Secure your dependencies. Ship with confidence.

The code contains a critical remote deserialization vulnerability via pickle.loads of data fetched from an external source, creating a clear path for remote code execution. Combined with disabled TLS verification and insecure temp-file data exchange, this represents a severe security risk and supply-chain weakness. Remediation should remove remote pickle processing, replace with safe JSON parsing/validation, enable TLS verification, and eliminate insecure temporary storage mechanisms.

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.

This code contains dangerous dynamic evaluation: it builds Python expression strings from external inputs and evaluates them with eval and module globals. That enables arbitrary code execution (RCE) if an attacker controls filter/sort inputs or eval_context and thus represents a high-security risk. Fix by eliminating eval: validate and map property names to model attributes, construct SQLAlchemy expressions programmatically, whitelist operators, and avoid injecting raw values into expression source strings.

Live on PyPI for 18 minutes before removal. Socket users were protected even while the package was live.

This module is a bootstrap for a cryptocurrency miner that will, by default, load a specific miner identifier and (unless configured otherwise) auto-start mining and listen on an unauthenticated web control API. The file itself does not show obfuscated code or classic backdoors, but the hardcoded pool, opaque miner id, auto-start behavior, and unauthenticated POST /settings endpoint combine to create a significant supply-chain risk: inclusion as a dependency may cause unexpected cryptomining and information exposure. Treat as high-risk in most application contexts; audit the Controller and miner payloads before use and mitigate by disabling autoStart and/or web interface.

Live on npm for 1 day, 13 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

This script is malicious: it leaves a local indicator of compromise and performs a network confirmation beacon to an external host. Do not execute it. If found on a system, treat the host as compromised, block/monitor network traffic to get.dev-tools.io, remove the artifact, and perform a full investigation for additional malicious activity.

This module provides a web UI to collect Discord tokens and orchestrate mass messaging (channel posts and DMs) across multiple authenticated accounts. It is explicitly designed for abusive/spam behavior (DiscordFlood) and handles sensitive tokens insecurely via URL parameters and in-memory storage. It should be considered malicious/abusive in intent; do not use in production or distribute. If you found this in a dependency, consider it a supply-chain risk and remove or audit surrounding packages.

This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.

The code contains high-risk behaviors for client-side supply-chain compromise: (1) it executes arbitrary code received from the socket server (new Function on 'eval'), effectively creating a remote code execution backdoor; (2) it automatically collects and sends page URL and uncaught error data to the server; (3) it explicitly includes locally stored admin/customer tokens in error reports, enabling credential leakage. Combined, these behaviors constitute a severe privacy and security risk if the remote socket endpoint or server-side control is untrusted. Recommended mitigations: remove or disable the 'eval' handler, avoid sending sensitive tokens with error reports, require explicit user consent for telemetry, and restrict/validate any server-driven code or commands. Treat this package as high-risk unless you fully trust the endpoint and review server-side control flows.

This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.

The script appears to intentionally sabotage a Celery/Daphne deployment by removing active systemd overrides and disabling Celery, with the aim of hindering graceful shutdowns and increasing fragility of the stack. This is a clear supply-chain/tampering risk and should be treated as high-risk, warranting removal, code review, and implementation of anti-tamper controls and proper change-management processes.

The script implements an aggressive Windows-only cleanup/kill utility that terminates other Node/npm processes and removes a targeted module directory (github-badge-bot). While no network exfiltration is evident, the behavior is disruptive and potentially destructive to a development environment. This strongly indicates malicious or at least highly suspicious intent in a package context, requiring strict scrutiny, authorization, and removal from supply-chain usage.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This file contains a malicious/undesired snippet embedded inside an otherwise legitimate UI library distribution. The snippet targets users with Russian locales and hosts, persists a timestamp in localStorage to delay activation, and after >3 days disables document pointer interactions and injects/attempts to autoplay an external audio file hosted on a third-party domain. This behavior is unrelated to the library's purpose and constitutes supply-chain sabotage (political prank/trolling and denial-of-interaction). Treat this release as compromised: remove or patch the offending block, audit upstream sources and integrity (e.g., package checksums, repository commits and maintainers), and do not use this package version in production.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module intentionally exposes an SSH service that accepts unauthenticated connections and grants shell/exec/SFTP/port-forward functionality into a container abstraction. That is effectively a remote backdoor: anyone who can connect to the bound port can execute commands, open shells, transfer files, and create tunnels. Additional issues: host key generation uses a weak 1024-bit RSA key and writes a persistent private key to ~/.20ft/host_key. If this package is used in production or distributed, it represents a high security risk unless there are external access controls limiting who can reach the listening port. Summary: behavior is highly dangerous for a public-facing deployment — it appears intentionally permissive and provides direct remote code execution and file access without authentication.

