Secure your dependencies. Ship with confidence.

The code functions as a DNS-based data exfiltration beacon with runtime DNS reconfiguration for resilience. It targets host/system data, encodes it, and transmits via unusual DNS queries to a controlled domain. The presence of a hostname-based anti-analysis guard and explicit domain suffixes indicates intentional stealth. This represents high security risk and malware-like behavior depending on intent and deployment context.

This script is an exploit tool for credential theft: it queries a local agent with prompts crafted to extract API keys and other secrets and prints any returned values. It should be treated as malicious in intent. While the script itself does not exfiltrate data to remote hosts, it facilitates unauthorized disclosure of sensitive credentials and provides additional prompt techniques to coax secrets out of agents. Do not run in production environments; remove or isolate such tools and audit the target agent for secret handling misconfigurations.

The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the 'backdoor-service-worker.js' file contains a suspicious use of an external URL that contains the term "backdoor" and the potential for the code to alter responses dynamically points to a high likelihood of malicious intent.

Live on npm for 46 days, 6 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This package runs a local postinstall script (scripts/check-expo-version.js) during installation and publishes the scripts folder, so the script will be executed on install. That behavior is the primary risk: any arbitrary code in that script can perform data exfiltration, install backdoors, modify files, or run reverse shells. Additionally, the use of identical non-version dependencies across sections (expo, react-native) with wildcard '*' increases supply-chain risk per the provided critical rules. No remote-code-download URLs were found, and no overrides/resolutions redirecting to non-registry sources were present. Recommended action: inspect the contents of scripts/check-expo-version.js (and any files in the published scripts folder) before installing; prefer packages that avoid install-time code execution or constrain dependency versions; treat duplicate non-versioned dependency declarations as suspicious and verify upstream intent.

The code includes a deliberate time-gated remote-code-fetch-and-execute backdoor: after a hardcoded publish time it downloads a base64-encoded JavaScript payload from a Google Drive URL, decodes it, builds a Function from the fetched source, and executes it with Node's require. This gives arbitrary remote code full access to the host process (filesystem, network, child processes, env). There are no integrity checks, and errors are silently ignored. Treat this as a critical supply-chain backdoor; remove or block this code and consider the package compromised.

This module implements an unauthenticated, network-accessible command listener that accepts raw null-separated command strings and dispatches them into the application via common.do. Because it binds to all interfaces, runs without authentication or encryption, and directly executes dispatch functions on untrusted input, it represents a high security risk and can function as a backdoor. Remediation: remove or restrict this listener, require strong authentication and TLS, add input validation, proper error handling, binding to localhost or explicit interfaces, and audit/limit what common.do can execute.

This module implements an interpreter that evaluates arbitrary Python expressions and executes code parsed from input text using eval() and exec() with module globals. There are no obfuscated or hidden malicious payloads in the file itself, but the interpreter design allows arbitrary code execution and side effects if template text or context are attacker-controlled. In trusted scenarios (templates and context strictly controlled) this can be acceptable, but using this with untrusted templates or untrusted context presents a critical security risk (remote code execution, data exfiltration, filesystem/process/network access). Recommend treating this as unsafe for untrusted inputs and deploying strict sandboxing or removing eval/exec usage before use in hostile environments.

Live on pypi for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This module contains a deliberate credential-stealing backdoor: when sqrt_bn() is called and a .env file exists in process.cwd(), the code reads and parses the .env file and exfiltrates its contents via HTTP POST to Telegram Bot API endpoints (bot token embedded, specific chat IDs). The core math functions are benign, but the secret harvesting/exfiltration is malicious, unrelated to library functionality, and poses a severe supply-chain/security risk. Immediate remediation: remove/replace the package, revoke any exposed tokens found in .env, and audit systems for further compromise.

Live on npm for 14 hours and 50 minutes before removal. Socket users were protected even while the package was live.

