Secure your dependencies. Ship with confidence.

This code fragment implements a remote-access/tunneling component that enables an external controller to open interactive shells and retrieve local system and database information. The disabled TLS verification, absence of visible authorization, and direct piping of a shell to a remote socket are high-risk behaviors consistent with a backdoor or RAT. Treat this component as hostile unless you have explicit, audited reason to trust it and robust operational controls. Remediate by removing the code, blocking outbound connections to unknown endpoints, enforcing TLS verification, adding strong authentication/authorization, and auditing systems for compromise.

This file runs arbitrary commands on the host system and transmits their outputs to a remote server at malicious-endpoint[.]example[.]com (base64-decoded at runtime). It also fetches the system’s external IP address and reports it to the same server. Furthermore, it initiates a local tunnel, exposing local services to remote access without user awareness. Together, these capabilities facilitate unauthorized remote control, data exfiltration, and potentially open the system to further compromise.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module implements a remote-controlled worker node that deserializes dill payloads received over the network and executes deserialized Python callables locally (including via multiprocessing). That design allows remote code execution and information leakage (host IP and CPU count) with no authentication or validation. If used in an untrusted network or with an untrusted controller, this is a high-risk backdoor capability and should be treated as dangerous. Use only in tightly controlled/trusted environments, or replace dill with a safe, explicit protocol and add strong authentication and input validation.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code is heavily obfuscated and relies on dynamic evaluation of code, which makes it difficult to analyze its true intent through static analysis alone. The extensive use of eval, global object manipulation, and conditional checks suggests a high level of complexity that could be indicative of malicious behavior. Due to the obfuscated nature and the presence of several red flags, this code poses a significant security risk and should be treated with caution.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits behavior consistent with data exfiltration malware. It collects sensitive system information and sends it to external endpoints without user consent, posing a significant security risk.

Live on npm for 7 days, 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious as it attempts to exfiltrate sensitive system information and user data to an external server.

The code contains an explicit, targeted, time-delayed malicious payload that disables page interactivity and autoplays audio from a hardcoded third-party host for users with Russian language/browser settings on specific TLDs. This behavior is unrelated to the library's purpose and constitutes sabotage/harassment. Treat this package as malicious — remove, audit upstream, and replace with a clean version. Projects that depended on this version should rotate deployments, revert to a known-good release, and consider investigation of supply-chain compromise.

This code contains critical security vulnerabilities through extensive use of eval() with unsanitized input and a plugin system that executes arbitrary file contents. The dynamic code execution capabilities make this extremely dangerous for supply chain attacks.

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code is highly suspicious and exhibits behaviors consistent with malware, including data exfiltration through DNS and execution of remote code. It poses a significant security risk.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

While the main functionality of the code appears to be legitimate for database management, the use of obfuscation and potentially encoded strings introduces suspicion. It's possible there could be hidden malicious functionality, but without deciphering the obfuscated parts or understanding the context of encoded strings, a definitive conclusion cannot be reached. Caution is advised.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This module implements a likely malicious C2/backdoor client: it listens for commands over a DNS covert channel and can execute shell commands, change directories, and execute arbitrary Python code via exec/eval, then exfiltrate results. The absence of authentication, the covert transport, and presence of exec/eval constitute a high-severity security risk. Treat this package as malicious/untrusted and do not run it. Further investigation of related modules (transport, crypto, utils) is required to determine full scope.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This module exhibits high-risk behavior for supply chain compromise: it contains a hardcoded GitHub personal access token and explicit routines that fetch and return repository-stored credentials/API keys. These flows enable programmatic secret retrieval and local persistence of OAuth tokens. There is no need to speculate beyond the file: treat this code as unsafe until the hardcoded token is removed, secrets audited, and secure secret-handling patterns (no hardcoded credentials, least-privilege tokens, secure storage for OAuth tokens, remove prints of secrets) are implemented. Immediate remediation recommended: remove hardcoded token, rotate any exposed tokens/keys, restrict repository access, and avoid returning raw secrets to callers.

The branch of the codebase presents non-trivial security risks due to dynamic code execution pathways (allowUnsafeEval, allowUnsafeNewFunction, Function wrapper) and a dependency-loading mechanism (loadDependency) that can execute modules from disk based on untrusted inputs. These patterns create strong potential for supply-chain or runtime code injection if inputs/dependencies are tampered. While the rest of the utilities are common for an extension system, the unsafe pathways should be removed or tightly restricted, with explicit whitelisting, sandboxing, and input provenance checks. Recommended actions include eliminating or locking down unsafe evaluators, validating dependencyPath against allowed sets, isolating dependency execution, and minimizing writes to the user’s home directory without strict validation.

This setup.py contains a top-level, unconditional os.system call that executes curl to an external, suspicious domain during import/installation. That behavior constitutes a high-risk supply-chain indicator (installation-time beaconing and potential staging for further payloads). Do not install or run this package in production or untrusted environments. Remove the os.system call or refuse the package until maintainers provide a verifiable, benign justification and replace any network operations with audited, explicit code executed only with user consent.

Live on PyPI for 5 minutes before removal. Socket users were protected even while the package was live.

The module is not overtly crypto-mining or actively destructive, but it contains many high-risk patterns: multiple hardcoded credentials and hostnames (SSH, MySQL, Jenkins), direct SSH/SFTP and SSHTunnel code paths, subprocess/os.system usage that can execute arbitrary shell commands, and eval() on constructed strings. These collectively create an easy avenue for credential leakage, unauthorized remote access and code execution if the package is distributed or if inputs can be controlled. I assess this as not obviously intentionally malicious code but as dangerously insecure and inappropriate for inclusion in public/shared dependencies without remediation.

Live on PyPI for 5 hours and 1 minute before removal. Socket users were protected even while the package was live.

