Secure your dependencies. Ship with confidence.

The code is highly suspicious due to its use of obfuscation, decryption, and execution of hidden code. It poses a significant security risk, especially to Windows systems, and is indicative of potentially malicious behavior.

Live on pypi for 1 hour and 52 minutes before removal. Socket users were protected even while the package was live.

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 1 hour and 37 minutes before removal. Socket users were protected even while the package was live.

The code fragment appears compromised/tampered: it contains a hardcoded, suspicious homeRegion ('https://mal-1a.prd.ece.vwg-connect.com') that would redirect authenticated API calls and sensitive data (access/refresh tokens, id token, security PIN) to an attacker-controlled endpoint. Combined with incomplete and inconsistent vwLogin logic and weak crypto practices, this is a severe supply-chain/security incident. Treat this package as compromised: do not use, do not provide credentials to it, and compare against a trusted upstream source or revert to a verified clean version.

This module intentionally reads a local application log and exfiltrates discovered HTB-style flags or contextual log snippets to a hardcoded external HTTP endpoint. It uses hardcoded IDs and IP, suppresses errors/responses for stealth, retries to ensure delivery, and performs the action as a side-effect on module load. Treat this package as a backdoor/exfiltration payload and do not deploy it in production. Investigate systems where this code ran, rotate any potentially exposed credentials, and block the destination IP.

The code poses a security risk due to the transmission of potentially sensitive data (console logs and local storage) to a remote server. This could lead to data leakage if not properly secured or if sensitive information is stored in local storage. The code is not obfuscated, but the behavior of sending data without explicit user consent could be considered malicious.

This fragment registers an HTTP endpoint (/cli-bridge/eval) that performs server-side arbitrary JavaScript execution by eval’ing attacker-controlled request body text and returning both execution results and error messages to the caller. The lack of visible authentication/authorization, input validation, and sandboxing makes this an extremely high security risk and is consistent with remote code execution/backdoor-like functionality rather than a benign helper.

The code intentionally disables TLS certificate verification by always trusting the server certificate, creating a significant security risk and potential backdoor in TLS connections. This is a high-risk construct that should not be used in production; it enables MITM attacks and data leakage. If present in a published crate, it represents a dangerous supply-chain risk.

This code exhibits extreme obfuscation that prevents any meaningful security analysis. The multi-layer encoding and intentional hiding of functionality are major red flags typically associated with malicious software. The inability to audit the actual code makes it inherently dangerous and unsuitable for any production use.

This source file is an HTTP client component of the Sliver implant C2 framework. It establishes encrypted sessions, polls for commands, and sends results to a remote server. In the context of general software supply chains or public packages, this is malicious/surveillance/backdoor functionality: it enables remote control and data exchange with an operator-controlled server. The code uses some weak randomness (math/rand) for nonce/header obfuscation and reads configuration including proxy credentials from URL query parameters. No direct local destructive actions are present in this file, but the networked C2 behavior is a high-security risk. Use of this module in production or inclusion in benign projects is strongly discouraged unless for authorized security testing.

This code is malicious and functions as a backdoor/dropper. It downloads and executes a remote script and establishes multiple independent reverse shells to a hardcoded attacker IP, using detached background processes and silent error handling to evade detection. Do not execute this code. If it ran on a system, treat the host as compromised: isolate the system, preserve forensic artifacts (process list, /tmp/.s.sh if present, network connections), and perform full incident response (credential rotation, integrity checks, restore from known-good backups).

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

High security risk. The module includes an explicit arbitrary JavaScript execution mechanism for preflight scripts inside a Web Worker using `AsyncFunction` and `with(lab){...}` with attacker-controlled script text. Preflight scripts can mutate `env.variables` and construct `lab.request.headers`, which are returned to the main thread and merged into real GraphQL HTTP/WS requests. Additionally, the `share` URL import can inject crafted headers/variables/extensions into runtime, amplifying impact. Use only with strictly trusted preflight scripts and tightly controlled shared-link/import sources; otherwise, treat as unsafe.

This file collects system and user information (e.g., hostname, home directory, DNS servers, username, and package details) and sends it to a suspicious domain (mxnflcjlgevmgozcifid6oydx43vrmia7[.]oastify[.]com) over HTTPS without user consent. This behavior is consistent with spyware or data exfiltration malware and poses a significant security risk.

Live on npm for 2 days, 20 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This class implements a memory-resident webshell/backdoor: it listens for specially-marked HTTP requests (controlled by headerName/headerValue), decodes and decrypts supplied bytecode, uses Unsafe/reflective defineClass to load it into the JVM, instantiates it, and returns encoded results. This enables arbitrary remote code execution inside the process and is a high-risk malicious component. Do not use; remove and investigate runtime impact and any persisted presence. Recommend incident response steps: isolate host, scan for similar classes, check static field values and where class was introduced, and rotate any credentials possibly exposed by the payload.

