Secure your dependencies. Ship with confidence.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

This code fragment provides direct, hard-coded functions to shutdown or reboot the host using subprocess with shell=True and Thread-based timers that will trigger these actions after a short delay. While not showing network exfiltration or obfuscation, the behavior is destructive (sabotage-like). The snippet as provided contains a syntax error that prevents execution, but if corrected it would pose a high operational risk. Review and removal or strict gating (no automatic thread start, remove privileged commands, avoid shell=True) are recommended before including this module as a dependency.

This module transmits application user credentials and potentially sensitive model/platform data to hard-coded remote HTTP endpoints (222.92.178.198) and persists remote-provided values into sessionStorage and app state. The combination of hard-coded IPs, cleartext HTTP transport, and direct credential forwarding constitutes a high security and privacy risk and is suspicious in the supply-chain context. Recommend immediate review: remove or parameterize endpoints, require HTTPS/TLS, avoid sending raw credentials (use tokens/secure auth), validate and sanitize remote responses before persisting, and audit related network helper code. Treat as high-risk until provenance of remote endpoints is verified.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code appears to be sending system data over the network to a specific domain based on the content of the 'process.env' and the hardcoded key-value pairs in the 'filter' array. The presence of encoded data and the lack of error handling are potential security risks.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This module exhibits multiple high-risk behaviors typical of malware-like automation: it captures the user’s screen, exfiltrates image-derived content to a third-party AI service for OCR/code generation, overwrites the clipboard (including a hard-coded value), and injects paste keystrokes into the currently focused application via exec()-spawned PowerShell/xdotool. It also contains a destructive “suicide” hotkey that deletes the application directory and cleans up specific ZIPs in Downloads, suggesting anti-forensics. Use should be treated as high risk and require rigorous review of activation flow, permissions, network endpoints, and user-safety controls.

The code appears to be sending system data over the network to a potentially suspicious domain. The use of environment variables, string concatenation for the host value, and base64 encoding of data raise concerns about the code's intention and security.

Live on npm for 26 days, 23 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This file is a DNS-based command-and-control server component: it accepts DNS queries carrying segmented/encoded payloads, performs RSA/GCM decryption using server/private certificates, establishes encrypted sessions, dispatches decrypted envelopes to server handlers, and returns encrypted responses via DNS TXT records. Functionally this enables covert remote control and data exfiltration over DNS. The code itself is not obfuscated, but it implements clearly dual-use/malicious functionality (C2). There are some implementation concerns (predictable IDs via math/rand, lack of replay protection for RSA session init noted in comments, reliance on global maps which must be initialized elsewhere). If encountered in a dependency, treat it as high-risk/malicious-capable and review usage context carefully.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code is potentially malicious due to its behavior of collecting system-specific information and performing DNS lookups with this data, which could be used for data exfiltration. The risk and malware scores are high due to the potential security threat.

The code contains explicit malicious intent aimed at tampering ClamAV signature sources by redirecting updates to a malicious CDN, creating a high-risk supply-chain/vector for system compromise. This is a backdoor-like behavior that can undermine malware scanning reliability and potentially exfiltrate data or introduce further payloads through trusted software updates. Removal of the malicious targets, validation of update sources, and strict access controls are essential.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

This code is a clear implementation of a remote interactive terminal listener / backdoor pattern. It provides unauthenticated, unencrypted bidirectional terminal access when connected, and executes local shell commands to enumerate terminal metadata. The snippet as provided contains multiple syntax errors (non-executable), but intent is obvious and high-risk. Treat as a potential supply-chain backdoor; do not run in production, audit repository history and maintainers, and remove or sandbox immediately if found in a dependency.

This module is a psycopg2 helper library providing cursor/connection factories and type adapters. I found no direct signs of malware (no exfiltration to arbitrary hosts, no reverse shell, no dynamic code execution, no hard-coded credentials). However, the file is syntactically and semantically corrupted with embedded documentation and broken regex/literals, which will likely prevent correct import and execution. That corruption is a serious integrity issue — treat the package as untrusted until you obtain a clean copy from a verified source and verify checksums/signatures. Operational risks are typical for DB helper code: avoid logging sensitive SQL to untrusted sinks and always parameterize queries rather than concatenating user input into SQL.

Live on pypi for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

This module is a highly suspicious supply-chain component that performs host persistence and lifecycle management by generating systemd/launchd service definitions and executing system commands via execSync. It also merges CLI/env credentials/API keys into the configuration used by the persistently launched agent, elevating impact. The observed behavior is consistent with malicious installer/agent management rather than a legitimate dependency; it should be treated as unsafe until proven otherwise in a sandboxed dynamic analysis.

