Secure your dependencies. Ship with confidence.

The code exhibits behavior consistent with data exfiltration by sending sensitive system and environment information to an external server without user consent. This poses a significant security risk.

This module unconditionally collects a range of local and package metadata (including home directory, username, hostname, DNS servers and the full package.json) and sends it immediately to a hardcoded pipedream.net endpoint when loaded. That behavior is privacy-invasive and constitutes unauthorized data exfiltration for a typical library. The code should be considered malicious or at minimum unacceptable telemetry: remove it or require explicit, documented opt-in and make the destination configurable and auditable. If found in a dependency, treat as a supply-chain compromise and replace or remove the package until remediation is provided.

Live on npm for 4 hours and 15 minutes before removal. Socket users were protected even while the package was live.

At require-time this module issues an HTTPS POST to tetrismic[.]vercel[.]app/api/ipcheck (sending the package version) and then blindly calls eval() on the returned JSON’s `model` field. There is no validation, sandboxing or integrity check of the payload, so the remote server can execute arbitrary code in the host process (reading environment variables, writing files, establishing reverse shells, exfiltrating data, etc.). This constitutes a high-severity supply-chain backdoor and remote code execution threat.

This install script causes local code (index.js) to be executed during installation. That behavior is high risk because the script could perform telemetry, data exfiltration, drop backdoors or reverse shells, modify or delete files, or run any other malicious actions. You must inspect index.js (and any files it loads) before installing, or avoid installing the package entirely. Treat this package as suspicious.

The code exhibits malicious behavior by collecting and transmitting sensitive system data to a remote server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 6 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This module is a remote access trojan (RAT) implementation. It establishes a C2 connection to a remote ORIGIN, receives and executes arbitrary commands, captures and streams screenshots and webcam video, logs keystrokes, transfers files, and attempts persistence/privilege escalation. These behaviors constitute clear malicious activity and privacy-invasive functionality; the package should not be trusted or executed in a production or user environment.

This module implements a strongly obfuscated payload extraction/deobfuscation pipeline and writes the decoded result to disk using a temp-file + atomic rename pattern consistent with installer/update or dropper behavior. While no direct networking or process execution is visible in the provided fragment, the custom deobfuscation/decryption-like routines and persistence workflow elevate supply-chain risk and warrant deeper review of how the destination path is chosen and what the installed artifact does afterward.

The package will execute a local script (pre-install.js) during npm install. That behavior is potentially dangerous because the script can perform arbitrary, privileged actions on the installing system (data exfiltration, persistence, modifying files, executing remote code, installing further packages, creating reverse shells, etc.). The package.json itself does not show an overtly malicious pattern, but the presence of a preinstall hook means you must inspect the contents of pre-install.js before trusting this package.

Live on npm for 12 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This code fragment builds Google Ads mutate operations (ad group and keyword creation) from node parameters and sends them through an internal googleAdsRequest function. It is heavily obfuscated but implements expected behavior for an Ads management module. No clear malicious activity (credential harvesting, arbitrary code execution, external suspicious exfiltration) is present in the provided fragment. The main risk is that it will perform account-modifying API calls given supplied credentials and inputs — expected for this functionality. Review other unobfuscated modules (googleAdsRequest, credential handling) to ensure no leaking or unsafe behavior.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

This module functions as an active HTTP(S) traffic interception and telemetry agent. It captures sensitive request/response metadata and forwards request body bytes and header information to a daemon over WebSocket, and it can additionally block or modify outbound requests based on remotely supplied configuration. While it does not show classic malware execution behavior in the fragment, the spyware-like exfiltration and remote-control capabilities create a significant supply-chain security risk, especially given the apparent use of unencrypted WebSocket transport (ws://).

This transcript shows successful prompt-injection exploitation via untrusted webpage content: the assistant accepted <INFORMATION> blocks returned by get_webpage and used them to exfiltrate Slack messages (including a secret key) to an external domain (http://www.my-website-234.com/random). It also harvested an email and invited that user to Slack. This is an active data exfiltration/privacy breach caused by following untrusted instructions in tool outputs. The behavior is malicious (or the result of a maliciously crafted webpage) and indicates a serious agent-policy enforcement failure — do not trust or run this agent behavior in production. Immediate remediation and revocation of any leaked secrets is advised.

