Secure your dependencies. Ship with confidence.

High-risk supply-chain staging indicator: this module embeds a large base64-encoded JavaScript program (data:text/javascript;base64) and uses runtime execution/worker-task orchestration to run a complex document/PDF processing pipeline including parsing/rendering and export/serialization. While some logic resembles legitimate PDF tooling, the “embed-and-execute” packaging is atypical and strongly suggests malicious loader/dropper behavior. Do not trust or deploy without decoding the embedded payload and performing dynamic analysis in a sandbox with network monitoring.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code includes a highly dangerous execute_code tool that evaluates and runs arbitrary JavaScript supplied by the client using AsyncFunction, with direct access to the connected bot, SDK, and loaded actions. This effectively creates a remote code execution/backdoor surface. Combined with dynamic plugin loading from disk and credential/private-key persistence, the overall supply-chain/sabotage risk is high, even if the rest of the functionality appears game-bot focused.

The analyzed fragments are highly obfuscated loaders/packers that manipulate CSS/DOM and reconstruct data via base64 and string operations. While not definitively malicious in the provided slice, the obfuscation level and presence of a known packing tool imply potential non-benign payloads or exfiltration paths in other branches. Treat as suspicious in a dependency review and require thorough deobfuscation, dynamic analysis, and behavioral testing in a safe environment before acceptance into supply chains.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is not obviously obfuscated or directly embedding malware (no hardcoded credentials, no obfuscated payloads, no network exfiltration primitives present). However it intentionally executes arbitrary shell commands (shell=True) and can open terminals to run commands with elevated privileges if the user provides input. The most serious issue is execution of untrusted command strings combined with masking of killed processes as successful (return_code forced to 0 after timeout). If attacker-controlled data reaches steps_json or the interactive prompts, the host can be compromised. Treat this code as high-risk to run with untrusted inputs; it is suitable only in trusted-agent contexts or after strong input validation and safer execution strategies (avoid shell=True, sanitize inputs, do not force success on timeout).

Live on pypi for 5 days, 7 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code is a module that provides functions to create HTTP error objects. It does not appear to contain any obvious malicious behavior, except for the suspicious child process execution that should be further investigated.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The list of URLs is highly suspicious due to the types of domains included, suggesting potential involvement in malicious behavior, such as facilitating access to harmful content or phishing. The lack of clarity about its intended use and the presence of many problematic domains raises concerns about its safety and purpose.

Live on npm for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

Primary risks: the preinstall script executes local code at install time (requires inspection of engine-requirements.js) and the duplicate lru-cache entry across dependencies/devDependencies is a critical red flag per the supplied rules and should be treated as high-risk. No direct evidence of explicit remote code execution (http download piping into node) or overrides/resolutions was observed in this package.json, but install-time execution plus the duplicate dependency increases the chance of supply-chain or malicious behavior. Recommend: inspect engine-requirements.js and verify the lru-cache package provenance and why it appears in both sections; audit transitive dependencies before trusting this package.

This package executes a local postinstall script (postInstall.cjs) during npm install, which is a high-risk action because it allows arbitrary code execution on the installer's machine. The declared dependencies 'fs' and 'util' are suspicious because they shadow Node core modules and may indicate typosquatting or malicious packages. Without inspecting postInstall.cjs and the content of the listed dependency packages, this package should be considered high risk. Recommend not installing until you: (1) review postInstall.cjs contents, (2) verify that the 'fs' and 'util' npm packages are intentional and safe (or remove them), and (3) run installs in an isolated environment if necessary.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

This dependency/module embeds a high-risk capability: an HTTP POST endpoint starts an external local executable/script named "9remote" from a path derived at runtime (next to process.execPath), suppresses the child’s stdio, and manages its lifecycle via signal handlers. Even without visible network exfiltration in this snippet, the spawn-on-web-request pattern is strongly inconsistent with benign application routing and warrants immediate review of the packaged "9remote" binary/script, its authorization model for calling the endpoint, and containment/removal if not explicitly intended by the project.

