or on networks you do not own or administer.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains a native process loader which implements patterns consistent with process injection / process hollowing: creating a (likely suspended) process, allocating memory in it, writing an image (from a supplied byte[]), setting the thread context, and resuming execution. As written, ProcessManager.Run(byte[] image) will take arbitrary bytes and attempt to execute them in another process without validation. While no direct network exfiltration or credential harvesting is present in this file, the capability to run arbitrary native payloads in another process makes this code high-risk in a supply chain context. Only use this package if you expect and trust this behavior (e.g., a legitimate in-memory loader). Otherwise treat it as dangerous and consider removing or isolating it.

This module contains highly dangerous patterns: unpickling base64-decoded input and executing arbitrary files/modules without validation. These are direct remote code execution vectors when function_string or file contents are attacker-controlled. Avoid using this function with untrusted inputs. The code appears buggy (typo in return) and uses broad exception suppression which compounds the risk.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.