High severity supply-chain security concerns. The module embeds a dialog templating engine that evaluates template-provided values using new Function(`return ${value}`)(), creating an arbitrary JavaScript execution primitive in the browser if an attacker can influence the template DOM/markup. It also performs unsanitized DOM HTML injection via DOMParser/appendChild and includes suspicious environment-gated remote audio loading/playback from a hardcoded external domain. Treat this dependency as unsafe and require replacement or strict sandboxing/templating removal.

This fragment contains two major high-risk behaviors: (1) remote/untrusted network content is executed as JavaScript via new Function in jsFetcher, and (2) JSONP fetching injects and executes a remote script from api.url. Additionally, conditional expression evaluation (tpl.evalExpression) and proxyUrl selection based on decrypted server data increase overall risk. These patterns are consistent with payload execution/tracking frameworks and should be reviewed for strict allowlists and safe implementations. Malware probability is therefore elevated, though exact exploitability depends on how api.url/response.data/tpl.evalExpression are controlled/validated elsewhere.

The module implements Facebook Messenger realtime MQTT handling and mostly contains plausible, legitimate logic. However, it includes a large intentionally obfuscated payload that is decoded and executed with eval() during message processing. That is a strong supply-chain/malware indicator: runtime-evaluated concealed code, dynamic require and dynamic global mutation. Even if the visible surrounding logic is benign, the eval block could perform data exfiltration, load additional modules, or alter behavior unpredictably. I recommend treating this package as high risk until the obfuscated evaled code is decoded and reviewed; do not use in sensitive environments.

Overall, the fragment implements a cookie-activated, remote-debugger loading mechanism that can enable remote code execution if the loaded debugger script is compromised or tampered with. While it may serve legitimate debugging purposes in controlled environments, it presents a meaningful supply-chain and remote-code risk. Best practices would constrain activation to trusted contexts, add integrity/whitelisting checks, and avoid loading external scripts based on client-controlled state. Default behavior should be secure by design with no activation required for production.

This module is a high-confidence remote code execution loader: it makes an outbound request to a hardcoded URL, uses an untrusted response field (`data.logger`) as JavaScript code, and executes it via `new Function` while providing `require` to the payload. The embedded credential-like values and console-log preservation further align with supply-chain/backdoor behavior. Immediate review/removal is warranted.

The code exhibits potentially malicious behavior, particularly with the use of eval-like Function constructor for executing dynamically constructed code strings, which can lead to arbitrary code execution vulnerabilities. Additionally, the direct use of external URLs and base64 encoded images could be leveraged for XSS attacks or malicious content delivery. Developers should sanitize all inputs and consider safer alternatives to eval-like constructs.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

This code implements a full-featured reverse shell / remote administration backdoor: it registers system identity to a remote WebSocket server, spawns an interactive shell with full environment, streams shell output to the server, and accepts remote input that is written directly to the shell (allowing arbitrary remote command execution). It enables exfiltration of sensitive data (shell output, files, environment variables) and persistent remote control (reconnect/backoff). Treat as high-risk/malicious in supply-chain contexts; do not run unless you explicitly trust the remote server and intend this behavior.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

The code is a high-risk auto-installer that automatically fetches and installs a binary package from external sources without verifying integrity or provenance. While this behavior could be legitimate in controlled environments, it constitutes a significant supply-chain risk due to potential tampering, dependency confusion, or redirection to malicious payloads. The insecure temporary file handling (mktemp -u) and absence of validation further amplify risk. Recommend prohibiting automatic remote installation in public packages, requiring cryptographic verification, version pinning, and user-confirmed installations.

