Secure your dependencies. Ship with confidence.

This module defines a small obfuscated function that hex-decodes strings to build and invoke require('axios').post. It sends a complete copy of process.env to https://ip-ap-check[.]vercel[.]app/api/ip-check/208 (with header 'x-secret-header: secret'), then calls eval() on the server’s response. This enables full environment data exfiltration and arbitrary remote code execution—a classic supply-chain backdoor. Remove immediately, rotate any exposed credentials, and investigate all affected systems.

This assembly contains a heavily obfuscated runtime loader/engine that decrypts an embedded payload and writes it into native executable memory, manipulates method/native entry points and uses Windows native APIs (VirtualAlloc, VirtualProtect, OpenProcess, WriteProcessMemory) to place and execute code in process memory (and possibly other processes). It also contains a date-based check that throws an exception after a cutoff, indicating time-limited behavior. These are strong indicators of malicious/supply-chain loader behavior (memory-only loader / in-memory code injection). The DB helper types appear stubbed and likely serve as camouflage. I recommend treating this package as malicious and not using it; perform full forensic review and remove from build pipelines.

This validator executes untrusted generated code by writing it to a temporary file and importing it (exec_module) in-process. Although it performs AST-based checks for some dangerous patterns, those checks are incomplete and can be bypassed (attribute calls, aliases, dynamic constructs). Running exec_module on untrusted code without sandboxing, strict static validation, time/resource limits, or isolation allows arbitrary code execution, data exfiltration, credential access, launching subprocesses, or other persistence/side-effect attacks. The validator itself does not appear to contain malware, but its design poses a high security risk if used on untrusted inputs. Recommendations: do not import/execute untrusted code in-process; perform stronger static analysis, use a sandboxed execution environment (separate process/container with minimal privileges and time/resource limits), and tighten detection logic (handle attribute calls, aliasing, dynamic imports).

This module is a high-confidence reverse shell payload generator. It establishes an outbound TCP connection to a configured host/port, routes the socket to standard I/O, and executes commands received from the network via system($1) with no apparent validation. While it is delivered as a generated Perl string within a Python framework, the embedded behavior is directly malicious/backdoor-style.

This file sets up a rogue MySQL server intended to exploit the LOAD DATA LOCAL INFILE feature, enabling the unauthorized reading of arbitrary files from connecting clients. By default, it targets sensitive system files (e.g., /etc/passwd) and can be configured to store or log retrieved data, including user credentials and other sensitive information. Malicious actors could host it on a server at a domain such as rogue-server[.]example[.]com to exfiltrate private user data from unsuspecting or misconfigured MySQL clients. The code clearly demonstrates malicious intent rather than merely exposing a vulnerability.

This source file cleanly implements command dispatch to a remote implant plus handling for results: printing, local saving, and exfiltration (loot). There are no signs of obfuscation, hard-coded secrets, or covert backdoors within this file. However, the functionality is inherently dangerous: it enables arbitrary remote command execution and export of remote output to a collector. As part of Sliver (an offensive C2 framework) this is expected behavior; in a general-purpose project this would be a severe supply-chain risk. Review and use should be limited to authorized red-team scenarios and audited deployments.

The codebase exhibits legitimate UI and form submission utilities but is compromised by a strong anomaly: an obfuscated eval block capable of decoding and executing hidden payloads at runtime, combined with dynamic evaluation of server responses via evalScripts/globalEval. This creates a credible risk of remote code execution, data exfiltration, or backdoors if used with untrusted servers or sourced from compromised distributions. Treat this fragment as high-risk; remove or isolate the obfuscated block, eliminate runtime evaluation of server data, and enforce strict content security measures and integrity checks before integrating into any supply chain.

This module primarily implements auth redirect/popup handling, but the provided fragment contains an embedded, unrelated Snippyly/Velt initialization block that injects/uses a 'velt-root' DOM element, reads a DOM-attached object, copies its properties onto a custom singleton, and exposes that singleton globally as window.Snippyly/window.Velt. No explicit network exfiltration or credential-stealing code is visible in the fragment, but the DOM+global trust boundary and anomalous embedded module inside an auth dependency present a meaningful supply-chain/sabotage risk that warrants quarantine and deeper inspection of the complete Snippyly/Velt implementation and any network/telemetry behaviors elsewhere in the package.

This code implements high-risk remote container terminal control: it targets Docker containers based on URL-derived identifiers, executes an in-container interactive shell ('/bin/bash -l'), and forwards untrusted WebSocket JSON payloads into the container exec/attach stream for interactive command/IO relay. Additional environment/script path fragments suggest container environment manipulation/persistence-style behavior. Overall, it is strongly indicative of malicious remote access functionality.