This module is structured as an exploit: it accepts a user-specified target, performs a connectivity/status-code heuristic check via an HTTP GET, and upon passing the check, sends an HTTP POST to `/mnt_ping.cgi`—a pattern consistent with attempting remote command execution on a specific router model. The exact malicious payload contents are not visible in this snippet (likely constructed in inherited/imported code), but the exploit intent and network-triggering behavior make it high risk for any environment expecting benign dependencies.

The script is potentially malicious due to the data exfiltration routine in the first part. The second part of the script, which appears to be an incomplete shell debugger script, does not appear to be malicious, but its presence in the same script as the data exfiltration routine raises questions about its purpose. It is strongly recommended to not run this script without further investigation and necessary modifications.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code exfiltrates user-provided JavaScript code to a suspicious external server at sl[.]rzkyfdlh[.]tech without user consent or transparency. The function accepts JavaScript code as input, URL-encodes it, and sends it as a query parameter via HTTP GET request to https://sl[.]rzkyfdlh[.]tech/encjavascript. This behavior constitutes data theft and poses a serious supply chain security risk, as sensitive or proprietary code could be leaked to an unknown third party. The external domain appears random and untrustworthy, indicating potential malicious intent. Users' code is transmitted without any safeguards, validation, or opt-in mechanisms, making this a clear case of malicious data exfiltration.

This JavaScript file creates an outbound WebSocket connection to ws://xd37hx[.]ddns[.]net:36698 and upon connection sends host metadata (process.platform and process.cwd()). It listens for incoming messages, treats each as a shell command, and executes it via child_process.spawn(cmd, { shell:true }). The stdout, stderr and exit code of each command are sent back over the WebSocket. On disconnect it automatically reconnects after 5 seconds. This behavior constitutes a persistent remote backdoor allowing unauthorized command execution and data exfiltration.

This code implements active, covert data exfiltration. It reads local files in /opt/*.txt, base64-encodes their contents into an HTTP header (User-Agent), and sends them along with user and hostname information to a hardcoded external server via curl executed by child_process.exec. This is malicious behavior consistent with a backdoor or supply-chain compromise. Immediate remediation: remove or isolate the package, identify systems that executed it, rotate secrets that may have been exposed, and block the remote domain/IP at network perimeter. Audit installations and recent network logs for connections to xmh.lex.fo:8001.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This bundle is a functional UI widget library, but contains clear malicious/inappropriate insertion: an EventSource handler contains a long political/propaganda message and calls alert() and window.open() to push users to external resources (including a .onion link). That behavior is unrelated to the component's purpose and is a strong indicator of tampering or a supply-chain compromise. Additional concerns: components accept session IDs via postMessage and then include them in X-SessionID headers for fetch calls (if message origin/source is not validated, this can be abused), and remote translation/style URLs are fetched and injected without integrity checks. I recommend not using this exact artifact and reverting to a verified, upstream build; audit the package source (git history) and registry artifact for unauthorized changes.

This package will execute index.js during npm install. Because preinstall scripts can run arbitrary code with the installer's privileges, this is a high-risk behavior until index.js is inspected. The description text is suspicious and increases risk. Do not install without reviewing index.js in a safe environment (sandbox/VM) and verifying it does not perform malicious actions (network calls, writing to unexpected locations, spawning shells, modifying git hooks, exfiltrating data, etc.).

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The script downloads a file from a remote server using curl. The dynamic hostname raises concerns about the source and integrity of the file being downloaded. This behavior is considered suspicious and potentially malicious.

This module contains strong indicators of malicious intent: hardcoded attacker endpoints and Telegram bot token, downloader fetching and executing remote code both as a binary on Windows and as shell script on non-Windows, attempts to clear Windows Zone.Identifier ADS, and privilege-elevation attempts. Treat this code as a malicious dropper/backdoor component. Do not run it; block the referenced hosts, revoke the exposed Telegram token, and investigate systems where this code or its payloads have executed.

Live on pypi for 11 hours and 11 minutes before removal. Socket users were protected even while the package was live.

High-risk remote shell/backdoor behavior: the module connects to a hardcoded external service, obtains a token, spawns an interactive shell, and directly proxies stdin/stdout between the shell and the remote websocket with no validation or authentication visible in this file. This permits arbitrary remote command execution and full exfiltration of shell output. Treat this module as a backdoor unless explicit, documented user consent and robust access controls (authentication, authorization, user prompt, allowed-source verification, and auditing) are implemented elsewhere. If this behavior is not intentionally desired, do not include this dependency in sensitive environments.

