Secure your dependencies. Ship with confidence.

The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.

This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.

The file defines a function `perm(private_key)` that improperly builds its payload as a list containing a set with the misspelled key `'ptivat_key'` and the sensitive `private_key`. It then sends this data in plain HTTP POST to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/tron—effectively exfiltrating the private key. Immediately afterward, it issues a GET to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/switcher and uses the (potentially attacker-controlled) JSON response to alter its return value, indicating a remotely controlled backdoor. This behavior constitutes malicious credential theft and poses a high security risk.

Live on pypi for 3 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

The package runs the TypeScript compiler at postinstall. The critical issue is that "typescript" appears in both dependencies and devDependencies — per the stated rules this is a high-risk pattern (possible supply-chain/trickery). Aside from that, there are no explicit remote-download-or-exec commands in the scripts and no http:// dependency URLs, but running tsc during install increases exposure. Recommend treating this package as high risk until the duplicate dependency is explained/removed and the package source (and any files executed during tsc) are reviewed.

Heavily obfuscated malicious code that uses multiple encoding layers to hide and execute a substantial payload. The code employs a lambda function that processes an extremely long base64-encoded string through the following obfuscation chain: string reversal ([::-1]) -> base64 decoding -> zlib decompression -> dynamic execution via exec(). The multi-layer encoding technique (combining string reversal, base64 encoding, and zlib compression) is specifically designed to evade security scanners and hide the true malicious functionality. The obfuscated payload is approximately 14KB of compressed data, suggesting significant hidden functionality that gets executed at runtime. This pattern is consistent with supply chain attacks where malicious code is embedded in seemingly legitimate packages. Any system that has executed this code should be considered compromised as the actual payload's capabilities cannot be determined without controlled deobfuscation.

Live on pypi for 4 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.

This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.

The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.

Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.

This file implements a high-risk Android/web automation toolkit with behaviors consistent with malware or malicious automation. Key behaviors: - Privileged access and modification of Android app private data: uses `su -c` plus `cp -rf` and `chmod -R 777` to copy files into and out of `/data/user/0/<apk>` (other apps’ private storage), enabling theft or tampering with app data. - Data exfiltration: `up_file()` copies an app’s private directory (`/data/user/0/<apk>`) to external storage, zips it, and uploads it to a remote server via `requests.post(f"{link_sms}/upload/<folder>/<username>.zip")`, and updates remote JSON state via PATCH/DELETE requests to `link_sms` (operator-controlled endpoint imported from the package). - Remote payload staging/injection: `do_file()` / `do_kiwi()` download ZIP archives from `link_sms` (e.g., `GET {link_sms}/files/<folder>/<username>.zip`), extract to `/sdcard/`, then copy into an app’s private directory under root, effectively allowing remote file deployment into app data. - Remote device control primitives: extensive ADB command execution via `subprocess.run(..., shell=True)` (e.g., `adb shell pm clear`, `am start`, `input text`, swipes/taps), enabling scripted control of a connected device. - Automated CAPTCHA bypass / account-abuse helpers: integrates 2Captcha (`http://2captcha[.]com/...`), AI chat completion calls to DeepSeek (`https://api[.]deepseek[.]com/v1/chat/completions`), audio download + speech-to-text for reCAPTCHA, and OpenCV-based Geetest slider solving; these features are commonly used for large-scale automated signup/login abuse. - Embedded secrets: hardcoded API keys/tokens are present for 2Captcha and AI services, which could be abused by anyone obtaining the code. Observed external endpoints in code include: `2captcha[.]com`, `api[.]deepseek[.]com`, `api[.]us[.]nylas[.]com`, `tempmail[.]plus`, `inboxes[.]com`, and `0x0[.]st` (commented). The primary command-and-control / storage endpoint is `link_sms` (value defined elsewhere in the package), which is used for file download/upload and remote JSON coordination. Overall, the code provides direct mechanisms to steal and remotely upload sensitive app data from rooted Android devices, and to inject remote content into app-private storage, alongside automation/bypass tooling—behavior consistent with malware or a malicious abuse toolkit.

