Secure your dependencies. Ship with confidence.

This code fragment is a high-confidence malicious/offensive supply-chain risk because it automates pre-auth password enumeration/brute-force against a specific router endpoint using wordlists, token retrieval, parallel HTTP requests, and differential HTTP response parsing to identify likely valid credentials, then outputs any discovered username/password pairs. It is not obfuscated and contains no stealth/persistence features within this snippet, but its operational intent and capabilities are strongly aligned with unauthorized access tooling.

`idd-64bit` presents itself as a Windows-only automation tool for bulk Instagram posting, appealing to grey-hat marketers seeking to boost visibility through large-scale content deployment. On execution, it opens a Korean-language GUI built with Glimmer-DSL-LibUI and prompts the operator for their Instagram username and password. Before any posting occurs, the gem silently transmits the plaintext credentials and the host’s MAC address to `https://programzon[.]com/auth/program/signin`, a credential exfiltration endpoint controlled by the "zon" threat actor. The MAC address acts as a persistent hardware fingerprint, allowing the threat actor to track and link victims across installs and operations. While `idd-64bit` delivers on its promised Instagram automation, this covert credential theft turns it into an infostealer: users pursuing bulk Instagram marketing instead expose their credentials to the threat actor behind the “zon” malware cluster.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The package appears to be a legitimate library, but there are two notable risks: (1) the package metadata includes an http:// tarball URL which is an insecure transport and a supply-chain vulnerability that MUST be treated as critical; (2) a postinstall script runs local JavaScript during installation and should be inspected to ensure it does not perform malicious actions. Overall this is a high security concern because of the HTTP tarball and the install-time code execution.

Live on npm for 11 hours and 19 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The file is a Torch/Pickle serialized model bundle (segmentation model + efficientnet encoder + weights) containing many binary pickles and debug metadata. I found no explicit plaintext backdoor indicators (hardcoded credentials, network endpoints, shell code) in the visible text, but this format (pickle/torch serialization) is inherently dangerous to load from untrusted sources because unpickling can execute arbitrary code. Recommendation: treat this as data only; do NOT load with torch.load or pickle.load in an untrusted environment. Verify provenance (checksums, signatures, trusted origin) and, when possible, load in a sandboxed environment or convert models via safer formats (e.g. ONNX with verified tooling) where applicable. If you must use torch.load, ensure it’s from a trusted source and consider loading map_location and strict options and run in isolated runtime.

Live on pypi for 8 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

The code collects sensitive information such as environment variables, hostname, and network interfaces and sends it to an external server. This behavior is highly suspicious and could indicate data exfiltration. Further investigation and context are needed, but the potential for malicious intent is significant.

This code contains targeted, unexpected behavior: when navigator.language starts with 'ru' and the host matches Russian domains, it disables user interaction and injects/auto-plays a remote MP3 (hardcoded flag-gimn.ru URL). That is a malicious or at least highly suspicious side-effect for a UI library (political trolling/sabotage). The firePostBack helper performs GET requests to a configurable tracking URL and on failure appends an <img> beacon — this is tracking/telemetry behavior that can leak data. I recommend not using this bundled artifact as-is, auditing the source package and provenance, removing the conditional/audio injection, and reviewing tracking calls/redtrackURL usage. If this is a dependency you did not expect to contain such behavior, treat it as a supply-chain incident.

The code contains explicit dynamic execution of server-supplied JavaScript in two places: (1) License.vue executes response.data.callback via new Function(), and (2) ModelBuilder.layouts executes inline <script> contents found in layout.view via new Function(). Additionally, License.vue constructs and contacts an obfuscated external license server URL, sending version/license/domain, and persists the server response in localStorage. These behaviors allow remote servers (or a compromised backend) to execute arbitrary code in admin browsers and to receive identifying data. This is a high-risk supply chain/backdoor pattern. Recommend removing or restricting remote-executed callbacks, eliminating the execution of arbitrary inline scripts from server-provided HTML, and making license checks transparent (no arbitrary code execution). Treat this code as potentially malicious/untrusted until the license server behavior and necessity of these dynamic executions are validated.

