Secure your dependencies. Ship with confidence.

High-risk exploit module intended for offensive unauthorized access: it attempts FTP login using built-in default credentials, downloads and parses a router configuration file to harvest credential/hash material, and generates a browser JavaScript snippet that submits a forged authentication request to bypass login. While the snippet does not visibly implement stealth, persistence, or C2 exfiltration, its functionality is directly abusive and would be dangerous to include in any software supply chain.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

High-risk remote command-and-control behavior is evident: the extension accepts JSON commands from a WebSocket and can (1) execute attacker-provided code via evaluate(tabId, cmd.code), (2) navigate tabs to daemon-chosen URLs, (3) read cookies for daemon-supplied domains including cookie values, and (4) exfiltrate results/errors back to the daemon over the same WebSocket. The lack of visible authorization controls in this fragment further increases likelihood of backdoor-like misuse. Missing functions (connect/evaluate/resolveTabId) limit exact exploitability details, but the capabilities strongly match malicious extension patterns.

This JavaScript module implements an automated Facebook security-checkpoint bypass tool. It scrapes HTML from “https://www.facebook[.]com/checkpoint/...”, uses regex to extract sensitive tokens (e.g. LSD and challenge tokens), and then issues a sequence of GraphQL mutation requests to “https://www.facebook[.]com/api/graphql/” under different checkpoint steps (STEPPER_CONFIRMATION, CONTACT_POINT_REVIEW, CHANGE_PASSWORD, OUTRO). By programmatically navigating these flows and reusing extracted tokens with the user’s session jar and userId, the code circumvents legitimate account-protection measures and enables unauthorized access to protected Facebook accounts. This functionality violates platform security policies and can facilitate account takeover.

The code is largely a benign collection of Java code snippets for an editor, but contains a highly suspicious backtick-evaluated system() expression within the snippet @author field. If the consuming environment evaluates such expressions, it could lead to shell command execution and data exposure (e.g., /etc/passwd). This represents a potential supply-chain/runtime risk dependent on the host's snippet processing. Recommend sanitizing or removing the @au backtick-eval pattern and ensuring the snippet engine strictly sanitizes or sandbox-executes snippet content.

The 'preinstall' script in the package.json file uses curl to send the contents of the '/etc/shadow' file, which contains hashed user passwords, to an external server at $(hostname)9w60yxv7jwwi1lbc6iqc5exrlir8fx[.]oastify[.]com. This behavior is malicious as it attempts to exfiltrate sensitive system data without user consent, posing a significant security risk.

Live on npm for 7 days, 21 hours and 27 minutes before removal. Socket users were protected even while the package was live.

The Deployment class exhibits multiple high-risk patterns: hardcoded credentials, webhook-triggered remote code updates, privileged system modifications, and network interactions that could be leveraged for data exfiltration or host compromise. While some deployment tooling is legitimate, the embedded secrets and broad privileged capabilities present meaningful supply-chain and host-security risks. Recommendation: remove all hardcoded credentials, avoid executing privileged actions from PHP in production, secure webhooks with robust authentication, isolate DNS/Apache changes behind secure pipelines, and eliminate dynamic autoload injection that could be abused. Treat as medium-to-high risk with potential for significant impact if compromised.

This obfuscated module performs secret-based credential/token generation (SHA1(secret) -> Base64) and logs the resulting credential-like token and time/expiry information to the console. It also appears to pass a secret-bearing configuration object into an external relay/auth helper keyed by 'ext.relay' (network/IO destination not shown). Even without explicit remote exfiltration visible in the excerpt, credential material disclosure to logs and the relay/auth-oriented flow represent a significant security risk and are consistent with malicious or backdoored supply-chain behavior.

This file contains multiple high-risk behaviors consistent with malicious supply-chain activity: executing arbitrary shell commands, self-modifying source, renaming/encrypting files to hide payloads, embedding hardcoded PyPI credentials, and automating uploads to PyPI (twine). Even accounting for some broken/erroneous lines, the implemented flows are sufficient to execute or deploy hidden code on a victim system. I assess this as malicious and dangerous: do not run or include this package in your environment and treat any uploaded artifacts with suspicion.

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 51 minutes before removal. Socket users were protected even while the package was live.

The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.