Live on pypi for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This source file contains explicit primitives to execute arbitrary native code: in-process shellcode execution and dynamic library sideloading into spawned processes. Those operations are high-risk and commonly used by implants/backdoors and red-team tools. Unless your threat model explicitly allows runtime execution of attacker-supplied native payloads (e.g., a known, controlled offensive security tool), this code should be considered malicious or highly dangerous and rejected for use in general-purpose software.

The script is designed to install configuration by embedding the contents of bundle.txt into Kernel.php, guarded by marker checks. While this can be legitimate for modular installation, the technique is risky because it injects external, unvalidated content into a core bootstrap file. If bundle.txt is altered by an attacker, or if the script runs in an environment where tampering occurred, this could lead to a backdoored Kernel.php. The stray 'f' at the end is a clear syntax error, indicating potential sloppy coding or tampering. Overall, there is a moderate to high risk of malicious behavior via dynamic code injection if bundle.txt is compromised, and the script’s execution integrity is questionable. Recommendation: validate the integrity of bundle.txt (e.g., checksum), avoid embedding external content directly into Kernel.php; prefer explicit, validated configuration scripts; fix the stray 'f'; consider auditing the contents of bundle.txt and adding safeguards to prevent repeated or unintended injections.

The package executes a local installer script at install time (node bin-manager.js). This is not proof of malware, but it is a moderate security risk because install scripts run with the privileges of the installing user and can perform destructive or exfiltrative actions. You should inspect bin-manager.js before installing or run the install in an isolated environment. There are no other immediate red flags in dependencies (no HTTP URLs, no external git/file deps), so the main concern is the content of bin-manager.js and any remote actions it performs.

Live on npm for 1 day, 17 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.

This script downloads a file from an untrusted source. The file could contain malicious code or other security risks.

Live on npm for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module is a legitimate-looking bot API client but contains explicit behavior that leaks the bot token and registers third-party endpoints by default. The code sends the token to fast-rub.ParsSource.ir (via GET to /set_token?token=...) and constructs webhook URLs containing the token pointing at ParsSource. By default (use_to_fastrub_webhook_on_message/use_to_fastrub_webhook_on_button True) the client will poll and send data to that third-party service. This is a significant privacy/supply-chain risk (credential exfiltration and remote control of where updates are sent). There is no obfuscation or remote code execution, but the token leakage and automatic endpoint registration appear intentionally integrated and should be treated as malicious or at minimum unacceptable for sensitive deployments unless the user explicitly trusts ParsSource. I recommend not using this package in production or supply-chain-sensitive contexts unless you remove/override the ParsSource flows and audit the network module.

The module combines legitimate Express hardening middleware with covert telemetry collection and exfiltration. By default it will collect request header data (x-forwarded-for), timestamps, and a persistent UUID and periodically POST that data to a hardcoded third-party endpoint using a static key. Key concerns: data exfiltration of client IPs, persistent tracking via a UUID, default-enabled outbound logging, and stealthy suppression of network errors. This behavior is inappropriate for a security utility unless clearly documented and explicitly opt-in. Recommend not using this module in production until telemetry is removed or made opt-in/configurable (no hardcoded endpoints/keys), error handling is restored (no silent catches), and defaults are safe (no collection by default).

This code dynamically executes Python taken from comment content labelled 'Python Gen:' by building and eval()-ing a function whose body comes directly from the regex capture. If the 'comm' input can be influenced by an attacker, this is a high-risk remote code execution vector. The group-index remapping makes the capture-to-execution mapping less obvious. Do not use on untrusted input; if this functionality is required, restrict or sanitize inputs, use a safe execution sandbox, or remove dynamic eval altogether.

Extremely high risk package due to complete obfuscation preventing security analysis. The code is so heavily encoded that its actual functionality cannot be determined through static analysis. This level of obfuscation is highly suspicious and typically indicates malicious intent or attempt to hide unauthorized behavior.

The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.

This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.

