Secure your dependencies. Ship with confidence.

The script attempts to connect to a remote server at IP address 192.168.20.38 on port 4444, which is a common technique used for establishing a reverse shell. This poses a significant security risk.

Live on npm for 4 hours and 30 minutes before removal. Socket users were protected even while the package was live.

The module acts as a local HTTP agent/relay that collects user_key and client IPs, calls local services, and regularly posts aggregated 'online_user_list' and related metadata to a hard-coded remote domain using an embedded API key. Even though no interactive shell or destructive code is obvious in the readable portions, the automatic exfiltration behavior (periodic heartbeat plus proxied remote calls) and hard-coded credentials/endpoints are characteristic of a backdoor/telemetry agent. Treat this package as suspicious: do not run in trusted environments until provenance is validated, remote endpoints and the embedded API_KEY are audited, and the garbled/corrupted file content is resolved to a clean source for full review.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This code exhibits high-risk patterns for local inter-process communication, remote payload handling, and OS-level persistence. The combination of untrusted remote payload downloads, UI-driven execution, and automatic protocol/desktop registration constitutes a strong supply-chain and remote-control threat surface. Thorough scrutiny, input validation, integrity verification, and removal or hardening of persistence mechanisms are essential before usage in any environment.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code contains obfuscated parts and dynamically executes code using 'eval', which is a security risk. It fetches content from a suspicious URL and displays it on the document, potentially leading to unauthorized code execution or data leakage. The presence of obfuscation and dynamic execution raises significant security concerns.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This file executes shell commands (e.g., hostname, pwd, whoami) and retrieves the public IP address, then exfiltrates the collected data to 1wy3rk316x8qqy4fyxtvcs4kkbq2es2h[.]oastify[.]com using curl. This unauthorized data exfiltration poses a severe security risk.

The fragment demonstrates aggressive client-side automation and data harvesting for Facebook, leveraging stored tokens to perform GraphQL calls, parse responses, and drive UI actions (friending, reactions, messaging) while persisting data locally. The risk is high due to potential privacy invasion, policy violations, and misuses of tokens/data. This package should be treated as a high-risk extension with potential for data exfiltration and account abuse; rigorous vetting, minimization of data access, explicit user consent, and stricter isolation are required.

The code is heavily obfuscated and involves dynamic execution, which raises suspicion. However, without deobfuscating the code, it's difficult to confirm specific malicious behavior. The primary concern is the obfuscation, which should be investigated further to ensure there is no hidden malicious behavior.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.

The analyzed background.js fragment exhibits invasive data-access patterns (Gmail settings scraping for emails), cross-origin script injections (pageWorld.js into Gmail/Docs), and a remote-proxy data path to cloudHQ, combined with extensive extension control over tabs/windows. While some components may be legitimate for export/formatting flows, the overall pattern indicates privacy and security risks including data leakage, potential command-and-control-style capabilities, and CSP/permission concerns. Elevate caution: treat as high risk, require explicit consent and minimization, audit data flows end-to-end, enforce origin-bound requests, and consider replacing with a trusted, well-audited dependency or forking for restricted functionality.

The code exhibits behaviors typical of a backdoor, including sending system information, executing remote commands, and receiving files. These actions pose significant security risks and align with malicious behavior.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

This module is an LLM-driven orchestrator that exposes powerful actions (shell execution, GitHub repo modifications, working-directory changes) directly to a model without visible safeguards. The file is syntactically incomplete, but the design is high-risk: a compromised model, malicious prompt, or inadvertent instruction could trigger arbitrary command execution, repository tampering, or leakage of secrets via printed tool outputs. There is no direct evidence of embedded malware or obfuscation in this snippet, but running this code as-is (or completing it) in a privileged environment would be unsafe without strict mitigations: sandboxing, credential scoping, human authorization, command allowlists, output redaction, and audit logging.

This action manifest openly declares a malicious purpose to collect and expose GitHub Action security-related data. Even without the runtime code, the metadata describes workflows that will capture arbitrary inputs (including secrets) and print them and/or their encryption keys to logs or outputs — a direct supply-chain and confidentiality threat. Treat this package as malicious: remove from workflows, revoke any tokens/secrets that may have been exposed, and audit runner logs and artifacts for leakage. Do not use or trust this action.

