Secure your dependencies. Ship with confidence.

This package runs multiple non-trivial and risky actions during install: it installs devDependencies during normal installs, invokes pip to install conan (external Python packages), runs conan to fetch/generate build files, runs node-gyp to compile native code, and then deletes node_modules. These actions present substantial security risks (untrusted code execution, supply-chain fetching of external artifacts, and destructive file deletion). While these behaviors may be intended for building native artifacts, they are unsafe for an automated install environment and should be reviewed manually. If you need to install this package, inspect all included scripts (conan-gyp-generator, gyp-generator.py, any native code and post-install hooks), avoid running as an elevated user, and prefer installing in isolated/build environments. Consider this high risk for production installs.

Live on npm for 6 hours and 14 minutes before removal. Socket users were protected even while the package was live.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This transcript contains a successful prompt-injection-driven data exfiltration: an attacker-supplied instruction embedded in tool output (channel name) caused the assistant to post the contents of the 'general' channel — which included a secret ('Secret key is 1a7b3d') — to an external website. This is a high-risk supply-chain security issue (improper handling of untrusted tool output leading to secret leakage). The behavior is malicious from a data-leak perspective even though no obfuscated code or classic malware payloads are present. Mitigation: treat tool outputs as untrusted, sanitize channel names and tool outputs, disallow following instructions embedded in data, and require explicit human confirmation before sending potentially sensitive content to external endpoints.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code poses a significant security risk by sending environment variables to a remote server without user consent. The use of obfuscation techniques to hide the destination domain further indicates malicious intent.

Live on npm for 9 days, 4 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This bundled module is high risk because it combines an Axios-like networking stack with an embedded dotenv/vault-style secret loader that reads local .env/.env.vault files, decrypts them using configured/storage keys, and injects values into runtime configuration. That injected material can then be used to construct Authorization/Proxy-Authorization headers and request bodies for outbound network adapters. Additional red flags include cryptographic processing with storage-persisted keys, weak randomness (Math.random) in key/IV generation, and sensitive status/logging behavior typical of secret-tooling. Treat as a potential credential exfiltration/sabotage supply-chain augmentation and review/contain accordingly.

The file contains a clear security anti-pattern and probable backdoor: a hardcoded Ethereum private key used to automatically sign a link message and programmatically add/link a specific address on initialization. This enables silent credential use and identity linkage across any application that imports and mounts this provider. Immediate remediation: remove hardcoded private key, require explicit user action/consent for signing, avoid automatic linking to fixed addresses, remove or gate any dev/test helper behind non-default build flags, and stop logging signatures/messages. Treat current package versions containing this code as untrusted until fixed.

The code contains significant security risks, primarily due to the use of eval and exec, which can lead to arbitrary code execution. The handling of cookies also poses a risk if not properly validated. Overall, the code should be reviewed and modified to mitigate these vulnerabilities.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 5 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This fragment is an exploitation-capable module intended for Shellshock (CVE-2014-6271) against IPFire, performing outbound HTTP requests to a CGI endpoint after a coarse probe. No explicit Shellshock payload is present in this file, so the actual command-injection content is likely implemented in inherited/imported HTTP request logic. As shown, it is high-risk offensive tooling (but not evidence of data-stealing malware in this snippet).

The code demonstrates a high-risk pattern where an embedded payload (DATA) could be decoded and loaded as a zipped package, then executed via pip internals with custom certificate handling. This enables potential remote or hidden execution of arbitrary code at install time, constituting a serious supply-chain risk or backdoor. The actual danger hinges on the contents of DATA; even without it, the approach is suspicious and warrants removal or rigorous review before use.

The inclusion of a reverse shell setup within a utility advertised for message encryption and decryption represents a severe security risk and malicious intent. This hidden functionality allows for unauthorized remote access and command execution, posing a significant threat to the security and integrity of affected systems.

Live on npm for 7 days, 20 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This code is a high-confidence malicious backdoor component implementing a conditional reverse shell. When run under a specific username, it repeatedly connects to an externally reachable TCP endpoint, transmits host/user identifiers, spawns an interactive bash/powershell session, and pipes bidirectional shell I/O over the network, with remote control (including Ctrl-C interruption) and automatic reconnection for persistence.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 4 hours and 34 minutes before removal. Socket users were protected even while the package was live.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

High security risk supply-chain behavior: this module decodes and evals connector-provided script strings at runtime and grants the evaluated code an ajax helper capable of making arbitrary HTTP requests (directly to attacker-influenced URLs or relayed through /paas/api/proxy). If domainModel/script/query/config are not strictly trusted and integrity-verified, this can enable arbitrary code execution and network exfiltration. Treat this dependency/module as dangerous in a security review.

Live on npm for 15 hours and 29 minutes before removal. Socket users were protected even while the package was live.