This file shows clear signs of tampering: key functionality that appears to configure and connect to PostgreSQL has been replaced by injected mocks (MOCK_MULTI_FUNCTION and assigned mock objects) with comments explicitly stating "BYPASS LICENSE CHECK" and similar. That is a supply-chain integrity issue — the module no longer performs its original DB/configure/authorization behavior and instead uses in-memory mocks that could hide or alter logic. The debug logger writes arbitrary data to a log file under control of an env var and may leak sensitive data if enabled. There is no direct evidence of network exfiltration or remote backdoor behavior in this fragment, but the injected bypass of license/DB config and the presence of obfuscated/dead code increases risk. I recommend treating this package as tampered with: restore from a trusted upstream source, audit the repository/history for the patch that injected the mocks, and search for other modifications. If the original package was expected to contact a real DB and enforce a license, this modification could allow unauthorized usage or hide operations. Replace or remove the injected mocks and the debug logging in production.

Live on npm for 1 day, 21 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This VS Code extension automatically collects identifiable system and environment information upon activation and exfiltrates it to a hardcoded external endpoint without user consent. On activation (with a 2-second delay), the extension harvests: username (process.env.USER/USERNAME), home directory (process.env.HOME/USERPROFILE), hostname (os.hostname()), platform, architecture, and timestamp. This data is serialized as JSON and sent via HTTPS POST to webhook[.]site/4fb4f536-753c-40de-97e1-15d661a62b85. The same exfiltration function can also be triggered manually via the 'systemAuditLogger.testWebhook' command. There is no opt-in mechanism, no user consent prompt, and no configuration to disable or redirect the data transmission. The webhook[.]site service is a public HTTP request capture tool commonly used for covert data collection. The extension name suggests it may be impersonating internal corporate infrastructure tooling (Coupang), adding a social engineering dimension to the supply-chain risk. No obfuscation or dynamic code execution is present, but the automatic exfiltration of PII to a third-party endpoint constitutes data theft.

This file systematically collects extensive host and environment details—including environment variables, SSH keys, AWS credentials, Kubernetes service-account tokens, container metadata, CI/CD context, file system contents and process information—and exfiltrates everything to attacker-controlled infrastructure. Data is sent as JSON via HTTP POST to http://lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun/callback and covertly over DNS queries to lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun. This constitutes a high-risk supply-chain credential harvesting/backdoor module. Remove it immediately and audit any systems where it ran for potential compromise.

This script performs potentially dangerous operations: it gathers local source and metadata and uploads them to remote services, reads credentials from environment variables and obtains a token which it forwards to a local service, and includes a hard-coded API key used to call an external execution endpoint. These behaviors constitute data-exfiltration and credential-leakage risks. While there is no explicit evidence of destructive malware (no reverse shell, no obfuscation, no direct system-damage commands), the presence of embedded secrets and automatic upload/execution of local code make this high-risk in terms of supply-chain or privacy/security exposure. I recommend not running this code in sensitive environments, removing hardcoded keys, and avoiding automatic upload of local source without explicit, authenticated, and audited consent.

Live on pypi for 3 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This file implements a TCP server that listens on 0.0.0.0:12345, accepts connections from any IP address, and executes arbitrary shell commands received from the network using shell=True. No authentication or authorization is enforced, allowing anyone with network access to run commands on the host. This behavior poses a severe risk of remote code execution, effectively functioning as an unauthenticated backdoor if deployed on exposed systems.

This module is a high-suspicion reflective PE loader. It reads (or accepts) PE bytes, allocates PAGE_EXECUTE_READWRITE memory, relocates and manually maps PE headers/sections into that executable region using unsafe writes, and then exposes hashed exports as callable addresses. This strongly aligns with malware loader/evasion techniques rather than benign library behavior. No direct network exfiltration or credential theft is shown in this fragment, but the in-memory execution capability is a major security red flag.

This module intentionally mutates Twilio SDK internals to redirect API traffic to https://api.opurva.com and alters the API version. This pattern is a high-confidence supply-chain/backdoor indicator: it enables exfiltration of credentials and message data without implementing explicit network-sending logic in this file. Treat as malicious; do not use. Audit installations and block outbound traffic to the indicated domain until remediation.