This script implements a high-risk remote-control and telemetry mechanism: it persistently polls /command and eval()s the server response (allowing arbitrary code execution in the page), and it transmits event data to /event (potential data exfiltration). Without strict access controls, code signing, or explicit user consent, this is effectively a backdoor and poses a significant security risk. Treat as malicious/untrusted in most supply-chain contexts; remove or replace eval-based execution with a safe, authenticated command dispatch mechanism and restrict/ sanitize any telemetry sent to the server.

This code exhibits characteristics of potentially malicious browser extension behavior, including communication with a suspicious domain that appears to impersonate WhatsApp services, automatic downloading of unverified content, and use of Chrome extension APIs for tracking. The lack of security validation and the suspicious domain name raise significant security concerns.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The fragment implements a hidden command interception/instrumentation hook that leverages dynamic evaluation and external otel.sh sourcing. While instrumentation can be legitimate for observability, the combination of dynamic eval, environment-driven control, and aliasing BusyBox indicates a strong potential for covert data collection, command manipulation, or backdoor-like behavior. Treat as a supply-chain risk unless there is strong assurance of trusted, auditable tooling and strict access controls in the deployment environment.

The code fragment exhibits strong indicators of data collection and exfiltration with persistent, cookie-driven authentication, header interception, and extensive telemetry ingestion to remote endpoints. While some components could be legitimate analytics, the combination of chrome-extension capabilities, credential-like token handling, heavy crypto usage for obfuscation, and dynamic remote configuration constitutes a high-risk surface for privacy leakage and potential supply-chain abuse. Treat as high risk; require formal code review, enforce explicit user consent and data minimization, remove hard-coded sensitive tokens, and limit header interception to necessary functionality with transparent disclosure.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This code implements aggressive anti-debugging and anti-analysis techniques by forcibly terminating processes related to debugging and reverse engineering tools and aborting if a debugger is detected. While it does not perform data theft or network communication, its hostile behavior to security tools and users is a significant security risk. The code is clear and not obfuscated but should be considered malicious or at least highly suspicious due to its interference with security and debugging tools.

Live on npm for 10 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This code is malicious software designed to steal Facebook user IDs by accessing authentication cookies and copying them to clipboard without user consent. It represents clear data theft and privacy violation.

The script attempts to connect to a remote server at IP address 192.168.20.38 on port 4444, which is a common technique used for establishing a reverse shell. This poses a significant security risk.

Live on npm for 4 hours and 30 minutes before removal. Socket users were protected even while the package was live.

The module acts as a local HTTP agent/relay that collects user_key and client IPs, calls local services, and regularly posts aggregated 'online_user_list' and related metadata to a hard-coded remote domain using an embedded API key. Even though no interactive shell or destructive code is obvious in the readable portions, the automatic exfiltration behavior (periodic heartbeat plus proxied remote calls) and hard-coded credentials/endpoints are characteristic of a backdoor/telemetry agent. Treat this package as suspicious: do not run in trusted environments until provenance is validated, remote endpoints and the embedded API_KEY are audited, and the garbled/corrupted file content is resolved to a clean source for full review.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This code exhibits high-risk patterns for local inter-process communication, remote payload handling, and OS-level persistence. The combination of untrusted remote payload downloads, UI-driven execution, and automatic protocol/desktop registration constitutes a strong supply-chain and remote-control threat surface. Thorough scrutiny, input validation, integrity verification, and removal or hardening of persistence mechanisms are essential before usage in any environment.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code contains obfuscated parts and dynamically executes code using 'eval', which is a security risk. It fetches content from a suspicious URL and displays it on the document, potentially leading to unauthorized code execution or data leakage. The presence of obfuscation and dynamic execution raises significant security concerns.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This file executes shell commands (e.g., hostname, pwd, whoami) and retrieves the public IP address, then exfiltrates the collected data to 1wy3rk316x8qqy4fyxtvcs4kkbq2es2h[.]oastify[.]com using curl. This unauthorized data exfiltration poses a severe security risk.

The fragment demonstrates aggressive client-side automation and data harvesting for Facebook, leveraging stored tokens to perform GraphQL calls, parse responses, and drive UI actions (friending, reactions, messaging) while persisting data locally. The risk is high due to potential privacy invasion, policy violations, and misuses of tokens/data. This package should be treated as a high-risk extension with potential for data exfiltration and account abuse; rigorous vetting, minimization of data access, explicit user consent, and stricter isolation are required.

