Secure your dependencies. Ship with confidence.

This code automatically creates credentials in an n8n instance and then forwards user-identifying information (CustomerID, DisplayName, PhoneNumber) and the newly created credential ID to an external endpoint (paradisehrm.com). It also contains a hardcoded username and long password-like string used when posting to that external endpoint and prints API key fragments to logs. These behaviors strongly resemble unauthorized data exfiltration or at minimum a privacy-violating integration that embeds static secrets. I recommend treating this code as suspicious: remove or audit the external POST to paradisehrm.com, remove embedded secrets, and ensure any credential provisioning and data sharing is explicit and documented.

This module is not obviously malware (no network exfiltration, shells, or obfuscation) but contains multiple severe security issues: pervasive dynamic SQL construction without safe parameterization and direct execution of externally-supplied SQL (report_data.function) create high risk of SQL injection and arbitrary query execution. The get_custom_datas function contains large malformed code fragments which are suspicious and indicate either repository corruption or a hidden/modified payload; this should be investigated. Overall: not malicious by intent based on available code, but poses a significant security risk and should NOT be trusted in environments processing untrusted input without code fixes (use parameterized queries, validate report SQL, remove/repair malformed code, and audit logging).

The code is a high-risk auto-installer that automatically fetches and installs a binary package from external sources without verifying integrity or provenance. While this behavior could be legitimate in controlled environments, it constitutes a significant supply-chain risk due to potential tampering, dependency confusion, or redirection to malicious payloads. The insecure temporary file handling (mktemp -u) and absence of validation further amplify risk. Recommend prohibiting automatic remote installation in public packages, requiring cryptographic verification, version pinning, and user-confirmed installations.

This module implements a high-impact supply-chain/persistence pattern: it overwrites the globally installed npm CLI entrypoint to require and execute a hook module it writes into the global npm installation tree, calling zpmc.before()/zpmc.after(...) on future npm runs. While the snippet does not show the hook’s internal behavior, the injection and persistence mechanism is strongly consistent with malicious tampering risk. Registry switching further increases potential for dependency redirection. Only the generated template/hook contents (../zpmc/npm.js) would confirm the exact maliciousness.

No malicious behavior detected. This is a standard Webpack CSS loader helper used in Vue projects. Security risk is low, with attention to ensuring build-time configuration and environment access remain controlled. Confidence: high for correctness of assessment given code context.

This module exhibits multiple strong indicators of malicious behavior: heavy obfuscation, embedded encrypted payloads with hardcoded AES key/IV, RSA/Hash verification logic, runtime decryption of resources, use of kernel32 native APIs (VirtualAlloc/WriteProcessMemory/VirtualProtect/OpenProcess/LoadLibrary/GetProcAddress) via delegates, writing/executing memory and dynamic method trampolines. The code flows read encrypted resources -> decrypt -> allocate/write executable memory -> change protections -> prepare/invoke delegates — consistent with an in-memory loader/reflective DLL injector or shellcode runner. I assess this as malicious and high risk: do not run or include in trusted builds. If you found this in a dependency, remove it and investigate upstream source and compromise.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

The code exhibits malicious behavior by sending environment variables to a remote server, which can lead to data theft. The domain used is obfuscated, indicating an attempt to hide the true destination.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The code contains several security risks, including uninitialized variables, hardcoded credentials, and the potential for unauthorized access through SSH. Proper validation and error handling are lacking, which could lead to exploitation. The overall risk and malware scores reflect these concerns.

Live on pypi for 117 days, 8 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

This file implements a malicious supply chain attack that masquerades as a local image processing library while actually exfiltrating user files and data to remote servers. The code mimics the Sharp library API to deceive users into unknowingly transmitting potentially sensitive image data externally. All image processing operations (resize, crop, format conversion, etc.) are queued and sent to external endpoints at api[.]lipo[.]io (or localhost:3000 in development mode). User files are streamed directly via fs.createReadStream() and buffer data is transmitted through FormData POST requests. The malicious code uses environment variables (LIPO_KEY) for API authentication and deliberately obscures the fact that no local processing occurs. Users calling standard image processing methods unknowingly send their data to third-party servers, making this a serious data exfiltration threat disguised as legitimate functionality.