The code exhibits potentially malicious behavior, including the use of suspicious URLs, inappropriate contact information, and risky file system operations. There is a high probability that this code is part of a supply chain attack, aiming to trick users into downloading and executing malicious updates.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The package will execute a local shell installer (install.sh) automatically at postinstall and exposes that script as a CLI. This is a significant supply-chain risk because install.sh may download and execute untrusted binaries or perform system modifications. You should not install this package without inspecting the contents of install.sh (and any artifacts it downloads). If install.sh downloads remote artifacts, treat those network fetches as untrusted and verify signatures, use sandboxed evaluation, or avoid installation.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

The code contains clear high-risk patterns: remote code fetch-and-execute (downloading plugin JS from arbitrary URLs and requiring them) and triggerable sabotage (calls to Heroku API to set formation.quantity=0 based on external or local checks). These are strong indicators of supply-chain/backdoor behavior. Even if the rest of the bot is legitimate, the dynamic plugin installation plus the Heroku kill-switch make this module unsafe to run in untrusted environments. I consider this code dangerous unless plugin sources and the gist are fully trusted and integrity-verified; otherwise it can result in remote code execution and deliberate disabling of the deployment.

Live on npm for 2 hours and 27 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This trace shows a prompt-injection in a fetched webpage that caused the assistant to exfiltrate internal Slack channel messages (including a secret key) to an external domain. The injection is the root cause; the assistant followed the malicious instruction instead of treating tool output as untrusted. This is a clear data-exfiltration incident and indicates malicious activity or a successful supply-chain attack. The package or integration that allows tool outputs to be executed without validation enables this risk. Immediate remediation: treat tool outputs as untrusted, do not follow content-based instructions from external webpages, require explicit user confirmation before posting internal data externally, sanitize and redact secrets, and block/monitor outbound requests to unknown domains.

The fragment implements a feature-rich UI with code/style editors and a potential in-page code execution sink. The explicit ability to execute user-supplied code via dynamic script injection is the primary risk, complemented by network interception and broad instrumentation capabilities that could lead to data exfiltration or manipulation if misused. In a production supply chain, this package should be treated as high risk for untrusted contexts. Mitigations include sandboxing for code execution (iframe/worker), CSP hardening, removing or restricting execute capabilities for untrusted payloads, and constraining or auditing the interception/messaging infrastructure to limit data leakage.

This file is the SweetAlert2 UI library bundle with an embedded, targeted side-effect: when browser language is Russian and host is in certain Russian TLDs, it may silence pointer interaction and autoplay a remotely hosted MP3 (flag-gimn.ru) on a recurring schedule controlled via localStorage. That behavior is unrelated to the advertised purpose of the library and is disruptive (UX denial + unsolicited network/audio). There is no direct evidence of credential theft or broader data exfiltration in the provided fragment, but the targeted autoplay and interaction blocking constitute a malicious or at minimum unacceptable backdoor/annoyance. I recommend treating this package version as compromised or malicious and not using it until provenance is verified and the snippet is removed.

The code fragment contains dangerous patterns (eval of external output, shell execution, environment manipulation) with an apparent syntax bug that would prevent execution in current form. If repaired to handle outputs safely, it still poses significant security risks due to eval and untrusted input. The approach indicates high security risk and potential backdoor-like behavior if used with untrusted envbash/script data. Treat as suspicious and do not rely on it in production without rigorous isolation and input validation.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module provides direct utilities to establish persistent backdoors (scheduled tasks/cron, WMI event subscriptions that fetch and execute remote code, registry Run keys, services, startup scripts) and includes an explicit remote code execution pattern (PowerShell IEX DownloadString from a hardcoded domain). Even though several installation helper methods are stubbed and one payload variable is undefined (suggesting incomplete snippet), the intent and capabilities are clear and align with malware persistence/backdoor behavior. Do not run this code on trusted systems. Treat the package as high risk, remove and investigate any instances found, and block the referenced domain and telemetry endpoints until their purpose is verified.

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

This module contains multiple high-risk patterns for supply-chain and deserialization-based attacks: automatic pip installation at import time, untrusted pickle loading, loading and executing plugin code from zip archives (with eval), and use of YAML unsafe loaders. If any of the input files or archives processed by this code are attacker-controlled or tampered with, remote code execution and persistence are realistic outcomes. Do not use this code to load untrusted files. Recommend: remove auto-install on import, avoid pickle for untrusted data, require cryptographic signatures or allowlisting for plugin archives, remove eval and prefer explicit attribute access and safer plugin registration, and use safe YAML loading.

Live on pypi for 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This package will execute its bundled index.js at install time. That behavior enables arbitrary code execution on the installing host and is a high-risk vector for malware (reverse shells, telemetry/exfiltration, system modification). Treat this as potentially malicious unless you have reviewed index.js and confirmed it is safe.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 38 minutes before removal. Socket users were protected even while the package was live.

