Secure your dependencies. Ship with confidence.

This code exhibits several suspicious behaviors including encoded hostname transmission, specific string search within files, base64 decoding, and executing subprocesses with decoded data. The overall behavior suggests an attempt to execute hidden or encoded instructions conditionally. The code is likely obfuscated with high probability and poses significant security risks.

Live on pypi for 45 minutes before removal. Socket users were protected even while the package was live.

The analyzed code is a clear malicious backdoor that exfiltrates environment variables to a suspicious external server. It poses a high security risk and should be considered malware. The code is not obfuscated but is intentionally designed to steal sensitive data covertly.

This module is high-risk and appears malicious: it includes anti-debugging and tamper gates, embedded payload decoding, dynamic IL/delegate-based execution, and direct in-memory/self-modifying behavior (notably writing to /proc/self/mem with low-level native memory operations). The visible licensing/encryption API is largely stubbed, further suggesting the meaningful logic is hidden in the runtime unpack/loader path. Treat this dependency as unsafe and investigate/remediate via isolation and full behavioral analysis of the decrypted/injected stage.

The code demonstrates a high-risk persistence vector: it can install a system-wide alias in /usr/local/bin that delegates execution to a local Python package, adjusting ownership and permissions with elevated privileges. While the alias creation is contained within a function, its invocation is not shown, and the pattern itself is dangerous if activated in deployment. This behavior constitutes a supply-chain risk and warrants cautious review or removal unless a clear, user-consented deployment flow is present.

This package looks like a typical frontend project but contains risky elements: a git:// dependency (grapnel) and a dependency appearing in multiple dependency sections (rimraf). The postinstall -> build step will execute build tooling at install time, which can run arbitrary code and therefore should be reviewed together with the resolved sources of all dependencies (especially the git URL). Treat this package as potentially high risk until the git dependency and the duplicate dependency usage are validated.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 1 hour and 41 minutes before removal. Socket users were protected even while the package was live.

This assembly includes a large, intentionally-obfuscated runtime loader that decrypts embedded resources, dynamically resolves and emits delegates, and exposes native process-manipulation primitives (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect). Those behaviors are consistent with code injection/payload loading and are high-risk for supply-chain malicious behavior. The visible WPF IOC parts are normal, but the hidden helper code makes the package unsafe to trust without a full, authenticated provenance review and static/dynamic unpacking of embedded resources. Do not use this package in a trusted environment until the embedded resources and runtime-resolved behaviors are fully audited.

This module is malicious and functions as a supply-chain backdoor: it runs during require(), searches common locations for secrets (flag file, /etc/passwd, environment variables), and exfiltrates findings via a hardcoded webhook, DNS lookups, and writes to likely web-accessible paths. It also attempts to remain stealthy by swallowing errors and exposing a minimal legitimate-looking API. Do not use this package; consider systems that installed it compromised, audit outbound HTTP/DNS logs for the webhook and attacker domain, remove the package, rotate any potentially leaked secrets, and perform a forensic investigation.

This package manifest contains multiple security concerns: it runs a local preinstall script which will execute code during installation; it includes a devDependency fetched via a github: specifier (non-registry source); and the same dependencies appear across multiple dependency sections (dev/peer), which matches a CRITICAL rule for high malware risk. The combination of a preinstall step (arbitrary code execution) and ambiguous/misleading repository metadata raises a significant supply-chain risk. Recommend: inspect the contents of engine-requirements.js before installing, avoid installing in privileged environments, verify the actual source repository and authorship, and treat the package as potentially malicious until provenance and the preinstall script are audited.

This module collects sensitive local data (IPython command history and error tracebacks) and user identifiers, captures the gcloud access token, and sends them to external endpoints (dataset-configured URLs and a hardcoded cloud function). While it may be intended for autograding, the collection and transmission of an access token and full command history without safeguards or explicit consent is a significant privacy and security concern. If the remote endpoints are not trusted, this behavior constitutes credential and data exfiltration. Recommend not using the package until the data flows are audited: remove sending of raw access tokens, avoid uploading full command history/errors (or redact/ask consent), and document/validate remote endpoints.