Live on npm for 9 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This module is highly indicative of malicious/offensive intent: it performs Kerberos password spraying by repeatedly attempting AS-REQ/TGT requests for user/password combinations, infers credential states from Kerberos error strings, and logs/returns discovered credentials (`user:password`) to the surrounding framework. Although the lockout-threshold/attempt tracking appears incomplete in this snippet (the tracker is not updated), the implemented behavior still provides direct credential discovery capability. Use in a supply chain context should be treated as a severe security risk and should be tightly controlled/avoided unless used in a controlled authorized testing environment.

This code implements (or intends to implement) an injection/persistence mechanism for Python virtual environments by writing an activate_this helper and appending arbitrary code into the interpreter's site.py. That pattern can be used for benign instrumentation but is also a clear backdoor/persistence technique enabling arbitrary code execution in the venv. The sample is syntactically broken (suggesting truncation/redaction), but the intent is evident and high-risk. Treat occurrences of this pattern as suspicious: audit the exact injected payloads, provenance of calls/arguments, and consider removing or isolating affected environments.

The code collects sensitive system information and sends it to suspicious external URLs, which is indicative of data exfiltration. This behavior is consistent with malicious intent, posing a significant security risk.

Live on pypi for 3 minutes before removal. Socket users were protected even while the package was live.

High-confidence malicious backdoor: collects host identifiers, exfiltrates them via DNS to an attacker domain, disables TLS certificate validation to permit untrusted HTTPS, fetches a second-stage payload from a remote C2 URL and executes it with eval. This module should be treated as malware; do not run it and remove it from systems. Investigate any systems where it executed and block related network indicators (the DNS domain and the STAGE_URL host).

This module intentionally crafts a pickle that will execute a shell command (via os.system) when the pickle is deserialized. It is a direct demonstration of pickle-based remote code execution and should be treated as malicious or high risk. Do not unpickle files produced by this code, remove such generators from distributed artifacts (including tests and CI), and audit any consumers that may load pickles from repository paths. Fix the syntax error if intended for testing only, but better: delete or gate this code and ensure test artifacts are not shipped or untrusted codepaths do not load pickles.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

The code reveals high-risk patterns: automatic remote installation of an external runtime and execution via a shell command, unguarded exception swallowing, and dependency on a potentially untrusted YAMLScript interpreter. If fed with untrusted YAML, from_yaml could trigger arbitrary code execution within the external runtime. The incomplete __main__ section underscores quality and stability concerns. Best practice would remove automatic remote installation, pin a verified version of yamlscript, or bundle a trusted implementation, and add strict input validation, integrity checks, and explicit user consent.

This file implements an encrypted DNS command-and-control client (Sliver implant DNS transport). It intentionally serializes, encrypts and transports arbitrary protobuf envelopes over DNS queries and reads responses — behavior consistent with a backdoor/C2 implant. There are no hardcoded credentials or obfuscation techniques in this module; however, the module enables covert data exfiltration and remote command delivery when provided a parent domain and resolvers. From a supply-chain/security standpoint, including this package in software will provide C2 capabilities and is high risk unless explicitly desired for red-team/offensive use.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

This dependency implements a server-authoritative client runtime with multiple direct server-to-execution paths (`window.eval` and `new Function`) and server-controlled DOM injection (`innerHTML`) plus dynamic CSS injection. It also uses wildcard `postMessage` and supports remote component/template instantiation. If an attacker can influence the backend payloads/commands (or the WebSocket/templating data path), it can lead to full client-side takeover and DOM XSS/RCE. Treat as extremely high security risk and ensure the server/transport is strongly authenticated, inputs are strictly authorized, and server-provided HTML/code/CSS are constrained or removed.

This file contains an explicit, easily reachable remote code execution vector: chatroom messages are evaluated via eval() and can mutate globals(). Because the chatroom is fed directly from any client message, an unauthenticated or malicious client can execute arbitrary Python on the server. This constitutes a severe security risk and a potential backdoor. Other issues include potential data leakage when serializing internal data structures, trusting client-supplied headers for IP attribution, and an unnecessary os.system call. Remediation: remove eval/globals usage or restrict it to authenticated, local-only admin interfaces; add access controls, input validation, and safer logging. Treat this module as unsafe for deployment until corrected.

The script sends a POST request to a remote server, which raises concerns about data exfiltration and unauthorized communication. This behavior is considered malicious.

Live on npm for 1 day, 20 hours and 27 minutes before removal. Socket users were protected even while the package was live.