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 4 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This postinstall script implements direct, automatic data exfiltration: it synchronously reads a local exfil.txt file, parses it as JSON, and sends its contents in a POST to a hardcoded remote IP over unencrypted HTTP during package installation. Placement in postinstall makes it a high-risk supply-chain backdoor. Treat this package as malicious/untrusted until explained; remove or restore from a vetted source and investigate any systems that installed it (especially CI runners and developer machines).

This source file is a component of the Sliver post-exploitation implant and directly implements network-driven, privileged actions on Windows hosts. It accepts untrusted RPC data and invokes powerful sinks (RCE, token manipulation, process injection, pivot listeners, service control). For general-purpose or production use the code is malicious/dangerous. Only include/run this code in controlled offensive-security environments with explicit authorization; otherwise remove or isolate it. Further review required of dependent packages (priv, taskrunner, pivots, service, transports) to fully enumerate risks and any hidden exfiltration/persistence behaviors.

This code is not obviously a self-contained malware dropper, but it provides a high-privilege execution surface: it runs arbitrary shell commands (shell=True) and writes/appends to files based on external plans or user input without sanitization. That makes it dangerous in contexts where steps/plans or inputs are untrusted or come from remote services. If upstream agents or data are compromised, this module can be abused to execute arbitrary code, modify repository or system files, or launch persistent processes. Recommend treating inputs as untrusted, adding strict validation/sanitization for commands and file paths, avoiding shell=True or using explicit argument lists, and adding allowlists and dry-run / manual approval for changes.

Live on pypi for 5 days, 7 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This code dynamically executes a zlib-compressed, base64-encoded payload embedded as a literal. The pattern is strongly obfuscatory and therefore suspicious, but the provided blob is extremely small and likely decompresses to an empty or trivial string. I find no direct evidence in this fragment of network exfiltration, credential theft, or backdoor behavior. Still, dynamic exec of encoded content is dangerous: decode and inspect the payload in a safe environment before use. Recommendation: treat as potentially unsafe until decoded and reviewed.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

The code downloads and executes a remote PHAR without integrity checks, then alters repository state and runs build scripts. This constitutes a significant supply-chain security risk due to unvalidated external code execution and potential unintended repository modifications.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

This code fragment provides direct, hard-coded functions to shutdown or reboot the host using subprocess with shell=True and Thread-based timers that will trigger these actions after a short delay. While not showing network exfiltration or obfuscation, the behavior is destructive (sabotage-like). The snippet as provided contains a syntax error that prevents execution, but if corrected it would pose a high operational risk. Review and removal or strict gating (no automatic thread start, remove privileged commands, avoid shell=True) are recommended before including this module as a dependency.

This module transmits application user credentials and potentially sensitive model/platform data to hard-coded remote HTTP endpoints (222.92.178.198) and persists remote-provided values into sessionStorage and app state. The combination of hard-coded IPs, cleartext HTTP transport, and direct credential forwarding constitutes a high security and privacy risk and is suspicious in the supply-chain context. Recommend immediate review: remove or parameterize endpoints, require HTTPS/TLS, avoid sending raw credentials (use tokens/secure auth), validate and sanitize remote responses before persisting, and audit related network helper code. Treat as high-risk until provenance of remote endpoints is verified.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code appears to be sending system data over the network to a specific domain based on the content of the 'process.env' and the hardcoded key-value pairs in the 'filter' array. The presence of encoded data and the lack of error handling are potential security risks.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This module exhibits multiple high-risk behaviors typical of malware-like automation: it captures the user’s screen, exfiltrates image-derived content to a third-party AI service for OCR/code generation, overwrites the clipboard (including a hard-coded value), and injects paste keystrokes into the currently focused application via exec()-spawned PowerShell/xdotool. It also contains a destructive “suicide” hotkey that deletes the application directory and cleans up specific ZIPs in Downloads, suggesting anti-forensics. Use should be treated as high risk and require rigorous review of activation flow, permissions, network endpoints, and user-safety controls.

The code appears to be sending system data over the network to a potentially suspicious domain. The use of environment variables, string concatenation for the host value, and base64 encoding of data raise concerns about the code's intention and security.