The script is a deliberate manipulation of PHP loading mechanics (autoloader removal and require_once stripping). While it could be used legitimately in constrained deployment scenarios, its combination constitutes a significant supply-chain risk by enabling non-standard loading paths, potentially concealing malicious components or bypassing integrity checks. Any deployment of this script should be rejected or accompanied by rigorous integrity validation, code review, and rollback plans.

The code attempts to import a network library and, if available, sends a POST request containing hardcoded data (the value 42) to an external endpoint at https://www[.]example[.]ai/?discard=yes&silly=very. In doing so, it demonstrates an intentional effort to exfiltrate data without user consent. In addition, a flag is explicitly set to indicate malicious intent, and there is an infinite loop generating cookie objects which may be intended to exhaust system resources. These actions collectively suggest that the code is designed for malicious purposes.

The code itself does not contain obvious built-in malware (no encoded payloads, no direct network exfiltration, no reverse shell). However it presents significant supply-chain and runtime risks because it dynamically imports and executes arbitrary Python files from filesystem paths and reads environment variables (including potential secrets). If an attacker can place or modify files in the target project directory or control environment variables, they can achieve arbitrary code execution or exfiltrate secrets. Use only with trusted projects and inputs; consider removing or sandboxing dynamic execution and avoid mutable default args. Note: the provided fragment appears truncated at the final instantiation line which is anomalous.

This package contains a preinstall script that sends sensitive information, including the hostname, current user, and current working directory, to a remote server at http://npm_org.bl04szombv0uaoedbxwle53be2ks8h.c.act1on3[.]ru without user consent, indicating malicious behavior.

This code is malicious. It performs unauthorized data exfiltration of system information, environment secrets, and public IP address to a suspicious external domain. The DNS queries and HTTPS POST requests leak sensitive data without user consent, constituting a serious security and privacy risk. The code is not obfuscated but clearly designed for malicious data theft.

Live on npm for 12 days, 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module is a direct reverse TCP shell payload generator for x86 that embeds attacker-controlled callback host and port into raw executable shellcode bytes. Although the snippet does not itself execute or transmit data, the returned payload is explicitly designed for interactive remote shell access when used by an external exploit/payload runner. Overall, it represents clear offensive/malicious capability and should be treated as high risk in any dependency/supply-chain context.

The analyzed source code primarily implements DeFi trading and routing logic without inherent malicious behavior. However, it contains suspicious telemetry functionality that collects and encrypts network configuration data from the user's environment and sends it to an external server 'hardhat.config.heliusnode.org' without clear user consent or opt-out. This behavior constitutes a potential supply chain security risk involving data exfiltration and privacy violation. Users and maintainers should be alerted to this hidden telemetry, and its presence should be carefully audited or removed to ensure trustworthiness of the package.

This code contains a high-risk command injection vulnerability: it concatenates user-supplied file paths and kwargs directly into a shell command passed to os.system without quoting or validation. The usage() helper further risks executing an unintended binary via PATH. There is no evidence of obfuscation or explicit malicious payloads in the fragment, but the pattern enables arbitrary command execution if any input is attacker-controlled. Recommend refactoring to use subprocess with argument lists, validate/whitelist kwargs and file paths, and use an explicit absolute path to the executable.

This file is a high-risk catalog of HTML dangling-markup payloads explicitly designed to bypass CSP/script restrictions and exfiltrate page content to an attacker-controlled domain. Treat entries as malicious input: do not render or store them where they could reach HTML rendering contexts without strict sanitization and CSP. Remediation: remove or quarantine the catalog if not required for legitimate testing, sanitize/escape user input, enforce strict CSP and origin restrictions for resource/form targets, and audit any places that reflect user-supplied HTML.