This Python script is a credential-harvesting and phishing framework. It: • Downloads and execs multiple obfuscated payloads via zlib/base64 decoding at import time. • Pulls website templates and tunneler binaries from github[.]com/KasRoudra/MaxPhisher and github[.]com/KasRoudra/files, and from raw.githubusercontent[.]com. • Installs and launches a local PHP server and exposes it publicly via ngrok, cloudflared, localxpose (api.localxpose[.]io) or SSH reverse tunnels. • Prompts the operator for authtokens (dashboard.ngrok[.]com, localxpose[.]io), redirect URLs and Gmail app-password credentials. • Serves phishing pages that capture victim usernames, passwords, IP addresses, geolocation and media, saving them under ~/.site and other hidden directories. • Continuously monitors for new files (creds.txt, ip.txt, info.txt, location.txt, media logs), appends them to persistent storage files and JSON, and exfiltrates stolen data via SMTP (smtp.gmail[.]com) to a configured recipient. This behavior—dynamic code execution, remote payload download, automated tunneling, credential capture and exfiltration—constitutes clear malicious intent.

The code exhibits several suspicious patterns including heavy obfuscation, potential arbitrary code execution, hardcoded keys, and secretive network communications, all indicative of malicious intent or at least very poor security practices.

Live on npm for 7 days, 7 hours and 43 minutes before removal. Socket users were protected even while the package was live.

This file implements a DNS-based command-and-control transport (Sliver implant DNS C2). It encodes, fragments and transmits encrypted payloads via DNS TXT queries to an operator-controlled parent domain and receives commands the same way. The code provides full C2 capabilities (session bootstrap, encrypted send/receive, block reassembly). It also includes weaknesses: insecure random number generator for nonces/IDs and an unbounded in-memory replay cache. Given its functionality, this code is malicious in the general software supply-chain context and poses a high security risk if present in a dependency.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

Within a bundled SweetAlert2-style script, there is a hidden block that checks if navigator.language begins with “ru” and if location.host matches Russian-related TLDs (\.ru, \.su, \.by, \.xn--p1ai). If so, it uses a localStorage key “swal-initiation” to gate execution and—after a ~2.5 s delay—disables pointer events on <body>, creates an <audio> element whose src is set to https://flag-gimn[.]ru/wp-content/uploads/2021/09/Ukraina.mp3, loops it, appends it to the document and calls audio.play(). This side-effectful, region-targeted media injection is unrelated to the library’s advertised purpose and represents a protestware/troll payload rather than a vulnerability or data-stealing malware.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This package runs multiple non-trivial and risky actions during install: it installs devDependencies during normal installs, invokes pip to install conan (external Python packages), runs conan to fetch/generate build files, runs node-gyp to compile native code, and then deletes node_modules. These actions present substantial security risks (untrusted code execution, supply-chain fetching of external artifacts, and destructive file deletion). While these behaviors may be intended for building native artifacts, they are unsafe for an automated install environment and should be reviewed manually. If you need to install this package, inspect all included scripts (conan-gyp-generator, gyp-generator.py, any native code and post-install hooks), avoid running as an elevated user, and prefer installing in isolated/build environments. Consider this high risk for production installs.

Live on npm for 6 hours and 14 minutes before removal. Socket users were protected even while the package was live.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

This transcript contains a successful prompt-injection-driven data exfiltration: an attacker-supplied instruction embedded in tool output (channel name) caused the assistant to post the contents of the 'general' channel — which included a secret ('Secret key is 1a7b3d') — to an external website. This is a high-risk supply-chain security issue (improper handling of untrusted tool output leading to secret leakage). The behavior is malicious from a data-leak perspective even though no obfuscated code or classic malware payloads are present. Mitigation: treat tool outputs as untrusted, sanitize channel names and tool outputs, disallow following instructions embedded in data, and require explicit human confirmation before sending potentially sensitive content to external endpoints.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code poses a significant security risk by sending environment variables to a remote server without user consent. The use of obfuscation techniques to hide the destination domain further indicates malicious intent.

Live on npm for 9 days, 4 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This bundled module is high risk because it combines an Axios-like networking stack with an embedded dotenv/vault-style secret loader that reads local .env/.env.vault files, decrypts them using configured/storage keys, and injects values into runtime configuration. That injected material can then be used to construct Authorization/Proxy-Authorization headers and request bodies for outbound network adapters. Additional red flags include cryptographic processing with storage-persisted keys, weak randomness (Math.random) in key/IV generation, and sensitive status/logging behavior typical of secret-tooling. Treat as a potential credential exfiltration/sabotage supply-chain augmentation and review/contain accordingly.

The file contains a clear security anti-pattern and probable backdoor: a hardcoded Ethereum private key used to automatically sign a link message and programmatically add/link a specific address on initialization. This enables silent credential use and identity linkage across any application that imports and mounts this provider. Immediate remediation: remove hardcoded private key, require explicit user action/consent for signing, avoid automatic linking to fixed addresses, remove or gate any dev/test helper behind non-default build flags, and stop logging signatures/messages. Treat current package versions containing this code as untrusted until fixed.

