Secure your dependencies. Ship with confidence.

This file defines a large local dumpJSON array and then, unconditionally when imported, uses a hard-coded cookie (including a login_token JWT) plus static aiStudioUrl (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio) and datasetId to authenticate and issue fetch GET to /api/datasets/{datasetId}/documents?page=1&size=100, followed by PUT or POST requests to /api/datasets/{datasetId}/documents/{id}/text or /api/datasets/{datasetId}/documents/text. Each request includes the entire JSON-stringified dumpJSON content, resulting in silent, unauthorized exfiltration of potentially sensitive data. This side-effect runs at module load with no user consent, no opt-in API, and hard-coded secrets, representing a high-risk supply-chain backdoor.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

Primary security concern is unsafe deserialization (pickle.load) of files that may have come from network downloads or an attacker-controlled filesystem. The class lists expected hashes for files, but this fragment does not show verification; ensure that _download or the superclass enforces cryptographic integrity (verify file hashes or signatures) and that archive extraction is implemented safely (prevent path traversal). If integrity verification and safe extraction are not present, this code can enable remote code execution when loading datasets and should be treated as high-risk until mitigated. No other malicious behavior was found in this snippet.

Live on pypi for 3 hours and 59 minutes before removal. Socket users were protected even while the package was live.

This module contains clear malicious capability: it captures user keyboard/mouse/touch input and injects it into a remote session over a network transport, and it additionally reads the user clipboard and transmits clipboard contents remotely. These are high-severity supply-chain security indicators (clipboard theft + remote interaction control).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module contains several high-risk indicators for supply-chain/data-exfiltration abuse: hardcoded auth token, embedded OSS credentials, disabled SSL verification, and multiple mechanisms to upload arbitrary local files to remote servers. While there is no direct evidence of destructive malware or obfuscated backdoors, the combination enables unauthorized data leakage to external domains. Treat this package as suspicious for use in environments handling sensitive data; remove or audit hardcoded credentials and re-enable TLS verification before trusting deployment.

Live on pypi for 7 hours and 35 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code poses a high security risk due to hardcoded credentials and automated publishing, which could be exploited for spamming or malicious distribution. The intent and use of the code are questionable.

Live on npm for 9 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The postinstall hook will execute a local send-stats.js if present. This is a potential telemetry/data-exfiltration vector and allows arbitrary code execution during install. It is not automatically malware, but it is high-risk: inspect the contents of send-stats.js before installing, and treat network activity from that script as suspicious. If you cannot audit it, consider blocking network access during install or removing the postinstall script.

The presence of eval() in the code raises significant concerns about potential security risks and malicious behavior. This code should be reviewed and the use of eval() should be carefully justified or removed. Overall, the code presents a high security risk.

Live on npm for 2 hours before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This package contains an automatic telemetry/backchannel performed at module initialization: it fetches IP/location info and posts environment data (OS version, machine name, process memory aggregate, loaded assemblies) to an external endpoint (https://ldqk.org/opensource/collect). The HttpClient used disables certificate validation for that connection. This behavior is unexpected for an Excel-export helper library and constitutes a supply-chain privacy/security concern. If the library is used in applications where such phone-home is undesired (server environments, sensitive networks) it should not be used or should be modified to remove the module initializer and telemetry. The rest of the code (Excel export and image handling) appears benign, but the automatic data collection/exfiltration is the primary risk.

The wrapper module is primarily a code-generation/mutation harness that writes Python modules into a provided directory and simulates git history. Although most generated business/data logic looks benign, it plants a critical malicious primitive: a churnapp config loader version that uses eval(f.read()) on configuration file contents, enabling arbitrary code execution if that loader is used with attacker-controlled config/path (or via CONFIG_PATH). This makes the overall supply-chain risk high even without visible network exfiltration or direct runtime malware in the provided fragment.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.

This code is clearly designed as offensive exploit tooling: it sends an attacker-controlled, credential-modifying HTTP POST to a specific router configuration endpoint to change the admin password without any authentication in this module. It also prints the new password to stdout/logs, increasing real-world sensitivity to credential leakage. No obfuscation is present, but the wildcard import implies additional framework behavior could exist outside the snippet. Overall risk is very high in any environment where it could be executed against non-consenting devices.

Executing 'calc.exe' is not inherently malicious, but it is an unusual behavior for an npm install script. This could be an indication of a potential security risk or an attempt to perform unauthorized actions on the system.

Live on npm for 2 days, 9 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The fragment contains a high-risk backdoor triggered via translation/language handling: a base64 payload embedded in many language cases is decompressed and echoed (then exits), enabling remote code delivery/execution. This represents a severe supply-chain/security risk for AdminNeo-like deployments. Immediate steps: disable or sandbox the translation-based payload path, verify upstream sources, apply strict package integrity controls, and audit all language/translation blocks for similar hidden payloads.