This fragment is strongly suspicious for supply-chain abuse because it embeds a platform-specific native binary payload, unpacks it at runtime, writes it to disk as native.node, and then alters module resolution so @opentui/core-* imports are redirected to the staged binary path. The absence of integrity/provenance verification for the unpacked native bytes significantly elevates risk. A secondary concern is the inclusion of a shell-based command-exists helper using child_process.exec/execSync, which could be problematic if commandName is ever attacker-controlled. While direct malware behaviors (e.g., network exfiltration) are not shown in this snippet, the drop-and-load native workflow is itself a high-risk technique and warrants urgent review and containment (e.g., sandboxing, binary hashing, and verifying the staged payload against trusted sources).

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

This file is an explicit attack module that orchestrates 'goal hijacking' by selecting malicious prompt payloads and invoking a target agent with them, then returning and logging the prompt and response. The code itself does not perform system/network I/O, but it intentionally causes other agents to perform potentially harmful actions. It leaks prompt snippets to stdout and returns raw prompt/response which increases risk of persistence or exfiltration. Treat as high-risk; remove or isolate from production pipelines and require strict access control, logging controls, and review if retained for red-team testing.

This module contains a highly dangerous embedded client-side payload: it can inject inline JavaScript via dangerouslySetInnerHTML, execute eval() on DOM-derived content, perform AJAX requests whose target URL is derived from location.href, and overwrite document.body.innerHTML with server-provided HTML, then re-run binding logic. Even accounting for an apparent early-return that may make the wrapper logic unreachable in this exact snippet, the included payload is severe enough that the package should be treated as high risk and reviewed/isolated in a controlled environment before any use.

This script abuses the instagram[.]com API via the ig[amon]scraper library to compromise user accounts. It prompts victims for their login credentials, installs the ‘igramscraper’ package at runtime if missing, then upon successful authentication automatically follows two hardcoded attacker accounts (IDs 3945561585 and 5582361961). Next, it fetches the victim’s followers or followings, asks for a single password, and in parallel tries that password across all harvested usernames—logging successful username|password pairs in plaintext and forcing each compromised session to follow attacker ID 3945561585. Execution of this code risks full exposure of real credentials, unauthorized mass login attempts, and involuntary propagation of attacker profiles.

Live on pypi for 103 days, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious due to its use of obfuscation, decryption, and execution of hidden code. It poses a significant security risk, especially to Windows systems, and is indicative of potentially malicious behavior.

Live on pypi for 1 hour and 52 minutes before removal. Socket users were protected even while the package was live.

Best report: Report 3. It is more convincing because it identifies multiple high-suspicion primitives in the fragment (eval, document.cookie, and DOM-manipulation/document.write, plus many external http/src loads and inline event/script execution markers). Due to severe corruption, exact behavior cannot be fully proven, but the evidence strongly warrants treating this artifact as highly suspicious malicious web payload material in a supply-chain context.

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 1 hour and 37 minutes before removal. Socket users were protected even while the package was live.

The code fragment appears compromised/tampered: it contains a hardcoded, suspicious homeRegion ('https://mal-1a.prd.ece.vwg-connect.com') that would redirect authenticated API calls and sensitive data (access/refresh tokens, id token, security PIN) to an attacker-controlled endpoint. Combined with incomplete and inconsistent vwLogin logic and weak crypto practices, this is a severe supply-chain/security incident. Treat this package as compromised: do not use, do not provide credentials to it, and compare against a trusted upstream source or revert to a verified clean version.

This module intentionally reads a local application log and exfiltrates discovered HTB-style flags or contextual log snippets to a hardcoded external HTTP endpoint. It uses hardcoded IDs and IP, suppresses errors/responses for stealth, retries to ensure delivery, and performs the action as a side-effect on module load. Treat this package as a backdoor/exfiltration payload and do not deploy it in production. Investigate systems where this code ran, rotate any potentially exposed credentials, and block the destination IP.

The code poses a security risk due to the transmission of potentially sensitive data (console logs and local storage) to a remote server. This could lead to data leakage if not properly secured or if sensitive information is stored in local storage. The code is not obfuscated, but the behavior of sending data without explicit user consent could be considered malicious.

This fragment registers an HTTP endpoint (/cli-bridge/eval) that performs server-side arbitrary JavaScript execution by eval’ing attacker-controlled request body text and returning both execution results and error messages to the caller. The lack of visible authentication/authorization, input validation, and sandboxing makes this an extremely high security risk and is consistent with remote code execution/backdoor-like functionality rather than a benign helper.

The code intentionally disables TLS certificate verification by always trusting the server certificate, creating a significant security risk and potential backdoor in TLS connections. This is a high-risk construct that should not be used in production; it enables MITM attacks and data leakage. If present in a published crate, it represents a dangerous supply-chain risk.

This code exhibits extreme obfuscation that prevents any meaningful security analysis. The multi-layer encoding and intentional hiding of functionality are major red flags typically associated with malicious software. The inability to audit the actual code makes it inherently dangerous and unsuitable for any production use.

