Secure your dependencies. Ship with confidence.

The package executes a local Node script during installation (pre-install.js) and another on uninstall (uninstall.js). Without inspecting those script files, this is potentially dangerous because install-time scripts can perform data exfiltration, create backdoors, modify the filesystem, register services, install git hooks, or otherwise compromise the host. Review the contents of pre-install.js and uninstall.js before installing or run installation in a controlled environment.

This script executes a destructive rm -rf on /var/lib/sing-box. It poses a high security risk because it will irreversibly delete data and potentially break services. Without contextual justification (uninstall script run deliberately by an admin) treat it as malicious or at minimum unsafe to run. Recommend blocking or reviewing the intent, preserving backups, and not executing this script in production.

This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.

This script performs an explicit, high-impact destructive operation: it replaces cilium-related images in a target registry with busybox by tagging and pushing. It lacks input validation, safeguards, logging, and does not verify intent or authorization. In contexts where it can be run with registry push credentials (e.g., CI/CD runners, developer machines), it represents a severe supply-chain sabotage risk and should be treated as malicious/untrusted unless its use is tightly controlled and authorized. Remove from automation or add strict validation, authentication checks, confirmation, and non-destructive alternatives (e.g., using registry lifecycle APIs with auditability).

This code is a high-confidence malicious/backdoor-style payload: it exposes a Node.js REPL over the network on a fixed port (1337) without authentication, wiring remote socket I/O directly into the REPL and injecting the live socket into the REPL context. A remote party can interactively execute JavaScript in the server process, satisfying remote code execution/backdoor characteristics.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The module performs many dangerous operations: arbitrary shell command execution, network actions (pip/twine), writes hardcoded credentials to /root/.pypirc, self-modifies its own source file, and appends data to a stdlib module file (os.path), registered to run at exit. Those behaviors are consistent with supply-chain sabotage or an unauthorized persistence mechanism. Treat this code as malicious/untrusted. Do not run it in production or on trusted hosts; review any systems it has run on for compromised files (especially modified stdlib files and uploaded packages).

This script is a purpose-built exploit utility for php-fpm (FastCGI) servers. It crafts raw FastCGI records that set PHP configuration to load arbitrary native extensions and provides encodings (gopher:// SSRF, base64) to deliver these records to localhost services. It also manipulates extension binaries in-memory to inject a payload string at hardcoded offsets. These behaviors are malicious and intended to achieve remote code execution via SSRF or other local delivery mechanisms. This package should be considered dangerous and used only in controlled, authorized testing environments; it is not safe for general use.

The source code exhibits malicious behavior by collecting and transmitting sensitive system information to a remote server without user consent. This poses a significant security risk.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

This module is an obfuscated loader that decodes and immediately execs a hidden payload. That pattern is a strong supply-chain/malware indicator because it conceals runtime behavior and grants the payload full execution privileges. Do not import or run this code in any environment with sensitive data or network access. Decode the embedded payload in an isolated environment and perform a full code review and behavioral analysis (network, file, subprocess activity) before trusting or using this package.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This package runs a postinstall Node script which can execute arbitrary code during installation and uses non-registry "link:../" devDependencies plus multiple occurrences of the same dependencies across dependency sections (mongodb, jsonwebtoken, mongodb-memory-server). Those characteristics match the critical dependency rules and represent a significant supply-chain risk. At minimum, inspect the linked local packages and the postinstall script's contents before trusting this package. If this package was published from a monorepo, ensure the linked refs were resolved to registry versions in the published artifact and verify the postinstall script is benign.

This installer writes the user-supplied Claude/Anthropic API key into ~/.claude/settings.json and sets ANTHROPIC_BASE_URL to http://server[.]sc2025[.]xyz:9088 – a non-official, unencrypted endpoint. Any subsequent Anthropic client commands will send the API key and request traffic to that host, enabling credential theft and telemetry capture. The script also silently deletes existing ~/.claude and legacy ~/.claude.json backups without user consent, and executes chown via execSync to change ownership when run under sudo. Treat this code as malicious: do not run it, remove any created config files, and rotate your API key immediately.

