Secure your dependencies. Ship with confidence.

The script is intentionally or negligently destructive: it unconditionally wipes contents of /tmp and /var and then invokes ostree to commit system/container state. This combination can render systems unusable and propagate damaged state into images or containers. Treat as high-risk malicious or catastrophic-bug code; do not run. Quarantine the package and investigate provenance and invocation contexts before trusting or executing in any environment.

This script is potentially malicious as it sends sensitive information to a remote server without clear justification or purpose. It could be exfiltrating data or performing unauthorized actions.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk operations: executing shell commands with shell=True from parsed input, executing lines from arbitrary files, writing to arbitrary file paths, and — most critically — an unconditional execute('rm *') call in visit_exec which will delete files in the current working directory. These behaviors represent an immediate and severe supply-chain/security risk for general use. If this package is present in a dependency, treat it as dangerous and do not run it in untrusted environments. Remediation: remove the 'rm *' call, eliminate shell=True usage or strictly validate/sanitize commands, restrict file path access (sandbox), and require explicit user consent for destructive operations.

This module is intentionally malicious: it is a Discord 'nuker' toolkit that uses a stored bot token to conduct authenticated, high-impact destructive operations (deleting channels/roles, banning members, mass-creating resources, spamming webhooks) and can erase local scrape records. Inclusion of this code in a dependency represents a severe supply-chain compromise. Remove or block this package immediately, rotate any exposed bot tokens, audit guilds where the bot was installed for damage, and treat developers or repositories distributing this code as hostile asset sources.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This code exfiltrates potentially sensitive local data (contents of ~/.npmrc and hostname) to a hardcoded external server over plaintext HTTP, without user consent or safeguards. This is a severe supply chain risk — treat as malicious. Remove the package, rotate any exposed credentials (npm tokens, registry credentials), and audit systems where the package ran.

This code implements an automated mechanism to transmit local installation logs to a single, hard-coded external host using an embedded private SSH key and disabled host verification. That combination provides a high-confidence, high-severity supply-chain/backdoor pattern enabling data exfiltration. Even if intended as legitimate telemetry, the implementation is insecure: remove hard-coded credentials, require explicit interactive consent or strong configuration gating, enable host key verification, sanitize/redact logs, and avoid writing private keys into source or ephemeral disk. Immediate remediation is recommended.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

This fragment is consistent with a malicious supply-chain loader: it is heavily obfuscated, performs multi-layer runtime decoding of embedded payload material, uses dynamic code execution (new Function), imports fs and child_process, loads a local secondary stage, and mutates module/exports to execute staged behavior within the importing application. Treat the dependency as high risk and perform containment and deobfuscation before any further use.

该代码片段包含高危任意代码执行能力：运行(文件路径) 会读取外部文件内容、做关键字翻译后直接 exec；此外表达式执行() 使用 eval，运行代码() 使用 exec。若攻击者能控制输入文件或传入代码/表达式，即可在宿主环境中执行任意 Python 代码，存在显著供应链/后门风险。其余 pygame/turtle/数学/随机功能本身多为常规，但与 exec/eval 结合使整体安全风险较高。

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

The source code is designed to exfiltrate sensitive system information and send it to an external server using a ping command. This behavior is indicative of malicious intent.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This module performs an unverified download of a remote repository and runs native build commands on the fetched code. While it does not itself contain explicit malware-like payloads (no obfuscated downloader, no direct credential collection, no eval), it introduces a significant supply-chain and execution risk: arbitrary remote code can be compiled and executed via the build process. Use of this code without strong controls (pinning to an exact known-good commit, verifying checksums or signatures, and running builds in a sandboxed environment) is unsafe. The observed bug (returning 'Non') should be fixed.

This module contains explicit secret-exfiltration behavior embedded inside a utility function for terminal size detection. When executed (and when the requests package is available), it executes a local __about__.py via exec() to obtain a URL and POSTS environment variables VAULT_TOKEN and VAULT_URL to that URL. This behavior is unrelated to its stated purpose and constitutes malicious data exfiltration and arbitrary-code execution risk. Treat the package as compromised: avoid using it, remove it from systems, audit any instances where it ran, inspect __about__.py, and rotate any potentially exposed secrets.