Strongly indicates malicious or unauthorized persistence on Windows: it drops a VBScript into the user Startup folder that indefinitely restarts the Node executable every ~3 seconds, and it also attempts a detached background launch with output suppressed. Uninstall cleanly removes only the Startup artifact, reinforcing that the module is designed to manage an auto-start mechanism rather than perform normal app duties.

This assembly contains a standard-looking DbContext type but also includes a large, intentionally obfuscated loader/packer component. The loader decrypts embedded resources using a hardcoded symmetric key/IV and contains native API calls (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect) and dynamic delegate/method generation. Those are strong indicators of runtime payload loading and potential process injection. Treat this package as malicious or highly suspicious for supply-chain risk; it should not be trusted or used without deep manual review and dynamic analysis in a safe sandbox. The DbContext surface may be a decoy to hide the loader.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The JavaScript wrapper itself contains no direct JavaScript malware patterns, but it loads and immediately executes an opaque native addon and purposely keeps the process alive — a high-risk pattern because malicious behavior could be fully implemented inside the compiled binary. Treat this package as potentially dangerous until the native addon is inspected and its runtime behavior verified. Do not run with elevated privileges; perform dynamic analysis and provenance checks first.

Live on npm for 2 days and 12 minutes before removal. Socket users were protected even while the package was live.

This code contains an intentional credential-harvesting/data-exfiltration backdoor. The Chart constructor starts a background Task that inspects the parent Form's private fields, extracts a PrivateKey from any 'Account' object it finds, encrypts it and POSTs the ciphertext to a hardcoded external server. Additionally, the assembly tries to load and call native libraries (nr_native_lib.dll / owchart_nat.dll) passing the assembly path to native startup routines — this is suspicious and may enable further malicious native functionality. The obfuscated identifiers, hardcoded C2 URL, reflection over private fields and repeated posting behavior indicate malicious intent. Do not use this package; remove it from any supply chain where sensitive keys or accounts are present.

High security concern: this module packages a dockercfg secret into a Docker image and includes a Ruby/Rack HTTP endpoint that can disclose arbitrary file contents by mapping URL paths to environment variables, including an ENV key that directly points to the embedded dockercfg. The image is then built and pushed to a registry, distributing the credential-leak/backdoor capability via the supply chain. Review/disable and investigate any downstream use of the produced artifact; treat as likely malicious even though direct external exfiltration is not shown in this snippet.

This package declares an explicit malicious purpose and uses an npm lifecycle hook to execute local code on install. It should be treated as malware: do not install. Inspecting or running setup.js could lead to credential exfiltration, remote access, or other compromise.

High-severity client-side security issue: the code fetches remote SVG/XML, injects it into the DOM, and—when configured—extracts embedded <script> content from that SVG and executes it via Function(...)(window). This constitutes a direct remote-code-execution/DOM-XSS primitive in the browser. Other parts (AI/gateway streaming/schema validation) look functionally typical, with their main contribution being expanded impact of any compromise, but the dominant risk is the SVG script evaluation/execution mechanism.

This script performs an explicit, high-impact destructive operation: it replaces cilium-related images in a target registry with busybox by tagging and pushing. It lacks input validation, safeguards, logging, and does not verify intent or authorization. In contexts where it can be run with registry push credentials (e.g., CI/CD runners, developer machines), it represents a severe supply-chain sabotage risk and should be treated as malicious/untrusted unless its use is tightly controlled and authorized. Remove from automation or add strict validation, authentication checks, confirmation, and non-destructive alternatives (e.g., using registry lifecycle APIs with auditability).

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 4 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code executes a bundled shell script with sudo during runtime, which is a high-risk supply-chain behavior. The snippet itself does not show explicit data exfiltration or obfuscation, but because it runs a privileged shell script with no validation or user prompt, it can perform arbitrary malicious actions depending on the script contents. Review the contents of bash/postinstall.sh and avoid running this package in environments where elevated privileges or sensitive data are present.

This module is a supply-chain compromise or malicious backdoor: despite containing legitimate-looking HTTP error constructor utilities, it executes ransomware-like functionality on import—retrieving a crypto key from an external server, enumerating files across major directories via execSync('find ...'), encrypting and overwriting those files in place, and downloading additional remote content to disk and logging it. Treat as malicious and do not use.

Live on npm for 16 hours and 46 minutes before removal. Socket users were protected even while the package was live.