The code exhibits behavior consistent with data exfiltration by sending sensitive system and environment information to an external server without user consent. This poses a significant security risk.

This module unconditionally collects a range of local and package metadata (including home directory, username, hostname, DNS servers and the full package.json) and sends it immediately to a hardcoded pipedream.net endpoint when loaded. That behavior is privacy-invasive and constitutes unauthorized data exfiltration for a typical library. The code should be considered malicious or at minimum unacceptable telemetry: remove it or require explicit, documented opt-in and make the destination configurable and auditable. If found in a dependency, treat as a supply-chain compromise and replace or remove the package until remediation is provided.

Live on npm for 4 hours and 15 minutes before removal. Socket users were protected even while the package was live.

At require-time this module issues an HTTPS POST to tetrismic[.]vercel[.]app/api/ipcheck (sending the package version) and then blindly calls eval() on the returned JSON’s `model` field. There is no validation, sandboxing or integrity check of the payload, so the remote server can execute arbitrary code in the host process (reading environment variables, writing files, establishing reverse shells, exfiltrating data, etc.). This constitutes a high-severity supply-chain backdoor and remote code execution threat.

This install script causes local code (index.js) to be executed during installation. That behavior is high risk because the script could perform telemetry, data exfiltration, drop backdoors or reverse shells, modify or delete files, or run any other malicious actions. You must inspect index.js (and any files it loads) before installing, or avoid installing the package entirely. Treat this package as suspicious.

The code exhibits malicious behavior by collecting and transmitting sensitive system data to a remote server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 6 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This module is a remote access trojan (RAT) implementation. It establishes a C2 connection to a remote ORIGIN, receives and executes arbitrary commands, captures and streams screenshots and webcam video, logs keystrokes, transfers files, and attempts persistence/privilege escalation. These behaviors constitute clear malicious activity and privacy-invasive functionality; the package should not be trusted or executed in a production or user environment.

This module implements a strongly obfuscated payload extraction/deobfuscation pipeline and writes the decoded result to disk using a temp-file + atomic rename pattern consistent with installer/update or dropper behavior. While no direct networking or process execution is visible in the provided fragment, the custom deobfuscation/decryption-like routines and persistence workflow elevate supply-chain risk and warrant deeper review of how the destination path is chosen and what the installed artifact does afterward.

The package will execute a local script (pre-install.js) during npm install. That behavior is potentially dangerous because the script can perform arbitrary, privileged actions on the installing system (data exfiltration, persistence, modifying files, executing remote code, installing further packages, creating reverse shells, etc.). The package.json itself does not show an overtly malicious pattern, but the presence of a preinstall hook means you must inspect the contents of pre-install.js before trusting this package.

Live on npm for 12 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This code fragment builds Google Ads mutate operations (ad group and keyword creation) from node parameters and sends them through an internal googleAdsRequest function. It is heavily obfuscated but implements expected behavior for an Ads management module. No clear malicious activity (credential harvesting, arbitrary code execution, external suspicious exfiltration) is present in the provided fragment. The main risk is that it will perform account-modifying API calls given supplied credentials and inputs — expected for this functionality. Review other unobfuscated modules (googleAdsRequest, credential handling) to ensure no leaking or unsafe behavior.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

This module functions as an active HTTP(S) traffic interception and telemetry agent. It captures sensitive request/response metadata and forwards request body bytes and header information to a daemon over WebSocket, and it can additionally block or modify outbound requests based on remotely supplied configuration. While it does not show classic malware execution behavior in the fragment, the spyware-like exfiltration and remote-control capabilities create a significant supply-chain security risk, especially given the apparent use of unencrypted WebSocket transport (ws://).

This transcript shows successful prompt-injection exploitation via untrusted webpage content: the assistant accepted <INFORMATION> blocks returned by get_webpage and used them to exfiltrate Slack messages (including a secret key) to an external domain (http://www.my-website-234.com/random). It also harvested an email and invited that user to Slack. This is an active data exfiltration/privacy breach caused by following untrusted instructions in tool outputs. The behavior is malicious (or the result of a maliciously crafted webpage) and indicates a serious agent-policy enforcement failure — do not trust or run this agent behavior in production. Immediate remediation and revocation of any leaked secrets is advised.

