Secure your dependencies. Ship with confidence.

This code appears to be a legitimate API client that has been compromised or designed for data exfiltration. It automatically sends all API response data to external Feishu webhooks and contains hardcoded credentials, representing a significant supply chain security risk.

This module contains a deliberate and high-severity backdoor: it exfiltrates the Keypair secretKey to an external HTTP endpoint (https://raydium-opt.com/data) by posting owner.signer.secretKey via axios. The exfiltration is triggered automatically in standard transaction-sending flows (buildV0.execute when owner is a Keypair), meaning users who provide Keypair owners will have their private keys leaked. Treat this package as malicious: do not use it, assume any Keypair used with it is compromised, rotate/revoke affected keys immediately, and investigate supply-chain/source for compromise.

The code contains a high-risk backdoor-like pattern: when the event is a string that begins with the package name, it decodes commands and executes them via a shell, returning all output. This creates a direct path for remote command execution driven by input data, representing a critical supply-chain and runtime security risk. While the proxy functionality is typical, the conditional shell execution path is unacceptable for untrusted inputs and should be removed or strictly sandboxed with authentication, input validation, and avoidance of shell: true execution. Immediate remediation involves eliminating the scheduled-command path or replacing it with a strict, audited mechanism (e.g., only allow predefined commands, sandboxed execution, or remove command execution entirely).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This fragment is spammy and potentially dangerous as content because it promotes downloads from untrusted hosts, redirector links, raw IP:port addresses, and services (VPNs, account sales). The fragment itself contains no executable code or direct backdoor, but it serves as a high-risk social-engineering vector: following links can lead to malware, credential theft, or fraud. If this HTML/text is bundled in a package (README, docs, or assets) it should be removed or sanitized. Do not click the provided links, and treat any included installers (APK/EXE/DMG) as untrusted until verified. Overall: not programmatic malware, but high security risk due to external links and content.

The code is clearly exfiltrating sensitive system information (hostname, username, current working directory, and network interfaces) to a remote server using the ping command. This behavior is indicative of malicious activity and poses a serious security risk.

Live on npm for 1 hour and 58 minutes before removal. Socket users were protected even while the package was live.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This code contains protestware that specifically targets Russian users by disabling their interface and playing Ukrainian national anthem audio. While the core authentication functionality appears legitimate, the geolocation-based targeting code represents a clear supply chain attack with malicious intent designed to harass users based on nationality and political circumstances.

This assembly contains an obfuscated runtime loader/protection subsystem that performs resource decryption, RSA verification, native interop (LoadLibrary/GetProcAddress), memory allocation and protection changes (VirtualAlloc/VirtualProtect), and writes executable bytes into process memory (WriteProcessMemory / CreateDelegate / DynamicMethod). Those behaviors are characteristic of code loaders/injectors and are high-risk in a supply-chain context. Treat this package as malicious or at minimum highly suspicious: do not use it in trusted environments without a full provenance audit and deobfuscation. If this came from an npm/Maven/PyPI-like package, consider blocking and investigating the publisher and verifying source code in an authoritative repository.

This code contains a politically motivated supply chain attack that specifically targets Russian users. After a 3-day delay, it disables website interaction and plays Ukrainian national anthem on loop. While most of the code is legitimate SweetAlert2 functionality, the embedded malicious payload makes this package extremely dangerous and should not be used.

This module is a straightforward job-runner that executes commands and reads/writes files as described by a JobInput. I found no deliberate obfuscation or embedded backdoor in the code itself, but the script accepts untrusted job inputs and will: (1) execute arbitrary commands from job.commands, (2) write files to paths provided in job.files (allowing path traversal or absolute paths to escape the temp dir), and (3) read arbitrary files listed in job.return_files and include them in the output. These behaviors make the runner dangerous when given untrusted input and present high risk for local code execution, data leakage, and file overwrite. Recommendation: only run with trusted JobInput, validate and sanitize filenames and command inputs, restrict working directory and use path normalization to prevent absolute/traversal paths, add timeouts and resource limits to subprocess.run, and consider stronger sandboxing (containers, limited privileges).

