Secure your dependencies. Ship with confidence.

Strong finding: the wallet private key export endpoint is a critical vulnerability that can lead to immediate total loss if misused. This undermines the confidentiality of cryptographic material and should be removed or restricted to encrypted exports with strict access controls and user-scoped permissions. Other notable risks include supply-chain exposure from bootstrap auto-install, extensive dynamic imports, and potential plaintext fallbacks in vault handling. Overall risk is high due to the private key export sink and broad attack surface; remediation should prioritize removing private-key export, hardening vault usage, eliminating unsafe bootstrap behaviors, and tightening runtime module loading and access control.

The code is heavily obfuscated, which raises concerns about potential hidden malicious behavior. The presence of network requests and data encoding functions suggests a risk of data exfiltration. Further analysis and deobfuscation are necessary to determine the exact behavior and intent of the code.

Live on npm for 3 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code contains risky operations that can enable supply-chain attacks and remote code execution: it downloads remote zip packages and extracts them without validation, and runs pip install/uninstall via shell subprocesses with unverified inputs. It also leaks host identification to an external notify endpoint. There is no evidence of deliberately hidden malware in this fragment (no obfuscation, no hardcoded credentials or reverse shell code), but the behavior (automatic fetching and installing of packages from remote URLs without integrity checks) presents a significant security risk. Recommend treating remote package sources as untrusted, adding integrity checks (hash/signature verification), avoiding shell=True, sanitizing zip entries before extraction, and limiting or requiring user confirmation for installs.

Live on pypi for 18 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This code performs unauthorized data exfiltration of sensitive system and environment information to a suspicious remote server, constituting malicious behavior and a serious privacy violation. It should be considered malware with high security risk.

Live on npm for 4 hours and 37 minutes before removal. Socket users were protected even while the package was live.

This module contains a clear, high-severity backdoor mechanism: a CLI option executes attacker-controlled JavaScript from process.argv[3] using require('vm').runInThisContext. It also includes authenticated GitHub CRUD tooling using process.env.GITHUB_TOKEN and can read local files and upload their contents to GitHub via the contents API. Together, these provide both arbitrary code execution and practical remote data exfiltration/remote modification pathways. Treat as extremely risky and do not use without strong provenance, isolation, and containment.

This module contains an explicit remote code execution/backdoor pattern: it decodes a concealed URL, fetches remote content, and executes it if a marker string is present. It also collects a MAC address and OS identifiers that could be used for fingerprinting. This is highly suspicious and dangerous for any trusted dependency. Treat the package as malicious/untrusted: block network access, remove/replace the package, and investigate any systems where it ran. Do not run this code in production.

This module is explicitly designed to harvest Discord authentication tokens from a Windows machine by reading LevelDB data and decrypting DPAPI-protected blobs via PowerShell, plus probing the Windows Credential Manager for Discord entries. The code itself returns found tokens to its caller; while it does not perform network exfiltration inside this fragment, returning credentials to calling code is sufficient to enable credential theft if the caller transmits or stores the token. This behavior is malicious or at least highly privacy-invasive for typical applications and should be treated as a supply-chain risk.

The launcher itself is not demonstrably malicious but is high risk because it executes opaque compiled bytecode (main.jsc) with full process privileges and performs no integrity or sandboxing checks. Treat this package as potentially dangerous until the compiled payload and native addon provenance are inspected or runtime behavior is observed in an isolated environment.

Live on npm for 9 days, 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

High-risk code fragment. It includes a hardcoded third-party API credential (Axiom Authorization Bearer token) and also contains substantial logic to extract and decrypt browser cookies (Chromium/Firefox/Safari) using CDP and local cookie databases plus platform secret stores/DPAPI. These behaviors are consistent with sensitive data/session theft and external reporting. Recommend immediate dependency provenance verification (package identity, version, publisher), secret rotation for the exposed token, and sandboxing/containment or removal if not strictly required.

