Secure your dependencies. Ship with confidence.

This component contains high-risk, suspicious code: it embeds superadmin credentials in source and makes unconditional authentication requests using those credentials — once to the local API (/api/sysAuth/login) and once to an explicit external IP. It stores tokens received from those calls in sessionStorage (loginToken, magicToken). This pattern is consistent with a backdoor or credential leakage vector and should be treated as malicious/unacceptable until proven otherwise. At a minimum, remove hard-coded credentials, remove calls to non-configurable external IPs, and ensure authentication is performed only with user-supplied credentials and server-side logic.

This module provides functions that, when invoked, globally disable TLS certificate verification across the process and commonly used HTTP libraries and/or configure system proxy environment variables (including injecting credentials). The code itself does not contain obvious direct exfiltration or backdoor behavior, but it intentionally weakens security in a way that enables serious attacks (MitM, credential leakage). Use of these functions in production or in libraries that run in multi-tenant or user-facing contexts is dangerous. Treat calls to apply_aggressive_ssl_patches(False, ...) and apply_proxy_configuration(...) as high risk and avoid enabling them unless in isolated/test environments. Recommend removing global monkeypatching, avoiding storing credentials in environment variables, and providing scoped/context-managed, reversible behavior if such functionality is required.

Live on pypi for 9 hours and 26 minutes before removal. Socket users were protected even while the package was live.

No evidence of data exfiltration, credential theft, or remote C2 in the shown fragment. However, it contains security-sensitive destructive capabilities: automated temp-directory file deletion based on 'ai-debug'/'mcp' substrings and age, and a forceCleanup()-reachable routine that can terminate processes via shell-driven kill -9 selection from the process table. These behaviors make the dependency high risk for supply-chain safety review and should be gated/opt-in with strict scoping and robust logging/error handling.

The provided fragment is a highly explicit offensive playbook for network poisoning and NTLM credential capture/relay leading to Active Directory compromise. While it is not a code library, it clearly describes malicious behaviors (credential harvesting, forced authentication via poisoning, relay to LDAP/HTTP/MSSQL, and post-exploitation secret dumping). This content presents an extremely high security risk if used or distributed within a software supply chain context. Further review of surrounding repository context would be needed, but based solely on this fragment, it is effectively malicious guidance.

This module contains explicit remote code execution behavior: it runs shell commands received over a datachannel and returns their output. It also exposes session/signature tokens in the signaling connect URL and streams local webcam data. These behaviors together constitute a remote backdoor and serious privacy/security risk. Unless this is intended and protected by out-of-band authorization, the code should be considered malicious/backdoor-capable and not safe to include unreviewed in production.

This code is a compiler/runtime that transforms external/untrusted input (DOM-provided MaiaScript, remote fetched text, local files from CLI, and REPL input) into JavaScript and then executes it immediately (browser via dynamic <script> injection; Node via vm.Script(...).runInThisContext()). It also supports unvalidated file read/write via CLI arguments. These characteristics strongly indicate very high security risk in supply-chain scenarios, unless the embedding application fully controls and authenticates all inputs and isolates execution.

The code contains explicit malicious intent aimed at tampering ClamAV signature sources by redirecting updates to a malicious CDN, creating a high-risk supply-chain/vector for system compromise. This is a backdoor-like behavior that can undermine malware scanning reliability and potentially exfiltrate data or introduce further payloads through trusted software updates. Removal of the malicious targets, validation of update sources, and strict access controls are essential.

This file downloads and executes a remote script from scare[.]su/files/cmd.cmd without user consent or validation. Running untrusted code can facilitate arbitrary code execution, system compromise, and data theft, reflecting clear malicious intent.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

This module does not itself contain hardcoded malware, but it performs highly dangerous operations: it executes untrusted, model-generated Python code with wide access to program globals, filesystem and data. That design creates a remote code execution vector and a high risk of data exposure or system compromise if the LLM output is malicious or compromised. Use only in tightly controlled, sandboxed environments after adding strict execution controls. The code fragment is dangerous due to its execution model rather than demonstrable embedded malware.

Live on pypi for 7 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code fragment contains dangerous patterns (eval of external output, shell execution, environment manipulation) with an apparent syntax bug that would prevent execution in current form. If repaired to handle outputs safely, it still poses significant security risks due to eval and untrusted input. The approach indicates high security risk and potential backdoor-like behavior if used with untrusted envbash/script data. Treat as suspicious and do not rely on it in production without rigorous isolation and input validation.