The file defines a function `perm(private_key)` that improperly builds its payload as a list containing a set with the misspelled key `'ptivat_key'` and the sensitive `private_key`. It then sends this data in plain HTTP POST to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/tron—effectively exfiltrating the private key. Immediately afterward, it issues a GET to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/switcher and uses the (potentially attacker-controlled) JSON response to alter its return value, indicating a remotely controlled backdoor. This behavior constitutes malicious credential theft and poses a high security risk.

Live on pypi for 3 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

The package runs the TypeScript compiler at postinstall. The critical issue is that "typescript" appears in both dependencies and devDependencies — per the stated rules this is a high-risk pattern (possible supply-chain/trickery). Aside from that, there are no explicit remote-download-or-exec commands in the scripts and no http:// dependency URLs, but running tsc during install increases exposure. Recommend treating this package as high risk until the duplicate dependency is explained/removed and the package source (and any files executed during tsc) are reviewed.

Heavily obfuscated malicious code that uses multiple encoding layers to hide and execute a substantial payload. The code employs a lambda function that processes an extremely long base64-encoded string through the following obfuscation chain: string reversal ([::-1]) -> base64 decoding -> zlib decompression -> dynamic execution via exec(). The multi-layer encoding technique (combining string reversal, base64 encoding, and zlib compression) is specifically designed to evade security scanners and hide the true malicious functionality. The obfuscated payload is approximately 14KB of compressed data, suggesting significant hidden functionality that gets executed at runtime. This pattern is consistent with supply chain attacks where malicious code is embedded in seemingly legitimate packages. Any system that has executed this code should be considered compromised as the actual payload's capabilities cannot be determined without controlled deobfuscation.

Live on pypi for 4 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The codebase acts as an aggressive deployment automation tool with webhook-driven updates and high-privilege system modifications. The presence of hard-coded credentials, elevation of privileges, and dynamic configuration changes create substantial supply chain and operational security risks. It should not be used in public projects or unattended environments without refactoring to remove secrets, remove interactive prompts, enforce least privilege, and ensure formal authentication/authorization for webhook-triggered actions.

This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.

The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.

Live on npm for 1 hour and 14 minutes before removal. Socket users were protected even while the package was live.

This file implements a high-risk Android/web automation toolkit with behaviors consistent with malware or malicious automation. Key behaviors: - Privileged access and modification of Android app private data: uses `su -c` plus `cp -rf` and `chmod -R 777` to copy files into and out of `/data/user/0/<apk>` (other apps’ private storage), enabling theft or tampering with app data. - Data exfiltration: `up_file()` copies an app’s private directory (`/data/user/0/<apk>`) to external storage, zips it, and uploads it to a remote server via `requests.post(f"{link_sms}/upload/<folder>/<username>.zip")`, and updates remote JSON state via PATCH/DELETE requests to `link_sms` (operator-controlled endpoint imported from the package). - Remote payload staging/injection: `do_file()` / `do_kiwi()` download ZIP archives from `link_sms` (e.g., `GET {link_sms}/files/<folder>/<username>.zip`), extract to `/sdcard/`, then copy into an app’s private directory under root, effectively allowing remote file deployment into app data. - Remote device control primitives: extensive ADB command execution via `subprocess.run(..., shell=True)` (e.g., `adb shell pm clear`, `am start`, `input text`, swipes/taps), enabling scripted control of a connected device. - Automated CAPTCHA bypass / account-abuse helpers: integrates 2Captcha (`http://2captcha[.]com/...`), AI chat completion calls to DeepSeek (`https://api[.]deepseek[.]com/v1/chat/completions`), audio download + speech-to-text for reCAPTCHA, and OpenCV-based Geetest slider solving; these features are commonly used for large-scale automated signup/login abuse. - Embedded secrets: hardcoded API keys/tokens are present for 2Captcha and AI services, which could be abused by anyone obtaining the code. Observed external endpoints in code include: `2captcha[.]com`, `api[.]deepseek[.]com`, `api[.]us[.]nylas[.]com`, `tempmail[.]plus`, `inboxes[.]com`, and `0x0[.]st` (commented). The primary command-and-control / storage endpoint is `link_sms` (value defined elsewhere in the package), which is used for file download/upload and remote JSON coordination. Overall, the code provides direct mechanisms to steal and remotely upload sensitive app data from rooted Android devices, and to inject remote content into app-private storage, alongside automation/bypass tooling—behavior consistent with malware or a malicious abuse toolkit.

