Secure your dependencies. Ship with confidence.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

This package runs a local Node script at install time (both preinstall and postinstall). That behavior is potentially dangerous because preinstall.js will execute arbitrary code with the installer's privileges. You should inspect the contents of preinstall.js before installing. Treat this as suspicious until proven benign.

Live on npm for 7 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This fragment implements immediate remote code execution by fetching text from a hardcoded external URL and passing it directly to exec(), creating a high-likelihood supply-chain/backdoor vector. Treat this code as malicious or extremely dangerous: do not import or run it in production. Replace with safe alternatives (no exec on remote content, use signed updates, sandboxing, or fetch only data). If encountered in a dependency, remove or quarantine the package and perform incident response to determine exposure.

This code poses a serious security risk and should not be used.

The code itself does not show signs of intentionally malicious payload (no obfuscation, no exfiltration code, no hardcoded credentials), but it implements functionality that downloads arbitrary Python code from the network or local paths and imports it into the runtime without integrity checks or sandboxing. That behavior creates a significant supply-chain/remote-code-execution risk if an attacker can control the source repository or if an untrusted module name/path is passed to these functions. Use only with trusted model/module sources, or add integrity/signature verification and stricter path validation before enabling dynamic imports.

The code collects and exfiltrates sensitive system information and environment variables to a remote server, which is indicative of malicious behavior or at the very least a significant privacy violation.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information from the system and sends it to an external server, indicating malicious intent and posing a high security risk.

Live on npm for 25 days, 22 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code is using 'curl' to send sensitive information such as the hostname, username, and current working directory to a remote server using HTTP. This behavior is highly suspicious and could be considered malicious. The user should carefully inspect the destination server and the intended behavior of this script.

The code presents a high security risk due to the use of the 'exec' function without proper validation, allowing for arbitrary code execution and potential data leaks. Hardcoded keys further increase the risk of exposing sensitive information. Caution should be exercised when using this code.

The file contains an embedded, opaque payload that is XOR-decrypted with a hardcoded key and immediately executed via exec(). The combination of obfuscated names, encrypted byte blob, and dynamic execution is a strong indicator of malicious intent or a backdoor-like design. Treat this module as high-risk: avoid execution on trusted hosts, decrypt and audit the payload in a safe environment, and consider the package compromised until proven clean.

The code executes a shell command using child_process.exec to send an HTTP request to an external IP address (http[:]//82[.]65[.]58[.]201:1234/CA_MARCHE_LIODEUS_TEST2_THALES). This suspicious behavior involves network communication to an unverified external server and could be exploited for malicious activities such as data exfiltration or unauthorized remote access.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

This code fragment is suspicious and likely malicious or at least intentionally stealthy/persistent. It prepares and deploys background daemon scripts under disguised filenames into hidden directories inside a target project, writes a config that references a wallets.txt file (indicative of credential access), and spawns a detached/unref'd process to run persistently. Although the fragment does not show the daemon's internal logic or explicit network communication, the installer creates a persistent covert agent with access to project files and environment variables — a common supply-chain backdoor pattern. I recommend treating the package as high-risk, removing it from sensitive environments, and performing a full review of the deployed daemon source files before allowing use.

The analyzed code is highly obfuscated and exhibits multiple clear indicators of malicious behavior including downloading and executing external code, running shell commands with suspicious environment variables, and using dynamic code execution to evade detection. This code should be classified as malware with a high security risk. It poses a significant threat to any system where it is executed and should be treated accordingly.

The code contains several concerning elements, including the installation of packages without user consent and the caching of sensitive user data. These behaviors suggest potential malicious intent and warrant a moderate to high risk assessment.

This source file is part of the Sliver post-exploitation implant agent and implements remote-controlled offensive capabilities: arbitrary command execution, code injection into other processes, dynamic/native extension loading, privilege escalation (token manipulation), registry and service manipulation, and process memory dumping. These are explicit backdoor/malware behaviors. If present in a dependency for legitimate software, it represents a critical supply-chain compromise. It should not be used in production outside of controlled red-team engagements and must be treated as malicious in a general-purpose dependency context.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This code directly compiles and executes command-line input (after Sage preparse) with no sanitization or sandboxing, presenting a high-risk arbitrary code execution vector if inputs are not fully trusted. The snippet contains no explicit malicious payload, but the execution capability is dangerous in untrusted contexts. Only safe for environments where all callers and arguments are trusted; otherwise it should be removed or replaced with restricted evaluation and sandboxing.

Live on PyPI for 1 hour and 55 minutes before removal. Socket users were protected even while the package was live.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

This code appears to be a type validation utility ('LTVal') that contains a malicious obfuscated payload hidden within the verifyPackageIntegrity() method. The code is identical to the previously analyzed sample, using the same base64 encoding technique to hide a reverse shell payload. The legitimate-looking validator functions serve as a cover for the malware's true purpose. Upon execution, the deobfuscated code establishes a reverse shell connection to a command & control server via Pastebin. The malware includes anti-debugging checks and persistence mechanisms to maintain access

The source code is heavily obfuscated and uses eval to execute dynamically decoded code, which is a common technique in malicious scripts. While no explicit malicious actions (such as network communication or data theft) are visible in the snippet, the obfuscation and eval usage pose a high security risk. The provided reports are unusable and do not inform the analysis. Without full deobfuscation and dynamic analysis, the code should be considered suspicious and potentially dangerous. It is recommended to avoid using this code or package until a thorough security review is completed.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on PyPI for 5 days, 4 hours and 32 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

This package runs a local Node script at install time (both preinstall and postinstall). That behavior is potentially dangerous because preinstall.js will execute arbitrary code with the installer's privileges. You should inspect the contents of preinstall.js before installing. Treat this as suspicious until proven benign.