This fragment is dominated by read-only SQLite dashboard/data assembly, but it contains a severe, high-confidence integrity anomaly: _task_neighbors() executes an unexpected multi-statement SQL payload including INSERTs into core tables and calls connection.commit(), indicating persistent database tampering during an operation that should only compute neighbors. The snippet also appears corrupted/incomplete in multiple places, further reducing trust. Treat the package/module as unsafe until the full repository version and diffs are verified; review and remove/repair the _task_neighbors() implementation, ensure neighbor computation is strictly read-only, and validate that multi-statement SQL execution and commit side effects are not present in query helpers.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

The code does not itself contain obfuscated or clearly malicious payloads, but it deliberately executes the first 'multipart.py' it finds on any sys.path entry and installs it as the 'multipart' module. This is a significant supply-chain and path-hijacking risk: an attacker able to place a file named 'multipart.py' on an earlier sys.path entry can achieve arbitrary code execution in the process. The fallback import contains a probable typo that may cause runtime ImportError. Recommend removing or narrowing the sys.path scan, validating file provenance, and fixing the fallback names.

This script checks that it is running under "/home/container", then recursively archives files from that directory into a password-protected ZIP (password 'zyuraa'), captures the host’s non-internal IPv4 address, and uploads the archive via multipart/form-data to catbox[.]moe (https://catbox[.]moe/user/api.php). Upon success or failure, it posts the IP address and the upload link or error details to a Firebase Realtime Database endpoint at https://db-node-dmp-default-rtdb[.]asia-southeast1[.]firebasedatabase[.]app/npm-dump.json. Temporary files are removed after completion or on error. This behavior constitutes unauthorized data theft and exfiltration.

Live on npm for 12 days, 16 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code poses significant privacy and security risks by transmitting sensitive user information to an external server without consent. The behavior aligns with data theft and potential malicious activity, warranting a high malware and security risk score.

Live on npm for 8 days, 19 hours and 46 minutes before removal. Socket users were protected even while the package was live.

High likelihood of malicious or sabotaging behavior due to (1) execution of base64-delivered JavaScript via AudioWorklet addModule, (2) message-driven RPC that can read/write/call/construct arbitrary object paths based on ev.data, and (3) large embedded binary/heap/encoding routines that appear unrelated to standard Comlink/worker messaging. Even without full context, the combination of these anomalies and the presence of exploit-like tooling elevates malware risk.

The code functions as a DNS-based data exfiltration beacon with runtime DNS reconfiguration for resilience. It targets host/system data, encodes it, and transmits via unusual DNS queries to a controlled domain. The presence of a hostname-based anti-analysis guard and explicit domain suffixes indicates intentional stealth. This represents high security risk and malware-like behavior depending on intent and deployment context.

This script is an exploit tool for credential theft: it queries a local agent with prompts crafted to extract API keys and other secrets and prints any returned values. It should be treated as malicious in intent. While the script itself does not exfiltrate data to remote hosts, it facilitates unauthorized disclosure of sensitive credentials and provides additional prompt techniques to coax secrets out of agents. Do not run in production environments; remove or isolate such tools and audit the target agent for secret handling misconfigurations.

The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the 'backdoor-service-worker.js' file contains a suspicious use of an external URL that contains the term "backdoor" and the potential for the code to alter responses dynamically points to a high likelihood of malicious intent.

Live on npm for 46 days, 6 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This package runs a local postinstall script (scripts/check-expo-version.js) during installation and publishes the scripts folder, so the script will be executed on install. That behavior is the primary risk: any arbitrary code in that script can perform data exfiltration, install backdoors, modify files, or run reverse shells. Additionally, the use of identical non-version dependencies across sections (expo, react-native) with wildcard '*' increases supply-chain risk per the provided critical rules. No remote-code-download URLs were found, and no overrides/resolutions redirecting to non-registry sources were present. Recommended action: inspect the contents of scripts/check-expo-version.js (and any files in the published scripts folder) before installing; prefer packages that avoid install-time code execution or constrain dependency versions; treat duplicate non-versioned dependency declarations as suspicious and verify upstream intent.

The code includes a deliberate time-gated remote-code-fetch-and-execute backdoor: after a hardcoded publish time it downloads a base64-encoded JavaScript payload from a Google Drive URL, decodes it, builds a Function from the fetched source, and executes it with Node's require. This gives arbitrary remote code full access to the host process (filesystem, network, child processes, env). There are no integrity checks, and errors are silently ignored. Treat this as a critical supply-chain backdoor; remove or block this code and consider the package compromised.

