Secure your dependencies. Ship with confidence.

This code contains a covert, targeted, and disruptive payload embedded in a UI library. For users with Russian language settings on Russian TLD hosts, after a persisted 3-day delay the code disables page interaction and injects & autoplays a looped audio file served from a hardcoded external domain. This behavior is unrelated to a modal/toast library, lacks consent/opt-in, and constitutes supply-chain sabotage or malicious prank. Treat this package version as compromised: remove or block it, audit repository history and maintainers, and update to a known-clean release. If this code is present in your dependency graph, consider immediate remediation and incident response steps.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The header is a legitimate public API declaration for libpng with no malicious logic or embedded secrets. Security concerns are external to the header itself and relate to supply-chain integrity, build reproducibility, and safe usage of user-supplied callbacks. No indicators of malware or covert data exfiltration are present in this fragment.

The code fragment primarily reflects legitimate DeFi transaction construction patterns, but contains a critical anomaly: a hard-coded fund transfer in simulateAccountHealthCache that could fund the margin caller without explicit consent or gating. This pattern constitutes a backdoor-like risk and should be removed or strictly gated behind feature flags, with production logging minimized. The remaining architecture (oracle integrations, swap flows, and deposit/borrow logic) should be reviewed for hard-coded secrets and to ensure no other covert fund movements exist. Recommend removing the hard-coded transfer, securing or gating health simulation paths, and pruning verbose logs for production.

This file immediately issues an HTTP POST to https://api-server-oj5h[.]onrender[.]com/checkServer, parses the JSON response for a ‘check’ string, then constructs and invokes new Function('require', check) with the host’s module loader. This grants any payload returned by the remote endpoint unrestricted access to require('fs'), require('child_process'), require('net'), environment variables, and more—allowing file reads/writes, command execution, data exfiltration, backdoor installation, or persistence. There are no integrity checks, sandboxing, or allowlists, and failures are silently logged, making this a critical malicious supply-chain backdoor risk.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

The code contains potentially dangerous functionality: it allows database-controlled filesystem paths to be passed to launchctl load/unload and to be read back by the application without validation or shown authorization. This can enable persistence or privileged actions if an attacker can create/modify Plist records or invoke these methods remotely. There is no evidence of obfuscation or intentional malware, but the design presents a notable supply-chain/privilege risk and should be hardened before use in exposed contexts.

This module presents a high-severity supply-chain/runtime risk: it accepts command text via a model and executes it with subprocess.run(shell=True). If Command.command can be set from untrusted sources, the code enables remote code execution. The validation step uses an opsmate.dino-decorated async function that likely sends the command string to an external service, introducing possible data leakage. The file contains multiple logic/implementation bugs (incorrect return types, malformed templates) but these do not mitigate the primary security issue. Recommendations: do not instantiate/execute Command objects with untrusted input; remove or strictly sandbox subprocess usage (avoid shell=True, use shlex.split or direct args and restrict allowed commands); remove or audit any external-service decorator usage that transmits sensitive strings; fix type/logic bugs and complete templates before production. No clear signs of intentional malware were found, but the RCE and data-exfiltration risks are substantial.

This code is intentionally obfuscated and implements a remote-controlled payload delivery mechanism that writes arbitrary content into the user's clipboard with minimal user indication. It builds an RC4 key from an embedded string, decrypts an input token, optionally fetches a remote image and extracts a hidden payload after a sentinel marker, decodes it and silently writes it to the clipboard. That pattern enables covert clipboard poisoning and dynamic delivery of potentially malicious data. While the snippet does not contain an explicit remote command execution or reverse shell, the capability to place attacker-controlled data into the clipboard without user consent is a significant security and privacy risk. Recommendation: treat as high-risk — remove or restrict clipboard-write behavior, require explicit user consent, audit remote endpoint(s), and deobfuscate/verify key material and payload signing before any use.

This module is a strong cryptomining orchestrator: it auto-starts a mining controller, configures an XMR pool endpoint via defaults, and loads a specific miner identifier. It also exposes an HTTP server that can leak internal system/performance data (/status) and accepts remote settings updates via POST /settings without authentication or validation in this file. While direct malware/exfiltration beyond mining is not shown here, the overall behavior and remote control surface make this a high-risk supply-chain component that warrants deeper inspection of ./miners.controller and related modules before use.

