Secure your dependencies. Ship with confidence.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 1 day, 18 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module is a facilitator for collecting repository files, attachments, image data, crawl logs, and other context and sending them wholesale to an external AI gateway (self.ai.arch_stream_prompt). I find no direct signs of intentionally malicious code (no remote shells, no obfuscated payloads, no command execution). However, it exhibits a high risk of sensitive-data exposure: it reads and appends full file contents and image data into prompts and instructs inclusion of API keys if provided. If used in a repository that contains secrets, private keys, credentials, or proprietary data, those will likely be transmitted to the external AI service. Recommended mitigations before use: add explicit redaction/whitelisting of safe file types and paths, avoid automatic inclusion of API keys/private files, confirm the trustworthiness and access controls of the AI gateway, and log minimally. Treat as non-malicious but high-risk for data exfiltration.

Live on pypi for 5 days, 3 hours and 46 minutes before removal. Socket users were protected even while the package was live.

The code contains a suspicious data exfiltration vector embedded in setConfig() that leaks the hosting page URL (host) to an external domain via an image request over HTTP. While the rest of the code is a typical reCAPTCHA v3 integration, this exfiltration mechanism represents a potential privacy and supply-chain risk, potentially enabling tracking or data leakage without user consent. Given the presence of this beacon-like behavior, the package warrants caution and further scrutiny before use in production, especially in privacy-sensitive environments.

The code is a legitimate developer utility but contains multiple high-risk patterns: exec()/eval() on command-line input and constructing shell commands from unsanitized argv. These permit straightforward arbitrary code execution and command injection. Not malware in intent, but dangerous to run with untrusted inputs. Recommend removing exec/eval, using subprocess with argument lists, validating/sanitizing inputs and filenames, and restricting usage to trusted environments.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

High risk. The postinstall script executes a local shell script (./run.sh) which could perform arbitrary and malicious actions. The presence of a dependency named 'child_process' is suspicious because it shadows a Node core module and may indicate an attempt to force-install malicious code. Inspect ./run.sh and remove or sandbox the package before running npm install; do not trust this package without reviewing the script and the child_process dependency source.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 56 days, 12 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

The code masquerades as a legitimate Vite SSL plugin but contains a malicious reverse shell payload. Despite its seemingly innocent plugin functionality for SSL certificate management, it includes a covert background process that establishes a persistent TCP connection to a hardcoded IP address (192.168.20.145:5432). The code spawns a system shell (cmd.exe on Windows, /bin/sh on Unix) and pipes its input/output to the remote connection. The malicious connection automatically attempts to reconnect every 5 seconds if disconnected, indicating persistent backdoor behavior. While not heavily obfuscated, the malware disguises itself as a legitimate development tool to avoid detection.

This is a clear reverse-shell backdoor: it connects to 192.168.45.75:4444, redirects standard IO to the socket and spawns /bin/sh, granting an external actor interactive control. Treat as high-severity malicious code. If found in a repository or host, remove/quarantine, inspect for other indicators of compromise, and investigate origin and execution history. Note: the snippet contains a syntax error in the exception print which would prevent execution as shown; if fixed the behavior is high-risk and malicious.

This code is intentionally malicious/offensive: it automates exploitation of race conditions to cause duplicate state changes (double-spend/duplicate redemption), deploys a PHP webshell enabling remote command execution, and automates exfiltration of sensitive files. Treat as exploit tooling/backdoor; do not run against systems unless under an explicit, authorized engagement. If found in a codebase unexpectedly, remove and investigate source of inclusion and any credential exposure.

This module automates downloading, silently installing, and launching Chrome Remote Desktop with a hard-coded OAuth code and reports progress to a Telegram bot. The combination of hard-coded credentials (AUTH_CODE), silent installation via PowerShell bypass, attempts to escalate/run elevated, and exfiltration of host information via Telegram are strongly indicative of malicious/unwanted remote access/backdoor behavior. This should be treated as a high-risk supply-chain/backdoor component and not run on machines you do not fully control or consent to being remotely accessed.