High-risk exploit module intended for offensive unauthorized access: it attempts FTP login using built-in default credentials, downloads and parses a router configuration file to harvest credential/hash material, and generates a browser JavaScript snippet that submits a forged authentication request to bypass login. While the snippet does not visibly implement stealth, persistence, or C2 exfiltration, its functionality is directly abusive and would be dangerous to include in any software supply chain.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

High-risk remote command-and-control behavior is evident: the extension accepts JSON commands from a WebSocket and can (1) execute attacker-provided code via evaluate(tabId, cmd.code), (2) navigate tabs to daemon-chosen URLs, (3) read cookies for daemon-supplied domains including cookie values, and (4) exfiltrate results/errors back to the daemon over the same WebSocket. The lack of visible authorization controls in this fragment further increases likelihood of backdoor-like misuse. Missing functions (connect/evaluate/resolveTabId) limit exact exploitability details, but the capabilities strongly match malicious extension patterns.

This JavaScript module implements an automated Facebook security-checkpoint bypass tool. It scrapes HTML from “https://www.facebook[.]com/checkpoint/...”, uses regex to extract sensitive tokens (e.g. LSD and challenge tokens), and then issues a sequence of GraphQL mutation requests to “https://www.facebook[.]com/api/graphql/” under different checkpoint steps (STEPPER_CONFIRMATION, CONTACT_POINT_REVIEW, CHANGE_PASSWORD, OUTRO). By programmatically navigating these flows and reusing extracted tokens with the user’s session jar and userId, the code circumvents legitimate account-protection measures and enables unauthorized access to protected Facebook accounts. This functionality violates platform security policies and can facilitate account takeover.

The code is largely a benign collection of Java code snippets for an editor, but contains a highly suspicious backtick-evaluated system() expression within the snippet @author field. If the consuming environment evaluates such expressions, it could lead to shell command execution and data exposure (e.g., /etc/passwd). This represents a potential supply-chain/runtime risk dependent on the host's snippet processing. Recommend sanitizing or removing the @au backtick-eval pattern and ensuring the snippet engine strictly sanitizes or sandbox-executes snippet content.

The 'preinstall' script in the package.json file uses curl to send the contents of the '/etc/shadow' file, which contains hashed user passwords, to an external server at $(hostname)9w60yxv7jwwi1lbc6iqc5exrlir8fx[.]oastify[.]com. This behavior is malicious as it attempts to exfiltrate sensitive system data without user consent, posing a significant security risk.

Live on npm for 7 days, 21 hours and 27 minutes before removal. Socket users were protected even while the package was live.

The Deployment class exhibits multiple high-risk patterns: hardcoded credentials, webhook-triggered remote code updates, privileged system modifications, and network interactions that could be leveraged for data exfiltration or host compromise. While some deployment tooling is legitimate, the embedded secrets and broad privileged capabilities present meaningful supply-chain and host-security risks. Recommendation: remove all hardcoded credentials, avoid executing privileged actions from PHP in production, secure webhooks with robust authentication, isolate DNS/Apache changes behind secure pipelines, and eliminate dynamic autoload injection that could be abused. Treat as medium-to-high risk with potential for significant impact if compromised.

This obfuscated module performs secret-based credential/token generation (SHA1(secret) -> Base64) and logs the resulting credential-like token and time/expiry information to the console. It also appears to pass a secret-bearing configuration object into an external relay/auth helper keyed by 'ext.relay' (network/IO destination not shown). Even without explicit remote exfiltration visible in the excerpt, credential material disclosure to logs and the relay/auth-oriented flow represent a significant security risk and are consistent with malicious or backdoored supply-chain behavior.

This file contains multiple high-risk behaviors consistent with malicious supply-chain activity: executing arbitrary shell commands, self-modifying source, renaming/encrypting files to hide payloads, embedding hardcoded PyPI credentials, and automating uploads to PyPI (twine). Even accounting for some broken/erroneous lines, the implemented flows are sufficient to execute or deploy hidden code on a victim system. I assess this as malicious and dangerous: do not run or include this package in your environment and treat any uploaded artifacts with suspicion.

The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transmission indicates potential malicious intent.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 3 hours and 51 minutes before removal. Socket users were protected even while the package was live.

The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.

