Secure your dependencies. Ship with confidence.

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 6 hours and 29 minutes before removal. Socket users were protected even while the package was live.

This source code contains clear malicious behavior designed to steal environment variables and send them covertly to an external server. The obfuscation of the domain and silent error handling indicate intent to evade detection. This represents a high security risk and is indicative of malware.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This code implements a persistent, remotely controlled agent that polls an external relay and executes server-supplied commands to read, write, or delete local files under a configured directory. While it includes a `safePath` confinement attempt, the behavior is inherently high risk for supply-chain contexts due to remote filesystem control and weak error/observability safeguards. No direct exfiltration is demonstrated in this fragment, so full malware certainty is reduced, but the security risk is substantial and warrants immediate review/quarantine in any production dependency chain.

The code contains explicit data exfiltration logic: it collects host, working directory, user, and external IP, packages them into a JSON payload, and transmits them to a hardcoded external endpoint via an HTTP POST executed through child_process.exec. The presence of a hardcoded C2-like URL, command-substitution-based data gathering, and TLS verification bypass indicate covert data leakage with backdoor-like characteristics. Immediate remediation includes removing this payload, auditing for similar patterns in dependencies, and enforcing strict content security and egress controls.

This plugin contains an obfuscated remote verification gate that contacts a hidden endpoint using a static header and aborts the process if the check fails. The obfuscation, hard-coded credential-like header, and enforced process.exit(1) are strong red flags in a build-time dependency: they enable third-party remote control over build success (availability risk) and conceal the endpoint, making it unsuitable for trusted use. I recommend removing or disabling this code, auditing the intended remote endpoint and its operator, and treating packages with this pattern as high-risk until provenance and intent are verified.

The code contains a reverse shell command, which is a critical security issue. This command can provide unauthorized remote access to the system, indicating malicious intent. Immediate remediation is necessary.

Live on npm for 2 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This dependency is a high-risk, packed browser-side loader. It uses eval to deobfuscate and execute a second-stage payload, injects/controls an in-page UI overlay, attaches event-driven behavior, and includes indicators of conditional remote script loading from external hosts. Even without observing explicit exfiltration code in the packed text, the runtime code-execution + remote fetch behavior is consistent with intrusive tracking/ad/overlay and warrants removal or strict containment (sandboxing, CSP blocking of remote scripts, and verification of the fetched URLs/payloads).

The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk, likely malicious behaviors. The most severe is explicit credential harvesting/exfiltration: app.json presence triggers composing a message containing API_ID, API_HASH and SESSION and sending it to a hardcoded chat id. Additionally, the module fetches and executes code from external sources (GitHub and Telegram plugin channel) without validation, opening a supply chain code-execution risk. There are destructive admin operations (mass bans) and spam/sabotage routines that can be triggered for a specific bot UID. Do not run this code in production or on systems holding real credentials. It should be treated as malicious and removed/blocked.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

The fragment is primarily a legitimate RAG indexing/search system, but it contains a clear high-impact integrity anomaly: buildAndStoreOverlay() injects a hardcoded fakeChunk into the vector store, writes a fixed /tmp debug log, and returns early instead of performing the real overlay write. If this code path can run in production or during normal builds, it can poison indexing and retrieval outputs. Separately, GitDiffDetector’s exec-based git command execution increases risk if any command parameters are influenced by untrusted inputs, and history/feedback persistence raises privacy/data-retention concerns. Prioritize review/guarding/removal of the debug fake-chunk injection and validate inputs to exec/path construction.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 1 hour and 24 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of azure azure-graphrbac is a malicious package that exfiltrates system (Ex - hostname) and project details to external servers.

Live on npm for 2 hours and 35 minutes before removal. Socket users were protected even while the package was live.

Partytown 0.5.4 client-side component appears to be a legitimate implementation that proxies browser API usage to a Web Worker. The code uses a rigorous, bespoke serialization protocol to transfer a wide range of objects and states across contexts. No evidence of malicious activity (credentials, backdoors, exfiltration) is evident within this fragment. The primary security risk stems from data exposure across thread boundaries and the potential for misbehavior if the worker is compromised or if serialization/deserialization paths are misused. Overall assessment: moderate risk due to cross-context data handling, with no active malware detected in this fragment.

This module is overtly destructive: it intentionally corrupts every .zip file in a user-supplied directory by truncating and writing junk data. There is no benign archive processing logic, no safety gates, and error handling can silently suppress failures. If included in a build or distribution pipeline, it represents a high-confidence supply-chain sabotage risk to artifact integrity/availability.

This module is effectively an RCE/code-execution gateway: it ingests attacker-supplied JavaScript from the request body and executes it via `eval`, then invokes an attacker-defined `run(client)` with a live Telnyx SDK client configured from attacker-supplied options. It also returns results, captured logs, and error-derived snippets to the caller, increasing information exposure and attacker feedback. Unless this endpoint is strictly authenticated, tightly permissioned, and heavily isolated (not shown here), it presents an extreme security risk.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This module contains deliberate credential-theft functionality: it scans drives and files for many cryptocurrency private-key formats, persistently watches drives and directories, installs a Windows startup batch to achieve persistence, and exfiltrates any discovered keys or file contents to a Telegram bot (remote actor). This is malicious supply-chain behavior and should be treated as malware. Do not install or run this package; remove it from environments where it executed and rotate any exposed keys/secrets. Recommended remediation: treat as compromise, audit systems, revoke affected keys, and remove the package and any persistence artifacts (startup .bat).

Live on npm for 3 hours and 3 minutes before removal. Socket users were protected even while the package was live.