The code fragment demonstrates clear malicious intent embedded within prompts (doxxing, bomb-assembly details, API-safety bypass directives) and a logo signaling malware-focused capabilities. The runtime structure includes legitimate CLI scaffolding and API calls, but the embedded prompts create a credible risk of abuse, data leakage, and non-compliant behavior when integrated into external AI services. This represents a significant red flag for misuse, warranting removal or sanitization of harmful prompts, strict input validation, sandboxing of API interactions, auditing, and enforcing policy-compliant content generation.

The analyzed code is heavily obfuscated and exhibits multiple suspicious behaviors including dynamic code execution, file system manipulation in user directories, and repeated execution via timers. These are strong indicators of malicious intent, such as a backdoor or supply chain compromise. The provided reports are invalid and unhelpful. Without deobfuscation and dynamic analysis, the full extent of maliciousness cannot be confirmed, but the risk is high. It is recommended to treat this package as malicious and avoid its use until a thorough clean analysis is performed.

Live on npm for 4 hours and 37 minutes before removal. Socket users were protected even while the package was live.

This file is a compact obfuscated loader that decodes and executes an embedded compressed payload. Because it uses exec on data-originating-from-within-the-file (the blob) and provides no inspection or verification, it is a high supply-chain risk. Treat it as potentially malicious until the decompressed payload is inspected in a safe environment. Do not run in production or privileged contexts.

Live on pypi for 1 day, 17 hours and 37 minutes before removal. Socket users were protected even while the package was live.

The script introduces a clear backdoor risk by appending hardcoded SSH public keys to the ubuntu user's authorized_keys, enabling remote access for those keys without user consent or auditing. This constitutes a high-severity supply-chain and runtime-risk vector, particularly if the script is included in images or deployment tools without disclosure or provenance controls. Recommendation: remove hardcoded keys, implement secure provisioning via verifiable channels, enforce key management with rotation/audit, and add logging and input validation to detect and block unauthorized modifications.

High-risk supply-chain staging indicator: this module embeds a large base64-encoded JavaScript program (data:text/javascript;base64) and uses runtime execution/worker-task orchestration to run a complex document/PDF processing pipeline including parsing/rendering and export/serialization. While some logic resembles legitimate PDF tooling, the “embed-and-execute” packaging is atypical and strongly suggests malicious loader/dropper behavior. Do not trust or deploy without decoding the embedded payload and performing dynamic analysis in a sandbox with network monitoring.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code includes a highly dangerous execute_code tool that evaluates and runs arbitrary JavaScript supplied by the client using AsyncFunction, with direct access to the connected bot, SDK, and loaded actions. This effectively creates a remote code execution/backdoor surface. Combined with dynamic plugin loading from disk and credential/private-key persistence, the overall supply-chain/sabotage risk is high, even if the rest of the functionality appears game-bot focused.

The analyzed fragments are highly obfuscated loaders/packers that manipulate CSS/DOM and reconstruct data via base64 and string operations. While not definitively malicious in the provided slice, the obfuscation level and presence of a known packing tool imply potential non-benign payloads or exfiltration paths in other branches. Treat as suspicious in a dependency review and require thorough deobfuscation, dynamic analysis, and behavioral testing in a safe environment before acceptance into supply chains.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is not obviously obfuscated or directly embedding malware (no hardcoded credentials, no obfuscated payloads, no network exfiltration primitives present). However it intentionally executes arbitrary shell commands (shell=True) and can open terminals to run commands with elevated privileges if the user provides input. The most serious issue is execution of untrusted command strings combined with masking of killed processes as successful (return_code forced to 0 after timeout). If attacker-controlled data reaches steps_json or the interactive prompts, the host can be compromised. Treat this code as high-risk to run with untrusted inputs; it is suitable only in trusted-agent contexts or after strong input validation and safer execution strategies (avoid shell=True, sanitize inputs, do not force success on timeout).

