Secure your dependencies. Ship with confidence.

The code exhibits malicious behavior by collecting and attempting to exfiltrate system information using DNS queries. This poses a significant security risk.

Live on npm for 1 day, 4 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains clear malicious capability: it captures user keyboard/mouse/touch input and injects it into a remote session over a network transport, and it additionally reads the user clipboard and transmits clipboard contents remotely. These are high-severity supply-chain security indicators (clipboard theft + remote interaction control).

Best report selection: Report 1 is the most detailed and appropriately flags that no executable code exists, while still correctly treating the content as a hostile, operational exploit playbook. Improved findings: the YAML explicitly enumerates attacker-controlled inputs (SSRF/XSS/LFI/SSTI/XXE) and their harmful sinks (metadata/IAM credential theft, cookie/session exfiltration, log-poisoning→RCE, template-engine exec→RCE, XXE local file read and optional OOB exfiltration). Because this fragment is not runnable code, malware behavior cannot be directly confirmed; nonetheless, its weaponized nature makes it a serious security red flag for any software supply-chain artifact.

This module is unsafe and likely malicious for use in any project. It executes arbitrary shell commands, writes hardcoded PyPI credentials to disk, self-modifies and self-deletes, decrypts/install hidden payloads, dynamically imports and executes externally controlled modules, and automates package uploads. These behaviors present a high supply-chain and local compromise risk. Do not run this code in trusted environments. Replace with audited, minimal build scripts and remove any credentials embedded in source or generated files.

This dependency fragment performs an immediate outbound HTTPS request to a hardcoded third-party webhook endpoint (webhook.site) and suppresses any errors. While no explicit data theft is shown in the visible code, the behavior is consistent with covert notification/beaconing commonly seen in supply-chain test payloads or malware staging. Verify the full package for what else executes around this module and whether network egress is expected by the project.

Live on pypi for 22 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The code has potential security concerns, including hardcoded credentials and automated interactions with websites

Live on npm for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.

This module contains high-severity malicious/suspicious behavior: it injects executable JavaScript at runtime via a dynamically created <script> tag and that injected code exfiltrates data by POSTing to a hardcoded third-party webhook.site endpoint upon feedback form submission. Additionally, it renders flow-provided HTML using dangerouslySetInnerHTML, creating an XSS sink if inputs are not tightly controlled. Treat this package/module as dangerous and do not deploy without remediation and thorough investigation of the full build/output (not just this fragment).

The skill presents a coherent workflow to claim and interact with OracleNet identities, with cryptographic signing and remote verification as integral components. The primary security concerns arise from handling of private keys, multi-tool supply chain dependencies (bun, gh, cast), and exposure risk via external network calls and local storage of sensitive data. The design is proportionate to its stated purpose, but the presence of direct private-key handling in outputs and the reliance on multiple external CLI tools warrant careful controls (strict redaction, secure key storage, minimized logging, pinned/verified tool versions). Net risk is elevated due to credential handling and remote data flows, but the workflow itself is aligned with its purpose when properly safeguarded.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

The code exhibits a high-risk, covert file-system tampering pattern: overwriting the project’s index.d.ts with a version-specific file based on detected Vue version via a system move. This constitutes a strong supply-chain/operational risk, capable of silently sabotaging typings and builds. Absence of input validation, error handling, and provenance checks exacerbates the risk. Recommended controls include eliminating runtime typography mutations, implementing explicit provenance verification (e.g., checksums or signed sources), logging all file operations, and replacing shell-based moves with safe, atomic, verifiable edits or build-time tooling that requires explicit consent.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The code is a malicious backdoor that exfiltrates sensitive system information and public IP address to an attacker-controlled domain via DNS queries. This represents a high security risk and clear malware behavior. The code is not heavily obfuscated but uses shell command chaining to hide its intent. It should be considered dangerous and avoided.