The snippet strongly indicates a data exfiltration/backdoor intent: a server-generated page embeds a payload that could leak sensitive local data to an attacker-controlled domain. Immediate remediation is required: remove the exfiltration path, avoid embedding sensitive file access patterns in templates, implement strict content security policy, audit server templates for unintended file access, and validate any dynamic payloads before delivery.

The script is attempting to send sensitive information (the contents of '/etc/passwd') to a remote server, indicating malicious behavior and a high security risk.

Live on npm for 31 days, 8 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The code performs a synchronous local probe for pnpm and transmits the result to a third-party callback domain during module load, silently suppressing errors. This is a covert telemetry/exfiltration pattern and is suspicious in a dependency: it will run whenever the package is required, without user consent. Treat this as malicious/undesired telemetry; remove the code, block network requests, or avoid using the package until intent and provenance are verified. If this is present in a published package, consider it a supply-chain risk.

This module uses deliberate obfuscation (base64 + zlib) and exec to run hidden code, which is a strong malicious/anti-review pattern. Treat the package as high-risk: do not execute it in production or trusted environments. Before allowing use, extract and audit the decompressed payload in an isolated sandbox and require provenance (upstream source, signed release). If you cannot obtain and verify the inner source, remove or block this dependency.

Live on pypi for 2 days and 22 hours before removal. Socket users were protected even while the package was live.

This module is overtly destructive: it intentionally corrupts every .zip file in a user-supplied directory by truncating and writing junk data. There is no benign archive processing logic, no safety gates, and error handling can silently suppress failures. If included in a build or distribution pipeline, it represents a high-confidence supply-chain sabotage risk to artifact integrity/availability.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code embeds hardcoded RSA private key material within the JWKS (d, p, q, dp, dq, qi, n, e), which is an extreme security risk. If this configuration is used in production, tokens could be forged or signed with compromised keys, and sensitive data could leak via logs. This is a critical supply-chain/security defect requiring removal of embedded keys and adoption of secure key management practices (external secret management, environment-based injection, and sanitized logging).

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Live on npm for 1 day, 18 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module is a facilitator for collecting repository files, attachments, image data, crawl logs, and other context and sending them wholesale to an external AI gateway (self.ai.arch_stream_prompt). I find no direct signs of intentionally malicious code (no remote shells, no obfuscated payloads, no command execution). However, it exhibits a high risk of sensitive-data exposure: it reads and appends full file contents and image data into prompts and instructs inclusion of API keys if provided. If used in a repository that contains secrets, private keys, credentials, or proprietary data, those will likely be transmitted to the external AI service. Recommended mitigations before use: add explicit redaction/whitelisting of safe file types and paths, avoid automatic inclusion of API keys/private files, confirm the trustworthiness and access controls of the AI gateway, and log minimally. Treat as non-malicious but high-risk for data exfiltration.

Live on pypi for 5 days, 3 hours and 46 minutes before removal. Socket users were protected even while the package was live.

The code contains a suspicious data exfiltration vector embedded in setConfig() that leaks the hosting page URL (host) to an external domain via an image request over HTTP. While the rest of the code is a typical reCAPTCHA v3 integration, this exfiltration mechanism represents a potential privacy and supply-chain risk, potentially enabling tracking or data leakage without user consent. Given the presence of this beacon-like behavior, the package warrants caution and further scrutiny before use in production, especially in privacy-sensitive environments.

The code is a legitimate developer utility but contains multiple high-risk patterns: exec()/eval() on command-line input and constructing shell commands from unsanitized argv. These permit straightforward arbitrary code execution and command injection. Not malware in intent, but dangerous to run with untrusted inputs. Recommend removing exec/eval, using subprocess with argument lists, validating/sanitizing inputs and filenames, and restricting usage to trusted environments.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

High risk. The postinstall script executes a local shell script (./run.sh) which could perform arbitrary and malicious actions. The presence of a dependency named 'child_process' is suspicious because it shadows a Node core module and may indicate an attempt to force-install malicious code. Inspect ./run.sh and remove or sandbox the package before running npm install; do not trust this package without reviewing the script and the child_process dependency source.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 56 days, 12 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