Live on pypi for 5 days, 7 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code is a module that provides functions to create HTTP error objects. It does not appear to contain any obvious malicious behavior, except for the suspicious child process execution that should be further investigated.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The list of URLs is highly suspicious due to the types of domains included, suggesting potential involvement in malicious behavior, such as facilitating access to harmful content or phishing. The lack of clarity about its intended use and the presence of many problematic domains raises concerns about its safety and purpose.

Live on npm for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

Primary risks: the preinstall script executes local code at install time (requires inspection of engine-requirements.js) and the duplicate lru-cache entry across dependencies/devDependencies is a critical red flag per the supplied rules and should be treated as high-risk. No direct evidence of explicit remote code execution (http download piping into node) or overrides/resolutions was observed in this package.json, but install-time execution plus the duplicate dependency increases the chance of supply-chain or malicious behavior. Recommend: inspect engine-requirements.js and verify the lru-cache package provenance and why it appears in both sections; audit transitive dependencies before trusting this package.

This package executes a local postinstall script (postInstall.cjs) during npm install, which is a high-risk action because it allows arbitrary code execution on the installer's machine. The declared dependencies 'fs' and 'util' are suspicious because they shadow Node core modules and may indicate typosquatting or malicious packages. Without inspecting postInstall.cjs and the content of the listed dependency packages, this package should be considered high risk. Recommend not installing until you: (1) review postInstall.cjs contents, (2) verify that the 'fs' and 'util' npm packages are intentional and safe (or remove them), and (3) run installs in an isolated environment if necessary.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

This dependency/module embeds a high-risk capability: an HTTP POST endpoint starts an external local executable/script named "9remote" from a path derived at runtime (next to process.execPath), suppresses the child’s stdio, and manages its lifecycle via signal handlers. Even without visible network exfiltration in this snippet, the spawn-on-web-request pattern is strongly inconsistent with benign application routing and warrants immediate review of the packaged "9remote" binary/script, its authorization model for calling the endpoint, and containment/removal if not explicitly intended by the project.

This file shows clear signs of tampering: key functionality that appears to configure and connect to PostgreSQL has been replaced by injected mocks (MOCK_MULTI_FUNCTION and assigned mock objects) with comments explicitly stating "BYPASS LICENSE CHECK" and similar. That is a supply-chain integrity issue — the module no longer performs its original DB/configure/authorization behavior and instead uses in-memory mocks that could hide or alter logic. The debug logger writes arbitrary data to a log file under control of an env var and may leak sensitive data if enabled. There is no direct evidence of network exfiltration or remote backdoor behavior in this fragment, but the injected bypass of license/DB config and the presence of obfuscated/dead code increases risk. I recommend treating this package as tampered with: restore from a trusted upstream source, audit the repository/history for the patch that injected the mocks, and search for other modifications. If the original package was expected to contact a real DB and enforce a license, this modification could allow unauthorized usage or hide operations. Replace or remove the injected mocks and the debug logging in production.

Live on npm for 1 day, 21 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This VS Code extension automatically collects identifiable system and environment information upon activation and exfiltrates it to a hardcoded external endpoint without user consent. On activation (with a 2-second delay), the extension harvests: username (process.env.USER/USERNAME), home directory (process.env.HOME/USERPROFILE), hostname (os.hostname()), platform, architecture, and timestamp. This data is serialized as JSON and sent via HTTPS POST to webhook[.]site/4fb4f536-753c-40de-97e1-15d661a62b85. The same exfiltration function can also be triggered manually via the 'systemAuditLogger.testWebhook' command. There is no opt-in mechanism, no user consent prompt, and no configuration to disable or redirect the data transmission. The webhook[.]site service is a public HTTP request capture tool commonly used for covert data collection. The extension name suggests it may be impersonating internal corporate infrastructure tooling (Coupang), adding a social engineering dimension to the supply-chain risk. No obfuscation or dynamic code execution is present, but the automatic exfiltration of PII to a third-party endpoint constitutes data theft.