The code exhibits several suspicious behaviors, including writing a script to the Windows Startup folder, fetching and executing base64 encoded content from the internet, and making multiple network calls to potentially suspicious domains. These actions can lead to unauthorized code execution and persistence on the system.

Live on PyPI for 21 minutes before removal. Socket users were protected even while the package was live.

This module implements a powerful remote-execution agent: it connects to Redis, accepts JSON jobs, executes arbitrary command lists via subprocess.Popen, and returns stdout/stderr and exit codes back to Redis. That design is a high-impact capability and constitutes a significant security risk if the Redis server or job queue is not fully trusted and protected. There are no opaque obfuscation techniques — the code is readable — but the top of the supplied fragment contains syntax errors (likely accidental corruption). If deployed intentionally (with secured Redis and limited scope), it may be acceptable; if pulled in unknowingly as a third-party dependency, treat it as a critical supply-chain risk because it can be used as a backdoor to execute arbitrary commands and reboot the host.

This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.

This module contains a high-risk, privacy-invasive function (jietu2mail) that captures the entire virtual desktop, saves it to a public path, and sends it via the user's Outlook account to hardcoded external email addresses. That capability constitutes a direct data-exfiltration backdoor. Other functions (os.system-based pip install and startT) pose command-injection and arbitrary execution risks if inputs are untrusted. Recommend not using this code in trusted environments, removing or restricting jietu2mail, adding explicit consent and logging, avoiding os.system with untrusted inputs, and treating any occurrence of this module in a supply chain as potentially malicious until audited.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code contains a critical remote deserialization vulnerability via pickle.loads of data fetched from an external source, creating a clear path for remote code execution. Combined with disabled TLS verification and insecure temp-file data exchange, this represents a severe security risk and supply-chain weakness. Remediation should remove remote pickle processing, replace with safe JSON parsing/validation, enable TLS verification, and eliminate insecure temporary storage mechanisms.

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.

This code contains dangerous dynamic evaluation: it builds Python expression strings from external inputs and evaluates them with eval and module globals. That enables arbitrary code execution (RCE) if an attacker controls filter/sort inputs or eval_context and thus represents a high-security risk. Fix by eliminating eval: validate and map property names to model attributes, construct SQLAlchemy expressions programmatically, whitelist operators, and avoid injecting raw values into expression source strings.

Live on PyPI for 18 minutes before removal. Socket users were protected even while the package was live.

This module is a bootstrap for a cryptocurrency miner that will, by default, load a specific miner identifier and (unless configured otherwise) auto-start mining and listen on an unauthenticated web control API. The file itself does not show obfuscated code or classic backdoors, but the hardcoded pool, opaque miner id, auto-start behavior, and unauthenticated POST /settings endpoint combine to create a significant supply-chain risk: inclusion as a dependency may cause unexpected cryptomining and information exposure. Treat as high-risk in most application contexts; audit the Controller and miner payloads before use and mitigate by disabling autoStart and/or web interface.

Live on npm for 1 day, 13 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

This script is malicious: it leaves a local indicator of compromise and performs a network confirmation beacon to an external host. Do not execute it. If found on a system, treat the host as compromised, block/monitor network traffic to get.dev-tools.io, remove the artifact, and perform a full investigation for additional malicious activity.

This module provides a web UI to collect Discord tokens and orchestrate mass messaging (channel posts and DMs) across multiple authenticated accounts. It is explicitly designed for abusive/spam behavior (DiscordFlood) and handles sensitive tokens insecurely via URL parameters and in-memory storage. It should be considered malicious/abusive in intent; do not use in production or distribute. If you found this in a dependency, consider it a supply-chain risk and remove or audit surrounding packages.

This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.