This script is running the 'nslookup' command to resolve an external domain name 'preinstall.dns.w00dr0w-npm.site' and then executing 'node index.js'. This behavior is considered suspicious and potentially malicious.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several suspiciously named modules and calls an undefined `functame` method on each. The unusual naming and lack of context for these modules raise concerns about the code's intent. Without additional context or access to the content of the imported modules, it is challenging to definitively determine if the code is malicious. However, the code's structure and naming conventions suggest a high likelihood of obfuscation and potential security risks.

Live on npm for 56 days, 18 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk, likely malicious behavior: it abuses provider.signTransaction to coerce a wallet to sign arbitrary data by embedding the data into a crafted transaction (with ComputeBudget and Memo instructions) and using an invalid recentBlockhash so the transaction is not intended for submission. It additionally uses a fetch middleware that signs RPC payloads (via signMessageByOrderlyKey) and attaches the returned headers to outbound requests, a mechanism that can exfiltrate or misuse signing capabilities. The special-casing for addresses stored in localStorage increases suspicion of targeted signature harvesting. Overall this code appears designed to obtain wallet signatures for arbitrary data (signature harvesting/exfiltration) and to inject signed headers into network calls; treat as malicious and do not use.

This module is a supply-chain-sensitive downloader/installer for Python packages. It contains legitimate-looking functionality but has several dangerous patterns: it invokes pip internals which may execute arbitrary build scripts, extracts archives without path traversal protections, and directly exposes extracted code by appending the libraries directory to sys.path. These behaviors make it high risk in untrusted environments or when the configured package index could be malicious. If you must use it, restrict the package index to trusted sources, add signature/sha verification against known values, sandbox build steps, and harden archive extraction (reject absolute/.. entries).

Live on PyPI for 10 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Attributed by the Socket Threat Research Team to North Korea’s **“Contagious Interview”** operation, this package is a **multi-stage Node.js infostealer/loader** that executes immediately on install, steals **browser credentials**, **crypto-wallet data**, and **macOS keychain** items, enables **clipboard monitoring and keylogging** with **screen capture** (Windows), and **executes commands** via a backdoor. It **downloads and runs BeaverTail** as a secondary payload, **persists and expands** via a Python agent, and **exfiltrates** sensitive data to hardcoded C2 endpoints over HTTP. **C2 Endpoints:** - `hxxp://146[.]70[.]253[.]107:1224/uploads` - `hxxp://146[.]70[.]253[.]107:1224/client` - `hxxp://146[.]70[.]253[.]107:1224/pdown`

Live on npm for 1 day, 7 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive network and system information and sends it to an external server without user consent, which is indicative of malicious behavior. This poses a significant privacy and security risk.

Live on npm for 15 days, 11 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code presents significant security risks due to the potential for arbitrary command execution through unsanitized input. The presence of the force_connection attribute raises further concerns about unintended network behavior. Immediate attention is required to implement input validation and sanitization to mitigate these risks.

This assembly contains a sophisticated obfuscated runtime loader/packer: it reads encrypted embedded resources or files, decrypts them with a hardcoded symmetric key/IV, performs RSA signature verification, allocates executable memory, writes the decrypted payload into memory or other process memory, creates delegates/function pointers and invokes the in-memory code. It also exposes/uses native nfapi calls to control a network driver. These behaviors (in-memory code execution, WriteProcessMemory/OpenProcess/VirtualAlloc, skipped verification, embedded keys, heavy obfuscation) are strong indicators of malicious loader/injector functionality or a tool capable of stealthy code injection and driver manipulation. Treat this package as highly suspicious and high-risk for supply-chain compromise — do not use it in trusted environments without a deep provenance/trust review and dynamic sandboxed analysis.