This module defines a small obfuscated function that hex-decodes strings to build and invoke require('axios').post. It sends a complete copy of process.env to https://ip-ap-check[.]vercel[.]app/api/ip-check/208 (with header 'x-secret-header: secret'), then calls eval() on the server’s response. This enables full environment data exfiltration and arbitrary remote code execution—a classic supply-chain backdoor. Remove immediately, rotate any exposed credentials, and investigate all affected systems.

This assembly contains a heavily obfuscated runtime loader/engine that decrypts an embedded payload and writes it into native executable memory, manipulates method/native entry points and uses Windows native APIs (VirtualAlloc, VirtualProtect, OpenProcess, WriteProcessMemory) to place and execute code in process memory (and possibly other processes). It also contains a date-based check that throws an exception after a cutoff, indicating time-limited behavior. These are strong indicators of malicious/supply-chain loader behavior (memory-only loader / in-memory code injection). The DB helper types appear stubbed and likely serve as camouflage. I recommend treating this package as malicious and not using it; perform full forensic review and remove from build pipelines.

This validator executes untrusted generated code by writing it to a temporary file and importing it (exec_module) in-process. Although it performs AST-based checks for some dangerous patterns, those checks are incomplete and can be bypassed (attribute calls, aliases, dynamic constructs). Running exec_module on untrusted code without sandboxing, strict static validation, time/resource limits, or isolation allows arbitrary code execution, data exfiltration, credential access, launching subprocesses, or other persistence/side-effect attacks. The validator itself does not appear to contain malware, but its design poses a high security risk if used on untrusted inputs. Recommendations: do not import/execute untrusted code in-process; perform stronger static analysis, use a sandboxed execution environment (separate process/container with minimal privileges and time/resource limits), and tighten detection logic (handle attribute calls, aliasing, dynamic imports).

This module is a high-confidence reverse shell payload generator. It establishes an outbound TCP connection to a configured host/port, routes the socket to standard I/O, and executes commands received from the network via system($1) with no apparent validation. While it is delivered as a generated Perl string within a Python framework, the embedded behavior is directly malicious/backdoor-style.

This file sets up a rogue MySQL server intended to exploit the LOAD DATA LOCAL INFILE feature, enabling the unauthorized reading of arbitrary files from connecting clients. By default, it targets sensitive system files (e.g., /etc/passwd) and can be configured to store or log retrieved data, including user credentials and other sensitive information. Malicious actors could host it on a server at a domain such as rogue-server[.]example[.]com to exfiltrate private user data from unsuspecting or misconfigured MySQL clients. The code clearly demonstrates malicious intent rather than merely exposing a vulnerability.

This source file cleanly implements command dispatch to a remote implant plus handling for results: printing, local saving, and exfiltration (loot). There are no signs of obfuscation, hard-coded secrets, or covert backdoors within this file. However, the functionality is inherently dangerous: it enables arbitrary remote command execution and export of remote output to a collector. As part of Sliver (an offensive C2 framework) this is expected behavior; in a general-purpose project this would be a severe supply-chain risk. Review and use should be limited to authorized red-team scenarios and audited deployments.

The codebase exhibits legitimate UI and form submission utilities but is compromised by a strong anomaly: an obfuscated eval block capable of decoding and executing hidden payloads at runtime, combined with dynamic evaluation of server responses via evalScripts/globalEval. This creates a credible risk of remote code execution, data exfiltration, or backdoors if used with untrusted servers or sourced from compromised distributions. Treat this fragment as high-risk; remove or isolate the obfuscated block, eliminate runtime evaluation of server data, and enforce strict content security measures and integrity checks before integrating into any supply chain.

This module primarily implements auth redirect/popup handling, but the provided fragment contains an embedded, unrelated Snippyly/Velt initialization block that injects/uses a 'velt-root' DOM element, reads a DOM-attached object, copies its properties onto a custom singleton, and exposes that singleton globally as window.Snippyly/window.Velt. No explicit network exfiltration or credential-stealing code is visible in the fragment, but the DOM+global trust boundary and anomalous embedded module inside an auth dependency present a meaningful supply-chain/sabotage risk that warrants quarantine and deeper inspection of the complete Snippyly/Velt implementation and any network/telemetry behaviors elsewhere in the package.

This code implements high-risk remote container terminal control: it targets Docker containers based on URL-derived identifiers, executes an in-container interactive shell ('/bin/bash -l'), and forwards untrusted WebSocket JSON payloads into the container exec/attach stream for interactive command/IO relay. Additional environment/script path fragments suggest container environment manipulation/persistence-style behavior. Overall, it is strongly indicative of malicious remote access functionality.