The fragment is data-oriented but describes a highly sensitive update mechanism that, if accepted without rigorous validation, could enable supply-chain compromise (e.g., replacing signing keys, altering update endpoints). It warrants immediate defensive measures: enforce strict signature verification, authority checks, schema validation, and endpoint/key whitelisting before applying any decoded updates.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This script is malicious in behavior: it systematically harvests sensitive system, cloud, and application credentials and writes them to a local file under the n8n user's home. Even though it does not exfiltrate over the network itself, it stages highly sensitive data (AWS creds, SSH private keys, Kubernetes service account token, docker socket presence, application DB/config) which enables privilege escalation and remote exfiltration by subsequent actions. Treat this package as compromised and do not run it; remove and investigate any systems where it was executed.

Live on npm for 1 day, 20 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This preinstall hook is malicious: it attempts to read a sensitive local file (/etc/passwd) and send it to an external collector during npm install. This is data exfiltration and a clear supply-chain/telemetry threat. Do not install; remove the package and investigate any systems where it ran.

Live on npm for 2 days, 12 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The fragment employs aggressive obfuscation and a packer-like decoding pattern that enables runtime code execution with broad network and filesystem capabilities. While not conclusive proof of malware without decoding in a secure sandbox, the combination of dynamic evaluation, remote-loading indicators, and cross-environment IO strongly indicates high supply-chain risk. Treat as dangerous; require replacement with a transparent, audited version or remove from dependencies until provenance and behavior are verified.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

This source intentionally installs and runs a reverse-shell backdoor. It decodes a base64-embedded Perl payload to /tmp/.bc and executes it with hardcoded remote host and port, using multiple suppressed execution wrappers to maximize compatibility and stealth. Consider it malicious: remove and investigate any systems that executed this code, rotate credentials, and treat hosts as compromised.

The dominant security issue is a critical supply-chain/RCE primitive: this module downloads executable JavaScript from a public CDN at runtime and executes it with eval to install a global loader (globalThis.use). This enables arbitrary code execution if the remote content is tampered with, making the package materially risky regardless of the otherwise-benign model-mapping logic. Secondary risk: it also fetches remote JSON metadata (models.dev) and interpolates remote fields into formatted output, which may become a downstream rendering/injection problem if not escaped by the consumer.

The code exhibits malicious behavior by collecting and attempting to exfiltrate system information using DNS queries. This poses a significant security risk.

Live on npm for 1 day, 4 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains clear malicious capability: it captures user keyboard/mouse/touch input and injects it into a remote session over a network transport, and it additionally reads the user clipboard and transmits clipboard contents remotely. These are high-severity supply-chain security indicators (clipboard theft + remote interaction control).

Best report selection: Report 1 is the most detailed and appropriately flags that no executable code exists, while still correctly treating the content as a hostile, operational exploit playbook. Improved findings: the YAML explicitly enumerates attacker-controlled inputs (SSRF/XSS/LFI/SSTI/XXE) and their harmful sinks (metadata/IAM credential theft, cookie/session exfiltration, log-poisoning→RCE, template-engine exec→RCE, XXE local file read and optional OOB exfiltration). Because this fragment is not runnable code, malware behavior cannot be directly confirmed; nonetheless, its weaponized nature makes it a serious security red flag for any software supply-chain artifact.

This module is unsafe and likely malicious for use in any project. It executes arbitrary shell commands, writes hardcoded PyPI credentials to disk, self-modifies and self-deletes, decrypts/install hidden payloads, dynamically imports and executes externally controlled modules, and automates package uploads. These behaviors present a high supply-chain and local compromise risk. Do not run this code in trusted environments. Replace with audited, minimal build scripts and remove any credentials embedded in source or generated files.

This dependency fragment performs an immediate outbound HTTPS request to a hardcoded third-party webhook endpoint (webhook.site) and suppresses any errors. While no explicit data theft is shown in the visible code, the behavior is consistent with covert notification/beaconing commonly seen in supply-chain test payloads or malware staging. Verify the full package for what else executes around this module and whether network egress is expected by the project.

Live on pypi for 22 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The code has potential security concerns, including hardcoded credentials and automated interactions with websites

Live on npm for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.