The script contains explicit destructive operations: it extracts a DB password from settings.py (and exposes it via the mysql CLI), enumerates tables and issues DROP TABLE statements, force-removes migration files from VCS and filesystem, and then runs make targets to reinitialize migrations. This is high-risk for data loss and credential exposure if run unintentionally or in a production environment. There is no evidence of covert data exfiltration or advanced obfuscation; it appears to be a maintenance/sanitization script but is dangerous and should not be run without careful verification of environment and backups.

The package’s package.json defines a preinstall script (“node index.js”) that runs automatically during installation with the user’s privileges. Because index.js is controlled by the package author and may perform arbitrary filesystem and network operations (e.g., data exfiltration, file modification, spawning reverse shells, installing backdoors), this presents a high-severity supply-chain malware threat. The package description and author fields themselves are suspicious (“Malicious calculator package”, author “Attacker”), reinforcing the likelihood of malicious intent.

The package contains a preinstall script that executes automatically upon installation. It uses `curl` to silently send the system's current username and hostname to an external webhook endpoint (`https://webhook[.]site/99033200-7c8a-45fd-90c5-d2df621e2f5f/`). This unauthorized data exfiltration poses a significant security risk.

Live on npm for 3 days, 23 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The provided fragment contains multiple severe security red flags, including explicit hardcoded secret exfiltration to an external analytics endpoint, unsafe pickle deserialization with attacker-influenced retraining and model persistence, potential cross-tenant vector data leakage, unbounded LLM streaming output, and privilege escalation via unsafe mutation of role/admin fields. Treat this fragment as high-risk and do not trust it for production or supply-chain use without removal and provenance verification.

The code contains a malicious or highly undesirable injection: a targeted, time-delayed, persistent routine that disables page interaction and autoplays an externally hosted audio file for Russian-locale/hosted pages. This behavior is out-of-scope for a UI/dialog library and should be treated as a compromise or intentional backdoor. Recommendation: do not use this package version; remove or patch out the conditional block immediately and verify package integrity (check upstream source, verify signatures, compare with official release tags). If this version was pulled from npm/untrusted mirror, obtain clean copy from the official repository and rotate any deployment where this code may have run.

This module contains deliberate data-exfiltration behavior: it sends an externally-supplied token to a hard-coded Telegram bot/chat and archives plus uploads a local 'Accounts' directory to a specific Telegram user, then attempts to delete the archive. Treat as malicious backdoor: remove from systems, investigate for additional compromisation, rotate any potentially leaked credentials, and block the hard-coded bot token/recipient IDs. Forensic recovery of deleted files may be required.

The code contains malicious behavior that steals AWS credentials and exfiltrates them to an external server. When executed in certain contexts (when 'kitten' is present in the stack trace), it retrieves AWS access and secret keys using boto3 and sends them to fabriccc[.]herokuapp[.]com via an HTTP POST request. This behavior constitutes credential theft and poses a significant security risk to AWS accounts and resources.

Live on pypi for 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This code presents significant security risks through its ability to fetch dependency lists from a suspicious internal Jenkins server and automatically install packages. The hardcoded Jenkins URL, automatic installation capabilities, and lack of proper validation create potential vectors for supply chain attacks and unauthorized package installation.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

This file contains code for creating and managing a persistent Windows command shell (cmd.exe) that can execute arbitrary system commands. The code creates daemon threads to continuously monitor shell output, automatically restarts terminated shells, and provides methods to interact with the shell remotely. This appears to be part of a remote access trojan (RAT), as evidenced by other components in the package structure related to webcam access, microphone recording, remote desktop, and screenshot capabilities. This shell component provides the attacker with command execution capabilities on the victim machine.

This script executes a destructive rm -rf on /var/lib/sing-box. It poses a high security risk because it will irreversibly delete data and potentially break services. Without contextual justification (uninstall script run deliberately by an admin) treat it as malicious or at minimum unsafe to run. Recommend blocking or reviewing the intent, preserving backups, and not executing this script in production.

This module contains a high-confidence supply-chain payload pattern: it automatically executes obfuscated OS shell commands during package initialization by building command strings from large hardcoded character slices and passing them to /bin/sh -c and cmd /C. The COM enumeration code appears secondary/decoy relative to the clearly malicious execution behavior. The package should be treated as unsafe and not used or executed until the embedded command strings and runtime behavior are fully reconstructed and sandboxed.