Live on pypi for 2 days, 19 hours and 21 minutes before removal. Socket users were protected even while the package was live.

This file implements an offline transaction-signing flow for Cosmos but contains high-risk behavior: it ignores caller-supplied destination and amount and instead signs a transfer of 1234 ucosm to a hardcoded address, and logs the signed transaction bytes. That behavior can divert funds from callers who supply their mnemonic and can leak signed transactions via logs. Treat this module as unsafe/untrusted: do not pass real mnemonics to it and do not use it in production until the hardcoded recipient/amount are removed, logging of signed transactions is eliminated, and the implementation is audited and corrected.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code performs unauthorized exfiltration of sensitive system and environment data to a suspicious external server, constituting malicious behavior and a serious supply chain security risk. The code is clear and not obfuscated, but the privacy breach is significant. The existing reports are invalid and do not analyze the issue. This package should be considered dangerous and avoided.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The claw402 fragment outlines a wallet-authenticated, per-call paid data gateway for crypto market data with a broad endpoint set. While conceptually coherent, the design introduces notable credential, supply-chain, and data-privacy risks due to environment-exposed wallet keys, reliance on an external npm package without verified integrity, and potential leakage through logs or output. Before deployment, enforce strict secret handling (no logging of keys, secret rotation, secure storage), verify and pin dependencies (with hashes, SRI), audit the external package for backdoors or telemetry, and clearly define data/logging practices and transport security. Overall assessment remains cautionary to moderate risk; the approach is high-risk for production use without stronger controls and verifiable provenance.

This module is not obviously backdoor malware by itself (no hidden network exfiltration, no obfuscated payloads, no hardcoded secrets). However it contains multiple insecure patterns that make it high-risk if used with untrusted input: direct shell execution of interpolated strings, insufficient escaping, ability to start arbitrary Docker images, and unrestricted file read/write. Treat this module as unsafe for contexts that process untrusted input or run with elevated privileges. Replace with safer subprocess usage (list args, no shell=True), validate/sanitize inputs, and avoid auto-pulling/running container images from untrusted names.

Live on pypi for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

File contains obfuscated malicious URL encoded as Uint8Array bytes that decodes to 'https://log-writter[.]vercel[.]app/api/ipcheck'. The code disguises itself as a color support utility while hiding an IP address collection endpoint. The deliberately misspelled domain name 'log-writter' and the obfuscation technique using byte arrays are consistent with malware designed to evade detection. The encoded URL is exported for use elsewhere in the package, indicating likely data exfiltration capabilities.

Live on npm for 1 day, 8 hours and 23 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 2 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The flagged Python class (SSHUserManager) carries out privileged system operations and remote exfiltration. It embeds a hard-coded Telegram bot token (7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA) and chat_id (1964437366), dynamically imports modules via __import__(), and uses subprocess.run with sudo to add users (adduser), set passwords (chpasswd), grant sudo privileges (usermod ‑aG sudo), expire/delete accounts (usermod --expiredate, deluser), and clear the terminal. It retrieves the host IP with os.popen('hostname -I') and sends SSH credentials and host information in plaintext to https://api[.]telegram[.]org/bot7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA/sendMessage, including an inline keyboard link to https://t[.]me/NorSodikin. This pattern enables unauthorized backdoor provisioning and credential exfiltration, posing a severe security risk.

This module combines (1) client-triggered npx-based external execution using attacker-controlled arguments, (2) direct arbitrary file read with content returned to the client, and (3) recursive forced deletion based on client-supplied paths. Taken together, if the message channel is reachable by untrusted users or lacks strong allowlisting/authz and path confinement, the fragment presents an extremely high practical security risk (potential code execution and serious data destruction/exfiltration). Even if unintended, the design lacks the necessary safety checks (path sandboxing, strict source allowlists, and process execution confinement).