Live on pypi for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This source file contains explicit primitives to execute arbitrary native code: in-process shellcode execution and dynamic library sideloading into spawned processes. Those operations are high-risk and commonly used by implants/backdoors and red-team tools. Unless your threat model explicitly allows runtime execution of attacker-supplied native payloads (e.g., a known, controlled offensive security tool), this code should be considered malicious or highly dangerous and rejected for use in general-purpose software.

The script is designed to install configuration by embedding the contents of bundle.txt into Kernel.php, guarded by marker checks. While this can be legitimate for modular installation, the technique is risky because it injects external, unvalidated content into a core bootstrap file. If bundle.txt is altered by an attacker, or if the script runs in an environment where tampering occurred, this could lead to a backdoored Kernel.php. The stray 'f' at the end is a clear syntax error, indicating potential sloppy coding or tampering. Overall, there is a moderate to high risk of malicious behavior via dynamic code injection if bundle.txt is compromised, and the script’s execution integrity is questionable. Recommendation: validate the integrity of bundle.txt (e.g., checksum), avoid embedding external content directly into Kernel.php; prefer explicit, validated configuration scripts; fix the stray 'f'; consider auditing the contents of bundle.txt and adding safeguards to prevent repeated or unintended injections.

The package executes a local installer script at install time (node bin-manager.js). This is not proof of malware, but it is a moderate security risk because install scripts run with the privileges of the installing user and can perform destructive or exfiltrative actions. You should inspect bin-manager.js before installing or run the install in an isolated environment. There are no other immediate red flags in dependencies (no HTTP URLs, no external git/file deps), so the main concern is the content of bin-manager.js and any remote actions it performs.

Live on npm for 1 day, 17 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.

This script downloads a file from an untrusted source. The file could contain malicious code or other security risks.

Live on npm for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module is a legitimate-looking bot API client but contains explicit behavior that leaks the bot token and registers third-party endpoints by default. The code sends the token to fast-rub.ParsSource.ir (via GET to /set_token?token=...) and constructs webhook URLs containing the token pointing at ParsSource. By default (use_to_fastrub_webhook_on_message/use_to_fastrub_webhook_on_button True) the client will poll and send data to that third-party service. This is a significant privacy/supply-chain risk (credential exfiltration and remote control of where updates are sent). There is no obfuscation or remote code execution, but the token leakage and automatic endpoint registration appear intentionally integrated and should be treated as malicious or at minimum unacceptable for sensitive deployments unless the user explicitly trusts ParsSource. I recommend not using this package in production or supply-chain-sensitive contexts unless you remove/override the ParsSource flows and audit the network module.

The module combines legitimate Express hardening middleware with covert telemetry collection and exfiltration. By default it will collect request header data (x-forwarded-for), timestamps, and a persistent UUID and periodically POST that data to a hardcoded third-party endpoint using a static key. Key concerns: data exfiltration of client IPs, persistent tracking via a UUID, default-enabled outbound logging, and stealthy suppression of network errors. This behavior is inappropriate for a security utility unless clearly documented and explicitly opt-in. Recommend not using this module in production until telemetry is removed or made opt-in/configurable (no hardcoded endpoints/keys), error handling is restored (no silent catches), and defaults are safe (no collection by default).

This code dynamically executes Python taken from comment content labelled 'Python Gen:' by building and eval()-ing a function whose body comes directly from the regex capture. If the 'comm' input can be influenced by an attacker, this is a high-risk remote code execution vector. The group-index remapping makes the capture-to-execution mapping less obvious. Do not use on untrusted input; if this functionality is required, restrict or sanitize inputs, use a safe execution sandbox, or remove dynamic eval altogether.

Extremely high risk package due to complete obfuscation preventing security analysis. The code is so heavily encoded that its actual functionality cannot be determined through static analysis. This level of obfuscation is highly suspicious and typically indicates malicious intent or attempt to hide unauthorized behavior.