This code exhibits several suspicious behaviors including encoded hostname transmission, specific string search within files, base64 decoding, and executing subprocesses with decoded data. The overall behavior suggests an attempt to execute hidden or encoded instructions conditionally. The code is likely obfuscated with high probability and poses significant security risks.

Live on pypi for 45 minutes before removal. Socket users were protected even while the package was live.

The analyzed code is a clear malicious backdoor that exfiltrates environment variables to a suspicious external server. It poses a high security risk and should be considered malware. The code is not obfuscated but is intentionally designed to steal sensitive data covertly.

This module is high-risk and appears malicious: it includes anti-debugging and tamper gates, embedded payload decoding, dynamic IL/delegate-based execution, and direct in-memory/self-modifying behavior (notably writing to /proc/self/mem with low-level native memory operations). The visible licensing/encryption API is largely stubbed, further suggesting the meaningful logic is hidden in the runtime unpack/loader path. Treat this dependency as unsafe and investigate/remediate via isolation and full behavioral analysis of the decrypted/injected stage.

The code demonstrates a high-risk persistence vector: it can install a system-wide alias in /usr/local/bin that delegates execution to a local Python package, adjusting ownership and permissions with elevated privileges. While the alias creation is contained within a function, its invocation is not shown, and the pattern itself is dangerous if activated in deployment. This behavior constitutes a supply-chain risk and warrants cautious review or removal unless a clear, user-consented deployment flow is present.

This package looks like a typical frontend project but contains risky elements: a git:// dependency (grapnel) and a dependency appearing in multiple dependency sections (rimraf). The postinstall -> build step will execute build tooling at install time, which can run arbitrary code and therefore should be reviewed together with the resolved sources of all dependencies (especially the git URL). Treat this package as potentially high risk until the git dependency and the duplicate dependency usage are validated.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 1 hour and 41 minutes before removal. Socket users were protected even while the package was live.

This assembly includes a large, intentionally-obfuscated runtime loader that decrypts embedded resources, dynamically resolves and emits delegates, and exposes native process-manipulation primitives (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect). Those behaviors are consistent with code injection/payload loading and are high-risk for supply-chain malicious behavior. The visible WPF IOC parts are normal, but the hidden helper code makes the package unsafe to trust without a full, authenticated provenance review and static/dynamic unpacking of embedded resources. Do not use this package in a trusted environment until the embedded resources and runtime-resolved behaviors are fully audited.

This module is malicious and functions as a supply-chain backdoor: it runs during require(), searches common locations for secrets (flag file, /etc/passwd, environment variables), and exfiltrates findings via a hardcoded webhook, DNS lookups, and writes to likely web-accessible paths. It also attempts to remain stealthy by swallowing errors and exposing a minimal legitimate-looking API. Do not use this package; consider systems that installed it compromised, audit outbound HTTP/DNS logs for the webhook and attacker domain, remove the package, rotate any potentially leaked secrets, and perform a forensic investigation.

This package manifest contains multiple security concerns: it runs a local preinstall script which will execute code during installation; it includes a devDependency fetched via a github: specifier (non-registry source); and the same dependencies appear across multiple dependency sections (dev/peer), which matches a CRITICAL rule for high malware risk. The combination of a preinstall step (arbitrary code execution) and ambiguous/misleading repository metadata raises a significant supply-chain risk. Recommend: inspect the contents of engine-requirements.js before installing, avoid installing in privileged environments, verify the actual source repository and authorship, and treat the package as potentially malicious until provenance and the preinstall script are audited.

This module collects sensitive local data (IPython command history and error tracebacks) and user identifiers, captures the gcloud access token, and sends them to external endpoints (dataset-configured URLs and a hardcoded cloud function). While it may be intended for autograding, the collection and transmission of an access token and full command history without safeguards or explicit consent is a significant privacy and security concern. If the remote endpoints are not trusted, this behavior constitutes credential and data exfiltration. Recommend not using the package until the data flows are audited: remove sending of raw access tokens, avoid uploading full command history/errors (or redact/ask consent), and document/validate remote endpoints.