This module is not obviously containing intentionally hidden malware in itself (no obfuscation or hardcoded exfiltration), but it provides powerful primitives that make it high risk in a supply-chain context. The primary risks are arbitrary shell execution (subprocess.Popen with shell=True on external data) and unsanitized file writes (append to arbitrary paths). Combined with opaque external agents that produce steps and may perform network I/O, this creates a moderate-to-high security risk: an attacker who can influence step data, agent outputs, or stdin can execute commands, modify files, and potentially exfiltrate data. Strong mitigation (whitelisting allowed commands, validating file paths to restrict writes within repo, running with least privilege, auditing agent communications) is required before trusting this code in production.

Live on pypi for 5 days, 4 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This code is malicious. It performs anti-debug/sandbox evasion and collects and exfiltrates sensitive data: environment variables (including tokens/keys), local secret files (.env, npmrc, shell configs), SSH private keys, Docker/Git configs, Kubernetes tokens/CA, and instance cloud credentials via metadata endpoints (IMDS/GCP/Azure). Network exfiltration occurs via https.request to an encoded remote endpoint with jittered chunking and retry logic.

The code contains several security risks including hardcoded credentials, lack of input validation, and potential for arbitrary code execution. It is advised to review and improve the security of the code before use.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The script itself is not directly malicious: it contains typical build orchestration commands and no embedded credentials or network code. The critical supply-chain concerns are: (1) runtime download-and-execute of @latest via npx (remote code execution risk, non-deterministic), (2) execution of local opaque scripts and npm-defined scripts without integrity checks, and (3) destructive -D behavior in the transpiler. Recommend pinning tool versions, verifying checksums/signatures, auditing patch-apply.sh and npm scripts, disabling verbose logging in CI (remove set -x), and avoiding running npx@latest in high-threat environments without verification. Overall, low probability this file alone is malicious but moderate security risk due to executed external components.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This source implements a deliberately labeled 'file exfiltration' HTTPS server: it accepts unauthenticated HTTP requests over TLS, logs request contents and client addresses to a root-owned log file and stderr, and is configured with hardcoded certificate and private key paths. The code is highly suspicious and appears intentionally designed to receive and persist exfiltrated data. Treat as malicious; do not deploy. If encountered in a repository or system, perform incident response: determine origin, check for matching network listeners, validate presence of the referenced cert/key, and inspect /logs/access.log for exfiltrated content and indexing of clients.

The getCookies function performs a normal Instagram login by fetching CSRF cookies and posting credentials to i[.]instagram[.]com/api/v1/accounts/login/. Immediately afterward, it unconditionally POSTs a JSON payload containing the supplied username, plaintext password, serialized request body, and response body to https[:]//reelsaver[.]appit-online[.]de/v2/insta/check, enabling remote credential harvesting. It also persists instaUserName and instaUserId to disk via node-localstorage, facilitating victim identification. This behavior constitutes a backdoor/data exfiltration channel — do not use this code with real credentials; rotate any impacted passwords.

The package contains heavily obfuscated code that interacts with an Ethereum smart contract to retrieve data used in constructing a download URL specific to the user's operating system. Without user consent or validation, the code downloads an executable file from this URL and executes it in the background. This behavior allows for the execution of malicious code on the user's system.

This file is part of a C2/implant framework (Sliver) and explicitly builds, retrieves, and delivers shellcode and in-memory assemblies to remote implants. Behavior includes generation of payloads, optional encoding, and remote invocation via GenericHandler — all actions that enable unauthorized remote code execution and post-exploitation operations. There are also lower-severity implementation issues (insufficient bounds checking in PE parsing and use of Fatal on parsing errors). If present in a dependency for benign software, this is a severe supply-chain red flag. Use is appropriate only in controlled/authorized contexts.

This skill/instruction set is a legitimate, operational guide for Kubernetes secrets management. It contains standard high-privilege operations (etcd access, KMS integration, IAM role creation, installing cluster controllers) and remote downloads of controller manifests and CLI binaries. The primary risks are operational/supply-chain: executing remote manifests and binaries without verification, running high-privilege commands, and the possibility that operators copy example plaintext secrets or unsecured backups into version control. There is no evidence in the provided content of deliberate credential harvesting, backdoors, obfuscation, or exfiltration to attacker-controlled domains. Recommended mitigations: pin and verify downloaded artifacts (use checksums or signed releases), avoid committing plaintext secrets or backups to Git, apply least-privilege IAM/RBAC policies, audit third-party controllers before installation, and restrict etcd access.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This preinstall script is suspicious and high-risk: it escapes the package directory and runs npm install in the ancestor directory, causing installation and execution of code in the parent project. This can lead to untrusted code execution, unexpected modifications to the consumer project, and supply-chain abuse. The dependency specs themselves are normal semver versions, but the lifecycle behavior warrants treating this package as malware/hostile or at least highly risky.

