Secure your dependencies. Ship with confidence.

Highly suspicious: the module collects local username and hostname and exfiltrates them via an outbound DNS lookup to a hardcoded OAST-style domain (`*.oast.fun`) by embedding the values into the queried subdomain. This is consistent with covert data leakage and out-of-band signaling. Treat as malicious/unsafe.

Live on npm for 2 days and 17 hours before removal. Socket users were protected even while the package was live.

This module is a clear HTTP flooding/denial-of-service tool: it constructs and runs many threads to open HTTP connections to arbitrary, caller-specified URLs at a configurable high rate. It lacks any safety checks, validation, or consent mechanisms. The supplied snippet is also syntactically incomplete (truncated exception handler), showing poor code quality or an incomplete sample. Because the code enables abusive network activity and resource exhaustion, it represents a high security risk and should not be included or executed in trusted systems. Treat as malicious/abusive tooling unless explicit, auditable intent and safeguards are documented and enforced.

This file programmatically builds and runs highly obfuscated PowerShell payloads that disable the Windows Antimalware Scan Interface (AMSI) and patch Event Tracing for Windows (ETW). It reads external templates (AMSI-Bypass.ps1.template and ETW-Patch.ps1.template), injects randomized function and variable names, converts each string literal into arithmetic character/byte expressions (e.g., [Char](value–rand) or [Char]([Byte] …)), and randomizes keyword casing to evade signature-based detection. The assembled scripts are executed via get_command_output on a supplied SyncRunspacePool (remote PowerShell runspace) without any authorization or safety checks. Originates from code derived from github[.]com/Hackplayers/evil-winrm. Such behavior—stealthily disabling endpoint defenses—is characteristic of malware and poses a critical security risk.

The source code contains a malicious backdoor that stealthily exfiltrates sensitive git repository information and package version to a suspicious external server. This represents a high security risk and a serious supply chain compromise. Immediate removal or remediation of this code is strongly recommended.

This code fragment is highly indicative of credential/session artifact harvesting for an authenticated “desktop connect” flow. It injects browser hooks to capture targeted POST request headers (ctg-*), collects device fingerprint data, and persists these along with auth.secretKey to a local JSON file. The combination of targeted endpoint interception, device fingerprinting, secretKey persistence, and verification automation components (OCR/Telegram support) presents a serious supply-chain security risk and warrants strict avoidance/review when included as a dependency.

This code functions as a malicious browser agent/backdoor designed for reconnaissance, credential/token harvesting, active exploitation (XSS/CSP/postMessage), persistence via service worker and storage, and remote command-and-control via WebSockets. It includes anti-analysis measures and social-engineering UI to prompt extension installation. It should be considered malicious and dangerous; do not deploy or include in production. Immediate remediation: remove package, revoke any installed service-workers/local storage entries, rotate any exposed credentials, and investigate network connections to the configured C2/WS endpoints.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This module is a high-severity supply-chain/client-compromise risk. It retrieves JavaScript from a caller-specified URL (or from cached content) and executes it via `eval` without integrity or sandboxing. The evaluated code can register components through exposed globals (`window.module`/`window.require`) and those components are rendered dynamically, enabling attacker-controlled behavior, UI hijacking, and potential data theft within the page context. Even absent explicit malicious intent, the capability is inherently dangerous and should be treated as an extreme security finding.

This code contains a critical supply chain attack. The broadcast method ignores user input and always executes a hardcoded cryptocurrency transfer before throwing a NotImplemented exception to hide the malicious behavior. Every application using this service will attempt unauthorized token transfers.

This module enables high-severity client-side code execution: it fetches untrusted HTML as text, extracts embedded <script> contents, and executes them via eval(). It also renders untrusted HTML using DomSanitizer.bypassSecurityTrustHtml, bypassing Angular’s XSS defenses. Additional risk comes from dynamic router reconfiguration based on remote/local navigation data and from exposing callable methods on the global window object via JsBridge. Whether it is ‘malware’ depends on upstream trust and control, but the security risk is extremely high and warrants immediate review/containment (e.g., remove eval, enforce sanitization/allowlists, and add integrity controls).

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This package will execute arbitrary JavaScript from its bundled postinstall.mjs during installation (via bun or node). That behavior is potentially dangerous because the script can perform filesystem changes, network calls, spawn processes, or install persistent hooks. Treat this as a moderate-to-high security risk until you review the contents of postinstall.mjs (and any scripts it loads or downloads) and the ./bin/bincode executable.

Live on npm for 5 hours and 3 minutes before removal. Socket users were protected even while the package was live.

The analyzed source code is primarily a legitimate implementation of the SweetAlert2 modal popup library. However, it contains a malicious hidden code block that targets Russian users visiting Russian domains by disabling all pointer events on the page and forcibly playing the Ukrainian anthem audio on loop after 3 days from first visit. This behavior constitutes a serious supply chain security incident involving forced denial of user interaction and unwanted network activity without user consent. The code is not obfuscated but includes a politically motivated sabotage. Users of this library should be aware of this malicious behavior and consider it a high security risk.