Live on npm for 15 hours before removal. Socket users were protected even while the package was live.

This file is high-risk: it deliberately hides executable code in a compressed/base64 blob and exec()s it with no validation. That pattern is commonly used to conceal malicious behavior in supply-chain attacks. Treat the package as untrusted until the embedded payload is decoded and thoroughly audited in an isolated environment. Do not import or run this module in production or on any host with sensitive data until analysis completes.

Live on pypi for 2 days, 12 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This code actively probes AWS, GCP, and Azure instance metadata services and saves any returned tokens/credentials to /tmp/poc.txt. That behavior is strongly indicative of credential harvesting used in post-compromise tooling. Even without explicit exfiltration in this fragment, writing sensitive metadata to an unprotected temporary file is a high-severity risk. Treat this code as malicious or as a high-risk backdoor: remove or disable it, investigate for related exfiltration code, audit instance for compromise, and rotate any potentially exposed credentials. Do not run this in production.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This module is primarily geometry/WKT parsing and math, but it also bundles a high-risk dynamic execution subsystem: it spawns an embedded base64/data-url Web Worker and includes a message-driven RPC/command system that uses new Function(...) to execute dynamically constructed code in the worker context. This is a strong supply-chain/malicious capability indicator because it provides arbitrary code execution within the client/browser context and can be triggered via message payloads if any attacker-controlled input can reach the command layer. Treat this package as suspicious and require containment and deeper validation (e.g., inspect full source for command allowlists, remove/disable worker execution, and perform static/dynamic behavior analysis in an isolated environment).

The script performs automated and potentially malicious actions such as spamming or SEO manipulation by creating and publishing npm packages and posting links on WordPress sites. The hardcoded credentials and lack of user interaction or validation increase the risk and potential for misuse.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This module contains clear data-exfiltration capabilities: it writes user passwords to an unprotected local file and unconditionally transmits that file plus arbitrary filesystem contents and directory metadata to a hardcoded external IP:port. The combination of hardcoded remote endpoint, insecure credential handling, and unrestricted file sync is high risk and strongly suggests malicious or at minimum unsafe behavior. Do not run or trust this package in a sensitive environment. If this is intended as a legitimate sync client, it needs immediate remediation: remove hardcoded endpoint, implement secure credential storage, add allowlists/confirmation and size limits, and audit/verify transport authentication (TLS/PKI).

The wrapper is highly suspicious: it intentionally hides its runtime code in a compressed, encoded blob and executes it unconditionally at import time. This pattern is frequently used to conceal malicious behavior. Without decompressing and inspecting the payload, a definitive determination cannot be made, but the risk is substantial. Treat the module as unsafe until the embedded payload is inspected in a safe environment.

Live on pypi for 1 day, 14 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The fragment programmatically builds and returns signed subscribe transactions and additional signed 'profit' transactions that transfer a hardcoded per-address fee to a profit recipient. These profit transactions are signed using subscribers' private keys (the payer chosen being the subscriber with the largest amount). This behavior is suspicious and dangerous: it can siphon funds from participants without clear, explicit consent in the shown code. Treat this module as high risk; do not provide private keys to it, require a full audit of buildProfitHopTransactions() and getProfitRecipient(), and demand explicit opt-in/visibility before use.

High security risk. If props.html is attacker-influenced or not strictly allowlisted, this component provides an arbitrary code execution primitive: it parses embedded inline scripts, dynamically compiles/validates them via new Function(...), and appends reconstructed <script> elements into document.body (triggering execution in the host page context). It also injects extracted <style> content into document.head. No real sandboxing or sanitization is implemented in this module.

The code presents a significant security risk due to the execution of commands from an external file without validation. If an attacker can modify 'preinstall.json', they can execute arbitrary commands, leading to potential system compromise.

The code effectively creates a remote terminal backdoor-like capability via gotty on macOS, with minimal visibility due to silent I/O and hard-coded paths. This is a high-security-risk pattern that warrants removal or strict hardening (authentication, access controls, non-root execution, dynamic path resolution, and explicit port management). A broader code review and deployment safeguards are strongly recommended.