This source file is an HTTP client component of the Sliver implant C2 framework. It establishes encrypted sessions, polls for commands, and sends results to a remote server. In the context of general software supply chains or public packages, this is malicious/surveillance/backdoor functionality: it enables remote control and data exchange with an operator-controlled server. The code uses some weak randomness (math/rand) for nonce/header obfuscation and reads configuration including proxy credentials from URL query parameters. No direct local destructive actions are present in this file, but the networked C2 behavior is a high-security risk. Use of this module in production or inclusion in benign projects is strongly discouraged unless for authorized security testing.

This code is malicious and functions as a backdoor/dropper. It downloads and executes a remote script and establishes multiple independent reverse shells to a hardcoded attacker IP, using detached background processes and silent error handling to evade detection. Do not execute this code. If it ran on a system, treat the host as compromised: isolate the system, preserve forensic artifacts (process list, /tmp/.s.sh if present, network connections), and perform full incident response (credential rotation, integrity checks, restore from known-good backups).

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

High security risk. The module includes an explicit arbitrary JavaScript execution mechanism for preflight scripts inside a Web Worker using `AsyncFunction` and `with(lab){...}` with attacker-controlled script text. Preflight scripts can mutate `env.variables` and construct `lab.request.headers`, which are returned to the main thread and merged into real GraphQL HTTP/WS requests. Additionally, the `share` URL import can inject crafted headers/variables/extensions into runtime, amplifying impact. Use only with strictly trusted preflight scripts and tightly controlled shared-link/import sources; otherwise, treat as unsafe.

This file collects system and user information (e.g., hostname, home directory, DNS servers, username, and package details) and sends it to a suspicious domain (mxnflcjlgevmgozcifid6oydx43vrmia7[.]oastify[.]com) over HTTPS without user consent. This behavior is consistent with spyware or data exfiltration malware and poses a significant security risk.

Live on npm for 2 days, 20 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This class implements a memory-resident webshell/backdoor: it listens for specially-marked HTTP requests (controlled by headerName/headerValue), decodes and decrypts supplied bytecode, uses Unsafe/reflective defineClass to load it into the JVM, instantiates it, and returns encoded results. This enables arbitrary remote code execution inside the process and is a high-risk malicious component. Do not use; remove and investigate runtime impact and any persisted presence. Recommend incident response steps: isolate host, scan for similar classes, check static field values and where class was introduced, and rotate any credentials possibly exposed by the payload.

This fragment is strongly suspicious for supply-chain abuse because it embeds a platform-specific native binary payload, unpacks it at runtime, writes it to disk as native.node, and then alters module resolution so @opentui/core-* imports are redirected to the staged binary path. The absence of integrity/provenance verification for the unpacked native bytes significantly elevates risk. A secondary concern is the inclusion of a shell-based command-exists helper using child_process.exec/execSync, which could be problematic if commandName is ever attacker-controlled. While direct malware behaviors (e.g., network exfiltration) are not shown in this snippet, the drop-and-load native workflow is itself a high-risk technique and warrants urgent review and containment (e.g., sandboxing, binary hashing, and verifying the staged payload against trusted sources).

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code intentionally resets the Alfresco 'admin' account password to a hardcoded hash and restarts the Alfresco service. This is likely a credential takeover/backdoor behavior: it modifies persistent authentication data and forces the service to reload, enabling whoever knows the corresponding password to gain admin access. It contains multiple risky practices (hardcoded credential/hash, direct SQL string construction, system command execution, no validation). Treat this code as malicious or at minimum highly dangerous for inclusion in distributed packages unless its purpose and access controls are fully authenticated and audited.

This file is an explicit attack module that orchestrates 'goal hijacking' by selecting malicious prompt payloads and invoking a target agent with them, then returning and logging the prompt and response. The code itself does not perform system/network I/O, but it intentionally causes other agents to perform potentially harmful actions. It leaks prompt snippets to stdout and returns raw prompt/response which increases risk of persistence or exfiltration. Treat as high-risk; remove or isolate from production pipelines and require strict access control, logging controls, and review if retained for red-team testing.

This module contains a highly dangerous embedded client-side payload: it can inject inline JavaScript via dangerouslySetInnerHTML, execute eval() on DOM-derived content, perform AJAX requests whose target URL is derived from location.href, and overwrite document.body.innerHTML with server-provided HTML, then re-run binding logic. Even accounting for an apparent early-return that may make the wrapper logic unreachable in this exact snippet, the included payload is severe enough that the package should be treated as high risk and reviewed/isolated in a controlled environment before any use.

This script abuses the instagram[.]com API via the ig[amon]scraper library to compromise user accounts. It prompts victims for their login credentials, installs the ‘igramscraper’ package at runtime if missing, then upon successful authentication automatically follows two hardcoded attacker accounts (IDs 3945561585 and 5582361961). Next, it fetches the victim’s followers or followings, asks for a single password, and in parallel tries that password across all harvested usernames—logging successful username|password pairs in plaintext and forcing each compromised session to follow attacker ID 3945561585. Execution of this code risks full exposure of real credentials, unauthorized mass login attempts, and involuntary propagation of attacker profiles.

Live on pypi for 103 days, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.