This snippet performs direct exfiltration of authenticated page content to a hardcoded external webhook. It is high risk and likely malicious or at minimum a severe privacy bug / accidental data leak. Treat as a security incident: remove the code, investigate its introduction, rotate exposed credentials/session tokens, and block the external destination.

This code represents an intrusive scaffolding/config-helper plugin that can dramatically alter a project’s structure, configuration, and dependencies based on decrypted embedded assets and registry data. While it could be legitimate for tightly controlled templating workflows, the presence of hard-coded cryptographic keys, automatic generation of core config, and dynamic dependency rewriting raise substantial supply-chain and runtime integrity concerns. Without clear provenance, user consent, and robust validation of decrypted payloads, this code should be treated as high-risk for any ecosystem where integrity is critical.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

This module itself does not contain obvious obfuscated malware (no encoded payloads, hardcoded secrets, network exfiltration code). However it provides powerful primitives (subprocess with shell=True, ability to change directories, write files and open OS terminals) that allow arbitrary code execution and file modification when given untrusted inputs (steps_json, user inputs, or compromised upstream agents). Therefore the package is high-risk in supply-chain contexts: if an upstream component or dependency is malicious, this code can be used to execute arbitrary commands on the host. Use only with trusted inputs and add sanitization and restrictions before use.

Live on pypi for 5 days, 5 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The fragment is a legitimate usage guide for Together AI's TTS/STT capabilities and does not present malicious behavior within the provided scope. The primary risks are typical for API documentation: exposure of API keys in examples and data transmitted to external endpoints; no evidence of hidden payloads, credential harvesting, or autonomous actions. Overall security risk is low-to-moderate due to potential misuse of API keys in shared contexts; ensure proper secret management and adherence to least-privilege access when integrating.

This assembly contains strongly suspicious behavior: obfuscated unpacking/decryption of embedded resources and use of Windows native APIs (VirtualAlloc/WriteProcessMemory/OpenProcess/VirtualProtect/LoadLibrary/GetProcAddress) capable of injecting or loading code at runtime. It also embeds symmetric key material and performs runtime RSA operations and integrity checks. While there are benign utility classes for ClearScript, the presence of a decryption + native memory write + dynamic delegate creation pattern matches a loader/injector and presents a high supply-chain risk. I recommend blocking or isolating this package and performing deeper dynamic analysis in a sandbox. Treat as potentially malicious.

The source code contains potential security risks, particularly related to command execution and unsafe permissions. Proper validation and sanitization of inputs are crucial to mitigate these risks. The overall assessment indicates a moderate level of concern regarding security.

Highly suspicious: the module collects local username and hostname and exfiltrates them via an outbound DNS lookup to a hardcoded OAST-style domain (`*.oast.fun`) by embedding the values into the queried subdomain. This is consistent with covert data leakage and out-of-band signaling. Treat as malicious/unsafe.

Live on npm for 2 days and 17 hours before removal. Socket users were protected even while the package was live.

This module is a clear HTTP flooding/denial-of-service tool: it constructs and runs many threads to open HTTP connections to arbitrary, caller-specified URLs at a configurable high rate. It lacks any safety checks, validation, or consent mechanisms. The supplied snippet is also syntactically incomplete (truncated exception handler), showing poor code quality or an incomplete sample. Because the code enables abusive network activity and resource exhaustion, it represents a high security risk and should not be included or executed in trusted systems. Treat as malicious/abusive tooling unless explicit, auditable intent and safeguards are documented and enforced.

This file programmatically builds and runs highly obfuscated PowerShell payloads that disable the Windows Antimalware Scan Interface (AMSI) and patch Event Tracing for Windows (ETW). It reads external templates (AMSI-Bypass.ps1.template and ETW-Patch.ps1.template), injects randomized function and variable names, converts each string literal into arithmetic character/byte expressions (e.g., [Char](value–rand) or [Char]([Byte] …)), and randomizes keyword casing to evade signature-based detection. The assembled scripts are executed via get_command_output on a supplied SyncRunspacePool (remote PowerShell runspace) without any authorization or safety checks. Originates from code derived from github[.]com/Hackplayers/evil-winrm. Such behavior—stealthily disabling endpoint defenses—is characteristic of malware and poses a critical security risk.

The source code contains a malicious backdoor that stealthily exfiltrates sensitive git repository information and package version to a suspicious external server. This represents a high security risk and a serious supply chain compromise. Immediate removal or remediation of this code is strongly recommended.

This code fragment is highly indicative of credential/session artifact harvesting for an authenticated “desktop connect” flow. It injects browser hooks to capture targeted POST request headers (ctg-*), collects device fingerprint data, and persists these along with auth.secretKey to a local JSON file. The combination of targeted endpoint interception, device fingerprinting, secretKey persistence, and verification automation components (OCR/Telegram support) presents a serious supply-chain security risk and warrants strict avoidance/review when included as a dependency.