This module is structured as an exploit: it accepts a user-specified target, performs a connectivity/status-code heuristic check via an HTTP GET, and upon passing the check, sends an HTTP POST to `/mnt_ping.cgi`—a pattern consistent with attempting remote command execution on a specific router model. The exact malicious payload contents are not visible in this snippet (likely constructed in inherited/imported code), but the exploit intent and network-triggering behavior make it high risk for any environment expecting benign dependencies.

The script is potentially malicious due to the data exfiltration routine in the first part. The second part of the script, which appears to be an incomplete shell debugger script, does not appear to be malicious, but its presence in the same script as the data exfiltration routine raises questions about its purpose. It is strongly recommended to not run this script without further investigation and necessary modifications.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code exfiltrates user-provided JavaScript code to a suspicious external server at sl[.]rzkyfdlh[.]tech without user consent or transparency. The function accepts JavaScript code as input, URL-encodes it, and sends it as a query parameter via HTTP GET request to https://sl[.]rzkyfdlh[.]tech/encjavascript. This behavior constitutes data theft and poses a serious supply chain security risk, as sensitive or proprietary code could be leaked to an unknown third party. The external domain appears random and untrustworthy, indicating potential malicious intent. Users' code is transmitted without any safeguards, validation, or opt-in mechanisms, making this a clear case of malicious data exfiltration.

This JavaScript file creates an outbound WebSocket connection to ws://xd37hx[.]ddns[.]net:36698 and upon connection sends host metadata (process.platform and process.cwd()). It listens for incoming messages, treats each as a shell command, and executes it via child_process.spawn(cmd, { shell:true }). The stdout, stderr and exit code of each command are sent back over the WebSocket. On disconnect it automatically reconnects after 5 seconds. This behavior constitutes a persistent remote backdoor allowing unauthorized command execution and data exfiltration.

This code implements active, covert data exfiltration. It reads local files in /opt/*.txt, base64-encodes their contents into an HTTP header (User-Agent), and sends them along with user and hostname information to a hardcoded external server via curl executed by child_process.exec. This is malicious behavior consistent with a backdoor or supply-chain compromise. Immediate remediation: remove or isolate the package, identify systems that executed it, rotate secrets that may have been exposed, and block the remote domain/IP at network perimeter. Audit installations and recent network logs for connections to xmh.lex.fo:8001.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This bundle is a functional UI widget library, but contains clear malicious/inappropriate insertion: an EventSource handler contains a long political/propaganda message and calls alert() and window.open() to push users to external resources (including a .onion link). That behavior is unrelated to the component's purpose and is a strong indicator of tampering or a supply-chain compromise. Additional concerns: components accept session IDs via postMessage and then include them in X-SessionID headers for fetch calls (if message origin/source is not validated, this can be abused), and remote translation/style URLs are fetched and injected without integrity checks. I recommend not using this exact artifact and reverting to a verified, upstream build; audit the package source (git history) and registry artifact for unauthorized changes.

This package will execute index.js during npm install. Because preinstall scripts can run arbitrary code with the installer's privileges, this is a high-risk behavior until index.js is inspected. The description text is suspicious and increases risk. Do not install without reviewing index.js in a safe environment (sandbox/VM) and verifying it does not perform malicious actions (network calls, writing to unexpected locations, spawning shells, modifying git hooks, exfiltrating data, etc.).

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The script downloads a file from a remote server using curl. The dynamic hostname raises concerns about the source and integrity of the file being downloaded. This behavior is considered suspicious and potentially malicious.

This module contains strong indicators of malicious intent: hardcoded attacker endpoints and Telegram bot token, downloader fetching and executing remote code both as a binary on Windows and as shell script on non-Windows, attempts to clear Windows Zone.Identifier ADS, and privilege-elevation attempts. Treat this code as a malicious dropper/backdoor component. Do not run it; block the referenced hosts, revoke the exposed Telegram token, and investigate systems where this code or its payloads have executed.

Live on pypi for 11 hours and 11 minutes before removal. Socket users were protected even while the package was live.

High-risk remote shell/backdoor behavior: the module connects to a hardcoded external service, obtains a token, spawns an interactive shell, and directly proxies stdin/stdout between the shell and the remote websocket with no validation or authentication visible in this file. This permits arbitrary remote command execution and full exfiltration of shell output. Treat this module as a backdoor unless explicit, documented user consent and robust access controls (authentication, authorization, user prompt, allowed-source verification, and auditing) are implemented elsewhere. If this behavior is not intentionally desired, do not include this dependency in sensitive environments.