This module contains high-severity malicious/suspicious behavior: it injects executable JavaScript at runtime via a dynamically created <script> tag and that injected code exfiltrates data by POSTing to a hardcoded third-party webhook.site endpoint upon feedback form submission. Additionally, it renders flow-provided HTML using dangerouslySetInnerHTML, creating an XSS sink if inputs are not tightly controlled. Treat this package/module as dangerous and do not deploy without remediation and thorough investigation of the full build/output (not just this fragment).

The skill presents a coherent workflow to claim and interact with OracleNet identities, with cryptographic signing and remote verification as integral components. The primary security concerns arise from handling of private keys, multi-tool supply chain dependencies (bun, gh, cast), and exposure risk via external network calls and local storage of sensitive data. The design is proportionate to its stated purpose, but the presence of direct private-key handling in outputs and the reliance on multiple external CLI tools warrant careful controls (strict redaction, secure key storage, minimized logging, pinned/verified tool versions). Net risk is elevated due to credential handling and remote data flows, but the workflow itself is aligned with its purpose when properly safeguarded.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

The code exhibits a high-risk, covert file-system tampering pattern: overwriting the project’s index.d.ts with a version-specific file based on detected Vue version via a system move. This constitutes a strong supply-chain/operational risk, capable of silently sabotaging typings and builds. Absence of input validation, error handling, and provenance checks exacerbates the risk. Recommended controls include eliminating runtime typography mutations, implementing explicit provenance verification (e.g., checksums or signed sources), logging all file operations, and replacing shell-based moves with safe, atomic, verifiable edits or build-time tooling that requires explicit consent.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The code is a malicious backdoor that exfiltrates sensitive system information and public IP address to an attacker-controlled domain via DNS queries. This represents a high security risk and clear malware behavior. The code is not heavily obfuscated but uses shell command chaining to hide its intent. It should be considered dangerous and avoided.

The fragment is data-oriented but describes a highly sensitive update mechanism that, if accepted without rigorous validation, could enable supply-chain compromise (e.g., replacing signing keys, altering update endpoints). It warrants immediate defensive measures: enforce strict signature verification, authority checks, schema validation, and endpoint/key whitelisting before applying any decoded updates.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This script is malicious in behavior: it systematically harvests sensitive system, cloud, and application credentials and writes them to a local file under the n8n user's home. Even though it does not exfiltrate over the network itself, it stages highly sensitive data (AWS creds, SSH private keys, Kubernetes service account token, docker socket presence, application DB/config) which enables privilege escalation and remote exfiltration by subsequent actions. Treat this package as compromised and do not run it; remove and investigate any systems where it was executed.

Live on npm for 1 day, 20 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This preinstall hook is malicious: it attempts to read a sensitive local file (/etc/passwd) and send it to an external collector during npm install. This is data exfiltration and a clear supply-chain/telemetry threat. Do not install; remove the package and investigate any systems where it ran.

Live on npm for 2 days, 12 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The fragment employs aggressive obfuscation and a packer-like decoding pattern that enables runtime code execution with broad network and filesystem capabilities. While not conclusive proof of malware without decoding in a secure sandbox, the combination of dynamic evaluation, remote-loading indicators, and cross-environment IO strongly indicates high supply-chain risk. Treat as dangerous; require replacement with a transparent, audited version or remove from dependencies until provenance and behavior are verified.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

This source intentionally installs and runs a reverse-shell backdoor. It decodes a base64-embedded Perl payload to /tmp/.bc and executes it with hardcoded remote host and port, using multiple suppressed execution wrappers to maximize compatibility and stealth. Consider it malicious: remove and investigate any systems that executed this code, rotate credentials, and treat hosts as compromised.

The dominant security issue is a critical supply-chain/RCE primitive: this module downloads executable JavaScript from a public CDN at runtime and executes it with eval to install a global loader (globalThis.use). This enables arbitrary code execution if the remote content is tampered with, making the package materially risky regardless of the otherwise-benign model-mapping logic. Secondary risk: it also fetches remote JSON metadata (models.dev) and interpolates remote fields into formatted output, which may become a downstream rendering/injection problem if not escaped by the consumer.