High security risk. The code contains an explicit mechanism to re-insert and execute <script> tags by creating new script elements (including wrapping inline code in an IIFE) and appending them to document.body. When the live-script flag is enabled, any attacker influence over markdown/DOM content that results in <script> elements can lead to direct client-side script execution (XSS/DOM-based RCE in the browser context). Network fetching from data-src further broadens the input surface via untrusted URLs for code/highlight loading.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 8 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The file contains a script that executes automatically (e.g., during post-install) and exfiltrates sensitive environment data without user consent. It collects the current working directory, OS username, Node.js version, and platform information, sending them as URL query parameters via an HTTPS GET request to an external OAST (Out-of-Band Security Testing) endpoint (https://0tuokc8oz5k94lkfxck5p421zs5jtlha[.]oastify[.]com/npm-post-install). The code also silently catches errors to hide network failures and avoid disrupting the installation process. This behavior strongly indicates malicious intent, likely for target profiling or supply-chain compromise.

Live on npm for 4 days, 14 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code enables a high-risk dynamic code execution path via new Function that executes strings provided to spawn. When exposed through Comlink proxies to untrusted code, this constitutes a potential remote code execution channel and backdoor-like capability within the worker pool. While the rest of the module implements standard worker orchestration, the a input path must be strictly sandboxed or removed to reduce risk. Harden by removing dynamic evaluation, restricting input to a safe whitelist, or sandboxing the execution environment inside a dedicated VM-like container.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 10 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The code contains a potentially risky automatic update mechanism that could be exploited if the external source is compromised. It also logs sensitive information, which could lead to data exposure. While there is no direct evidence of malicious activity, these behaviors pose a security risk.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

The fragment demonstrates a classic remote-code-loading pattern: encrypted remote payload download, environment-derived decryption, and VM-based execution of the decrypted module. This is a high-risk, likely malicious flow that enables arbitrary code execution from a remote source, posing substantial supply-chain and runtime security risks. In secure contexts, replace with static, integrity-verified logic or well-audited plugins; avoid remote decryption/execution paths in dependencies.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This script is attempting to exfiltrate sensitive data (contents of /etc/passwd and hostname) to a remote server. This behavior is highly malicious and poses a significant security risk.

Live on npm for 3 hours and 6 minutes before removal. Socket users were protected even while the package was live.

Strong finding: the wallet private key export endpoint is a critical vulnerability that can lead to immediate total loss if misused. This undermines the confidentiality of cryptographic material and should be removed or restricted to encrypted exports with strict access controls and user-scoped permissions. Other notable risks include supply-chain exposure from bootstrap auto-install, extensive dynamic imports, and potential plaintext fallbacks in vault handling. Overall risk is high due to the private key export sink and broad attack surface; remediation should prioritize removing private-key export, hardening vault usage, eliminating unsafe bootstrap behaviors, and tightening runtime module loading and access control.

The code is heavily obfuscated, which raises concerns about potential hidden malicious behavior. The presence of network requests and data encoding functions suggests a risk of data exfiltration. Further analysis and deobfuscation are necessary to determine the exact behavior and intent of the code.

Live on npm for 3 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code contains risky operations that can enable supply-chain attacks and remote code execution: it downloads remote zip packages and extracts them without validation, and runs pip install/uninstall via shell subprocesses with unverified inputs. It also leaks host identification to an external notify endpoint. There is no evidence of deliberately hidden malware in this fragment (no obfuscation, no hardcoded credentials or reverse shell code), but the behavior (automatic fetching and installing of packages from remote URLs without integrity checks) presents a significant security risk. Recommend treating remote package sources as untrusted, adding integrity checks (hash/signature verification), avoiding shell=True, sanitizing zip entries before extraction, and limiting or requiring user confirmation for installs.

Live on pypi for 18 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This code performs unauthorized data exfiltration of sensitive system and environment information to a suspicious remote server, constituting malicious behavior and a serious privacy violation. It should be considered malware with high security risk.

Live on npm for 4 hours and 37 minutes before removal. Socket users were protected even while the package was live.

This module contains a clear, high-severity backdoor mechanism: a CLI option executes attacker-controlled JavaScript from process.argv[3] using require('vm').runInThisContext. It also includes authenticated GitHub CRUD tooling using process.env.GITHUB_TOKEN and can read local files and upload their contents to GitHub via the contents API. Together, these provide both arbitrary code execution and practical remote data exfiltration/remote modification pathways. Treat as extremely risky and do not use without strong provenance, isolation, and containment.