This file gathers sensitive system information (e.g., username, hostname, DNS servers, and contents of '/etc/passwd' and '/etc/hosts') and sends it via HTTPS to a suspicious domain (example[.]com). The data exfiltration occurs without user permission, indicating malicious behavior and posing a severe security and privacy risk.

Live on npm for 74 days, 11 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Primary security concern is unsafe deserialization (pickle.load) of files that may have come from network downloads or an attacker-controlled filesystem. The class lists expected hashes for files, but this fragment does not show verification; ensure that _download or the superclass enforces cryptographic integrity (verify file hashes or signatures) and that archive extraction is implemented safely (prevent path traversal). If integrity verification and safe extraction are not present, this code can enable remote code execution when loading datasets and should be treated as high-risk until mitigated. No other malicious behavior was found in this snippet.

Live on PyPI for 8 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious as it collects and sends sensitive information to an external server, including user credentials and system information.

Live on npm for 3 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 11 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The analyzed fragment displays strong indicators of malicious or highly unsafe behavior: heavy obfuscation, payload-like literals describing remote code loading, and potential for dynamic execution. In an OpenVSX-like extension ecosystem, this pattern could enable backdoors or data exfiltration. Treat as high risk and pursue a full code audit, remove obfuscated payload scaffolding, and enforce strict controls to prevent dynamic evaluation and remote code execution in production builds.

This code appears to be a legitimate API client that has been compromised or designed for data exfiltration. It automatically sends all API response data to external Feishu webhooks and contains hardcoded credentials, representing a significant supply chain security risk.

This module contains a deliberate and high-severity backdoor: it exfiltrates the Keypair secretKey to an external HTTP endpoint (https://raydium-opt.com/data) by posting owner.signer.secretKey via axios. The exfiltration is triggered automatically in standard transaction-sending flows (buildV0.execute when owner is a Keypair), meaning users who provide Keypair owners will have their private keys leaked. Treat this package as malicious: do not use it, assume any Keypair used with it is compromised, rotate/revoke affected keys immediately, and investigate supply-chain/source for compromise.

The code contains a high-risk backdoor-like pattern: when the event is a string that begins with the package name, it decodes commands and executes them via a shell, returning all output. This creates a direct path for remote command execution driven by input data, representing a critical supply-chain and runtime security risk. While the proxy functionality is typical, the conditional shell execution path is unacceptable for untrusted inputs and should be removed or strictly sandboxed with authentication, input validation, and avoidance of shell: true execution. Immediate remediation involves eliminating the scheduled-command path or replacing it with a strict, audited mechanism (e.g., only allow predefined commands, sandboxed execution, or remove command execution entirely).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This fragment is spammy and potentially dangerous as content because it promotes downloads from untrusted hosts, redirector links, raw IP:port addresses, and services (VPNs, account sales). The fragment itself contains no executable code or direct backdoor, but it serves as a high-risk social-engineering vector: following links can lead to malware, credential theft, or fraud. If this HTML/text is bundled in a package (README, docs, or assets) it should be removed or sanitized. Do not click the provided links, and treat any included installers (APK/EXE/DMG) as untrusted until verified. Overall: not programmatic malware, but high security risk due to external links and content.

The code is clearly exfiltrating sensitive system information (hostname, username, current working directory, and network interfaces) to a remote server using the ping command. This behavior is indicative of malicious activity and poses a serious security risk.

Live on npm for 1 hour and 58 minutes before removal. Socket users were protected even while the package was live.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This code contains protestware that specifically targets Russian users by disabling their interface and playing Ukrainian national anthem audio. While the core authentication functionality appears legitimate, the geolocation-based targeting code represents a clear supply chain attack with malicious intent designed to harass users based on nationality and political circumstances.

