Secure your dependencies. Ship with confidence.

This module contains clear malicious/abusive capabilities: automated sign-in with persistent cookie storage, reCAPTCHA solving, and explicit page defacement via loading and evaluating local deface HTML/JS into visited pages. It also injects JS into all new documents and can run via proxies and headless Chrome. While there is no direct exfiltration call in this fragment, the evaluate/evaluateOnNewDocument sinks combined with loaded JS files and browser networking make it trivial to exfiltrate data or perform further attacks. Treat this package as high risk and avoid use; audit any local data files (jquery_js, override_js, deface_html) and configuration that contains credentials.

This module exhibits multiple high-impact supply-chain behaviors atypical for a passive npm dependency: it auto-installs/upgrades a Python package via system commands, phones home to a third-party telemetry endpoint, and persists a command hook into ~/.claude/settings.json that triggers a daemon/guard process on SessionStart. Although there is no direct JavaScript code injection in this snippet, the combination of host-level install + persistence via another app’s hooks + outbound telemetry presents meaningful security risk and should be reviewed/validated by maintainers and users (especially regarding the hook execution path).

The code contains a highly destructive command to delete all files and directories in the root directory, indicating a significant security risk.

The fragment implements a standard API wrapper to update a user profile by assembling a payload, encrypting it, and sending it to a backend endpoint. While there are no explicit malicious actions detected in isolation, the encrypted payload path and data exfiltration risk hinge on external crypto implementation, endpoint trust, and data handling policies. Improvements should include better readability, explicit key management and crypto details, and stronger input validation to mitigate potential future data integrity issues. Overall, moderate security risk due to data sensitivity and opaque crypto handling, with low malware likelihood.

Live on npm for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The script contains potential security risks due to the use of 'exec' without proper input validation and dynamic construction of commands based on system type. It also exhibits some obfuscation techniques. Further context or analysis within the larger project is needed to determine the actual intent and potential security impact.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 2 days, 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

This file first checks for a “--background” flag and, if absent, respawns itself in the background (subprocess.Popen with stdout/stderr/stdin redirected to DEVNULL and close_fds=True) then exits the parent process—implementing a stealthy daemonization. In the background execution path, it holds a large hardcoded _payload (base64-encoded, zlib-compressed). The code decodes and decompresses this blob at runtime and immediately exec()utes it, allowing arbitrary code execution from an obfuscated source. No integrity checks or transparency measures are provided, and the actual payload behavior (network I/O, backdoor, exfiltration, etc.) is hidden. This pattern presents a severe supply-chain risk and should be treated as confirmed malware until the embedded payload is extracted and analyzed in a secure, isolated environment.

Live on pypi for 120 days, 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk tool that automates creation and system-wide installation of a preload shared library intended to hide or alter process behavior. The combination of templated native code generation, compilation, copying into a privileged library directory, and modification of /etc/ld.so.preload makes it effectively a rootkit installer helper. Treat this package as malicious or potentially malicious unless tpl.c and setDefine are audited and a strong, legitimate use case is documented and controlled. Recommendations: do not run this code as root; audit tpl.c and setDefine thoroughly; remove any installed libprocesshider.so and revert /etc/ld.so.preload if present; treat systems where this ran as compromised until proven otherwise.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This code is a malicious web shell / backdoor. It provides remote code execution (via eval and shell_exec/system/passthru), arbitrary file inclusion and modification (include, readfile, unlink, mkdir, move_uploaded_file), file upload/persistence, and remote network access to a hardcoded domain. It has minimal or no real access control and uses error suppression to stay discreet. Deploying this on a server grants an attacker full control and ability to exfiltrate, modify, or sabotage files. The package should be considered malicious and removed immediately.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code contains potential security risks, including arbitrary code execution through unvalidated script paths and Docker image references. It is crucial to implement input validation and improve error handling to mitigate these risks. The overall security posture is concerning due to the possibility of executing malicious code and leaking sensitive information.

The code is likely performing data exfiltration by sending system-specific information to an external domain via DNS queries. This behavior is indicative of malicious intent.

Live on npm for 2 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The script contains highly dangerous filesystem-deletion commands that will remove almost all files and directories under the current working directory except shell scripts. While there is no network exfiltration or credential theft, these commands can cause severe data loss and are consistent with sabotage or a catastrophic bug in a cleanup step. Treat this script as unsafe to run in a repository root or any directory containing important data; require review and modification to limit scope (e.g., operate only on a designated build directory) and add confirmations or dry-run mode before deletion.