This component contains high-risk, suspicious code: it embeds superadmin credentials in source and makes unconditional authentication requests using those credentials — once to the local API (/api/sysAuth/login) and once to an explicit external IP. It stores tokens received from those calls in sessionStorage (loginToken, magicToken). This pattern is consistent with a backdoor or credential leakage vector and should be treated as malicious/unacceptable until proven otherwise. At a minimum, remove hard-coded credentials, remove calls to non-configurable external IPs, and ensure authentication is performed only with user-supplied credentials and server-side logic.

This module provides functions that, when invoked, globally disable TLS certificate verification across the process and commonly used HTTP libraries and/or configure system proxy environment variables (including injecting credentials). The code itself does not contain obvious direct exfiltration or backdoor behavior, but it intentionally weakens security in a way that enables serious attacks (MitM, credential leakage). Use of these functions in production or in libraries that run in multi-tenant or user-facing contexts is dangerous. Treat calls to apply_aggressive_ssl_patches(False, ...) and apply_proxy_configuration(...) as high risk and avoid enabling them unless in isolated/test environments. Recommend removing global monkeypatching, avoiding storing credentials in environment variables, and providing scoped/context-managed, reversible behavior if such functionality is required.

Live on pypi for 9 hours and 26 minutes before removal. Socket users were protected even while the package was live.

No evidence of data exfiltration, credential theft, or remote C2 in the shown fragment. However, it contains security-sensitive destructive capabilities: automated temp-directory file deletion based on 'ai-debug'/'mcp' substrings and age, and a forceCleanup()-reachable routine that can terminate processes via shell-driven kill -9 selection from the process table. These behaviors make the dependency high risk for supply-chain safety review and should be gated/opt-in with strict scoping and robust logging/error handling.

The provided fragment is a highly explicit offensive playbook for network poisoning and NTLM credential capture/relay leading to Active Directory compromise. While it is not a code library, it clearly describes malicious behaviors (credential harvesting, forced authentication via poisoning, relay to LDAP/HTTP/MSSQL, and post-exploitation secret dumping). This content presents an extremely high security risk if used or distributed within a software supply chain context. Further review of surrounding repository context would be needed, but based solely on this fragment, it is effectively malicious guidance.

This module contains explicit remote code execution behavior: it runs shell commands received over a datachannel and returns their output. It also exposes session/signature tokens in the signaling connect URL and streams local webcam data. These behaviors together constitute a remote backdoor and serious privacy/security risk. Unless this is intended and protected by out-of-band authorization, the code should be considered malicious/backdoor-capable and not safe to include unreviewed in production.

This code is a compiler/runtime that transforms external/untrusted input (DOM-provided MaiaScript, remote fetched text, local files from CLI, and REPL input) into JavaScript and then executes it immediately (browser via dynamic <script> injection; Node via vm.Script(...).runInThisContext()). It also supports unvalidated file read/write via CLI arguments. These characteristics strongly indicate very high security risk in supply-chain scenarios, unless the embedding application fully controls and authenticates all inputs and isolates execution.

The code contains explicit malicious intent aimed at tampering ClamAV signature sources by redirecting updates to a malicious CDN, creating a high-risk supply-chain/vector for system compromise. This is a backdoor-like behavior that can undermine malware scanning reliability and potentially exfiltrate data or introduce further payloads through trusted software updates. Removal of the malicious targets, validation of update sources, and strict access controls are essential.

This file downloads and executes a remote script from scare[.]su/files/cmd.cmd without user consent or validation. Running untrusted code can facilitate arbitrary code execution, system compromise, and data theft, reflecting clear malicious intent.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

This module does not itself contain hardcoded malware, but it performs highly dangerous operations: it executes untrusted, model-generated Python code with wide access to program globals, filesystem and data. That design creates a remote code execution vector and a high risk of data exposure or system compromise if the LLM output is malicious or compromised. Use only in tightly controlled, sandboxed environments after adding strict execution controls. The code fragment is dangerous due to its execution model rather than demonstrable embedded malware.

Live on pypi for 7 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code fragment contains dangerous patterns (eval of external output, shell execution, environment manipulation) with an apparent syntax bug that would prevent execution in current form. If repaired to handle outputs safely, it still poses significant security risks due to eval and untrusted input. The approach indicates high security risk and potential backdoor-like behavior if used with untrusted envbash/script data. Treat as suspicious and do not rely on it in production without rigorous isolation and input validation.