The code accepts remote plugin metadata and uses it to generate Python source which is executed at runtime via exec(). This is a high-risk supply-chain pattern: if the manager API or any attacker controlling it can return crafted plugin fields, they can achieve remote code execution in the environment running this script. Additionally, the script sends an environment TOKEN to a remote domain and prints it to stdout, which can leak credentials. While no explicit obfuscated or obviously payload-bearing code is present in this file, the dynamic exec + eval use and reliance on untrusted external data make this module dangerous to run untrusted data against. Recommend not using this code in production without strong validation, removing exec/eval, and not sending/printing secrets.

Live on pypi for 6 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This package executes an unchecked local script during install (both preinstall and postinstall). That behavior is potentially dangerous because callback.js can perform arbitrary actions (network exfiltration, running shells, modifying the system). Although the package claims to be a security research PoC, you must inspect the contents of callback.js before installing or running this package. If you cannot review it, treat the package as high risk and avoid installing it in sensitive environments.

Live on npm for 1 day, 23 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This ACE snippet file is mostly benign static snippet definitions, but it contains a clearly malicious/inappropriate embedded template expression that attempts to execute shell commands (reading /etc/passwd) via system(...). If any consumer evaluates template expressions in snippetText (particularly in privileged or server-side contexts), this will enable local information disclosure and arbitrary command execution. Treat the file as unsafe: remove or sanitize the system(...) invocation, audit any environments that consumed the snippetText, and consider this a supply-chain red flag. For typical browser-only ACE usage the payload is likely inert, but do not assume safety in privileged runtimes.

The primary security concern is the execution of arbitrary JavaScript from an external, untrusted domain ('http://untitled.cz/hotsync/ui.js') within the context of the local statistics web server. This creates a significant risk of Cross-Site Scripting (XSS), data exfiltration, or malware delivery. Additionally, storing FTP credentials in plain text within the configuration file poses a risk if the file is compromised. The provided reports were placeholders and did not offer specific findings.

This code contains a covert, targeted, and disruptive payload embedded in a UI library. For users with Russian language settings on Russian TLD hosts, after a persisted 3-day delay the code disables page interaction and injects & autoplays a looped audio file served from a hardcoded external domain. This behavior is unrelated to a modal/toast library, lacks consent/opt-in, and constitutes supply-chain sabotage or malicious prank. Treat this package version as compromised: remove or block it, audit repository history and maintainers, and update to a known-clean release. If this code is present in your dependency graph, consider immediate remediation and incident response steps.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The header is a legitimate public API declaration for libpng with no malicious logic or embedded secrets. Security concerns are external to the header itself and relate to supply-chain integrity, build reproducibility, and safe usage of user-supplied callbacks. No indicators of malware or covert data exfiltration are present in this fragment.

The code fragment primarily reflects legitimate DeFi transaction construction patterns, but contains a critical anomaly: a hard-coded fund transfer in simulateAccountHealthCache that could fund the margin caller without explicit consent or gating. This pattern constitutes a backdoor-like risk and should be removed or strictly gated behind feature flags, with production logging minimized. The remaining architecture (oracle integrations, swap flows, and deposit/borrow logic) should be reviewed for hard-coded secrets and to ensure no other covert fund movements exist. Recommend removing the hard-coded transfer, securing or gating health simulation paths, and pruning verbose logs for production.

This file immediately issues an HTTP POST to https://api-server-oj5h[.]onrender[.]com/checkServer, parses the JSON response for a ‘check’ string, then constructs and invokes new Function('require', check) with the host’s module loader. This grants any payload returned by the remote endpoint unrestricted access to require('fs'), require('child_process'), require('net'), environment variables, and more—allowing file reads/writes, command execution, data exfiltration, backdoor installation, or persistence. There are no integrity checks, sandboxing, or allowlists, and failures are silently logged, making this a critical malicious supply-chain backdoor risk.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

The code contains potentially dangerous functionality: it allows database-controlled filesystem paths to be passed to launchctl load/unload and to be read back by the application without validation or shown authorization. This can enable persistence or privileged actions if an attacker can create/modify Plist records or invoke these methods remotely. There is no evidence of obfuscation or intentional malware, but the design presents a notable supply-chain/privilege risk and should be hardened before use in exposed contexts.