The code contains significant security risks, primarily due to the use of eval and exec, which can lead to arbitrary code execution. The handling of cookies also poses a risk if not properly validated. Overall, the code should be reviewed and modified to mitigate these vulnerabilities.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 5 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This fragment is an exploitation-capable module intended for Shellshock (CVE-2014-6271) against IPFire, performing outbound HTTP requests to a CGI endpoint after a coarse probe. No explicit Shellshock payload is present in this file, so the actual command-injection content is likely implemented in inherited/imported HTTP request logic. As shown, it is high-risk offensive tooling (but not evidence of data-stealing malware in this snippet).

The code demonstrates a high-risk pattern where an embedded payload (DATA) could be decoded and loaded as a zipped package, then executed via pip internals with custom certificate handling. This enables potential remote or hidden execution of arbitrary code at install time, constituting a serious supply-chain risk or backdoor. The actual danger hinges on the contents of DATA; even without it, the approach is suspicious and warrants removal or rigorous review before use.

The inclusion of a reverse shell setup within a utility advertised for message encryption and decryption represents a severe security risk and malicious intent. This hidden functionality allows for unauthorized remote access and command execution, posing a significant threat to the security and integrity of affected systems.

Live on npm for 7 days, 20 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This code is a high-confidence malicious backdoor component implementing a conditional reverse shell. When run under a specific username, it repeatedly connects to an externally reachable TCP endpoint, transmits host/user identifiers, spawns an interactive bash/powershell session, and pipes bidirectional shell I/O over the network, with remote control (including Ctrl-C interruption) and automatic reconnection for persistence.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 4 hours and 34 minutes before removal. Socket users were protected even while the package was live.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

High security risk supply-chain behavior: this module decodes and evals connector-provided script strings at runtime and grants the evaluated code an ajax helper capable of making arbitrary HTTP requests (directly to attacker-influenced URLs or relayed through /paas/api/proxy). If domainModel/script/query/config are not strictly trusted and integrity-verified, this can enable arbitrary code execution and network exfiltration. Treat this dependency/module as dangerous in a security review.

Live on npm for 15 hours and 29 minutes before removal. Socket users were protected even while the package was live.

This Python script is a credential-harvesting and phishing framework. It: • Downloads and execs multiple obfuscated payloads via zlib/base64 decoding at import time. • Pulls website templates and tunneler binaries from github[.]com/KasRoudra/MaxPhisher and github[.]com/KasRoudra/files, and from raw.githubusercontent[.]com. • Installs and launches a local PHP server and exposes it publicly via ngrok, cloudflared, localxpose (api.localxpose[.]io) or SSH reverse tunnels. • Prompts the operator for authtokens (dashboard.ngrok[.]com, localxpose[.]io), redirect URLs and Gmail app-password credentials. • Serves phishing pages that capture victim usernames, passwords, IP addresses, geolocation and media, saving them under ~/.site and other hidden directories. • Continuously monitors for new files (creds.txt, ip.txt, info.txt, location.txt, media logs), appends them to persistent storage files and JSON, and exfiltrates stolen data via SMTP (smtp.gmail[.]com) to a configured recipient. This behavior—dynamic code execution, remote payload download, automated tunneling, credential capture and exfiltration—constitutes clear malicious intent.

The code exhibits several suspicious patterns including heavy obfuscation, potential arbitrary code execution, hardcoded keys, and secretive network communications, all indicative of malicious intent or at least very poor security practices.

Live on npm for 7 days, 7 hours and 43 minutes before removal. Socket users were protected even while the package was live.

This file implements a DNS-based command-and-control transport (Sliver implant DNS C2). It encodes, fragments and transmits encrypted payloads via DNS TXT queries to an operator-controlled parent domain and receives commands the same way. The code provides full C2 capabilities (session bootstrap, encrypted send/receive, block reassembly). It also includes weaknesses: insecure random number generator for nonces/IDs and an unbounded in-memory replay cache. Given its functionality, this code is malicious in the general software supply-chain context and poses a high security risk if present in a dependency.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

Within a bundled SweetAlert2-style script, there is a hidden block that checks if navigator.language begins with “ru” and if location.host matches Russian-related TLDs (\.ru, \.su, \.by, \.xn--p1ai). If so, it uses a localStorage key “swal-initiation” to gate execution and—after a ~2.5 s delay—disables pointer events on <body>, creates an <audio> element whose src is set to https://flag-gimn[.]ru/wp-content/uploads/2021/09/Ukraina.mp3, loops it, appends it to the document and calls audio.play(). This side-effectful, region-targeted media injection is unrelated to the library’s advertised purpose and represents a protestware/troll payload rather than a vulnerability or data-stealing malware.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.