The script contains explicit destructive operations: it extracts a DB password from settings.py (and exposes it via the mysql CLI), enumerates tables and issues DROP TABLE statements, force-removes migration files from VCS and filesystem, and then runs make targets to reinitialize migrations. This is high-risk for data loss and credential exposure if run unintentionally or in a production environment. There is no evidence of covert data exfiltration or advanced obfuscation; it appears to be a maintenance/sanitization script but is dangerous and should not be run without careful verification of environment and backups.

The package’s package.json defines a preinstall script (“node index.js”) that runs automatically during installation with the user’s privileges. Because index.js is controlled by the package author and may perform arbitrary filesystem and network operations (e.g., data exfiltration, file modification, spawning reverse shells, installing backdoors), this presents a high-severity supply-chain malware threat. The package description and author fields themselves are suspicious (“Malicious calculator package”, author “Attacker”), reinforcing the likelihood of malicious intent.

The package contains a preinstall script that executes automatically upon installation. It uses `curl` to silently send the system's current username and hostname to an external webhook endpoint (`https://webhook[.]site/99033200-7c8a-45fd-90c5-d2df621e2f5f/`). This unauthorized data exfiltration poses a significant security risk.

Live on npm for 3 days, 23 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The provided fragment contains multiple severe security red flags, including explicit hardcoded secret exfiltration to an external analytics endpoint, unsafe pickle deserialization with attacker-influenced retraining and model persistence, potential cross-tenant vector data leakage, unbounded LLM streaming output, and privilege escalation via unsafe mutation of role/admin fields. Treat this fragment as high-risk and do not trust it for production or supply-chain use without removal and provenance verification.

The code contains a malicious or highly undesirable injection: a targeted, time-delayed, persistent routine that disables page interaction and autoplays an externally hosted audio file for Russian-locale/hosted pages. This behavior is out-of-scope for a UI/dialog library and should be treated as a compromise or intentional backdoor. Recommendation: do not use this package version; remove or patch out the conditional block immediately and verify package integrity (check upstream source, verify signatures, compare with official release tags). If this version was pulled from npm/untrusted mirror, obtain clean copy from the official repository and rotate any deployment where this code may have run.

This module contains deliberate data-exfiltration behavior: it sends an externally-supplied token to a hard-coded Telegram bot/chat and archives plus uploads a local 'Accounts' directory to a specific Telegram user, then attempts to delete the archive. Treat as malicious backdoor: remove from systems, investigate for additional compromisation, rotate any potentially leaked credentials, and block the hard-coded bot token/recipient IDs. Forensic recovery of deleted files may be required.

The code contains malicious behavior that steals AWS credentials and exfiltrates them to an external server. When executed in certain contexts (when 'kitten' is present in the stack trace), it retrieves AWS access and secret keys using boto3 and sends them to fabriccc[.]herokuapp[.]com via an HTTP POST request. This behavior constitutes credential theft and poses a significant security risk to AWS accounts and resources.

Live on pypi for 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This code presents significant security risks through its ability to fetch dependency lists from a suspicious internal Jenkins server and automatically install packages. The hardcoded Jenkins URL, automatic installation capabilities, and lack of proper validation create potential vectors for supply chain attacks and unauthorized package installation.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

This file contains code for creating and managing a persistent Windows command shell (cmd.exe) that can execute arbitrary system commands. The code creates daemon threads to continuously monitor shell output, automatically restarts terminated shells, and provides methods to interact with the shell remotely. This appears to be part of a remote access trojan (RAT), as evidenced by other components in the package structure related to webcam access, microphone recording, remote desktop, and screenshot capabilities. This shell component provides the attacker with command execution capabilities on the victim machine.

This script executes a destructive rm -rf on /var/lib/sing-box. It poses a high security risk because it will irreversibly delete data and potentially break services. Without contextual justification (uninstall script run deliberately by an admin) treat it as malicious or at minimum unsafe to run. Recommend blocking or reviewing the intent, preserving backups, and not executing this script in production.

This module contains a high-confidence supply-chain payload pattern: it automatically executes obfuscated OS shell commands during package initialization by building command strings from large hardcoded character slices and passing them to /bin/sh -c and cmd /C. The COM enumeration code appears secondary/decoy relative to the clearly malicious execution behavior. The package should be treated as unsafe and not used or executed until the embedded command strings and runtime behavior are fully reconstructed and sandboxed.