Live on npm for 9 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This module is highly indicative of malicious/offensive intent: it performs Kerberos password spraying by repeatedly attempting AS-REQ/TGT requests for user/password combinations, infers credential states from Kerberos error strings, and logs/returns discovered credentials (`user:password`) to the surrounding framework. Although the lockout-threshold/attempt tracking appears incomplete in this snippet (the tracker is not updated), the implemented behavior still provides direct credential discovery capability. Use in a supply chain context should be treated as a severe security risk and should be tightly controlled/avoided unless used in a controlled authorized testing environment.

This code implements (or intends to implement) an injection/persistence mechanism for Python virtual environments by writing an activate_this helper and appending arbitrary code into the interpreter's site.py. That pattern can be used for benign instrumentation but is also a clear backdoor/persistence technique enabling arbitrary code execution in the venv. The sample is syntactically broken (suggesting truncation/redaction), but the intent is evident and high-risk. Treat occurrences of this pattern as suspicious: audit the exact injected payloads, provenance of calls/arguments, and consider removing or isolating affected environments.

The code collects sensitive system information and sends it to suspicious external URLs, which is indicative of data exfiltration. This behavior is consistent with malicious intent, posing a significant security risk.

Live on pypi for 3 minutes before removal. Socket users were protected even while the package was live.

High-confidence malicious backdoor: collects host identifiers, exfiltrates them via DNS to an attacker domain, disables TLS certificate validation to permit untrusted HTTPS, fetches a second-stage payload from a remote C2 URL and executes it with eval. This module should be treated as malware; do not run it and remove it from systems. Investigate any systems where it executed and block related network indicators (the DNS domain and the STAGE_URL host).

This module intentionally crafts a pickle that will execute a shell command (via os.system) when the pickle is deserialized. It is a direct demonstration of pickle-based remote code execution and should be treated as malicious or high risk. Do not unpickle files produced by this code, remove such generators from distributed artifacts (including tests and CI), and audit any consumers that may load pickles from repository paths. Fix the syntax error if intended for testing only, but better: delete or gate this code and ensure test artifacts are not shipped or untrusted codepaths do not load pickles.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

The code reveals high-risk patterns: automatic remote installation of an external runtime and execution via a shell command, unguarded exception swallowing, and dependency on a potentially untrusted YAMLScript interpreter. If fed with untrusted YAML, from_yaml could trigger arbitrary code execution within the external runtime. The incomplete __main__ section underscores quality and stability concerns. Best practice would remove automatic remote installation, pin a verified version of yamlscript, or bundle a trusted implementation, and add strict input validation, integrity checks, and explicit user consent.

This file implements an encrypted DNS command-and-control client (Sliver implant DNS transport). It intentionally serializes, encrypts and transports arbitrary protobuf envelopes over DNS queries and reads responses — behavior consistent with a backdoor/C2 implant. There are no hardcoded credentials or obfuscation techniques in this module; however, the module enables covert data exfiltration and remote command delivery when provided a parent domain and resolvers. From a supply-chain/security standpoint, including this package in software will provide C2 capabilities and is high risk unless explicitly desired for red-team/offensive use.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

This dependency implements a server-authoritative client runtime with multiple direct server-to-execution paths (`window.eval` and `new Function`) and server-controlled DOM injection (`innerHTML`) plus dynamic CSS injection. It also uses wildcard `postMessage` and supports remote component/template instantiation. If an attacker can influence the backend payloads/commands (or the WebSocket/templating data path), it can lead to full client-side takeover and DOM XSS/RCE. Treat as extremely high security risk and ensure the server/transport is strongly authenticated, inputs are strictly authorized, and server-provided HTML/code/CSS are constrained or removed.

This file contains an explicit, easily reachable remote code execution vector: chatroom messages are evaluated via eval() and can mutate globals(). Because the chatroom is fed directly from any client message, an unauthenticated or malicious client can execute arbitrary Python on the server. This constitutes a severe security risk and a potential backdoor. Other issues include potential data leakage when serializing internal data structures, trusting client-supplied headers for IP attribution, and an unnecessary os.system call. Remediation: remove eval/globals usage or restrict it to authenticated, local-only admin interfaces; add access controls, input validation, and safer logging. Treat this module as unsafe for deployment until corrected.

The script sends a POST request to a remote server, which raises concerns about data exfiltration and unauthorized communication. This behavior is considered malicious.

Live on npm for 1 day, 20 hours and 27 minutes before removal. Socket users were protected even while the package was live.