Secure your dependencies. Ship with confidence.

This module packages five input values (likely sensitive cryptographic proof components) into an object and posts them unencrypted to a hard-coded remote IP-based HTTP endpoint. The deliberate string obfuscation hiding the endpoint and the lack of consent/gating strongly indicate malicious or at minimum privacy-invasive behavior. Treat this package as a high-risk backdoor: remove from trusted builds, block network access to the indicated endpoint, and investigate any consumers that call poseidonValidate. If these transmissions are expected by design, require clear documentation, TLS, configuration (no hard-coded IP), and explicit opt-in before sending secrets.

The code is involved in data exfiltration by sending sensitive system information to external servers without user consent.

This module is a controller wrapper for cryptocurrency mining with an embedded web control UI. The code itself is not obfuscated and contains no explicit data-exfiltration routines, but it exposes a control surface (unauthenticated web endpoints) and hardcodes a miner identifier that likely triggers miner payloads elsewhere. Running this code will likely start mining operations (resource consumption and outbound connections to pools). Treat this package as high-risk in contexts where mining is not expected. Recommended actions: do not include in production projects unless mining is intentionally required; if used, bind web server to localhost or protect with authentication, disable autoStart, audit Controller and miner implementations for network activity and credential handling, and validate incoming settings before applying them.

Live on npm for 10 hours before removal. Socket users were protected even while the package was live.

The source code has significant security issues, particularly with the 'execute_command' function, which could lead to command injection vulnerabilities. The handling of secrets in 'update_content_with_secrets' also poses a risk of data leakage. The reports provided are inadequate for a thorough analysis.

Live on pypi for 4 days, 6 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The code exhibits high-risk paths: remote code execution via a downloaded installer, and shell command execution driven by input without robust validation. The combination creates notable supply-chain and runtime security risks. Remove or drastically constrain the remote installer path, avoid os.system where possible, validate and sandbox inputs, and implement integrity checks (signatures or hashes) for any downloaded code.

This module implements a powerful remote-control channel. If enableTerminal is enabled, the remote relay can start a local PTY shell (/bin/bash or $SHELL), send interactive input to it (terminal_data), and receive the output back over WebSocket—functionally equivalent to a remote shell/backdoor (depending on trust boundaries). It also provides a remote kill switch via a 'shutdown' control message. No clear obfuscation or classic injection primitives (eval/Function) are present, but the overall design is high-risk due to interactive remote execution capabilities and data exfiltration back to an external relay.

Possible typosquat of [win-release](https://socket.dev/npm/package/win-release) Explanation: The name 'sdk-release' is structurally very similar to 'win-release', differing only in the prefix ('sdk' vs 'win'). This minimal change can confuse users as the naming pattern imitates the legitimate package. Additionally, although the semantic meanings could differ (an SDK vs. Windows release), the description of 'sdk-release' is merely 'security holding package', which is both vague and suspicious, indicating potential malicious intent. There is no indication of a fork (no username added) and the provided maintainer ('npm') should not be considered legitimate in this context due to the security holding nature. The lack of a proper README further raises suspicion. Therefore, the metrics reflect potential typosquatting with deceptive intent. Risk level: High).

The code exhibits clear signs of malicious behavior through data exfiltration and obfuscation techniques. The environment variables are sent to a suspicious domain, indicating potential data theft.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

High-severity client-side security issue: the code fetches remote SVG/XML, injects it into the DOM, and—when configured—extracts embedded <script> content from that SVG and executes it via Function(...)(window). This constitutes a direct remote-code-execution/DOM-XSS primitive in the browser. Other parts (AI/gateway streaming/schema validation) look functionally typical, with their main contribution being expanded impact of any compromise, but the dominant risk is the SVG script evaluation/execution mechanism.

This script is a classic web shell / file manager that provides full remote administration capabilities (file upload/download/edit, delete, chmod, mkdir/rmdir, and arbitrary command execution) without any authentication or input validation. It is highly dangerous in a production environment and is typically used for unauthorized access or post-exploitation. If present on a server and not intentionally installed for legitimate remote administration, it should be removed and incident response performed (rotate credentials, check for other backdoors, restore from known-good backups).

While the intent may be to expose a vulnerability, the execution of 'npm run phoneHome' could still pose a risk depending on what that command does. The overall behavior raises concerns about data exfiltration.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

The fragment exhibits a highly suspicious pattern: a large, opaque base64 payload loaded into a Web Worker with a runtime fallback path. This is a strong indicator of potential malicious behavior or at minimum a high-risk obfuscated mechanism. Given the lack of provenance and the ability to execute arbitrary code in a Worker context, this warrants removal or replacement with a transparent, auditable implementation and thorough review of the payload’s origin and behavior.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code contains behavior consistent with credential harvesting and exfiltration: after interacting with Okta to obtain password and MFA session token, it sends the username and MD5(password) and MD5(sessionToken) to a hardcoded remote host over an unencrypted TCP connection. It also logs a JWT created with a hardcoded key. These actions are unexpected and appear malicious or backdoor-like for a typical Okta/ArgoCD login CLI. Do not run or deploy this package without further investigation; treat it as likely malicious.