This module implements an unauthenticated, network-accessible command listener that accepts raw null-separated command strings and dispatches them into the application via common.do. Because it binds to all interfaces, runs without authentication or encryption, and directly executes dispatch functions on untrusted input, it represents a high security risk and can function as a backdoor. Remediation: remove or restrict this listener, require strong authentication and TLS, add input validation, proper error handling, binding to localhost or explicit interfaces, and audit/limit what common.do can execute.

This module implements an interpreter that evaluates arbitrary Python expressions and executes code parsed from input text using eval() and exec() with module globals. There are no obfuscated or hidden malicious payloads in the file itself, but the interpreter design allows arbitrary code execution and side effects if template text or context are attacker-controlled. In trusted scenarios (templates and context strictly controlled) this can be acceptable, but using this with untrusted templates or untrusted context presents a critical security risk (remote code execution, data exfiltration, filesystem/process/network access). Recommend treating this as unsafe for untrusted inputs and deploying strict sandboxing or removing eval/exec usage before use in hostile environments.

Live on pypi for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This module contains a deliberate credential-stealing backdoor: when sqrt_bn() is called and a .env file exists in process.cwd(), the code reads and parses the .env file and exfiltrates its contents via HTTP POST to Telegram Bot API endpoints (bot token embedded, specific chat IDs). The core math functions are benign, but the secret harvesting/exfiltration is malicious, unrelated to library functionality, and poses a severe supply-chain/security risk. Immediate remediation: remove/replace the package, revoke any exposed tokens found in .env, and audit systems for further compromise.

Live on npm for 14 hours and 50 minutes before removal. Socket users were protected even while the package was live.

High severity supply-chain security concerns. The module embeds a dialog templating engine that evaluates template-provided values using new Function(`return ${value}`)(), creating an arbitrary JavaScript execution primitive in the browser if an attacker can influence the template DOM/markup. It also performs unsanitized DOM HTML injection via DOMParser/appendChild and includes suspicious environment-gated remote audio loading/playback from a hardcoded external domain. Treat this dependency as unsafe and require replacement or strict sandboxing/templating removal.

This fragment contains two major high-risk behaviors: (1) remote/untrusted network content is executed as JavaScript via new Function in jsFetcher, and (2) JSONP fetching injects and executes a remote script from api.url. Additionally, conditional expression evaluation (tpl.evalExpression) and proxyUrl selection based on decrypted server data increase overall risk. These patterns are consistent with payload execution/tracking frameworks and should be reviewed for strict allowlists and safe implementations. Malware probability is therefore elevated, though exact exploitability depends on how api.url/response.data/tpl.evalExpression are controlled/validated elsewhere.

The module implements Facebook Messenger realtime MQTT handling and mostly contains plausible, legitimate logic. However, it includes a large intentionally obfuscated payload that is decoded and executed with eval() during message processing. That is a strong supply-chain/malware indicator: runtime-evaluated concealed code, dynamic require and dynamic global mutation. Even if the visible surrounding logic is benign, the eval block could perform data exfiltration, load additional modules, or alter behavior unpredictably. I recommend treating this package as high risk until the obfuscated evaled code is decoded and reviewed; do not use in sensitive environments.

Overall, the fragment implements a cookie-activated, remote-debugger loading mechanism that can enable remote code execution if the loaded debugger script is compromised or tampered with. While it may serve legitimate debugging purposes in controlled environments, it presents a meaningful supply-chain and remote-code risk. Best practices would constrain activation to trusted contexts, add integrity/whitelisting checks, and avoid loading external scripts based on client-controlled state. Default behavior should be secure by design with no activation required for production.

This module is a high-confidence remote code execution loader: it makes an outbound request to a hardcoded URL, uses an untrusted response field (`data.logger`) as JavaScript code, and executes it via `new Function` while providing `require` to the payload. The embedded credential-like values and console-log preservation further align with supply-chain/backdoor behavior. Immediate review/removal is warranted.

