Secure your dependencies. Ship with confidence.

High security risk. This module bundles a user-supplied local file into a tar.gz artifact and then uploads the artifact to a hardcoded external Socket.IO gateway using a locally stored SDK key. It also (1) logs the SDK key in plaintext and (2) disables TLS certificate verification (rejectUnauthorized:false), both of which significantly increase likelihood of credential compromise and MITM interception. The chunked server-controlled upload flow is consistent with artifact exfiltration behavior and warrants strict review and network trust boundary validation before use.

The code exhibits several concerning behaviors, including the use of hardcoded credentials, subprocess execution with potential for command injection, and interactions with external websites. These activities pose a significant security risk and should be further investigated.

Live on npm for 4 hours and 1 minute before removal. Socket users were protected even while the package was live.

The primary security concern is the hardcoded OAuth client secret, which poses a risk of unauthorized access. The code otherwise follows a standard OAuth flow without any indication of malicious behavior.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 14 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The provided code contains highly suspicious behavior by downloading and executing an executable file from an external source. This can be considered malicious as it can lead to executing arbitrary code on the user's system. The hardcoded URL and execution of an external file pose significant security risks.

Live on pypi for 2 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This is malicious software designed to intercept and exfiltrate OpenAI API communications. It collects API keys, user prompts, AI completions, and metadata, then transmits this sensitive data to external servers. This constitutes a serious supply chain attack and data theft mechanism.

The snippet implements a dangerous side-effect: terminating the SSH agent process if SSH_AGENT_PID is provided. While not exfiltrating data, this can disrupt user workflows and key-management tooling. The intent is unclear and likely unintended for a typical library. Treat as a high-severity risk in dependencies; remove or replace with safe behavior and clear API semantics. Consider reporting and an audit of the package to prevent inclusion in production environments.

This module provides an HTTP-accessible remote command execution capability by executing request body content via `sh -c` and returning the command output to the caller. The only protection shown is an IP trust check (`g.IsTrustable(r.RemoteAddr)`), with no authentication/authorization or command allowlisting, making the design critically dangerous if reachable or misconfigured. High confidence of malicious/backdoor-like behavior in typical threat models.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

This file executes system commands (e.g., 'whoami' and 'cat /etc/passwd') and sends the output to a remote URL (e.g., hxxps://example[.]com) via HTTP POST requests. By transmitting sensitive system information to an external server, the code demonstrates clear malicious intent and endangers the security of the host system.

Live on npm for 24 days, 22 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is functionally a network-exposed SSH remote shell. After public-key authentication, it spawns an unrestricted interactive system shell in a PTY and relays the shell I/O over the SSH connection, enabling remote command execution on the host. Additional concerns include setting TERM in the server environment from untrusted client input and, in debug mode, logging potentially sensitive session content. No explicit stealth/exfiltration/persistence code is present in this file, but the capability itself is high-impact and strongly suspicious in a supply-chain context unless the deployment purpose and access controls are tightly governed.

This module functions as a high-risk runtime bootstrapper: when the expected binary is absent, it downloads an OS-specific installer script from a GitHub release and executes it immediately (PowerShell with ExecutionPolicy Bypass and iex, or curl piped into sh) without any integrity or authenticity verification. Afterward, it executes the installed binary while passing through user-controlled command-line arguments. Even if the upstream installer is legitimate, the network-to-execution pattern and lack of verification make it a significant supply-chain security concern.

The fragment contains a clearly suspicious mechanism: it uploads an encrypted bootstrap tarball to S3 using a random key, then injects a command into cloud-init to download, decrypt, and extract that tarball on the target host. This creates a backdoor-like path for remote bootstrap execution and potential persistence, which aligns with supply-chain and runtime execution risk scenarios. While some of this could be legitimate bootstrap orchestration, the combination of random keys, S3 delivery, and automatic cloud-init runcmd modification strongly suggests a mechanism for remote control or staged deployment of code after installation.

This module performs immediate, silent collection of local environment identifiers (hostname, username, cwd) and transmits them off-host by two channels: a DNS lookup to a constructed domain (likely for beaconing) and an HTTP POST to a hard-coded IP address. It runs on module import without consent or configuration and suppresses errors, indicating covert telemetry/phone-home behavior. Treat this as high-risk: remove or isolate the module, block network egress to the listed IP/domain, and audit package provenance. Further review of surrounding package files and repository history is recommended to confirm intent and scope.

The source code itself contains no executable malicious code but includes assembly metadata that explicitly promotes PUBG Mobile hacking tools and cheats. This metadata is a strong indicator of malicious intent and unethical behavior, posing a serious supply chain security risk. The package should be treated as high risk and potentially malicious despite the absence of direct malicious code in the snippet.

The code contains a serious security risk by sending private keys via email, which could lead to unauthorized access to user accounts. Additionally, there are logical errors in the data fetching function.

Live on npm for 12 days, 11 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module implements a high-risk runtime execution mechanism: it loads a JavaScript source file from a path derived from CLI/env (appSrc/APPENV), executes it with new Function(src) to obtain payload output, and then builds authentication configuration from environment variables. There is no trust/allowlisting/sandboxing for the executed payload, making arbitrary code execution a central threat. Additionally, it constructs authentication-related data (including CLIENTSECRET) and logs the entire computed env object to console, creating a strong likelihood of sensitive configuration/secret exposure in logs.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

High security risk. This module bundles a user-supplied local file into a tar.gz artifact and then uploads the artifact to a hardcoded external Socket.IO gateway using a locally stored SDK key. It also (1) logs the SDK key in plaintext and (2) disables TLS certificate verification (rejectUnauthorized:false), both of which significantly increase likelihood of credential compromise and MITM interception. The chunked server-controlled upload flow is consistent with artifact exfiltration behavior and warrants strict review and network trust boundary validation before use.