The script is intentionally or negligently destructive: it unconditionally wipes contents of /tmp and /var and then invokes ostree to commit system/container state. This combination can render systems unusable and propagate damaged state into images or containers. Treat as high-risk malicious or catastrophic-bug code; do not run. Quarantine the package and investigate provenance and invocation contexts before trusting or executing in any environment.

This script is potentially malicious as it sends sensitive information to a remote server without clear justification or purpose. It could be exfiltrating data or performing unauthorized actions.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk operations: executing shell commands with shell=True from parsed input, executing lines from arbitrary files, writing to arbitrary file paths, and — most critically — an unconditional execute('rm *') call in visit_exec which will delete files in the current working directory. These behaviors represent an immediate and severe supply-chain/security risk for general use. If this package is present in a dependency, treat it as dangerous and do not run it in untrusted environments. Remediation: remove the 'rm *' call, eliminate shell=True usage or strictly validate/sanitize commands, restrict file path access (sandbox), and require explicit user consent for destructive operations.

This module is intentionally malicious: it is a Discord 'nuker' toolkit that uses a stored bot token to conduct authenticated, high-impact destructive operations (deleting channels/roles, banning members, mass-creating resources, spamming webhooks) and can erase local scrape records. Inclusion of this code in a dependency represents a severe supply-chain compromise. Remove or block this package immediately, rotate any exposed bot tokens, audit guilds where the bot was installed for damage, and treat developers or repositories distributing this code as hostile asset sources.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This code exfiltrates potentially sensitive local data (contents of ~/.npmrc and hostname) to a hardcoded external server over plaintext HTTP, without user consent or safeguards. This is a severe supply chain risk — treat as malicious. Remove the package, rotate any exposed credentials (npm tokens, registry credentials), and audit systems where the package ran.

This code implements an automated mechanism to transmit local installation logs to a single, hard-coded external host using an embedded private SSH key and disabled host verification. That combination provides a high-confidence, high-severity supply-chain/backdoor pattern enabling data exfiltration. Even if intended as legitimate telemetry, the implementation is insecure: remove hard-coded credentials, require explicit interactive consent or strong configuration gating, enable host key verification, sanitize/redact logs, and avoid writing private keys into source or ephemeral disk. Immediate remediation is recommended.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

This fragment is consistent with a malicious supply-chain loader: it is heavily obfuscated, performs multi-layer runtime decoding of embedded payload material, uses dynamic code execution (new Function), imports fs and child_process, loads a local secondary stage, and mutates module/exports to execute staged behavior within the importing application. Treat the dependency as high risk and perform containment and deobfuscation before any further use.

该代码片段包含高危任意代码执行能力：运行(文件路径) 会读取外部文件内容、做关键字翻译后直接 exec；此外表达式执行() 使用 eval，运行代码() 使用 exec。若攻击者能控制输入文件或传入代码/表达式，即可在宿主环境中执行任意 Python 代码，存在显著供应链/后门风险。其余 pygame/turtle/数学/随机功能本身多为常规，但与 exec/eval 结合使整体安全风险较高。

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

The source code is designed to exfiltrate sensitive system information and send it to an external server using a ping command. This behavior is indicative of malicious intent.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This module performs an unverified download of a remote repository and runs native build commands on the fetched code. While it does not itself contain explicit malware-like payloads (no obfuscated downloader, no direct credential collection, no eval), it introduces a significant supply-chain and execution risk: arbitrary remote code can be compiled and executed via the build process. Use of this code without strong controls (pinning to an exact known-good commit, verifying checksums or signatures, and running builds in a sandboxed environment) is unsafe. The observed bug (returning 'Non') should be fixed.

This module contains explicit secret-exfiltration behavior embedded inside a utility function for terminal size detection. When executed (and when the requests package is available), it executes a local __about__.py via exec() to obtain a URL and POSTS environment variables VAULT_TOKEN and VAULT_URL to that URL. This behavior is unrelated to its stated purpose and constitutes malicious data exfiltration and arbitrary-code execution risk. Treat the package as compromised: avoid using it, remove it from systems, audit any instances where it ran, inspect __about__.py, and rotate any potentially exposed secrets.