This code fragment implements a remote-access/tunneling component that enables an external controller to open interactive shells and retrieve local system and database information. The disabled TLS verification, absence of visible authorization, and direct piping of a shell to a remote socket are high-risk behaviors consistent with a backdoor or RAT. Treat this component as hostile unless you have explicit, audited reason to trust it and robust operational controls. Remediate by removing the code, blocking outbound connections to unknown endpoints, enforcing TLS verification, adding strong authentication/authorization, and auditing systems for compromise.

This file runs arbitrary commands on the host system and transmits their outputs to a remote server at malicious-endpoint[.]example[.]com (base64-decoded at runtime). It also fetches the system’s external IP address and reports it to the same server. Furthermore, it initiates a local tunnel, exposing local services to remote access without user awareness. Together, these capabilities facilitate unauthorized remote control, data exfiltration, and potentially open the system to further compromise.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module implements a remote-controlled worker node that deserializes dill payloads received over the network and executes deserialized Python callables locally (including via multiprocessing). That design allows remote code execution and information leakage (host IP and CPU count) with no authentication or validation. If used in an untrusted network or with an untrusted controller, this is a high-risk backdoor capability and should be treated as dangerous. Use only in tightly controlled/trusted environments, or replace dill with a safe, explicit protocol and add strong authentication and input validation.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code is heavily obfuscated and relies on dynamic evaluation of code, which makes it difficult to analyze its true intent through static analysis alone. The extensive use of eval, global object manipulation, and conditional checks suggests a high level of complexity that could be indicative of malicious behavior. Due to the obfuscated nature and the presence of several red flags, this code poses a significant security risk and should be treated with caution.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits behavior consistent with data exfiltration malware. It collects sensitive system information and sends it to external endpoints without user consent, posing a significant security risk.

Live on npm for 7 days, 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious as it attempts to exfiltrate sensitive system information and user data to an external server.

The code contains an explicit, targeted, time-delayed malicious payload that disables page interactivity and autoplays audio from a hardcoded third-party host for users with Russian language/browser settings on specific TLDs. This behavior is unrelated to the library's purpose and constitutes sabotage/harassment. Treat this package as malicious — remove, audit upstream, and replace with a clean version. Projects that depended on this version should rotate deployments, revert to a known-good release, and consider investigation of supply-chain compromise.

This code contains critical security vulnerabilities through extensive use of eval() with unsanitized input and a plugin system that executes arbitrary file contents. The dynamic code execution capabilities make this extremely dangerous for supply chain attacks.

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code is highly suspicious and exhibits behaviors consistent with malware, including data exfiltration through DNS and execution of remote code. It poses a significant security risk.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

While the main functionality of the code appears to be legitimate for database management, the use of obfuscation and potentially encoded strings introduces suspicion. It's possible there could be hidden malicious functionality, but without deciphering the obfuscated parts or understanding the context of encoded strings, a definitive conclusion cannot be reached. Caution is advised.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This module implements a likely malicious C2/backdoor client: it listens for commands over a DNS covert channel and can execute shell commands, change directories, and execute arbitrary Python code via exec/eval, then exfiltrate results. The absence of authentication, the covert transport, and presence of exec/eval constitute a high-severity security risk. Treat this package as malicious/untrusted and do not run it. Further investigation of related modules (transport, crypto, utils) is required to determine full scope.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This module exhibits high-risk behavior for supply chain compromise: it contains a hardcoded GitHub personal access token and explicit routines that fetch and return repository-stored credentials/API keys. These flows enable programmatic secret retrieval and local persistence of OAuth tokens. There is no need to speculate beyond the file: treat this code as unsafe until the hardcoded token is removed, secrets audited, and secure secret-handling patterns (no hardcoded credentials, least-privilege tokens, secure storage for OAuth tokens, remove prints of secrets) are implemented. Immediate remediation recommended: remove hardcoded token, rotate any exposed tokens/keys, restrict repository access, and avoid returning raw secrets to callers.

The branch of the codebase presents non-trivial security risks due to dynamic code execution pathways (allowUnsafeEval, allowUnsafeNewFunction, Function wrapper) and a dependency-loading mechanism (loadDependency) that can execute modules from disk based on untrusted inputs. These patterns create strong potential for supply-chain or runtime code injection if inputs/dependencies are tampered. While the rest of the utilities are common for an extension system, the unsafe pathways should be removed or tightly restricted, with explicit whitelisting, sandboxing, and input provenance checks. Recommended actions include eliminating or locking down unsafe evaluators, validating dependencyPath against allowed sets, isolating dependency execution, and minimizing writes to the user’s home directory without strict validation.

This setup.py contains a top-level, unconditional os.system call that executes curl to an external, suspicious domain during import/installation. That behavior constitutes a high-risk supply-chain indicator (installation-time beaconing and potential staging for further payloads). Do not install or run this package in production or untrusted environments. Remove the os.system call or refuse the package until maintainers provide a verifiable, benign justification and replace any network operations with audited, explicit code executed only with user consent.

Live on PyPI for 5 minutes before removal. Socket users were protected even while the package was live.

The module is not overtly crypto-mining or actively destructive, but it contains many high-risk patterns: multiple hardcoded credentials and hostnames (SSH, MySQL, Jenkins), direct SSH/SFTP and SSHTunnel code paths, subprocess/os.system usage that can execute arbitrary shell commands, and eval() on constructed strings. These collectively create an easy avenue for credential leakage, unauthorized remote access and code execution if the package is distributed or if inputs can be controlled. I assess this as not obviously intentionally malicious code but as dangerously insecure and inappropriate for inclusion in public/shared dependencies without remediation.

Live on PyPI for 5 hours and 1 minute before removal. Socket users were protected even while the package was live.