The code is a Node.js server that serves local files and directories and interacts with an external web service by sending username and password credentials along with data. While no direct malware or obfuscation is detected, the code poses moderate to high security risks due to lack of authentication, potential for unauthorized filesystem access, and sending sensitive credentials to an external domain without clear user consent or validation. Caution is advised when using this code, especially in production or public environments.

Live on npm for 5 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This module exposes an extremely high-risk remote control surface: it can spawn an interactive shell (PTY with fallback), accept client-provided base64 input to that shell, and stream the resulting output back to the client over WebSocket—creating a bidirectional remote command execution channel. It also exposes PM2 administrative operations and log retrieval/flush using client-controlled parameters. If strong authorization and auditing are not enforced elsewhere, this is consistent with backdoor/RCE capability and represents a severe supply-chain security concern.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module provides powerful remote-control features over SSH: arbitrary command execution, a live interactive shell, and SFTP file transfer, all driven by external inputs. The most significant anomaly is freeze_device(), which deliberately runs a remote infinite busy-loop process in the background, consistent with denial-of-service/sabotage capability. AutoAddPolicy further increases risk by weakening host authenticity (MITM exposure). Overall, the code presents a high security risk in a software supply-chain context because it implements direct mechanisms for disruptive remote execution and file operations.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is a high-impact remote agent that exposes arbitrary filesystem reading/listing, shell command execution, and grep-based searching over a WebSocket RPC channel. Tool parameters are taken directly from remote messages and executed via fs.* and child_process.execSync with no authorization or sanitization in this file. Results are sent back over the network, enabling both remote compromise and data exfiltration if the remote bridge/authentication/transport is not strictly protected.

This file is high-risk: it deliberately hides executable code in a compressed/base64 blob and exec()s it with no validation. That pattern is commonly used to conceal malicious behavior in supply-chain attacks. Treat the package as untrusted until the embedded payload is decoded and thoroughly audited in an isolated environment. Do not import or run this module in production or on any host with sensitive data until analysis completes.

The primary security concerns in this code are the use of the eval function and dynamic module loading, both of which can introduce significant vulnerabilities if not properly controlled. The eval function, in particular, can lead to remote code execution if an attacker can influence its input. These issues contribute to a high security risk score.

Live on npm for 10 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The package executes a local Node script during installation (pre-install.js) and another on uninstall (uninstall.js). Without inspecting those script files, this is potentially dangerous because install-time scripts can perform data exfiltration, create backdoors, modify the filesystem, register services, install git hooks, or otherwise compromise the host. Review the contents of pre-install.js and uninstall.js before installing or run installation in a controlled environment.

This script executes a destructive rm -rf on /var/lib/sing-box. It poses a high security risk because it will irreversibly delete data and potentially break services. Without contextual justification (uninstall script run deliberately by an admin) treat it as malicious or at minimum unsafe to run. Recommend blocking or reviewing the intent, preserving backups, and not executing this script in production.

This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.

This script performs an explicit, high-impact destructive operation: it replaces cilium-related images in a target registry with busybox by tagging and pushing. It lacks input validation, safeguards, logging, and does not verify intent or authorization. In contexts where it can be run with registry push credentials (e.g., CI/CD runners, developer machines), it represents a severe supply-chain sabotage risk and should be treated as malicious/untrusted unless its use is tightly controlled and authorized. Remove from automation or add strict validation, authentication checks, confirmation, and non-destructive alternatives (e.g., using registry lifecycle APIs with auditability).

This code is a high-confidence malicious/backdoor-style payload: it exposes a Node.js REPL over the network on a fixed port (1337) without authentication, wiring remote socket I/O directly into the REPL and injecting the live socket into the REPL context. A remote party can interactively execute JavaScript in the server process, satisfying remote code execution/backdoor characteristics.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The module performs many dangerous operations: arbitrary shell command execution, network actions (pip/twine), writes hardcoded credentials to /root/.pypirc, self-modifies its own source file, and appends data to a stdlib module file (os.path), registered to run at exit. Those behaviors are consistent with supply-chain sabotage or an unauthorized persistence mechanism. Treat this code as malicious/untrusted. Do not run it in production or on trusted hosts; review any systems it has run on for compromised files (especially modified stdlib files and uploaded packages).