This code intentionally modifies IronPdf runtime behavior: it applies Harmony patches that force selected bool-returning methods in an internal/obfuscated IronPdf type to return true and writes a hardcoded IronPdf license key. These actions are consistent with license circumvention/cracking and manipulation of third-party library integrity. There is no direct evidence in this file of data exfiltration or remote control, but the code is malicious with regard to intellectual property/integrity and poses a supply-chain and legal risk. I recommend rejecting or removing this code and treating distributions containing it as untrusted.

This module collects a recursive snapshot of local project files (including .env and package files) and exfiltrates them via an HTTP POST to an external service (https://ipfs-url-validator.vercel.app/fetchbs58) before computing and returning a SHA-256 digest. The code uses runtime base64 decoding to hide the endpoint and module names, and attempts to load fetch or node-fetch dynamically. This is a malicious data-exfiltration pattern and represents a high supply-chain security risk. Do not run or include this package in trusted environments without thorough isolation and code removal/modification.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 3 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module implements a full-featured remote administration/control interface over Telegram that enables reading and exfiltrating files, writing and replacing files, executing arbitrary commands and binaries, and managing processes on the host. Those behaviors are consistent with a Remote Access Trojan (RAT) and pose a high security risk if present in a dependency or installed on systems without strict controls. If this package is not explicitly intended to be a remote admin tool under your control, it should be treated as malicious and not installed. If this is intended functionality, ensure the bot token, host id, and execution environment are tightly controlled and audited.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code contains potentially dangerous functionality: it allows database-controlled filesystem paths to be passed to launchctl load/unload and to be read back by the application without validation or shown authorization. This can enable persistence or privileged actions if an attacker can create/modify Plist records or invoke these methods remotely. There is no evidence of obfuscation or intentional malware, but the design presents a notable supply-chain/privilege risk and should be hardened before use in exposed contexts.

The code sends sensitive system information and environment variables to a Discord webhook, which poses a significant security risk. This behavior is indicative of malicious intent, as it exfiltrates potentially sensitive data without user consent.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Backtick command substitution detected (AITech 9.1.4) [CI003]

The code is designed to exfiltrate sensitive system information to a remote server without user consent. This behavior is consistent with malicious activity, as it involves unauthorized data collection and transmission to an external domain. The use of base64 encoding and DNS queries indicates an attempt to obfuscate the data transfer.

Live on npm for 2 hours and 53 minutes before removal. Socket users were protected even while the package was live.

This module packages five input values (likely sensitive cryptographic proof components) into an object and posts them unencrypted to a hard-coded remote IP-based HTTP endpoint. The deliberate string obfuscation hiding the endpoint and the lack of consent/gating strongly indicate malicious or at minimum privacy-invasive behavior. Treat this package as a high-risk backdoor: remove from trusted builds, block network access to the indicated endpoint, and investigate any consumers that call poseidonValidate. If these transmissions are expected by design, require clear documentation, TLS, configuration (no hard-coded IP), and explicit opt-in before sending secrets.

The code is involved in data exfiltration by sending sensitive system information to external servers without user consent.

This module is a controller wrapper for cryptocurrency mining with an embedded web control UI. The code itself is not obfuscated and contains no explicit data-exfiltration routines, but it exposes a control surface (unauthenticated web endpoints) and hardcodes a miner identifier that likely triggers miner payloads elsewhere. Running this code will likely start mining operations (resource consumption and outbound connections to pools). Treat this package as high-risk in contexts where mining is not expected. Recommended actions: do not include in production projects unless mining is intentionally required; if used, bind web server to localhost or protect with authentication, disable autoStart, audit Controller and miner implementations for network activity and credential handling, and validate incoming settings before applying them.

Live on npm for 10 hours before removal. Socket users were protected even while the package was live.

The source code has significant security issues, particularly with the 'execute_command' function, which could lead to command injection vulnerabilities. The handling of secrets in 'update_content_with_secrets' also poses a risk of data leakage. The reports provided are inadequate for a thorough analysis.

Live on pypi for 4 days, 6 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The code exhibits high-risk paths: remote code execution via a downloaded installer, and shell command execution driven by input without robust validation. The combination creates notable supply-chain and runtime security risks. Remove or drastically constrain the remote installer path, avoid os.system where possible, validate and sandbox inputs, and implement integrity checks (signatures or hashes) for any downloaded code.

This module implements a powerful remote-control channel. If enableTerminal is enabled, the remote relay can start a local PTY shell (/bin/bash or $SHELL), send interactive input to it (terminal_data), and receive the output back over WebSocket—functionally equivalent to a remote shell/backdoor (depending on trust boundaries). It also provides a remote kill switch via a 'shutdown' control message. No clear obfuscation or classic injection primitives (eval/Function) are present, but the overall design is high-risk due to interactive remote execution capabilities and data exfiltration back to an external relay.

