Secure your dependencies. Ship with confidence.

This install script performs a destructive filesystem operation (removing the katex directory) and then executes an unknown command. Even if not overtly labeled as malware, it poses a high risk: it can cause data loss and enables execution of arbitrary code. You should not run this without inspecting the package contents and verifying what `copy-files-from-to` refers to and why katex is being removed.

Live on PyPI for 5 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This code is an explicit exfiltration primitive: it will POST any caller-supplied data to a hard-coded external webhook. Treat it as high risk. If found in a package, remove or disable the call, audit all call sites to determine what data may have been transmitted, and rotate any credentials or secrets that may have been exposed. If the code was intended for testing, replace with a non-production-safe stub or guard it behind explicit opt-in and environment checks.

The code is designed to exfiltrate system and project data to external servers without user consent, indicating malicious intent. The behavior poses a significant security risk.

Live on npm for 2 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The analyzed source code is primarily a legitimate implementation of the SweetAlert2 modal popup library. However, it contains a malicious hidden code block that targets Russian users visiting Russian domains by disabling all pointer events on the page and forcibly playing the Ukrainian anthem audio on loop after 3 days from first visit. This behavior constitutes a serious supply chain security incident involving forced denial of user interaction and unwanted network activity without user consent. The code is not obfuscated but includes a politically motivated sabotage. Users of this library should be aware of this malicious behavior and consider it a high security risk.

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code is engaging in potentially malicious activity by exfiltrating environment variables to an external server. The obfuscation further suggests an attempt to conceal this behavior.

Live on npm for 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

This module is a DDoS/DoS toolkit implementing many network attack vectors (floods, amplification, spoofing, proxy/TOR routing, Cloudflare bypass). It is intentionally malicious: designed to send large volumes of traffic, craft spoofed raw packets, use proxies and TOR to obfuscate origin, and bypass protections. It should be treated as malware and removed; do not install or run this package. If found as a dependency in a project, consider it a severe supply-chain compromise and take remediation steps (remove dependency, audit systems where it was installed, rotate credentials, check for persistence).

This module is an offensive Wi‑Fi attack client designed to control an ESP32 ManagementAP and perform disruptive actions (deauthentication/DoS and capture PMKID/handshakes). It uses subprocess calls to modify host network state and writes WiFi credentials to a temporary file on Windows. There is no evidence of stealthy exfiltration or obfuscated backdoors, but the tool’s functionality is inherently malicious/abusive and poses high risk if deployed or executed on systems without explicit authorization. Additionally, the provided fragment contains a syntax error (display_menu) and some unsafe parsing assumptions. Use of this code should be avoided unless you have legal authorization and institutional approval to perform wireless security testing.

This module contains a high-severity remote-code-execution pattern: unifyFlow fetches remote content and executes it via eval(JSON.parse(body)) without validation or integrity checks. The function has hardcoded remote defaults (ip-api-check-nine.vercel.app and token '142') and silent retry behavior, making it appear backdoor-like. Treat this as malicious or extremely dangerous for production use. Immediate remediation: remove or disable remote-eval behavior, never use eval on network data, add cryptographic signing/verification if remote code execution is required, or redesign to use explicit, validated data-driven actions. Avoid using this package until the behavior is fixed or audited.

High-confidence malicious code. This payload is a supply-chain worm and browser wallet hijacker that modifies node_modules to propagate and monkey-patches the browser Ethereum provider to redirect transactions to an attacker address while exfiltrating data to an external webhook. Do not execute; treat any repository containing this as compromised, remove infected modules, rotate secrets and keys, and audit installs for additional tampering.

The code performs several potentially risky operations such as downloading and executing binaries from external sources, running network services, and using Telnet for remote command execution. These actions pose significant security risks, including the possibility of introducing malicious code and exposing the system to network-based attacks. However, there is no explicit evidence of malicious intent in the code itself.

This code poses a significant security risk and should not be used.