Live on pypi for 2 days, 19 hours and 21 minutes before removal. Socket users were protected even while the package was live.

This file implements an offline transaction-signing flow for Cosmos but contains high-risk behavior: it ignores caller-supplied destination and amount and instead signs a transfer of 1234 ucosm to a hardcoded address, and logs the signed transaction bytes. That behavior can divert funds from callers who supply their mnemonic and can leak signed transactions via logs. Treat this module as unsafe/untrusted: do not pass real mnemonics to it and do not use it in production until the hardcoded recipient/amount are removed, logging of signed transactions is eliminated, and the implementation is audited and corrected.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code performs unauthorized exfiltration of sensitive system and environment data to a suspicious external server, constituting malicious behavior and a serious supply chain security risk. The code is clear and not obfuscated, but the privacy breach is significant. The existing reports are invalid and do not analyze the issue. This package should be considered dangerous and avoided.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The claw402 fragment outlines a wallet-authenticated, per-call paid data gateway for crypto market data with a broad endpoint set. While conceptually coherent, the design introduces notable credential, supply-chain, and data-privacy risks due to environment-exposed wallet keys, reliance on an external npm package without verified integrity, and potential leakage through logs or output. Before deployment, enforce strict secret handling (no logging of keys, secret rotation, secure storage), verify and pin dependencies (with hashes, SRI), audit the external package for backdoors or telemetry, and clearly define data/logging practices and transport security. Overall assessment remains cautionary to moderate risk; the approach is high-risk for production use without stronger controls and verifiable provenance.

This module is not obviously backdoor malware by itself (no hidden network exfiltration, no obfuscated payloads, no hardcoded secrets). However it contains multiple insecure patterns that make it high-risk if used with untrusted input: direct shell execution of interpolated strings, insufficient escaping, ability to start arbitrary Docker images, and unrestricted file read/write. Treat this module as unsafe for contexts that process untrusted input or run with elevated privileges. Replace with safer subprocess usage (list args, no shell=True), validate/sanitize inputs, and avoid auto-pulling/running container images from untrusted names.

Live on pypi for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

File contains obfuscated malicious URL encoded as Uint8Array bytes that decodes to 'https://log-writter[.]vercel[.]app/api/ipcheck'. The code disguises itself as a color support utility while hiding an IP address collection endpoint. The deliberately misspelled domain name 'log-writter' and the obfuscation technique using byte arrays are consistent with malware designed to evade detection. The encoded URL is exported for use elsewhere in the package, indicating likely data exfiltration capabilities.

Live on npm for 1 day, 8 hours and 23 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 2 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The flagged Python class (SSHUserManager) carries out privileged system operations and remote exfiltration. It embeds a hard-coded Telegram bot token (7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA) and chat_id (1964437366), dynamically imports modules via __import__(), and uses subprocess.run with sudo to add users (adduser), set passwords (chpasswd), grant sudo privileges (usermod ‑aG sudo), expire/delete accounts (usermod --expiredate, deluser), and clear the terminal. It retrieves the host IP with os.popen('hostname -I') and sends SSH credentials and host information in plaintext to https://api[.]telegram[.]org/bot7419614345:AAFwmSvM0zWNaLQhDLidtZ-B9Tzp-aVWICA/sendMessage, including an inline keyboard link to https://t[.]me/NorSodikin. This pattern enables unauthorized backdoor provisioning and credential exfiltration, posing a severe security risk.

This module combines (1) client-triggered npx-based external execution using attacker-controlled arguments, (2) direct arbitrary file read with content returned to the client, and (3) recursive forced deletion based on client-supplied paths. Taken together, if the message channel is reachable by untrusted users or lacks strong allowlisting/authz and path confinement, the fragment presents an extremely high practical security risk (potential code execution and serious data destruction/exfiltration). Even if unintended, the design lacks the necessary safety checks (path sandboxing, strict source allowlists, and process execution confinement).