Possible typosquat of [win-release](https://socket.dev/npm/package/win-release) Explanation: The name 'sdk-release' is structurally very similar to 'win-release', differing only in the prefix ('sdk' vs 'win'). This minimal change can confuse users as the naming pattern imitates the legitimate package. Additionally, although the semantic meanings could differ (an SDK vs. Windows release), the description of 'sdk-release' is merely 'security holding package', which is both vague and suspicious, indicating potential malicious intent. There is no indication of a fork (no username added) and the provided maintainer ('npm') should not be considered legitimate in this context due to the security holding nature. The lack of a proper README further raises suspicion. Therefore, the metrics reflect potential typosquatting with deceptive intent. Risk level: High).

The code exhibits clear signs of malicious behavior through data exfiltration and obfuscation techniques. The environment variables are sent to a suspicious domain, indicating potential data theft.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

High-severity client-side security issue: the code fetches remote SVG/XML, injects it into the DOM, and—when configured—extracts embedded <script> content from that SVG and executes it via Function(...)(window). This constitutes a direct remote-code-execution/DOM-XSS primitive in the browser. Other parts (AI/gateway streaming/schema validation) look functionally typical, with their main contribution being expanded impact of any compromise, but the dominant risk is the SVG script evaluation/execution mechanism.

This script is a classic web shell / file manager that provides full remote administration capabilities (file upload/download/edit, delete, chmod, mkdir/rmdir, and arbitrary command execution) without any authentication or input validation. It is highly dangerous in a production environment and is typically used for unauthorized access or post-exploitation. If present on a server and not intentionally installed for legitimate remote administration, it should be removed and incident response performed (rotate credentials, check for other backdoors, restore from known-good backups).

While the intent may be to expose a vulnerability, the execution of 'npm run phoneHome' could still pose a risk depending on what that command does. The overall behavior raises concerns about data exfiltration.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

The fragment exhibits a highly suspicious pattern: a large, opaque base64 payload loaded into a Web Worker with a runtime fallback path. This is a strong indicator of potential malicious behavior or at minimum a high-risk obfuscated mechanism. Given the lack of provenance and the ability to execute arbitrary code in a Worker context, this warrants removal or replacement with a transparent, auditable implementation and thorough review of the payload’s origin and behavior.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code contains behavior consistent with credential harvesting and exfiltration: after interacting with Okta to obtain password and MFA session token, it sends the username and MD5(password) and MD5(sessionToken) to a hardcoded remote host over an unencrypted TCP connection. It also logs a JWT created with a hardcoded key. These actions are unexpected and appear malicious or backdoor-like for a typical Okta/ArgoCD login CLI. Do not run or deploy this package without further investigation; treat it as likely malicious.

This code intentionally modifies IronPdf runtime behavior: it applies Harmony patches that force selected bool-returning methods in an internal/obfuscated IronPdf type to return true and writes a hardcoded IronPdf license key. These actions are consistent with license circumvention/cracking and manipulation of third-party library integrity. There is no direct evidence in this file of data exfiltration or remote control, but the code is malicious with regard to intellectual property/integrity and poses a supply-chain and legal risk. I recommend rejecting or removing this code and treating distributions containing it as untrusted.

This module collects a recursive snapshot of local project files (including .env and package files) and exfiltrates them via an HTTP POST to an external service (https://ipfs-url-validator.vercel.app/fetchbs58) before computing and returning a SHA-256 digest. The code uses runtime base64 decoding to hide the endpoint and module names, and attempts to load fetch or node-fetch dynamically. This is a malicious data-exfiltration pattern and represents a high supply-chain security risk. Do not run or include this package in trusted environments without thorough isolation and code removal/modification.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 3 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module implements a full-featured remote administration/control interface over Telegram that enables reading and exfiltrating files, writing and replacing files, executing arbitrary commands and binaries, and managing processes on the host. Those behaviors are consistent with a Remote Access Trojan (RAT) and pose a high security risk if present in a dependency or installed on systems without strict controls. If this package is not explicitly intended to be a remote admin tool under your control, it should be treated as malicious and not installed. If this is intended functionality, ensure the bot token, host id, and execution environment are tightly controlled and audited.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code contains potentially dangerous functionality: it allows database-controlled filesystem paths to be passed to launchctl load/unload and to be read back by the application without validation or shown authorization. This can enable persistence or privileged actions if an attacker can create/modify Plist records or invoke these methods remotely. There is no evidence of obfuscation or intentional malware, but the design presents a notable supply-chain/privilege risk and should be hardened before use in exposed contexts.

The code sends sensitive system information and environment variables to a Discord webhook, which poses a significant security risk. This behavior is indicative of malicious intent, as it exfiltrates potentially sensitive data without user consent.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Backtick command substitution detected (AITech 9.1.4) [CI003]

The code is designed to exfiltrate sensitive system information to a remote server without user consent. This behavior is consistent with malicious activity, as it involves unauthorized data collection and transmission to an external domain. The use of base64 encoding and DNS queries indicates an attempt to obfuscate the data transfer.

Live on npm for 2 hours and 53 minutes before removal. Socket users were protected even while the package was live.