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

This code automatically creates credentials in an n8n instance and then forwards user-identifying information (CustomerID, DisplayName, PhoneNumber) and the newly created credential ID to an external endpoint (paradisehrm.com). It also contains a hardcoded username and long password-like string used when posting to that external endpoint and prints API key fragments to logs. These behaviors strongly resemble unauthorized data exfiltration or at minimum a privacy-violating integration that embeds static secrets. I recommend treating this code as suspicious: remove or audit the external POST to paradisehrm.com, remove embedded secrets, and ensure any credential provisioning and data sharing is explicit and documented.

This module is not obviously malware (no network exfiltration, shells, or obfuscation) but contains multiple severe security issues: pervasive dynamic SQL construction without safe parameterization and direct execution of externally-supplied SQL (report_data.function) create high risk of SQL injection and arbitrary query execution. The get_custom_datas function contains large malformed code fragments which are suspicious and indicate either repository corruption or a hidden/modified payload; this should be investigated. Overall: not malicious by intent based on available code, but poses a significant security risk and should NOT be trusted in environments processing untrusted input without code fixes (use parameterized queries, validate report SQL, remove/repair malformed code, and audit logging).

The code is a high-risk auto-installer that automatically fetches and installs a binary package from external sources without verifying integrity or provenance. While this behavior could be legitimate in controlled environments, it constitutes a significant supply-chain risk due to potential tampering, dependency confusion, or redirection to malicious payloads. The insecure temporary file handling (mktemp -u) and absence of validation further amplify risk. Recommend prohibiting automatic remote installation in public packages, requiring cryptographic verification, version pinning, and user-confirmed installations.

This module implements a high-impact supply-chain/persistence pattern: it overwrites the globally installed npm CLI entrypoint to require and execute a hook module it writes into the global npm installation tree, calling zpmc.before()/zpmc.after(...) on future npm runs. While the snippet does not show the hook’s internal behavior, the injection and persistence mechanism is strongly consistent with malicious tampering risk. Registry switching further increases potential for dependency redirection. Only the generated template/hook contents (../zpmc/npm.js) would confirm the exact maliciousness.

No malicious behavior detected. This is a standard Webpack CSS loader helper used in Vue projects. Security risk is low, with attention to ensuring build-time configuration and environment access remain controlled. Confidence: high for correctness of assessment given code context.

This module exhibits multiple strong indicators of malicious behavior: heavy obfuscation, embedded encrypted payloads with hardcoded AES key/IV, RSA/Hash verification logic, runtime decryption of resources, use of kernel32 native APIs (VirtualAlloc/WriteProcessMemory/VirtualProtect/OpenProcess/LoadLibrary/GetProcAddress) via delegates, writing/executing memory and dynamic method trampolines. The code flows read encrypted resources -> decrypt -> allocate/write executable memory -> change protections -> prepare/invoke delegates — consistent with an in-memory loader/reflective DLL injector or shellcode runner. I assess this as malicious and high risk: do not run or include in trusted builds. If you found this in a dependency, remove it and investigate upstream source and compromise.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

The code exhibits malicious behavior by sending environment variables to a remote server, which can lead to data theft. The domain used is obfuscated, indicating an attempt to hide the true destination.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The code contains several security risks, including uninitialized variables, hardcoded credentials, and the potential for unauthorized access through SSH. Proper validation and error handling are lacking, which could lead to exploitation. The overall risk and malware scores reflect these concerns.

Live on pypi for 117 days, 8 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

This file implements a malicious supply chain attack that masquerades as a local image processing library while actually exfiltrating user files and data to remote servers. The code mimics the Sharp library API to deceive users into unknowingly transmitting potentially sensitive image data externally. All image processing operations (resize, crop, format conversion, etc.) are queued and sent to external endpoints at api[.]lipo[.]io (or localhost:3000 in development mode). User files are streamed directly via fs.createReadStream() and buffer data is transmitted through FormData POST requests. The malicious code uses environment variables (LIPO_KEY) for API authentication and deliberately obscures the fact that no local processing occurs. Users calling standard image processing methods unknowingly send their data to third-party servers, making this a serious data exfiltration threat disguised as legitimate functionality.

This module is not obviously containing intentionally hidden malware in itself (no obfuscation or hardcoded exfiltration), but it provides powerful primitives that make it high risk in a supply-chain context. The primary risks are arbitrary shell execution (subprocess.Popen with shell=True on external data) and unsanitized file writes (append to arbitrary paths). Combined with opaque external agents that produce steps and may perform network I/O, this creates a moderate-to-high security risk: an attacker who can influence step data, agent outputs, or stdin can execute commands, modify files, and potentially exfiltrate data. Strong mitigation (whitelisting allowed commands, validating file paths to restrict writes within repo, running with least privilege, auditing agent communications) is required before trusting this code in production.