This script is a purpose-built exploit utility for php-fpm (FastCGI) servers. It crafts raw FastCGI records that set PHP configuration to load arbitrary native extensions and provides encodings (gopher:// SSRF, base64) to deliver these records to localhost services. It also manipulates extension binaries in-memory to inject a payload string at hardcoded offsets. These behaviors are malicious and intended to achieve remote code execution via SSRF or other local delivery mechanisms. This package should be considered dangerous and used only in controlled, authorized testing environments; it is not safe for general use.

The source code exhibits malicious behavior by collecting and transmitting sensitive system information to a remote server without user consent. This poses a significant security risk.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

This module is an obfuscated loader that decodes and immediately execs a hidden payload. That pattern is a strong supply-chain/malware indicator because it conceals runtime behavior and grants the payload full execution privileges. Do not import or run this code in any environment with sensitive data or network access. Decode the embedded payload in an isolated environment and perform a full code review and behavioral analysis (network, file, subprocess activity) before trusting or using this package.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This package runs a postinstall Node script which can execute arbitrary code during installation and uses non-registry "link:../" devDependencies plus multiple occurrences of the same dependencies across dependency sections (mongodb, jsonwebtoken, mongodb-memory-server). Those characteristics match the critical dependency rules and represent a significant supply-chain risk. At minimum, inspect the linked local packages and the postinstall script's contents before trusting this package. If this package was published from a monorepo, ensure the linked refs were resolved to registry versions in the published artifact and verify the postinstall script is benign.

This installer writes the user-supplied Claude/Anthropic API key into ~/.claude/settings.json and sets ANTHROPIC_BASE_URL to http://server[.]sc2025[.]xyz:9088 – a non-official, unencrypted endpoint. Any subsequent Anthropic client commands will send the API key and request traffic to that host, enabling credential theft and telemetry capture. The script also silently deletes existing ~/.claude and legacy ~/.claude.json backups without user consent, and executes chown via execSync to change ownership when run under sudo. Treat this code as malicious: do not run it, remove any created config files, and rotate your API key immediately.

The code is a Node.js server that serves local files and directories and interacts with an external web service by sending username and password credentials along with data. While no direct malware or obfuscation is detected, the code poses moderate to high security risks due to lack of authentication, potential for unauthorized filesystem access, and sending sensitive credentials to an external domain without clear user consent or validation. Caution is advised when using this code, especially in production or public environments.

Live on npm for 5 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This module exposes an extremely high-risk remote control surface: it can spawn an interactive shell (PTY with fallback), accept client-provided base64 input to that shell, and stream the resulting output back to the client over WebSocket—creating a bidirectional remote command execution channel. It also exposes PM2 administrative operations and log retrieval/flush using client-controlled parameters. If strong authorization and auditing are not enforced elsewhere, this is consistent with backdoor/RCE capability and represents a severe supply-chain security concern.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module provides powerful remote-control features over SSH: arbitrary command execution, a live interactive shell, and SFTP file transfer, all driven by external inputs. The most significant anomaly is freeze_device(), which deliberately runs a remote infinite busy-loop process in the background, consistent with denial-of-service/sabotage capability. AutoAddPolicy further increases risk by weakening host authenticity (MITM exposure). Overall, the code presents a high security risk in a software supply-chain context because it implements direct mechanisms for disruptive remote execution and file operations.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is a high-impact remote agent that exposes arbitrary filesystem reading/listing, shell command execution, and grep-based searching over a WebSocket RPC channel. Tool parameters are taken directly from remote messages and executed via fs.* and child_process.execSync with no authorization or sanitization in this file. Results are sent back over the network, enabling both remote compromise and data exfiltration if the remote bridge/authentication/transport is not strictly protected.

This file is high-risk: it deliberately hides executable code in a compressed/base64 blob and exec()s it with no validation. That pattern is commonly used to conceal malicious behavior in supply-chain attacks. Treat the package as untrusted until the embedded payload is decoded and thoroughly audited in an isolated environment. Do not import or run this module in production or on any host with sensitive data until analysis completes.

The primary security concerns in this code are the use of the eval function and dynamic module loading, both of which can introduce significant vulnerabilities if not properly controlled. The eval function, in particular, can lead to remote code execution if an attacker can influence its input. These issues contribute to a high security risk score.

Live on npm for 10 hours and 4 minutes before removal. Socket users were protected even while the package was live.