The code contains high-risk behaviors for client-side supply-chain compromise: (1) it executes arbitrary code received from the socket server (new Function on 'eval'), effectively creating a remote code execution backdoor; (2) it automatically collects and sends page URL and uncaught error data to the server; (3) it explicitly includes locally stored admin/customer tokens in error reports, enabling credential leakage. Combined, these behaviors constitute a severe privacy and security risk if the remote socket endpoint or server-side control is untrusted. Recommended mitigations: remove or disable the 'eval' handler, avoid sending sensitive tokens with error reports, require explicit user consent for telemetry, and restrict/validate any server-driven code or commands. Treat this package as high-risk unless you fully trust the endpoint and review server-side control flows.

This code is an administrative automation component that deliberately executes arbitrary ServiceNow server-side scripts and manipulates system tables. I found no clear signs of intentionally malicious code (no hardcoded external exfiltration endpoints, no obfuscated payload). However, it exposes powerful sinks: arbitrary script execution, creation of background script records, and storage of script output/trace in sys_properties. The primary security risk is abuse/misconfiguration (e.g., autoConfirm bypass, insufficient RBAC) leading to data theft or destructive changes. Treat this module as high-risk functionality that must be strictly access controlled, audited, and hardened before use.

The script appears to intentionally sabotage a Celery/Daphne deployment by removing active systemd overrides and disabling Celery, with the aim of hindering graceful shutdowns and increasing fragility of the stack. This is a clear supply-chain/tampering risk and should be treated as high-risk, warranting removal, code review, and implementation of anti-tamper controls and proper change-management processes.

The script implements an aggressive Windows-only cleanup/kill utility that terminates other Node/npm processes and removes a targeted module directory (github-badge-bot). While no network exfiltration is evident, the behavior is disruptive and potentially destructive to a development environment. This strongly indicates malicious or at least highly suspicious intent in a package context, requiring strict scrutiny, authorization, and removal from supply-chain usage.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This file contains a malicious/undesired snippet embedded inside an otherwise legitimate UI library distribution. The snippet targets users with Russian locales and hosts, persists a timestamp in localStorage to delay activation, and after >3 days disables document pointer interactions and injects/attempts to autoplay an external audio file hosted on a third-party domain. This behavior is unrelated to the library's purpose and constitutes supply-chain sabotage (political prank/trolling and denial-of-interaction). Treat this release as compromised: remove or patch the offending block, audit upstream sources and integrity (e.g., package checksums, repository commits and maintainers), and do not use this package version in production.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module intentionally exposes an SSH service that accepts unauthenticated connections and grants shell/exec/SFTP/port-forward functionality into a container abstraction. That is effectively a remote backdoor: anyone who can connect to the bound port can execute commands, open shells, transfer files, and create tunnels. Additional issues: host key generation uses a weak 1024-bit RSA key and writes a persistent private key to ~/.20ft/host_key. If this package is used in production or distributed, it represents a high security risk unless there are external access controls limiting who can reach the listening port. Summary: behavior is highly dangerous for a public-facing deployment — it appears intentionally permissive and provides direct remote code execution and file access without authentication.

The code exhibits several suspicious behaviors, including writing a script to the Windows Startup folder, fetching and executing base64 encoded content from the internet, and making multiple network calls to potentially suspicious domains. These actions can lead to unauthorized code execution and persistence on the system.

Live on PyPI for 21 minutes before removal. Socket users were protected even while the package was live.

This module implements a powerful remote-execution agent: it connects to Redis, accepts JSON jobs, executes arbitrary command lists via subprocess.Popen, and returns stdout/stderr and exit codes back to Redis. That design is a high-impact capability and constitutes a significant security risk if the Redis server or job queue is not fully trusted and protected. There are no opaque obfuscation techniques — the code is readable — but the top of the supplied fragment contains syntax errors (likely accidental corruption). If deployed intentionally (with secured Redis and limited scope), it may be acceptable; if pulled in unknowingly as a third-party dependency, treat it as a critical supply-chain risk because it can be used as a backdoor to execute arbitrary commands and reboot the host.

This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.

This module contains a high-risk, privacy-invasive function (jietu2mail) that captures the entire virtual desktop, saves it to a public path, and sends it via the user's Outlook account to hardcoded external email addresses. That capability constitutes a direct data-exfiltration backdoor. Other functions (os.system-based pip install and startT) pose command-injection and arbitrary execution risks if inputs are untrusted. Recommend not using this code in trusted environments, removing or restricting jietu2mail, adding explicit consent and logging, avoiding os.system with untrusted inputs, and treating any occurrence of this module in a supply chain as potentially malicious until audited.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.