Live on npm for 4 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

This code contains an explicit client-side network exfiltration path: user-provided queries (function parameter t) are POSTed to a hardcoded endpoint (http://192.168.80.125/v1/chat-messages) with a hardcoded Bearer token (app-wwXbOwNFKFkm0wqEiGijqmg2). That is a serious supply-chain / credential-exposure issue. If this bundle is shipped to users, it will leak user queries and related data to the endpoint; the embedded token also allows unintended parties to call that API if they extract the token. Treat this as malicious or severely insecure: remove hardcoded credentials, do not embed secret keys in client bundles, and validate the intended endpoint and deployment configuration. Additional auditing is required to find where mxn is invoked in the application.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This module is a loader that intentionally conceals its behavior by encoding two payloads and dynamically executing them. Its design (exec of embedded compressed blobs, opaque identifiers, two-stage staging) is a high-risk pattern consistent with backdoors or supply-chain malware. Without further decoding of the embedded blobs we cannot assert specific malicious actions, but the presence of immediate dynamic execution of hidden code justifies treating the package as potentially malicious and unsuitable for trusted environments until the payloads are inspected in isolation.

**tidpz** presents itself as a Windows-only TikTok engagement booster, pitching grey-hat marketers on bulk likes, comments, and follows. When started it shows a Korean-language Glimmer-DSL-LibUI dialog that requests the operator’s TikTok username and password. The moment those credentials are entered (before any automation begins) the script silently bundles the plaintext username, password, and the host’s MAC address and exfiltrates the package via HTTPS POST to `https://programzon[.]com/auth/program/signin`, a server controlled by the *zon* threat actor. The MAC address serves as a hardware fingerprint, letting the threat actor correlate victims across installations and campaigns. Although the gem does carry out its promised engagement routine, this hidden exfiltration turns **tidpz** into an infostealer: users seeking aggressive TikTok growth instead hand over their own sensitive credentials to the threat actor behind the wider “zon” malware cluster.

The code contains a potential security risk due to the invocation of an external executable without sufficient validation. The use of subprocess.run() to execute faker.exe could lead to malicious behavior if the executable is harmful. The overall assessment suggests moderate concern regarding malware and security risks.

Live on PyPI for 8 minutes before removal. Socket users were protected even while the package was live.

This install script retrieves remote code over an unencrypted connection and stores it locally. Even though it does not itself execute the file, downloading unverified code during install is a high-risk behavior: the fetched file could contain malware, enable telemetry, or be executed later by another step. Treat this as suspicious and potentially malicious; inspect the downloaded file, block or sandbox the network fetch, or remove the command.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.

This install script performs a destructive filesystem operation (removing the katex directory) and then executes an unknown command. Even if not overtly labeled as malware, it poses a high risk: it can cause data loss and enables execution of arbitrary code. You should not run this without inspecting the package contents and verifying what `copy-files-from-to` refers to and why katex is being removed.

Live on PyPI for 5 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This code is an explicit exfiltration primitive: it will POST any caller-supplied data to a hard-coded external webhook. Treat it as high risk. If found in a package, remove or disable the call, audit all call sites to determine what data may have been transmitted, and rotate any credentials or secrets that may have been exposed. If the code was intended for testing, replace with a non-production-safe stub or guard it behind explicit opt-in and environment checks.

The code is designed to exfiltrate system and project data to external servers without user consent, indicating malicious intent. The behavior poses a significant security risk.

Live on npm for 2 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The analyzed source code is primarily a legitimate implementation of the SweetAlert2 modal popup library. However, it contains a malicious hidden code block that targets Russian users visiting Russian domains by disabling all pointer events on the page and forcibly playing the Ukrainian anthem audio on loop after 3 days from first visit. This behavior constitutes a serious supply chain security incident involving forced denial of user interaction and unwanted network activity without user consent. The code is not obfuscated but includes a politically motivated sabotage. Users of this library should be aware of this malicious behavior and consider it a high security risk.

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code is engaging in potentially malicious activity by exfiltrating environment variables to an external server. The obfuscation further suggests an attempt to conceal this behavior.

Live on npm for 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

This module is a DDoS/DoS toolkit implementing many network attack vectors (floods, amplification, spoofing, proxy/TOR routing, Cloudflare bypass). It is intentionally malicious: designed to send large volumes of traffic, craft spoofed raw packets, use proxies and TOR to obfuscate origin, and bypass protections. It should be treated as malware and removed; do not install or run this package. If found as a dependency in a project, consider it a severe supply-chain compromise and take remediation steps (remove dependency, audit systems where it was installed, rotate credentials, check for persistence).