This script modifies the Cypress module by creating an index.js file that exports a module from an absolute path. This could lead to code execution from an untrusted source, posing a security risk.

Live on npm for 3 hours and 22 minutes before removal. Socket users were protected even while the package was live.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This Ruby script reads sensitive local files (/etc/passwd and /etc/resolv.conf), gathers environment details (current working directory, home directory, hostname, username, timestamp), and retrieves the host’s public IP by querying https://api[.]ipify[.]org. It then assembles all collected information into a payload and sends it via HTTPS POST to a hardcoded Discord webhook at https://discord[.]com/api/webhooks/1410258094511882250/fPTbDPbFfrSaOKDwXDfeqfwlKlhdS5tpev8nD7giRFhAldmRpJaGlI6Y5IWqOpdxYNbx. The code suppresses errors silently and includes a note referencing “Successful R_C_E via dependency confusion,” indicating intent to serve as a post-exploit data-exfiltration backdoor. Immediate remediation is required: remove or block this file, rotate any potentially exposed credentials, and audit network logs for calls to the webhook.

The script performs actions that can create a persistent backdoor and weaken host/SSH security: it fetches public keys from GitHub and appends them to authorized_keys for multiple accounts (including root), disables SSH host key verification in the client config, writes suspicious /etc/hosts entries, and adds private keys from disk into the SSH agent. These behaviors are high-risk and likely malicious or at least dangerously insecure for production use. If you did not expect this behavior (adding external GitHub keys, modifying root authorized_keys, changing /etc/hosts), do not run this script and audit callers and the helper scripts it invokes.

This is an OAuth/identity manager implementation for a GIS client that behaves like expected sign-in and token-management logic. However, the code contains deliberate domain substitutions that rewrite recognized ArcGIS domains (maps.arcgis.com, cdn*.arcgis.com, etc.) to geosceneonline.cn variants, and a default postMessage auth endpoint pointing at https://www.geosceneonline.cn/geoscene/sharing/rest. Those replacements are a strong indicator of malicious tampering (supply-chain compromise) intended to redirect OAuth/token traffic and credential exchanges to an external domain. Because the code will send tokens and credentials to those substituted endpoints and can post credentials to other windows, this poses a high security risk. I recommend treating this package as compromised and not using it until the domain substitution is explained and removed or the package is verified from a trusted source.

This module contains clear malicious/abusive capabilities: automated sign-in with persistent cookie storage, reCAPTCHA solving, and explicit page defacement via loading and evaluating local deface HTML/JS into visited pages. It also injects JS into all new documents and can run via proxies and headless Chrome. While there is no direct exfiltration call in this fragment, the evaluate/evaluateOnNewDocument sinks combined with loaded JS files and browser networking make it trivial to exfiltrate data or perform further attacks. Treat this package as high risk and avoid use; audit any local data files (jquery_js, override_js, deface_html) and configuration that contains credentials.

This module exhibits multiple high-impact supply-chain behaviors atypical for a passive npm dependency: it auto-installs/upgrades a Python package via system commands, phones home to a third-party telemetry endpoint, and persists a command hook into ~/.claude/settings.json that triggers a daemon/guard process on SessionStart. Although there is no direct JavaScript code injection in this snippet, the combination of host-level install + persistence via another app’s hooks + outbound telemetry presents meaningful security risk and should be reviewed/validated by maintainers and users (especially regarding the hook execution path).

The code contains a highly destructive command to delete all files and directories in the root directory, indicating a significant security risk.

The fragment implements a standard API wrapper to update a user profile by assembling a payload, encrypting it, and sending it to a backend endpoint. While there are no explicit malicious actions detected in isolation, the encrypted payload path and data exfiltration risk hinge on external crypto implementation, endpoint trust, and data handling policies. Improvements should include better readability, explicit key management and crypto details, and stronger input validation to mitigate potential future data integrity issues. Overall, moderate security risk due to data sensitivity and opaque crypto handling, with low malware likelihood.

Live on npm for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The script contains potential security risks due to the use of 'exec' without proper input validation and dynamic construction of commands based on system type. It also exhibits some obfuscation techniques. Further context or analysis within the larger project is needed to determine the actual intent and potential security impact.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 2 days, 9 hours and 1 minute before removal. Socket users were protected even while the package was live.