The code exhibits potentially malicious behavior, particularly with the use of eval-like Function constructor for executing dynamically constructed code strings, which can lead to arbitrary code execution vulnerabilities. Additionally, the direct use of external URLs and base64 encoded images could be leveraged for XSS attacks or malicious content delivery. Developers should sanitize all inputs and consider safer alternatives to eval-like constructs.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

This code implements a full-featured reverse shell / remote administration backdoor: it registers system identity to a remote WebSocket server, spawns an interactive shell with full environment, streams shell output to the server, and accepts remote input that is written directly to the shell (allowing arbitrary remote command execution). It enables exfiltration of sensitive data (shell output, files, environment variables) and persistent remote control (reconnect/backoff). Treat as high-risk/malicious in supply-chain contexts; do not run unless you explicitly trust the remote server and intend this behavior.

The module implements a robust token caching and retrieval mechanism with prudent filesystem permissions and input validation. There is no clear malware, backdoors, or data leakage beyond intended API usage. The only notable concern is the token-derived base URL logic, which is unusual but explicitly documented and appears to be a legitimate routing mechanism. Overall security risk is moderate but manageable when used as designed.

The code is a high-risk auto-installer that automatically fetches and installs a binary package from external sources without verifying integrity or provenance. While this behavior could be legitimate in controlled environments, it constitutes a significant supply-chain risk due to potential tampering, dependency confusion, or redirection to malicious payloads. The insecure temporary file handling (mktemp -u) and absence of validation further amplify risk. Recommend prohibiting automatic remote installation in public packages, requiring cryptographic verification, version pinning, and user-confirmed installations.

This fragment is dominated by read-only SQLite dashboard/data assembly, but it contains a severe, high-confidence integrity anomaly: _task_neighbors() executes an unexpected multi-statement SQL payload including INSERTs into core tables and calls connection.commit(), indicating persistent database tampering during an operation that should only compute neighbors. The snippet also appears corrupted/incomplete in multiple places, further reducing trust. Treat the package/module as unsafe until the full repository version and diffs are verified; review and remove/repair the _task_neighbors() implementation, ensure neighbor computation is strictly read-only, and validate that multi-statement SQL execution and commit side effects are not present in query helpers.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

The code does not itself contain obfuscated or clearly malicious payloads, but it deliberately executes the first 'multipart.py' it finds on any sys.path entry and installs it as the 'multipart' module. This is a significant supply-chain and path-hijacking risk: an attacker able to place a file named 'multipart.py' on an earlier sys.path entry can achieve arbitrary code execution in the process. The fallback import contains a probable typo that may cause runtime ImportError. Recommend removing or narrowing the sys.path scan, validating file provenance, and fixing the fallback names.

This script checks that it is running under "/home/container", then recursively archives files from that directory into a password-protected ZIP (password 'zyuraa'), captures the host’s non-internal IPv4 address, and uploads the archive via multipart/form-data to catbox[.]moe (https://catbox[.]moe/user/api.php). Upon success or failure, it posts the IP address and the upload link or error details to a Firebase Realtime Database endpoint at https://db-node-dmp-default-rtdb[.]asia-southeast1[.]firebasedatabase[.]app/npm-dump.json. Temporary files are removed after completion or on error. This behavior constitutes unauthorized data theft and exfiltration.

Live on npm for 12 days, 16 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code poses significant privacy and security risks by transmitting sensitive user information to an external server without consent. The behavior aligns with data theft and potential malicious activity, warranting a high malware and security risk score.

Live on npm for 8 days, 19 hours and 46 minutes before removal. Socket users were protected even while the package was live.

High likelihood of malicious or sabotaging behavior due to (1) execution of base64-delivered JavaScript via AudioWorklet addModule, (2) message-driven RPC that can read/write/call/construct arbitrary object paths based on ev.data, and (3) large embedded binary/heap/encoding routines that appear unrelated to standard Comlink/worker messaging. Even without full context, the combination of these anomalies and the presence of exploit-like tooling elevates malware risk.