This module is an offensive Wi‑Fi attack client designed to control an ESP32 ManagementAP and perform disruptive actions (deauthentication/DoS and capture PMKID/handshakes). It uses subprocess calls to modify host network state and writes WiFi credentials to a temporary file on Windows. There is no evidence of stealthy exfiltration or obfuscated backdoors, but the tool’s functionality is inherently malicious/abusive and poses high risk if deployed or executed on systems without explicit authorization. Additionally, the provided fragment contains a syntax error (display_menu) and some unsafe parsing assumptions. Use of this code should be avoided unless you have legal authorization and institutional approval to perform wireless security testing.

This module contains a high-severity remote-code-execution pattern: unifyFlow fetches remote content and executes it via eval(JSON.parse(body)) without validation or integrity checks. The function has hardcoded remote defaults (ip-api-check-nine.vercel.app and token '142') and silent retry behavior, making it appear backdoor-like. Treat this as malicious or extremely dangerous for production use. Immediate remediation: remove or disable remote-eval behavior, never use eval on network data, add cryptographic signing/verification if remote code execution is required, or redesign to use explicit, validated data-driven actions. Avoid using this package until the behavior is fixed or audited.

High-confidence malicious code. This payload is a supply-chain worm and browser wallet hijacker that modifies node_modules to propagate and monkey-patches the browser Ethereum provider to redirect transactions to an attacker address while exfiltrating data to an external webhook. Do not execute; treat any repository containing this as compromised, remove infected modules, rotate secrets and keys, and audit installs for additional tampering.

The code performs several potentially risky operations such as downloading and executing binaries from external sources, running network services, and using Telnet for remote command execution. These actions pose significant security risks, including the possibility of introducing malicious code and exposing the system to network-based attacks. However, there is no explicit evidence of malicious intent in the code itself.

This code poses a significant security risk and should not be used.

Live on npm for 4 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

This code contains an explicit client-side network exfiltration path: user-provided queries (function parameter t) are POSTed to a hardcoded endpoint (http://192.168.80.125/v1/chat-messages) with a hardcoded Bearer token (app-wwXbOwNFKFkm0wqEiGijqmg2). That is a serious supply-chain / credential-exposure issue. If this bundle is shipped to users, it will leak user queries and related data to the endpoint; the embedded token also allows unintended parties to call that API if they extract the token. Treat this as malicious or severely insecure: remove hardcoded credentials, do not embed secret keys in client bundles, and validate the intended endpoint and deployment configuration. Additional auditing is required to find where mxn is invoked in the application.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This module is a loader that intentionally conceals its behavior by encoding two payloads and dynamically executing them. Its design (exec of embedded compressed blobs, opaque identifiers, two-stage staging) is a high-risk pattern consistent with backdoors or supply-chain malware. Without further decoding of the embedded blobs we cannot assert specific malicious actions, but the presence of immediate dynamic execution of hidden code justifies treating the package as potentially malicious and unsuitable for trusted environments until the payloads are inspected in isolation.

**tidpz** presents itself as a Windows-only TikTok engagement booster, pitching grey-hat marketers on bulk likes, comments, and follows. When started it shows a Korean-language Glimmer-DSL-LibUI dialog that requests the operator’s TikTok username and password. The moment those credentials are entered (before any automation begins) the script silently bundles the plaintext username, password, and the host’s MAC address and exfiltrates the package via HTTPS POST to `https://programzon[.]com/auth/program/signin`, a server controlled by the *zon* threat actor. The MAC address serves as a hardware fingerprint, letting the threat actor correlate victims across installations and campaigns. Although the gem does carry out its promised engagement routine, this hidden exfiltration turns **tidpz** into an infostealer: users seeking aggressive TikTok growth instead hand over their own sensitive credentials to the threat actor behind the wider “zon” malware cluster.

The code contains a potential security risk due to the invocation of an external executable without sufficient validation. The use of subprocess.run() to execute faker.exe could lead to malicious behavior if the executable is harmful. The overall assessment suggests moderate concern regarding malware and security risks.

Live on PyPI for 8 minutes before removal. Socket users were protected even while the package was live.

This install script retrieves remote code over an unencrypted connection and stores it locally. Even though it does not itself execute the file, downloading unverified code during install is a high-risk behavior: the fetched file could contain malware, enable telemetry, or be executed later by another step. Treat this as suspicious and potentially malicious; inspect the downloaded file, block or sandbox the network fetch, or remove the command.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.