The code exhibits several concerning behaviors, including the use of hardcoded credentials, subprocess execution with potential for command injection, and interactions with external websites. These activities pose a significant security risk and should be further investigated.

Live on npm for 4 hours and 1 minute before removal. Socket users were protected even while the package was live.

The primary security concern is the hardcoded OAuth client secret, which poses a risk of unauthorized access. The code otherwise follows a standard OAuth flow without any indication of malicious behavior.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 14 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The provided code contains highly suspicious behavior by downloading and executing an executable file from an external source. This can be considered malicious as it can lead to executing arbitrary code on the user's system. The hardcoded URL and execution of an external file pose significant security risks.

Live on pypi for 2 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This is malicious software designed to intercept and exfiltrate OpenAI API communications. It collects API keys, user prompts, AI completions, and metadata, then transmits this sensitive data to external servers. This constitutes a serious supply chain attack and data theft mechanism.

The snippet implements a dangerous side-effect: terminating the SSH agent process if SSH_AGENT_PID is provided. While not exfiltrating data, this can disrupt user workflows and key-management tooling. The intent is unclear and likely unintended for a typical library. Treat as a high-severity risk in dependencies; remove or replace with safe behavior and clear API semantics. Consider reporting and an audit of the package to prevent inclusion in production environments.

This module provides an HTTP-accessible remote command execution capability by executing request body content via `sh -c` and returning the command output to the caller. The only protection shown is an IP trust check (`g.IsTrustable(r.RemoteAddr)`), with no authentication/authorization or command allowlisting, making the design critically dangerous if reachable or misconfigured. High confidence of malicious/backdoor-like behavior in typical threat models.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

This file executes system commands (e.g., 'whoami' and 'cat /etc/passwd') and sends the output to a remote URL (e.g., hxxps://example[.]com) via HTTP POST requests. By transmitting sensitive system information to an external server, the code demonstrates clear malicious intent and endangers the security of the host system.

Live on npm for 24 days, 22 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is functionally a network-exposed SSH remote shell. After public-key authentication, it spawns an unrestricted interactive system shell in a PTY and relays the shell I/O over the SSH connection, enabling remote command execution on the host. Additional concerns include setting TERM in the server environment from untrusted client input and, in debug mode, logging potentially sensitive session content. No explicit stealth/exfiltration/persistence code is present in this file, but the capability itself is high-impact and strongly suspicious in a supply-chain context unless the deployment purpose and access controls are tightly governed.

This module functions as a high-risk runtime bootstrapper: when the expected binary is absent, it downloads an OS-specific installer script from a GitHub release and executes it immediately (PowerShell with ExecutionPolicy Bypass and iex, or curl piped into sh) without any integrity or authenticity verification. Afterward, it executes the installed binary while passing through user-controlled command-line arguments. Even if the upstream installer is legitimate, the network-to-execution pattern and lack of verification make it a significant supply-chain security concern.

The fragment contains a clearly suspicious mechanism: it uploads an encrypted bootstrap tarball to S3 using a random key, then injects a command into cloud-init to download, decrypt, and extract that tarball on the target host. This creates a backdoor-like path for remote bootstrap execution and potential persistence, which aligns with supply-chain and runtime execution risk scenarios. While some of this could be legitimate bootstrap orchestration, the combination of random keys, S3 delivery, and automatic cloud-init runcmd modification strongly suggests a mechanism for remote control or staged deployment of code after installation.

This module performs immediate, silent collection of local environment identifiers (hostname, username, cwd) and transmits them off-host by two channels: a DNS lookup to a constructed domain (likely for beaconing) and an HTTP POST to a hard-coded IP address. It runs on module import without consent or configuration and suppresses errors, indicating covert telemetry/phone-home behavior. Treat this as high-risk: remove or isolate the module, block network egress to the listed IP/domain, and audit package provenance. Further review of surrounding package files and repository history is recommended to confirm intent and scope.

The source code itself contains no executable malicious code but includes assembly metadata that explicitly promotes PUBG Mobile hacking tools and cheats. This metadata is a strong indicator of malicious intent and unethical behavior, posing a serious supply chain security risk. The package should be treated as high risk and potentially malicious despite the absence of direct malicious code in the snippet.

The code contains a serious security risk by sending private keys via email, which could lead to unauthorized access to user accounts. Additionally, there are logical errors in the data fetching function.

Live on npm for 12 days, 11 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module implements a high-risk runtime execution mechanism: it loads a JavaScript source file from a path derived from CLI/env (appSrc/APPENV), executes it with new Function(src) to obtain payload output, and then builds authentication configuration from environment variables. There is no trust/allowlisting/sandboxing for the executed payload, making arbitrary code execution a central threat. Additionally, it constructs authentication-related data (including CLIENTSECRET) and logs the entire computed env object to console, creating a strong likelihood of sensitive configuration/secret exposure in logs.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.