The code performs unauthorized exfiltration of sensitive system and package information to an external server without user consent. This behavior is malicious and constitutes a serious security and privacy risk. The code should be considered malware and avoided.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This file defines a large local dumpJSON array and then, unconditionally when imported, uses a hard-coded cookie (including a login_token JWT) plus static aiStudioUrl (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio) and datasetId to authenticate and issue fetch GET to /api/datasets/{datasetId}/documents?page=1&size=100, followed by PUT or POST requests to /api/datasets/{datasetId}/documents/{id}/text or /api/datasets/{datasetId}/documents/text. Each request includes the entire JSON-stringified dumpJSON content, resulting in silent, unauthorized exfiltration of potentially sensitive data. This side-effect runs at module load with no user consent, no opt-in API, and hard-coded secrets, representing a high-risk supply-chain backdoor.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

Primary security concern is unsafe deserialization (pickle.load) of files that may have come from network downloads or an attacker-controlled filesystem. The class lists expected hashes for files, but this fragment does not show verification; ensure that _download or the superclass enforces cryptographic integrity (verify file hashes or signatures) and that archive extraction is implemented safely (prevent path traversal). If integrity verification and safe extraction are not present, this code can enable remote code execution when loading datasets and should be treated as high-risk until mitigated. No other malicious behavior was found in this snippet.

Live on pypi for 3 hours and 59 minutes before removal. Socket users were protected even while the package was live.

This module contains clear malicious capability: it captures user keyboard/mouse/touch input and injects it into a remote session over a network transport, and it additionally reads the user clipboard and transmits clipboard contents remotely. These are high-severity supply-chain security indicators (clipboard theft + remote interaction control).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module contains several high-risk indicators for supply-chain/data-exfiltration abuse: hardcoded auth token, embedded OSS credentials, disabled SSL verification, and multiple mechanisms to upload arbitrary local files to remote servers. While there is no direct evidence of destructive malware or obfuscated backdoors, the combination enables unauthorized data leakage to external domains. Treat this package as suspicious for use in environments handling sensitive data; remove or audit hardcoded credentials and re-enable TLS verification before trusting deployment.

Live on pypi for 7 hours and 35 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code poses a high security risk due to hardcoded credentials and automated publishing, which could be exploited for spamming or malicious distribution. The intent and use of the code are questionable.

Live on npm for 9 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The postinstall hook will execute a local send-stats.js if present. This is a potential telemetry/data-exfiltration vector and allows arbitrary code execution during install. It is not automatically malware, but it is high-risk: inspect the contents of send-stats.js before installing, and treat network activity from that script as suspicious. If you cannot audit it, consider blocking network access during install or removing the postinstall script.

The presence of eval() in the code raises significant concerns about potential security risks and malicious behavior. This code should be reviewed and the use of eval() should be carefully justified or removed. Overall, the code presents a high security risk.

Live on npm for 2 hours before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This package contains an automatic telemetry/backchannel performed at module initialization: it fetches IP/location info and posts environment data (OS version, machine name, process memory aggregate, loaded assemblies) to an external endpoint (https://ldqk.org/opensource/collect). The HttpClient used disables certificate validation for that connection. This behavior is unexpected for an Excel-export helper library and constitutes a supply-chain privacy/security concern. If the library is used in applications where such phone-home is undesired (server environments, sensitive networks) it should not be used or should be modified to remove the module initializer and telemetry. The rest of the code (Excel export and image handling) appears benign, but the automatic data collection/exfiltration is the primary risk.

The wrapper module is primarily a code-generation/mutation harness that writes Python modules into a provided directory and simulates git history. Although most generated business/data logic looks benign, it plants a critical malicious primitive: a churnapp config loader version that uses eval(f.read()) on configuration file contents, enabling arbitrary code execution if that loader is used with attacker-controlled config/path (or via CONFIG_PATH). This makes the overall supply-chain risk high even without visible network exfiltration or direct runtime malware in the provided fragment.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.

This code is clearly designed as offensive exploit tooling: it sends an attacker-controlled, credential-modifying HTTP POST to a specific router configuration endpoint to change the admin password without any authentication in this module. It also prints the new password to stdout/logs, increasing real-world sensitivity to credential leakage. No obfuscation is present, but the wildcard import implies additional framework behavior could exist outside the snippet. Overall risk is very high in any environment where it could be executed against non-consenting devices.

Executing 'calc.exe' is not inherently malicious, but it is an unusual behavior for an npm install script. This could be an indication of a potential security risk or an attempt to perform unauthorized actions on the system.

Live on npm for 2 days, 9 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The fragment contains a high-risk backdoor triggered via translation/language handling: a base64 payload embedded in many language cases is decompressed and echoed (then exits), enabling remote code delivery/execution. This represents a severe supply-chain/security risk for AdminNeo-like deployments. Immediate steps: disable or sandbox the translation-based payload path, verify upstream sources, apply strict package integrity controls, and audit all language/translation blocks for similar hidden payloads.

The code performs unauthorized exfiltration of sensitive system and package information to an external server without user consent. This behavior is malicious and constitutes a serious security and privacy risk. The code should be considered malware and avoided.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.