This code fragment is a high-confidence malicious/offensive supply-chain risk because it automates pre-auth password enumeration/brute-force against a specific router endpoint using wordlists, token retrieval, parallel HTTP requests, and differential HTTP response parsing to identify likely valid credentials, then outputs any discovered username/password pairs. It is not obfuscated and contains no stealth/persistence features within this snippet, but its operational intent and capabilities are strongly aligned with unauthorized access tooling.

`idd-64bit` presents itself as a Windows-only automation tool for bulk Instagram posting, appealing to grey-hat marketers seeking to boost visibility through large-scale content deployment. On execution, it opens a Korean-language GUI built with Glimmer-DSL-LibUI and prompts the operator for their Instagram username and password. Before any posting occurs, the gem silently transmits the plaintext credentials and the host’s MAC address to `https://programzon[.]com/auth/program/signin`, a credential exfiltration endpoint controlled by the "zon" threat actor. The MAC address acts as a persistent hardware fingerprint, allowing the threat actor to track and link victims across installs and operations. While `idd-64bit` delivers on its promised Instagram automation, this covert credential theft turns it into an infostealer: users pursuing bulk Instagram marketing instead expose their credentials to the threat actor behind the “zon” malware cluster.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The package appears to be a legitimate library, but there are two notable risks: (1) the package metadata includes an http:// tarball URL which is an insecure transport and a supply-chain vulnerability that MUST be treated as critical; (2) a postinstall script runs local JavaScript during installation and should be inspected to ensure it does not perform malicious actions. Overall this is a high security concern because of the HTTP tarball and the install-time code execution.

Live on npm for 11 hours and 19 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The file is a Torch/Pickle serialized model bundle (segmentation model + efficientnet encoder + weights) containing many binary pickles and debug metadata. I found no explicit plaintext backdoor indicators (hardcoded credentials, network endpoints, shell code) in the visible text, but this format (pickle/torch serialization) is inherently dangerous to load from untrusted sources because unpickling can execute arbitrary code. Recommendation: treat this as data only; do NOT load with torch.load or pickle.load in an untrusted environment. Verify provenance (checksums, signatures, trusted origin) and, when possible, load in a sandboxed environment or convert models via safer formats (e.g. ONNX with verified tooling) where applicable. If you must use torch.load, ensure it’s from a trusted source and consider loading map_location and strict options and run in isolated runtime.

Live on pypi for 8 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

The code collects sensitive information such as environment variables, hostname, and network interfaces and sends it to an external server. This behavior is highly suspicious and could indicate data exfiltration. Further investigation and context are needed, but the potential for malicious intent is significant.

This code contains targeted, unexpected behavior: when navigator.language starts with 'ru' and the host matches Russian domains, it disables user interaction and injects/auto-plays a remote MP3 (hardcoded flag-gimn.ru URL). That is a malicious or at least highly suspicious side-effect for a UI library (political trolling/sabotage). The firePostBack helper performs GET requests to a configurable tracking URL and on failure appends an <img> beacon — this is tracking/telemetry behavior that can leak data. I recommend not using this bundled artifact as-is, auditing the source package and provenance, removing the conditional/audio injection, and reviewing tracking calls/redtrackURL usage. If this is a dependency you did not expect to contain such behavior, treat it as a supply-chain incident.

The code contains explicit dynamic execution of server-supplied JavaScript in two places: (1) License.vue executes response.data.callback via new Function(), and (2) ModelBuilder.layouts executes inline <script> contents found in layout.view via new Function(). Additionally, License.vue constructs and contacts an obfuscated external license server URL, sending version/license/domain, and persists the server response in localStorage. These behaviors allow remote servers (or a compromised backend) to execute arbitrary code in admin browsers and to receive identifying data. This is a high-risk supply chain/backdoor pattern. Recommend removing or restricting remote-executed callbacks, eliminating the execution of arbitrary inline scripts from server-provided HTML, and making license checks transparent (no arbitrary code execution). Treat this code as potentially malicious/untrusted until the license server behavior and necessity of these dynamic executions are validated.

Strongly indicates malicious or unauthorized persistence on Windows: it drops a VBScript into the user Startup folder that indefinitely restarts the Node executable every ~3 seconds, and it also attempts a detached background launch with output suppressed. Uninstall cleanly removes only the Startup artifact, reinforcing that the module is designed to manage an auto-start mechanism rather than perform normal app duties.