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 6 hours and 29 minutes before removal. Socket users were protected even while the package was live.

This source code contains clear malicious behavior designed to steal environment variables and send them covertly to an external server. The obfuscation of the domain and silent error handling indicate intent to evade detection. This represents a high security risk and is indicative of malware.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This code implements a persistent, remotely controlled agent that polls an external relay and executes server-supplied commands to read, write, or delete local files under a configured directory. While it includes a `safePath` confinement attempt, the behavior is inherently high risk for supply-chain contexts due to remote filesystem control and weak error/observability safeguards. No direct exfiltration is demonstrated in this fragment, so full malware certainty is reduced, but the security risk is substantial and warrants immediate review/quarantine in any production dependency chain.

The code contains explicit data exfiltration logic: it collects host, working directory, user, and external IP, packages them into a JSON payload, and transmits them to a hardcoded external endpoint via an HTTP POST executed through child_process.exec. The presence of a hardcoded C2-like URL, command-substitution-based data gathering, and TLS verification bypass indicate covert data leakage with backdoor-like characteristics. Immediate remediation includes removing this payload, auditing for similar patterns in dependencies, and enforcing strict content security and egress controls.

This plugin contains an obfuscated remote verification gate that contacts a hidden endpoint using a static header and aborts the process if the check fails. The obfuscation, hard-coded credential-like header, and enforced process.exit(1) are strong red flags in a build-time dependency: they enable third-party remote control over build success (availability risk) and conceal the endpoint, making it unsuitable for trusted use. I recommend removing or disabling this code, auditing the intended remote endpoint and its operator, and treating packages with this pattern as high-risk until provenance and intent are verified.

The code contains a reverse shell command, which is a critical security issue. This command can provide unauthorized remote access to the system, indicating malicious intent. Immediate remediation is necessary.

Live on npm for 2 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This dependency is a high-risk, packed browser-side loader. It uses eval to deobfuscate and execute a second-stage payload, injects/controls an in-page UI overlay, attaches event-driven behavior, and includes indicators of conditional remote script loading from external hosts. Even without observing explicit exfiltration code in the packed text, the runtime code-execution + remote fetch behavior is consistent with intrusive tracking/ad/overlay and warrants removal or strict containment (sandboxing, CSP blocking of remote scripts, and verification of the fetched URLs/payloads).

The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk, likely malicious behaviors. The most severe is explicit credential harvesting/exfiltration: app.json presence triggers composing a message containing API_ID, API_HASH and SESSION and sending it to a hardcoded chat id. Additionally, the module fetches and executes code from external sources (GitHub and Telegram plugin channel) without validation, opening a supply chain code-execution risk. There are destructive admin operations (mass bans) and spam/sabotage routines that can be triggered for a specific bot UID. Do not run this code in production or on systems holding real credentials. It should be treated as malicious and removed/blocked.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

The fragment is primarily a legitimate RAG indexing/search system, but it contains a clear high-impact integrity anomaly: buildAndStoreOverlay() injects a hardcoded fakeChunk into the vector store, writes a fixed /tmp debug log, and returns early instead of performing the real overlay write. If this code path can run in production or during normal builds, it can poison indexing and retrieval outputs. Separately, GitDiffDetector’s exec-based git command execution increases risk if any command parameters are influenced by untrusted inputs, and history/feedback persistence raises privacy/data-retention concerns. Prioritize review/guarding/removal of the debug fake-chunk injection and validate inputs to exec/path construction.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 1 hour and 24 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of azure azure-graphrbac is a malicious package that exfiltrates system (Ex - hostname) and project details to external servers.

Live on npm for 2 hours and 35 minutes before removal. Socket users were protected even while the package was live.

Partytown 0.5.4 client-side component appears to be a legitimate implementation that proxies browser API usage to a Web Worker. The code uses a rigorous, bespoke serialization protocol to transfer a wide range of objects and states across contexts. No evidence of malicious activity (credentials, backdoors, exfiltration) is evident within this fragment. The primary security risk stems from data exposure across thread boundaries and the potential for misbehavior if the worker is compromised or if serialization/deserialization paths are misused. Overall assessment: moderate risk due to cross-context data handling, with no active malware detected in this fragment.

This module is overtly destructive: it intentionally corrupts every .zip file in a user-supplied directory by truncating and writing junk data. There is no benign archive processing logic, no safety gates, and error handling can silently suppress failures. If included in a build or distribution pipeline, it represents a high-confidence supply-chain sabotage risk to artifact integrity/availability.

This module is effectively an RCE/code-execution gateway: it ingests attacker-supplied JavaScript from the request body and executes it via `eval`, then invokes an attacker-defined `run(client)` with a live Telnyx SDK client configured from attacker-supplied options. It also returns results, captured logs, and error-derived snippets to the caller, increasing information exposure and attacker feedback. Unless this endpoint is strictly authenticated, tightly permissioned, and heavily isolated (not shown here), it presents an extreme security risk.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This module contains deliberate credential-theft functionality: it scans drives and files for many cryptocurrency private-key formats, persistently watches drives and directories, installs a Windows startup batch to achieve persistence, and exfiltrates any discovered keys or file contents to a Telegram bot (remote actor). This is malicious supply-chain behavior and should be treated as malware. Do not install or run this package; remove it from environments where it executed and rotate any exposed keys/secrets. Recommended remediation: treat as compromise, audit systems, revoke affected keys, and remove the package and any persistence artifacts (startup .bat).

Live on npm for 3 hours and 3 minutes before removal. Socket users were protected even while the package was live.