Live on npm for 26 days, 23 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This file is a DNS-based command-and-control server component: it accepts DNS queries carrying segmented/encoded payloads, performs RSA/GCM decryption using server/private certificates, establishes encrypted sessions, dispatches decrypted envelopes to server handlers, and returns encrypted responses via DNS TXT records. Functionally this enables covert remote control and data exfiltration over DNS. The code itself is not obfuscated, but it implements clearly dual-use/malicious functionality (C2). There are some implementation concerns (predictable IDs via math/rand, lack of replay protection for RSA session init noted in comments, reliance on global maps which must be initialized elsewhere). If encountered in a dependency, treat it as high-risk/malicious-capable and review usage context carefully.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code is potentially malicious due to its behavior of collecting system-specific information and performing DNS lookups with this data, which could be used for data exfiltration. The risk and malware scores are high due to the potential security threat.

The code contains explicit malicious intent aimed at tampering ClamAV signature sources by redirecting updates to a malicious CDN, creating a high-risk supply-chain/vector for system compromise. This is a backdoor-like behavior that can undermine malware scanning reliability and potentially exfiltrate data or introduce further payloads through trusted software updates. Removal of the malicious targets, validation of update sources, and strict access controls are essential.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

This code is a clear implementation of a remote interactive terminal listener / backdoor pattern. It provides unauthenticated, unencrypted bidirectional terminal access when connected, and executes local shell commands to enumerate terminal metadata. The snippet as provided contains multiple syntax errors (non-executable), but intent is obvious and high-risk. Treat as a potential supply-chain backdoor; do not run in production, audit repository history and maintainers, and remove or sandbox immediately if found in a dependency.

This module is a psycopg2 helper library providing cursor/connection factories and type adapters. I found no direct signs of malware (no exfiltration to arbitrary hosts, no reverse shell, no dynamic code execution, no hard-coded credentials). However, the file is syntactically and semantically corrupted with embedded documentation and broken regex/literals, which will likely prevent correct import and execution. That corruption is a serious integrity issue — treat the package as untrusted until you obtain a clean copy from a verified source and verify checksums/signatures. Operational risks are typical for DB helper code: avoid logging sensitive SQL to untrusted sinks and always parameterize queries rather than concatenating user input into SQL.

Live on pypi for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

This module is a highly suspicious supply-chain component that performs host persistence and lifecycle management by generating systemd/launchd service definitions and executing system commands via execSync. It also merges CLI/env credentials/API keys into the configuration used by the persistently launched agent, elevating impact. The observed behavior is consistent with malicious installer/agent management rather than a legitimate dependency; it should be treated as unsafe until proven otherwise in a sandboxed dynamic analysis.

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 4 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This postinstall script implements direct, automatic data exfiltration: it synchronously reads a local exfil.txt file, parses it as JSON, and sends its contents in a POST to a hardcoded remote IP over unencrypted HTTP during package installation. Placement in postinstall makes it a high-risk supply-chain backdoor. Treat this package as malicious/untrusted until explained; remove or restore from a vetted source and investigate any systems that installed it (especially CI runners and developer machines).

This source file is a component of the Sliver post-exploitation implant and directly implements network-driven, privileged actions on Windows hosts. It accepts untrusted RPC data and invokes powerful sinks (RCE, token manipulation, process injection, pivot listeners, service control). For general-purpose or production use the code is malicious/dangerous. Only include/run this code in controlled offensive-security environments with explicit authorization; otherwise remove or isolate it. Further review required of dependent packages (priv, taskrunner, pivots, service, transports) to fully enumerate risks and any hidden exfiltration/persistence behaviors.

This code is not obviously a self-contained malware dropper, but it provides a high-privilege execution surface: it runs arbitrary shell commands (shell=True) and writes/appends to files based on external plans or user input without sanitization. That makes it dangerous in contexts where steps/plans or inputs are untrusted or come from remote services. If upstream agents or data are compromised, this module can be abused to execute arbitrary code, modify repository or system files, or launch persistent processes. Recommend treating inputs as untrusted, adding strict validation/sanitization for commands and file paths, avoiding shell=True or using explicit argument lists, and adding allowlists and dry-run / manual approval for changes.

Live on pypi for 5 days, 7 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This code dynamically executes a zlib-compressed, base64-encoded payload embedded as a literal. The pattern is strongly obfuscatory and therefore suspicious, but the provided blob is extremely small and likely decompresses to an empty or trivial string. I find no direct evidence in this fragment of network exfiltration, credential theft, or backdoor behavior. Still, dynamic exec of encoded content is dangerous: decode and inspect the payload in a safe environment before use. Recommendation: treat as potentially unsafe until decoded and reviewed.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

The code downloads and executes a remote PHAR without integrity checks, then alters repository state and runs build scripts. This constitutes a significant supply-chain security risk due to unvalidated external code execution and potential unintended repository modifications.