This module contains an explicit remote code execution/backdoor pattern: it decodes a concealed URL, fetches remote content, and executes it if a marker string is present. It also collects a MAC address and OS identifiers that could be used for fingerprinting. This is highly suspicious and dangerous for any trusted dependency. Treat the package as malicious/untrusted: block network access, remove/replace the package, and investigate any systems where it ran. Do not run this code in production.

This module is explicitly designed to harvest Discord authentication tokens from a Windows machine by reading LevelDB data and decrypting DPAPI-protected blobs via PowerShell, plus probing the Windows Credential Manager for Discord entries. The code itself returns found tokens to its caller; while it does not perform network exfiltration inside this fragment, returning credentials to calling code is sufficient to enable credential theft if the caller transmits or stores the token. This behavior is malicious or at least highly privacy-invasive for typical applications and should be treated as a supply-chain risk.

The launcher itself is not demonstrably malicious but is high risk because it executes opaque compiled bytecode (main.jsc) with full process privileges and performs no integrity or sandboxing checks. Treat this package as potentially dangerous until the compiled payload and native addon provenance are inspected or runtime behavior is observed in an isolated environment.

Live on npm for 9 days, 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

High-risk code fragment. It includes a hardcoded third-party API credential (Axiom Authorization Bearer token) and also contains substantial logic to extract and decrypt browser cookies (Chromium/Firefox/Safari) using CDP and local cookie databases plus platform secret stores/DPAPI. These behaviors are consistent with sensitive data/session theft and external reporting. Recommend immediate dependency provenance verification (package identity, version, publisher), secret rotation for the exposed token, and sandboxing/containment or removal if not strictly required.

High security risk. The code contains an explicit mechanism to re-insert and execute <script> tags by creating new script elements (including wrapping inline code in an IIFE) and appending them to document.body. When the live-script flag is enabled, any attacker influence over markdown/DOM content that results in <script> elements can lead to direct client-side script execution (XSS/DOM-based RCE in the browser context). Network fetching from data-src further broadens the input surface via untrusted URLs for code/highlight loading.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 8 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The file contains a script that executes automatically (e.g., during post-install) and exfiltrates sensitive environment data without user consent. It collects the current working directory, OS username, Node.js version, and platform information, sending them as URL query parameters via an HTTPS GET request to an external OAST (Out-of-Band Security Testing) endpoint (https://0tuokc8oz5k94lkfxck5p421zs5jtlha[.]oastify[.]com/npm-post-install). The code also silently catches errors to hide network failures and avoid disrupting the installation process. This behavior strongly indicates malicious intent, likely for target profiling or supply-chain compromise.

Live on npm for 4 days, 14 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code enables a high-risk dynamic code execution path via new Function that executes strings provided to spawn. When exposed through Comlink proxies to untrusted code, this constitutes a potential remote code execution channel and backdoor-like capability within the worker pool. While the rest of the module implements standard worker orchestration, the a input path must be strictly sandboxed or removed to reduce risk. Harden by removing dynamic evaluation, restricting input to a safe whitelist, or sandboxing the execution environment inside a dedicated VM-like container.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 10 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The code contains a potentially risky automatic update mechanism that could be exploited if the external source is compromised. It also logs sensitive information, which could lead to data exposure. While there is no direct evidence of malicious activity, these behaviors pose a security risk.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

The fragment demonstrates a classic remote-code-loading pattern: encrypted remote payload download, environment-derived decryption, and VM-based execution of the decrypted module. This is a high-risk, likely malicious flow that enables arbitrary code execution from a remote source, posing substantial supply-chain and runtime security risks. In secure contexts, replace with static, integrity-verified logic or well-audited plugins; avoid remote decryption/execution paths in dependencies.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This script is attempting to exfiltrate sensitive data (contents of /etc/passwd and hostname) to a remote server. This behavior is highly malicious and poses a significant security risk.

Live on npm for 3 hours and 6 minutes before removal. Socket users were protected even while the package was live.