This assembly contains a standard-looking DbContext type but also includes a large, intentionally obfuscated loader/packer component. The loader decrypts embedded resources using a hardcoded symmetric key/IV and contains native API calls (VirtualAlloc, WriteProcessMemory, OpenProcess, VirtualProtect) and dynamic delegate/method generation. Those are strong indicators of runtime payload loading and potential process injection. Treat this package as malicious or highly suspicious for supply-chain risk; it should not be trusted or used without deep manual review and dynamic analysis in a safe sandbox. The DbContext surface may be a decoy to hide the loader.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The JavaScript wrapper itself contains no direct JavaScript malware patterns, but it loads and immediately executes an opaque native addon and purposely keeps the process alive — a high-risk pattern because malicious behavior could be fully implemented inside the compiled binary. Treat this package as potentially dangerous until the native addon is inspected and its runtime behavior verified. Do not run with elevated privileges; perform dynamic analysis and provenance checks first.

Live on npm for 2 days and 12 minutes before removal. Socket users were protected even while the package was live.

This code contains an intentional credential-harvesting/data-exfiltration backdoor. The Chart constructor starts a background Task that inspects the parent Form's private fields, extracts a PrivateKey from any 'Account' object it finds, encrypts it and POSTs the ciphertext to a hardcoded external server. Additionally, the assembly tries to load and call native libraries (nr_native_lib.dll / owchart_nat.dll) passing the assembly path to native startup routines — this is suspicious and may enable further malicious native functionality. The obfuscated identifiers, hardcoded C2 URL, reflection over private fields and repeated posting behavior indicate malicious intent. Do not use this package; remove it from any supply chain where sensitive keys or accounts are present.

High security concern: this module packages a dockercfg secret into a Docker image and includes a Ruby/Rack HTTP endpoint that can disclose arbitrary file contents by mapping URL paths to environment variables, including an ENV key that directly points to the embedded dockercfg. The image is then built and pushed to a registry, distributing the credential-leak/backdoor capability via the supply chain. Review/disable and investigate any downstream use of the produced artifact; treat as likely malicious even though direct external exfiltration is not shown in this snippet.

This package declares an explicit malicious purpose and uses an npm lifecycle hook to execute local code on install. It should be treated as malware: do not install. Inspecting or running setup.js could lead to credential exfiltration, remote access, or other compromise.

High-severity client-side security issue: the code fetches remote SVG/XML, injects it into the DOM, and—when configured—extracts embedded <script> content from that SVG and executes it via Function(...)(window). This constitutes a direct remote-code-execution/DOM-XSS primitive in the browser. Other parts (AI/gateway streaming/schema validation) look functionally typical, with their main contribution being expanded impact of any compromise, but the dominant risk is the SVG script evaluation/execution mechanism.

This script performs an explicit, high-impact destructive operation: it replaces cilium-related images in a target registry with busybox by tagging and pushing. It lacks input validation, safeguards, logging, and does not verify intent or authorization. In contexts where it can be run with registry push credentials (e.g., CI/CD runners, developer machines), it represents a severe supply-chain sabotage risk and should be treated as malicious/untrusted unless its use is tightly controlled and authorized. Remove from automation or add strict validation, authentication checks, confirmation, and non-destructive alternatives (e.g., using registry lifecycle APIs with auditability).

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 4 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code executes a bundled shell script with sudo during runtime, which is a high-risk supply-chain behavior. The snippet itself does not show explicit data exfiltration or obfuscation, but because it runs a privileged shell script with no validation or user prompt, it can perform arbitrary malicious actions depending on the script contents. Review the contents of bash/postinstall.sh and avoid running this package in environments where elevated privileges or sensitive data are present.

This module is a supply-chain compromise or malicious backdoor: despite containing legitimate-looking HTTP error constructor utilities, it executes ransomware-like functionality on import—retrieving a crypto key from an external server, enumerating files across major directories via execSync('find ...'), encrypting and overwriting those files in place, and downloading additional remote content to disk and logging it. Treat as malicious and do not use.

Live on npm for 16 hours and 46 minutes before removal. Socket users were protected even while the package was live.