This file first checks for a “--background” flag and, if absent, respawns itself in the background (subprocess.Popen with stdout/stderr/stdin redirected to DEVNULL and close_fds=True) then exits the parent process—implementing a stealthy daemonization. In the background execution path, it holds a large hardcoded _payload (base64-encoded, zlib-compressed). The code decodes and decompresses this blob at runtime and immediately exec()utes it, allowing arbitrary code execution from an obfuscated source. No integrity checks or transparency measures are provided, and the actual payload behavior (network I/O, backdoor, exfiltration, etc.) is hidden. This pattern presents a severe supply-chain risk and should be treated as confirmed malware until the embedded payload is extracted and analyzed in a secure, isolated environment.

Live on pypi for 120 days, 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk tool that automates creation and system-wide installation of a preload shared library intended to hide or alter process behavior. The combination of templated native code generation, compilation, copying into a privileged library directory, and modification of /etc/ld.so.preload makes it effectively a rootkit installer helper. Treat this package as malicious or potentially malicious unless tpl.c and setDefine are audited and a strong, legitimate use case is documented and controlled. Recommendations: do not run this code as root; audit tpl.c and setDefine thoroughly; remove any installed libprocesshider.so and revert /etc/ld.so.preload if present; treat systems where this ran as compromised until proven otherwise.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This code is a malicious web shell / backdoor. It provides remote code execution (via eval and shell_exec/system/passthru), arbitrary file inclusion and modification (include, readfile, unlink, mkdir, move_uploaded_file), file upload/persistence, and remote network access to a hardcoded domain. It has minimal or no real access control and uses error suppression to stay discreet. Deploying this on a server grants an attacker full control and ability to exfiltrate, modify, or sabotage files. The package should be considered malicious and removed immediately.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code contains potential security risks, including arbitrary code execution through unvalidated script paths and Docker image references. It is crucial to implement input validation and improve error handling to mitigate these risks. The overall security posture is concerning due to the possibility of executing malicious code and leaking sensitive information.

The code is likely performing data exfiltration by sending system-specific information to an external domain via DNS queries. This behavior is indicative of malicious intent.

Live on npm for 2 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The script contains highly dangerous filesystem-deletion commands that will remove almost all files and directories under the current working directory except shell scripts. While there is no network exfiltration or credential theft, these commands can cause severe data loss and are consistent with sabotage or a catastrophic bug in a cleanup step. Treat this script as unsafe to run in a repository root or any directory containing important data; require review and modification to limit scope (e.g., operate only on a designated build directory) and add confirmations or dry-run mode before deletion.

This script modifies the Cypress module by creating an index.js file that exports a module from an absolute path. This could lead to code execution from an untrusted source, posing a security risk.

Live on npm for 3 hours and 22 minutes before removal. Socket users were protected even while the package was live.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This Ruby script reads sensitive local files (/etc/passwd and /etc/resolv.conf), gathers environment details (current working directory, home directory, hostname, username, timestamp), and retrieves the host’s public IP by querying https://api[.]ipify[.]org. It then assembles all collected information into a payload and sends it via HTTPS POST to a hardcoded Discord webhook at https://discord[.]com/api/webhooks/1410258094511882250/fPTbDPbFfrSaOKDwXDfeqfwlKlhdS5tpev8nD7giRFhAldmRpJaGlI6Y5IWqOpdxYNbx. The code suppresses errors silently and includes a note referencing “Successful R_C_E via dependency confusion,” indicating intent to serve as a post-exploit data-exfiltration backdoor. Immediate remediation is required: remove or block this file, rotate any potentially exposed credentials, and audit network logs for calls to the webhook.

The script performs actions that can create a persistent backdoor and weaken host/SSH security: it fetches public keys from GitHub and appends them to authorized_keys for multiple accounts (including root), disables SSH host key verification in the client config, writes suspicious /etc/hosts entries, and adds private keys from disk into the SSH agent. These behaviors are high-risk and likely malicious or at least dangerously insecure for production use. If you did not expect this behavior (adding external GitHub keys, modifying root authorized_keys, changing /etc/hosts), do not run this script and audit callers and the helper scripts it invokes.

This is an OAuth/identity manager implementation for a GIS client that behaves like expected sign-in and token-management logic. However, the code contains deliberate domain substitutions that rewrite recognized ArcGIS domains (maps.arcgis.com, cdn*.arcgis.com, etc.) to geosceneonline.cn variants, and a default postMessage auth endpoint pointing at https://www.geosceneonline.cn/geoscene/sharing/rest. Those replacements are a strong indicator of malicious tampering (supply-chain compromise) intended to redirect OAuth/token traffic and credential exchanges to an external domain. Because the code will send tokens and credentials to those substituted endpoints and can post credentials to other windows, this poses a high security risk. I recommend treating this package as compromised and not using it until the domain substitution is explained and removed or the package is verified from a trusted source.