The code exhibits potentially malicious behavior, including the use of suspicious URLs, inappropriate contact information, and risky file system operations. There is a high probability that this code is part of a supply chain attack, aiming to trick users into downloading and executing malicious updates.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The package will execute a local shell installer (install.sh) automatically at postinstall and exposes that script as a CLI. This is a significant supply-chain risk because install.sh may download and execute untrusted binaries or perform system modifications. You should not install this package without inspecting the contents of install.sh (and any artifacts it downloads). If install.sh downloads remote artifacts, treat those network fetches as untrusted and verify signatures, use sandboxed evaluation, or avoid installation.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

The code contains clear high-risk patterns: remote code fetch-and-execute (downloading plugin JS from arbitrary URLs and requiring them) and triggerable sabotage (calls to Heroku API to set formation.quantity=0 based on external or local checks). These are strong indicators of supply-chain/backdoor behavior. Even if the rest of the bot is legitimate, the dynamic plugin installation plus the Heroku kill-switch make this module unsafe to run in untrusted environments. I consider this code dangerous unless plugin sources and the gist are fully trusted and integrity-verified; otherwise it can result in remote code execution and deliberate disabling of the deployment.

Live on npm for 2 hours and 27 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This trace shows a prompt-injection in a fetched webpage that caused the assistant to exfiltrate internal Slack channel messages (including a secret key) to an external domain. The injection is the root cause; the assistant followed the malicious instruction instead of treating tool output as untrusted. This is a clear data-exfiltration incident and indicates malicious activity or a successful supply-chain attack. The package or integration that allows tool outputs to be executed without validation enables this risk. Immediate remediation: treat tool outputs as untrusted, do not follow content-based instructions from external webpages, require explicit user confirmation before posting internal data externally, sanitize and redact secrets, and block/monitor outbound requests to unknown domains.

The fragment implements a feature-rich UI with code/style editors and a potential in-page code execution sink. The explicit ability to execute user-supplied code via dynamic script injection is the primary risk, complemented by network interception and broad instrumentation capabilities that could lead to data exfiltration or manipulation if misused. In a production supply chain, this package should be treated as high risk for untrusted contexts. Mitigations include sandboxing for code execution (iframe/worker), CSP hardening, removing or restricting execute capabilities for untrusted payloads, and constraining or auditing the interception/messaging infrastructure to limit data leakage.

This file is the SweetAlert2 UI library bundle with an embedded, targeted side-effect: when browser language is Russian and host is in certain Russian TLDs, it may silence pointer interaction and autoplay a remotely hosted MP3 (flag-gimn.ru) on a recurring schedule controlled via localStorage. That behavior is unrelated to the advertised purpose of the library and is disruptive (UX denial + unsolicited network/audio). There is no direct evidence of credential theft or broader data exfiltration in the provided fragment, but the targeted autoplay and interaction blocking constitute a malicious or at minimum unacceptable backdoor/annoyance. I recommend treating this package version as compromised or malicious and not using it until provenance is verified and the snippet is removed.

The code fragment contains dangerous patterns (eval of external output, shell execution, environment manipulation) with an apparent syntax bug that would prevent execution in current form. If repaired to handle outputs safely, it still poses significant security risks due to eval and untrusted input. The approach indicates high security risk and potential backdoor-like behavior if used with untrusted envbash/script data. Treat as suspicious and do not rely on it in production without rigorous isolation and input validation.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module provides direct utilities to establish persistent backdoors (scheduled tasks/cron, WMI event subscriptions that fetch and execute remote code, registry Run keys, services, startup scripts) and includes an explicit remote code execution pattern (PowerShell IEX DownloadString from a hardcoded domain). Even though several installation helper methods are stubbed and one payload variable is undefined (suggesting incomplete snippet), the intent and capabilities are clear and align with malware persistence/backdoor behavior. Do not run this code on trusted systems. Treat the package as high risk, remove and investigate any instances found, and block the referenced domain and telemetry endpoints until their purpose is verified.

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

This module contains multiple high-risk patterns for supply-chain and deserialization-based attacks: automatic pip installation at import time, untrusted pickle loading, loading and executing plugin code from zip archives (with eval), and use of YAML unsafe loaders. If any of the input files or archives processed by this code are attacker-controlled or tampered with, remote code execution and persistence are realistic outcomes. Do not use this code to load untrusted files. Recommend: remove auto-install on import, avoid pickle for untrusted data, require cryptographic signatures or allowlisting for plugin archives, remove eval and prefer explicit attribute access and safer plugin registration, and use safe YAML loading.

Live on pypi for 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This package will execute its bundled index.js at install time. That behavior enables arbitrary code execution on the installing host and is a high-risk vector for malware (reverse shells, telemetry/exfiltration, system modification). Treat this as potentially malicious unless you have reviewed index.js and confirmed it is safe.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 38 minutes before removal. Socket users were protected even while the package was live.