The code is heavily obfuscated and involves dynamic execution, which raises suspicion. However, without deobfuscating the code, it's difficult to confirm specific malicious behavior. The primary concern is the obfuscation, which should be investigated further to ensure there is no hidden malicious behavior.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.

The analyzed background.js fragment exhibits invasive data-access patterns (Gmail settings scraping for emails), cross-origin script injections (pageWorld.js into Gmail/Docs), and a remote-proxy data path to cloudHQ, combined with extensive extension control over tabs/windows. While some components may be legitimate for export/formatting flows, the overall pattern indicates privacy and security risks including data leakage, potential command-and-control-style capabilities, and CSP/permission concerns. Elevate caution: treat as high risk, require explicit consent and minimization, audit data flows end-to-end, enforce origin-bound requests, and consider replacing with a trusted, well-audited dependency or forking for restricted functionality.

The code exhibits behaviors typical of a backdoor, including sending system information, executing remote commands, and receiving files. These actions pose significant security risks and align with malicious behavior.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

This module is an LLM-driven orchestrator that exposes powerful actions (shell execution, GitHub repo modifications, working-directory changes) directly to a model without visible safeguards. The file is syntactically incomplete, but the design is high-risk: a compromised model, malicious prompt, or inadvertent instruction could trigger arbitrary command execution, repository tampering, or leakage of secrets via printed tool outputs. There is no direct evidence of embedded malware or obfuscation in this snippet, but running this code as-is (or completing it) in a privileged environment would be unsafe without strict mitigations: sandboxing, credential scoping, human authorization, command allowlists, output redaction, and audit logging.

This action manifest openly declares a malicious purpose to collect and expose GitHub Action security-related data. Even without the runtime code, the metadata describes workflows that will capture arbitrary inputs (including secrets) and print them and/or their encryption keys to logs or outputs — a direct supply-chain and confidentiality threat. Treat this package as malicious: remove from workflows, revoke any tokens/secrets that may have been exposed, and audit runner logs and artifacts for leakage. Do not use or trust this action.

This script implements a high-risk remote-control and telemetry mechanism: it persistently polls /command and eval()s the server response (allowing arbitrary code execution in the page), and it transmits event data to /event (potential data exfiltration). Without strict access controls, code signing, or explicit user consent, this is effectively a backdoor and poses a significant security risk. Treat as malicious/untrusted in most supply-chain contexts; remove or replace eval-based execution with a safe, authenticated command dispatch mechanism and restrict/ sanitize any telemetry sent to the server.

This code exhibits characteristics of potentially malicious browser extension behavior, including communication with a suspicious domain that appears to impersonate WhatsApp services, automatic downloading of unverified content, and use of Chrome extension APIs for tracking. The lack of security validation and the suspicious domain name raise significant security concerns.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The fragment implements a hidden command interception/instrumentation hook that leverages dynamic evaluation and external otel.sh sourcing. While instrumentation can be legitimate for observability, the combination of dynamic eval, environment-driven control, and aliasing BusyBox indicates a strong potential for covert data collection, command manipulation, or backdoor-like behavior. Treat as a supply-chain risk unless there is strong assurance of trusted, auditable tooling and strict access controls in the deployment environment.

The code fragment exhibits strong indicators of data collection and exfiltration with persistent, cookie-driven authentication, header interception, and extensive telemetry ingestion to remote endpoints. While some components could be legitimate analytics, the combination of chrome-extension capabilities, credential-like token handling, heavy crypto usage for obfuscation, and dynamic remote configuration constitutes a high-risk surface for privacy leakage and potential supply-chain abuse. Treat as high risk; require formal code review, enforce explicit user consent and data minimization, remove hard-coded sensitive tokens, and limit header interception to necessary functionality with transparent disclosure.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This code implements aggressive anti-debugging and anti-analysis techniques by forcibly terminating processes related to debugging and reverse engineering tools and aborting if a debugger is detected. While it does not perform data theft or network communication, its hostile behavior to security tools and users is a significant security risk. The code is clear and not obfuscated but should be considered malicious or at least highly suspicious due to its interference with security and debugging tools.

Live on npm for 10 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This code is malicious software designed to steal Facebook user IDs by accessing authentication cookies and copying them to clipboard without user consent. It represents clear data theft and privacy violation.