The code masquerades as a legitimate Vite SSL plugin but contains a malicious reverse shell payload. Despite its seemingly innocent plugin functionality for SSL certificate management, it includes a covert background process that establishes a persistent TCP connection to a hardcoded IP address (192.168.20.145:5432). The code spawns a system shell (cmd.exe on Windows, /bin/sh on Unix) and pipes its input/output to the remote connection. The malicious connection automatically attempts to reconnect every 5 seconds if disconnected, indicating persistent backdoor behavior. While not heavily obfuscated, the malware disguises itself as a legitimate development tool to avoid detection.

This is a clear reverse-shell backdoor: it connects to 192.168.45.75:4444, redirects standard IO to the socket and spawns /bin/sh, granting an external actor interactive control. Treat as high-severity malicious code. If found in a repository or host, remove/quarantine, inspect for other indicators of compromise, and investigate origin and execution history. Note: the snippet contains a syntax error in the exception print which would prevent execution as shown; if fixed the behavior is high-risk and malicious.

This code is intentionally malicious/offensive: it automates exploitation of race conditions to cause duplicate state changes (double-spend/duplicate redemption), deploys a PHP webshell enabling remote command execution, and automates exfiltration of sensitive files. Treat as exploit tooling/backdoor; do not run against systems unless under an explicit, authorized engagement. If found in a codebase unexpectedly, remove and investigate source of inclusion and any credential exposure.

This module automates downloading, silently installing, and launching Chrome Remote Desktop with a hard-coded OAuth code and reports progress to a Telegram bot. The combination of hard-coded credentials (AUTH_CODE), silent installation via PowerShell bypass, attempts to escalate/run elevated, and exfiltration of host information via Telegram are strongly indicative of malicious/unwanted remote access/backdoor behavior. This should be treated as a high-risk supply-chain/backdoor component and not run on machines you do not fully control or consent to being remotely accessed.

The snippet strongly indicates a data exfiltration/backdoor intent: a server-generated page embeds a payload that could leak sensitive local data to an attacker-controlled domain. Immediate remediation is required: remove the exfiltration path, avoid embedding sensitive file access patterns in templates, implement strict content security policy, audit server templates for unintended file access, and validate any dynamic payloads before delivery.

The script is attempting to send sensitive information (the contents of '/etc/passwd') to a remote server, indicating malicious behavior and a high security risk.

Live on npm for 31 days, 8 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The code performs a synchronous local probe for pnpm and transmits the result to a third-party callback domain during module load, silently suppressing errors. This is a covert telemetry/exfiltration pattern and is suspicious in a dependency: it will run whenever the package is required, without user consent. Treat this as malicious/undesired telemetry; remove the code, block network requests, or avoid using the package until intent and provenance are verified. If this is present in a published package, consider it a supply-chain risk.

This module uses deliberate obfuscation (base64 + zlib) and exec to run hidden code, which is a strong malicious/anti-review pattern. Treat the package as high-risk: do not execute it in production or trusted environments. Before allowing use, extract and audit the decompressed payload in an isolated sandbox and require provenance (upstream source, signed release). If you cannot obtain and verify the inner source, remove or block this dependency.

Live on pypi for 2 days and 22 hours before removal. Socket users were protected even while the package was live.

This module is overtly destructive: it intentionally corrupts every .zip file in a user-supplied directory by truncating and writing junk data. There is no benign archive processing logic, no safety gates, and error handling can silently suppress failures. If included in a build or distribution pipeline, it represents a high-confidence supply-chain sabotage risk to artifact integrity/availability.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code embeds hardcoded RSA private key material within the JWKS (d, p, q, dp, dq, qi, n, e), which is an extreme security risk. If this configuration is used in production, tokens could be forged or signed with compromised keys, and sensitive data could leak via logs. This is a critical supply-chain/security defect requiring removal of embedded keys and adoption of secure key management practices (external secret management, environment-based injection, and sanitized logging).