This module presents a high-severity supply-chain/runtime risk: it accepts command text via a model and executes it with subprocess.run(shell=True). If Command.command can be set from untrusted sources, the code enables remote code execution. The validation step uses an opsmate.dino-decorated async function that likely sends the command string to an external service, introducing possible data leakage. The file contains multiple logic/implementation bugs (incorrect return types, malformed templates) but these do not mitigate the primary security issue. Recommendations: do not instantiate/execute Command objects with untrusted input; remove or strictly sandbox subprocess usage (avoid shell=True, use shlex.split or direct args and restrict allowed commands); remove or audit any external-service decorator usage that transmits sensitive strings; fix type/logic bugs and complete templates before production. No clear signs of intentional malware were found, but the RCE and data-exfiltration risks are substantial.

This code is intentionally obfuscated and implements a remote-controlled payload delivery mechanism that writes arbitrary content into the user's clipboard with minimal user indication. It builds an RC4 key from an embedded string, decrypts an input token, optionally fetches a remote image and extracts a hidden payload after a sentinel marker, decodes it and silently writes it to the clipboard. That pattern enables covert clipboard poisoning and dynamic delivery of potentially malicious data. While the snippet does not contain an explicit remote command execution or reverse shell, the capability to place attacker-controlled data into the clipboard without user consent is a significant security and privacy risk. Recommendation: treat as high-risk — remove or restrict clipboard-write behavior, require explicit user consent, audit remote endpoint(s), and deobfuscate/verify key material and payload signing before any use.

This module is a strong cryptomining orchestrator: it auto-starts a mining controller, configures an XMR pool endpoint via defaults, and loads a specific miner identifier. It also exposes an HTTP server that can leak internal system/performance data (/status) and accepts remote settings updates via POST /settings without authentication or validation in this file. While direct malware/exfiltration beyond mining is not shown here, the overall behavior and remote control surface make this a high-risk supply-chain component that warrants deeper inspection of ./miners.controller and related modules before use.

Live on npm for 15 hours before removal. Socket users were protected even while the package was live.

This file is high-risk: it deliberately hides executable code in a compressed/base64 blob and exec()s it with no validation. That pattern is commonly used to conceal malicious behavior in supply-chain attacks. Treat the package as untrusted until the embedded payload is decoded and thoroughly audited in an isolated environment. Do not import or run this module in production or on any host with sensitive data until analysis completes.

Live on pypi for 2 days, 12 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This code actively probes AWS, GCP, and Azure instance metadata services and saves any returned tokens/credentials to /tmp/poc.txt. That behavior is strongly indicative of credential harvesting used in post-compromise tooling. Even without explicit exfiltration in this fragment, writing sensitive metadata to an unprotected temporary file is a high-severity risk. Treat this code as malicious or as a high-risk backdoor: remove or disable it, investigate for related exfiltration code, audit instance for compromise, and rotate any potentially exposed credentials. Do not run this in production.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This module is primarily geometry/WKT parsing and math, but it also bundles a high-risk dynamic execution subsystem: it spawns an embedded base64/data-url Web Worker and includes a message-driven RPC/command system that uses new Function(...) to execute dynamically constructed code in the worker context. This is a strong supply-chain/malicious capability indicator because it provides arbitrary code execution within the client/browser context and can be triggered via message payloads if any attacker-controlled input can reach the command layer. Treat this package as suspicious and require containment and deeper validation (e.g., inspect full source for command allowlists, remove/disable worker execution, and perform static/dynamic behavior analysis in an isolated environment).