Live on pypi for 5 days, 4 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This code is malicious. It performs anti-debug/sandbox evasion and collects and exfiltrates sensitive data: environment variables (including tokens/keys), local secret files (.env, npmrc, shell configs), SSH private keys, Docker/Git configs, Kubernetes tokens/CA, and instance cloud credentials via metadata endpoints (IMDS/GCP/Azure). Network exfiltration occurs via https.request to an encoded remote endpoint with jittered chunking and retry logic.

The code contains several security risks including hardcoded credentials, lack of input validation, and potential for arbitrary code execution. It is advised to review and improve the security of the code before use.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The script itself is not directly malicious: it contains typical build orchestration commands and no embedded credentials or network code. The critical supply-chain concerns are: (1) runtime download-and-execute of @latest via npx (remote code execution risk, non-deterministic), (2) execution of local opaque scripts and npm-defined scripts without integrity checks, and (3) destructive -D behavior in the transpiler. Recommend pinning tool versions, verifying checksums/signatures, auditing patch-apply.sh and npm scripts, disabling verbose logging in CI (remove set -x), and avoiding running npx@latest in high-threat environments without verification. Overall, low probability this file alone is malicious but moderate security risk due to executed external components.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This source implements a deliberately labeled 'file exfiltration' HTTPS server: it accepts unauthenticated HTTP requests over TLS, logs request contents and client addresses to a root-owned log file and stderr, and is configured with hardcoded certificate and private key paths. The code is highly suspicious and appears intentionally designed to receive and persist exfiltrated data. Treat as malicious; do not deploy. If encountered in a repository or system, perform incident response: determine origin, check for matching network listeners, validate presence of the referenced cert/key, and inspect /logs/access.log for exfiltrated content and indexing of clients.

The getCookies function performs a normal Instagram login by fetching CSRF cookies and posting credentials to i[.]instagram[.]com/api/v1/accounts/login/. Immediately afterward, it unconditionally POSTs a JSON payload containing the supplied username, plaintext password, serialized request body, and response body to https[:]//reelsaver[.]appit-online[.]de/v2/insta/check, enabling remote credential harvesting. It also persists instaUserName and instaUserId to disk via node-localstorage, facilitating victim identification. This behavior constitutes a backdoor/data exfiltration channel — do not use this code with real credentials; rotate any impacted passwords.

The package contains heavily obfuscated code that interacts with an Ethereum smart contract to retrieve data used in constructing a download URL specific to the user's operating system. Without user consent or validation, the code downloads an executable file from this URL and executes it in the background. This behavior allows for the execution of malicious code on the user's system.

This file is part of a C2/implant framework (Sliver) and explicitly builds, retrieves, and delivers shellcode and in-memory assemblies to remote implants. Behavior includes generation of payloads, optional encoding, and remote invocation via GenericHandler — all actions that enable unauthorized remote code execution and post-exploitation operations. There are also lower-severity implementation issues (insufficient bounds checking in PE parsing and use of Fatal on parsing errors). If present in a dependency for benign software, this is a severe supply-chain red flag. Use is appropriate only in controlled/authorized contexts.

This skill/instruction set is a legitimate, operational guide for Kubernetes secrets management. It contains standard high-privilege operations (etcd access, KMS integration, IAM role creation, installing cluster controllers) and remote downloads of controller manifests and CLI binaries. The primary risks are operational/supply-chain: executing remote manifests and binaries without verification, running high-privilege commands, and the possibility that operators copy example plaintext secrets or unsecured backups into version control. There is no evidence in the provided content of deliberate credential harvesting, backdoors, obfuscation, or exfiltration to attacker-controlled domains. Recommended mitigations: pin and verify downloaded artifacts (use checksums or signed releases), avoid committing plaintext secrets or backups to Git, apply least-privilege IAM/RBAC policies, audit third-party controllers before installation, and restrict etcd access.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This preinstall script is suspicious and high-risk: it escapes the package directory and runs npm install in the ancestor directory, causing installation and execution of code in the parent project. This can lead to untrusted code execution, unexpected modifications to the consumer project, and supply-chain abuse. The dependency specs themselves are normal semver versions, but the lifecycle behavior warrants treating this package as malware/hostile or at least highly risky.

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.