This file systematically collects extensive host and environment details—including environment variables, SSH keys, AWS credentials, Kubernetes service-account tokens, container metadata, CI/CD context, file system contents and process information—and exfiltrates everything to attacker-controlled infrastructure. Data is sent as JSON via HTTP POST to http://lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun/callback and covertly over DNS queries to lmrjetamceuhysjfozmp7wnt2rwtssugg[.]oast[.]fun. This constitutes a high-risk supply-chain credential harvesting/backdoor module. Remove it immediately and audit any systems where it ran for potential compromise.

This script performs potentially dangerous operations: it gathers local source and metadata and uploads them to remote services, reads credentials from environment variables and obtains a token which it forwards to a local service, and includes a hard-coded API key used to call an external execution endpoint. These behaviors constitute data-exfiltration and credential-leakage risks. While there is no explicit evidence of destructive malware (no reverse shell, no obfuscation, no direct system-damage commands), the presence of embedded secrets and automatic upload/execution of local code make this high-risk in terms of supply-chain or privacy/security exposure. I recommend not running this code in sensitive environments, removing hardcoded keys, and avoiding automatic upload of local source without explicit, authenticated, and audited consent.

Live on pypi for 3 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This file implements a TCP server that listens on 0.0.0.0:12345, accepts connections from any IP address, and executes arbitrary shell commands received from the network using shell=True. No authentication or authorization is enforced, allowing anyone with network access to run commands on the host. This behavior poses a severe risk of remote code execution, effectively functioning as an unauthenticated backdoor if deployed on exposed systems.

This module is a high-suspicion reflective PE loader. It reads (or accepts) PE bytes, allocates PAGE_EXECUTE_READWRITE memory, relocates and manually maps PE headers/sections into that executable region using unsafe writes, and then exposes hashed exports as callable addresses. This strongly aligns with malware loader/evasion techniques rather than benign library behavior. No direct network exfiltration or credential theft is shown in this fragment, but the in-memory execution capability is a major security red flag.

This module intentionally mutates Twilio SDK internals to redirect API traffic to https://api.opurva.com and alters the API version. This pattern is a high-confidence supply-chain/backdoor indicator: it enables exfiltration of credentials and message data without implementing explicit network-sending logic in this file. Treat as malicious; do not use. Audit installations and block outbound traffic to the indicated domain until remediation.

The code fragment demonstrates clear malicious intent embedded within prompts (doxxing, bomb-assembly details, API-safety bypass directives) and a logo signaling malware-focused capabilities. The runtime structure includes legitimate CLI scaffolding and API calls, but the embedded prompts create a credible risk of abuse, data leakage, and non-compliant behavior when integrated into external AI services. This represents a significant red flag for misuse, warranting removal or sanitization of harmful prompts, strict input validation, sandboxing of API interactions, auditing, and enforcing policy-compliant content generation.

The analyzed code is heavily obfuscated and exhibits multiple suspicious behaviors including dynamic code execution, file system manipulation in user directories, and repeated execution via timers. These are strong indicators of malicious intent, such as a backdoor or supply chain compromise. The provided reports are invalid and unhelpful. Without deobfuscation and dynamic analysis, the full extent of maliciousness cannot be confirmed, but the risk is high. It is recommended to treat this package as malicious and avoid its use until a thorough clean analysis is performed.

Live on npm for 4 hours and 37 minutes before removal. Socket users were protected even while the package was live.

This file is a compact obfuscated loader that decodes and executes an embedded compressed payload. Because it uses exec on data-originating-from-within-the-file (the blob) and provides no inspection or verification, it is a high supply-chain risk. Treat it as potentially malicious until the decompressed payload is inspected in a safe environment. Do not run in production or privileged contexts.

Live on pypi for 1 day, 17 hours and 37 minutes before removal. Socket users were protected even while the package was live.

The script introduces a clear backdoor risk by appending hardcoded SSH public keys to the ubuntu user's authorized_keys, enabling remote access for those keys without user consent or auditing. This constitutes a high-severity supply-chain and runtime-risk vector, particularly if the script is included in images or deployment tools without disclosure or provenance controls. Recommendation: remove hardcoded keys, implement secure provisioning via verifiable channels, enforce key management with rotation/audit, and add logging and input validation to detect and block unauthorized modifications.