The script performs automated and potentially malicious actions such as spamming or SEO manipulation by creating and publishing npm packages and posting links on WordPress sites. The hardcoded credentials and lack of user interaction or validation increase the risk and potential for misuse.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This module contains clear data-exfiltration capabilities: it writes user passwords to an unprotected local file and unconditionally transmits that file plus arbitrary filesystem contents and directory metadata to a hardcoded external IP:port. The combination of hardcoded remote endpoint, insecure credential handling, and unrestricted file sync is high risk and strongly suggests malicious or at minimum unsafe behavior. Do not run or trust this package in a sensitive environment. If this is intended as a legitimate sync client, it needs immediate remediation: remove hardcoded endpoint, implement secure credential storage, add allowlists/confirmation and size limits, and audit/verify transport authentication (TLS/PKI).

The wrapper is highly suspicious: it intentionally hides its runtime code in a compressed, encoded blob and executes it unconditionally at import time. This pattern is frequently used to conceal malicious behavior. Without decompressing and inspecting the payload, a definitive determination cannot be made, but the risk is substantial. Treat the module as unsafe until the embedded payload is inspected in a safe environment.

Live on pypi for 1 day, 14 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The fragment programmatically builds and returns signed subscribe transactions and additional signed 'profit' transactions that transfer a hardcoded per-address fee to a profit recipient. These profit transactions are signed using subscribers' private keys (the payer chosen being the subscriber with the largest amount). This behavior is suspicious and dangerous: it can siphon funds from participants without clear, explicit consent in the shown code. Treat this module as high risk; do not provide private keys to it, require a full audit of buildProfitHopTransactions() and getProfitRecipient(), and demand explicit opt-in/visibility before use.

High security risk. If props.html is attacker-influenced or not strictly allowlisted, this component provides an arbitrary code execution primitive: it parses embedded inline scripts, dynamically compiles/validates them via new Function(...), and appends reconstructed <script> elements into document.body (triggering execution in the host page context). It also injects extracted <style> content into document.head. No real sandboxing or sanitization is implemented in this module.

The code presents a significant security risk due to the execution of commands from an external file without validation. If an attacker can modify 'preinstall.json', they can execute arbitrary commands, leading to potential system compromise.

The code effectively creates a remote terminal backdoor-like capability via gotty on macOS, with minimal visibility due to silent I/O and hard-coded paths. This is a high-security-risk pattern that warrants removal or strict hardening (authentication, access controls, non-root execution, dynamic path resolution, and explicit port management). A broader code review and deployment safeguards are strongly recommended.

The code accepts remote plugin metadata and uses it to generate Python source which is executed at runtime via exec(). This is a high-risk supply-chain pattern: if the manager API or any attacker controlling it can return crafted plugin fields, they can achieve remote code execution in the environment running this script. Additionally, the script sends an environment TOKEN to a remote domain and prints it to stdout, which can leak credentials. While no explicit obfuscated or obviously payload-bearing code is present in this file, the dynamic exec + eval use and reliance on untrusted external data make this module dangerous to run untrusted data against. Recommend not using this code in production without strong validation, removing exec/eval, and not sending/printing secrets.

Live on pypi for 6 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This package executes an unchecked local script during install (both preinstall and postinstall). That behavior is potentially dangerous because callback.js can perform arbitrary actions (network exfiltration, running shells, modifying the system). Although the package claims to be a security research PoC, you must inspect the contents of callback.js before installing or running this package. If you cannot review it, treat the package as high risk and avoid installing it in sensitive environments.

Live on npm for 1 day, 23 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This ACE snippet file is mostly benign static snippet definitions, but it contains a clearly malicious/inappropriate embedded template expression that attempts to execute shell commands (reading /etc/passwd) via system(...). If any consumer evaluates template expressions in snippetText (particularly in privileged or server-side contexts), this will enable local information disclosure and arbitrary command execution. Treat the file as unsafe: remove or sanitize the system(...) invocation, audit any environments that consumed the snippetText, and consider this a supply-chain red flag. For typical browser-only ACE usage the payload is likely inert, but do not assume safety in privileged runtimes.

The primary security concern is the execution of arbitrary JavaScript from an external, untrusted domain ('http://untitled.cz/hotsync/ui.js') within the context of the local statistics web server. This creates a significant risk of Cross-Site Scripting (XSS), data exfiltration, or malware delivery. Additionally, storing FTP credentials in plain text within the configuration file poses a risk if the file is compromised. The provided reports were placeholders and did not offer specific findings.