Live on npm for 7 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This fragment implements immediate remote code execution by fetching text from a hardcoded external URL and passing it directly to exec(), creating a high-likelihood supply-chain/backdoor vector. Treat this code as malicious or extremely dangerous: do not import or run it in production. Replace with safe alternatives (no exec on remote content, use signed updates, sandboxing, or fetch only data). If encountered in a dependency, remove or quarantine the package and perform incident response to determine exposure.

This code poses a serious security risk and should not be used.

The code itself does not show signs of intentionally malicious payload (no obfuscation, no exfiltration code, no hardcoded credentials), but it implements functionality that downloads arbitrary Python code from the network or local paths and imports it into the runtime without integrity checks or sandboxing. That behavior creates a significant supply-chain/remote-code-execution risk if an attacker can control the source repository or if an untrusted module name/path is passed to these functions. Use only with trusted model/module sources, or add integrity/signature verification and stricter path validation before enabling dynamic imports.

The code collects and exfiltrates sensitive system information and environment variables to a remote server, which is indicative of malicious behavior or at the very least a significant privacy violation.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information from the system and sends it to an external server, indicating malicious intent and posing a high security risk.

Live on npm for 25 days, 22 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code is using 'curl' to send sensitive information such as the hostname, username, and current working directory to a remote server using HTTP. This behavior is highly suspicious and could be considered malicious. The user should carefully inspect the destination server and the intended behavior of this script.

The code presents a high security risk due to the use of the 'exec' function without proper validation, allowing for arbitrary code execution and potential data leaks. Hardcoded keys further increase the risk of exposing sensitive information. Caution should be exercised when using this code.

The file contains an embedded, opaque payload that is XOR-decrypted with a hardcoded key and immediately executed via exec(). The combination of obfuscated names, encrypted byte blob, and dynamic execution is a strong indicator of malicious intent or a backdoor-like design. Treat this module as high-risk: avoid execution on trusted hosts, decrypt and audit the payload in a safe environment, and consider the package compromised until proven clean.

The code executes a shell command using child_process.exec to send an HTTP request to an external IP address (http[:]//82[.]65[.]58[.]201:1234/CA_MARCHE_LIODEUS_TEST2_THALES). This suspicious behavior involves network communication to an unverified external server and could be exploited for malicious activities such as data exfiltration or unauthorized remote access.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

This code fragment is suspicious and likely malicious or at least intentionally stealthy/persistent. It prepares and deploys background daemon scripts under disguised filenames into hidden directories inside a target project, writes a config that references a wallets.txt file (indicative of credential access), and spawns a detached/unref'd process to run persistently. Although the fragment does not show the daemon's internal logic or explicit network communication, the installer creates a persistent covert agent with access to project files and environment variables — a common supply-chain backdoor pattern. I recommend treating the package as high-risk, removing it from sensitive environments, and performing a full review of the deployed daemon source files before allowing use.

The analyzed code is highly obfuscated and exhibits multiple clear indicators of malicious behavior including downloading and executing external code, running shell commands with suspicious environment variables, and using dynamic code execution to evade detection. This code should be classified as malware with a high security risk. It poses a significant threat to any system where it is executed and should be treated accordingly.

The code contains several concerning elements, including the installation of packages without user consent and the caching of sensitive user data. These behaviors suggest potential malicious intent and warrant a moderate to high risk assessment.

This source file is part of the Sliver post-exploitation implant agent and implements remote-controlled offensive capabilities: arbitrary command execution, code injection into other processes, dynamic/native extension loading, privilege escalation (token manipulation), registry and service manipulation, and process memory dumping. These are explicit backdoor/malware behaviors. If present in a dependency for legitimate software, it represents a critical supply-chain compromise. It should not be used in production outside of controlled red-team engagements and must be treated as malicious in a general-purpose dependency context.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This code directly compiles and executes command-line input (after Sage preparse) with no sanitization or sandboxing, presenting a high-risk arbitrary code execution vector if inputs are not fully trusted. The snippet contains no explicit malicious payload, but the execution capability is dangerous in untrusted contexts. Only safe for environments where all callers and arguments are trusted; otherwise it should be removed or replaced with restricted evaluation and sandboxing.

Live on PyPI for 1 hour and 55 minutes before removal. Socket users were protected even while the package was live.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

This code appears to be a type validation utility ('LTVal') that contains a malicious obfuscated payload hidden within the verifyPackageIntegrity() method. The code is identical to the previously analyzed sample, using the same base64 encoding technique to hide a reverse shell payload. The legitimate-looking validator functions serve as a cover for the malware's true purpose. Upon execution, the deobfuscated code establishes a reverse shell connection to a command & control server via Pastebin. The malware includes anti-debugging checks and persistence mechanisms to maintain access

The source code is heavily obfuscated and uses eval to execute dynamically decoded code, which is a common technique in malicious scripts. While no explicit malicious actions (such as network communication or data theft) are visible in the snippet, the obfuscation and eval usage pose a high security risk. The provided reports are unusable and do not inform the analysis. Without full deobfuscation and dynamic analysis, the code should be considered suspicious and potentially dangerous. It is recommended to avoid using this code or package until a thorough security review is completed.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on PyPI for 5 days, 4 hours and 32 minutes before removal. Socket users were protected even while the package was live.