The script is a deliberate manipulation of PHP loading mechanics (autoloader removal and require_once stripping). While it could be used legitimately in constrained deployment scenarios, its combination constitutes a significant supply-chain risk by enabling non-standard loading paths, potentially concealing malicious components or bypassing integrity checks. Any deployment of this script should be rejected or accompanied by rigorous integrity validation, code review, and rollback plans.

The code attempts to import a network library and, if available, sends a POST request containing hardcoded data (the value 42) to an external endpoint at https://www[.]example[.]ai/?discard=yes&silly=very. In doing so, it demonstrates an intentional effort to exfiltrate data without user consent. In addition, a flag is explicitly set to indicate malicious intent, and there is an infinite loop generating cookie objects which may be intended to exhaust system resources. These actions collectively suggest that the code is designed for malicious purposes.

The code itself does not contain obvious built-in malware (no encoded payloads, no direct network exfiltration, no reverse shell). However it presents significant supply-chain and runtime risks because it dynamically imports and executes arbitrary Python files from filesystem paths and reads environment variables (including potential secrets). If an attacker can place or modify files in the target project directory or control environment variables, they can achieve arbitrary code execution or exfiltrate secrets. Use only with trusted projects and inputs; consider removing or sandboxing dynamic execution and avoid mutable default args. Note: the provided fragment appears truncated at the final instantiation line which is anomalous.

This package contains a preinstall script that sends sensitive information, including the hostname, current user, and current working directory, to a remote server at http://npm_org.bl04szombv0uaoedbxwle53be2ks8h.c.act1on3[.]ru without user consent, indicating malicious behavior.

This code is malicious. It performs unauthorized data exfiltration of system information, environment secrets, and public IP address to a suspicious external domain. The DNS queries and HTTPS POST requests leak sensitive data without user consent, constituting a serious security and privacy risk. The code is not obfuscated but clearly designed for malicious data theft.

Live on npm for 12 days, 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module is a direct reverse TCP shell payload generator for x86 that embeds attacker-controlled callback host and port into raw executable shellcode bytes. Although the snippet does not itself execute or transmit data, the returned payload is explicitly designed for interactive remote shell access when used by an external exploit/payload runner. Overall, it represents clear offensive/malicious capability and should be treated as high risk in any dependency/supply-chain context.

The analyzed source code primarily implements DeFi trading and routing logic without inherent malicious behavior. However, it contains suspicious telemetry functionality that collects and encrypts network configuration data from the user's environment and sends it to an external server 'hardhat.config.heliusnode.org' without clear user consent or opt-out. This behavior constitutes a potential supply chain security risk involving data exfiltration and privacy violation. Users and maintainers should be alerted to this hidden telemetry, and its presence should be carefully audited or removed to ensure trustworthiness of the package.

This code contains a high-risk command injection vulnerability: it concatenates user-supplied file paths and kwargs directly into a shell command passed to os.system without quoting or validation. The usage() helper further risks executing an unintended binary via PATH. There is no evidence of obfuscation or explicit malicious payloads in the fragment, but the pattern enables arbitrary command execution if any input is attacker-controlled. Recommend refactoring to use subprocess with argument lists, validate/whitelist kwargs and file paths, and use an explicit absolute path to the executable.

This file is a high-risk catalog of HTML dangling-markup payloads explicitly designed to bypass CSP/script restrictions and exfiltrate page content to an attacker-controlled domain. Treat entries as malicious input: do not render or store them where they could reach HTML rendering contexts without strict sanitization and CSP. Remediation: remove or quarantine the catalog if not required for legitimate testing, sanitize/escape user input, enforce strict CSP and origin restrictions for resource/form targets, and audit any places that reflect user-supplied HTML.