This code functions as a malicious browser agent/backdoor designed for reconnaissance, credential/token harvesting, active exploitation (XSS/CSP/postMessage), persistence via service worker and storage, and remote command-and-control via WebSockets. It includes anti-analysis measures and social-engineering UI to prompt extension installation. It should be considered malicious and dangerous; do not deploy or include in production. Immediate remediation: remove package, revoke any installed service-workers/local storage entries, rotate any exposed credentials, and investigate network connections to the configured C2/WS endpoints.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This module is a high-severity supply-chain/client-compromise risk. It retrieves JavaScript from a caller-specified URL (or from cached content) and executes it via `eval` without integrity or sandboxing. The evaluated code can register components through exposed globals (`window.module`/`window.require`) and those components are rendered dynamically, enabling attacker-controlled behavior, UI hijacking, and potential data theft within the page context. Even absent explicit malicious intent, the capability is inherently dangerous and should be treated as an extreme security finding.

This code contains a critical supply chain attack. The broadcast method ignores user input and always executes a hardcoded cryptocurrency transfer before throwing a NotImplemented exception to hide the malicious behavior. Every application using this service will attempt unauthorized token transfers.

This module enables high-severity client-side code execution: it fetches untrusted HTML as text, extracts embedded <script> contents, and executes them via eval(). It also renders untrusted HTML using DomSanitizer.bypassSecurityTrustHtml, bypassing Angular’s XSS defenses. Additional risk comes from dynamic router reconfiguration based on remote/local navigation data and from exposing callable methods on the global window object via JsBridge. Whether it is ‘malware’ depends on upstream trust and control, but the security risk is extremely high and warrants immediate review/containment (e.g., remove eval, enforce sanitization/allowlists, and add integrity controls).

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This package will execute arbitrary JavaScript from its bundled postinstall.mjs during installation (via bun or node). That behavior is potentially dangerous because the script can perform filesystem changes, network calls, spawn processes, or install persistent hooks. Treat this as a moderate-to-high security risk until you review the contents of postinstall.mjs (and any scripts it loads or downloads) and the ./bin/bincode executable.

Live on npm for 5 hours and 3 minutes before removal. Socket users were protected even while the package was live.

The analyzed source code is primarily a legitimate implementation of the SweetAlert2 modal popup library. However, it contains a malicious hidden code block that targets Russian users visiting Russian domains by disabling all pointer events on the page and forcibly playing the Ukrainian anthem audio on loop after 3 days from first visit. This behavior constitutes a serious supply chain security incident involving forced denial of user interaction and unwanted network activity without user consent. The code is not obfuscated but includes a politically motivated sabotage. Users of this library should be aware of this malicious behavior and consider it a high security risk.

This snippet performs direct exfiltration of authenticated page content to a hardcoded external webhook. It is high risk and likely malicious or at minimum a severe privacy bug / accidental data leak. Treat as a security incident: remove the code, investigate its introduction, rotate exposed credentials/session tokens, and block the external destination.

This code represents an intrusive scaffolding/config-helper plugin that can dramatically alter a project’s structure, configuration, and dependencies based on decrypted embedded assets and registry data. While it could be legitimate for tightly controlled templating workflows, the presence of hard-coded cryptographic keys, automatic generation of core config, and dynamic dependency rewriting raise substantial supply-chain and runtime integrity concerns. Without clear provenance, user consent, and robust validation of decrypted payloads, this code should be treated as high-risk for any ecosystem where integrity is critical.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

This module itself does not contain obvious obfuscated malware (no encoded payloads, hardcoded secrets, network exfiltration code). However it provides powerful primitives (subprocess with shell=True, ability to change directories, write files and open OS terminals) that allow arbitrary code execution and file modification when given untrusted inputs (steps_json, user inputs, or compromised upstream agents). Therefore the package is high-risk in supply-chain contexts: if an upstream component or dependency is malicious, this code can be used to execute arbitrary commands on the host. Use only with trusted inputs and add sanitization and restrictions before use.

Live on pypi for 5 days, 5 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The fragment is a legitimate usage guide for Together AI's TTS/STT capabilities and does not present malicious behavior within the provided scope. The primary risks are typical for API documentation: exposure of API keys in examples and data transmitted to external endpoints; no evidence of hidden payloads, credential harvesting, or autonomous actions. Overall security risk is low-to-moderate due to potential misuse of API keys in shared contexts; ensure proper secret management and adherence to least-privilege access when integrating.

This assembly contains strongly suspicious behavior: obfuscated unpacking/decryption of embedded resources and use of Windows native APIs (VirtualAlloc/WriteProcessMemory/OpenProcess/VirtualProtect/LoadLibrary/GetProcAddress) capable of injecting or loading code at runtime. It also embeds symmetric key material and performs runtime RSA operations and integrity checks. While there are benign utility classes for ClearScript, the presence of a decryption + native memory write + dynamic delegate creation pattern matches a loader/injector and presents a high supply-chain risk. I recommend blocking or isolating this package and performing deeper dynamic analysis in a sandbox. Treat as potentially malicious.

The source code contains potential security risks, particularly related to command execution and unsafe permissions. Proper validation and sanitization of inputs are crucial to mitigate these risks. The overall assessment indicates a moderate level of concern regarding security.