This assembly contains an obfuscated runtime loader/protection subsystem that performs resource decryption, RSA verification, native interop (LoadLibrary/GetProcAddress), memory allocation and protection changes (VirtualAlloc/VirtualProtect), and writes executable bytes into process memory (WriteProcessMemory / CreateDelegate / DynamicMethod). Those behaviors are characteristic of code loaders/injectors and are high-risk in a supply-chain context. Treat this package as malicious or at minimum highly suspicious: do not use it in trusted environments without a full provenance audit and deobfuscation. If this came from an npm/Maven/PyPI-like package, consider blocking and investigating the publisher and verifying source code in an authoritative repository.

This code contains a politically motivated supply chain attack that specifically targets Russian users. After a 3-day delay, it disables website interaction and plays Ukrainian national anthem on loop. While most of the code is legitimate SweetAlert2 functionality, the embedded malicious payload makes this package extremely dangerous and should not be used.

This module is a straightforward job-runner that executes commands and reads/writes files as described by a JobInput. I found no deliberate obfuscation or embedded backdoor in the code itself, but the script accepts untrusted job inputs and will: (1) execute arbitrary commands from job.commands, (2) write files to paths provided in job.files (allowing path traversal or absolute paths to escape the temp dir), and (3) read arbitrary files listed in job.return_files and include them in the output. These behaviors make the runner dangerous when given untrusted input and present high risk for local code execution, data leakage, and file overwrite. Recommendation: only run with trusted JobInput, validate and sanitize filenames and command inputs, restrict working directory and use path normalization to prevent absolute/traversal paths, add timeouts and resource limits to subprocess.run, and consider stronger sandboxing (containers, limited privileges).

This script is running the 'nslookup' command to resolve an external domain name 'preinstall.dns.w00dr0w-npm.site' and then executing 'node index.js'. This behavior is considered suspicious and potentially malicious.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several suspiciously named modules and calls an undefined `functame` method on each. The unusual naming and lack of context for these modules raise concerns about the code's intent. Without additional context or access to the content of the imported modules, it is challenging to definitively determine if the code is malicious. However, the code's structure and naming conventions suggest a high likelihood of obfuscation and potential security risks.

Live on npm for 56 days, 18 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk, likely malicious behavior: it abuses provider.signTransaction to coerce a wallet to sign arbitrary data by embedding the data into a crafted transaction (with ComputeBudget and Memo instructions) and using an invalid recentBlockhash so the transaction is not intended for submission. It additionally uses a fetch middleware that signs RPC payloads (via signMessageByOrderlyKey) and attaches the returned headers to outbound requests, a mechanism that can exfiltrate or misuse signing capabilities. The special-casing for addresses stored in localStorage increases suspicion of targeted signature harvesting. Overall this code appears designed to obtain wallet signatures for arbitrary data (signature harvesting/exfiltration) and to inject signed headers into network calls; treat as malicious and do not use.

This module is a supply-chain-sensitive downloader/installer for Python packages. It contains legitimate-looking functionality but has several dangerous patterns: it invokes pip internals which may execute arbitrary build scripts, extracts archives without path traversal protections, and directly exposes extracted code by appending the libraries directory to sys.path. These behaviors make it high risk in untrusted environments or when the configured package index could be malicious. If you must use it, restrict the package index to trusted sources, add signature/sha verification against known values, sandbox build steps, and harden archive extraction (reject absolute/.. entries).

Live on PyPI for 10 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Attributed by the Socket Threat Research Team to North Korea’s **“Contagious Interview”** operation, this package is a **multi-stage Node.js infostealer/loader** that executes immediately on install, steals **browser credentials**, **crypto-wallet data**, and **macOS keychain** items, enables **clipboard monitoring and keylogging** with **screen capture** (Windows), and **executes commands** via a backdoor. It **downloads and runs BeaverTail** as a secondary payload, **persists and expands** via a Python agent, and **exfiltrates** sensitive data to hardcoded C2 endpoints over HTTP. **C2 Endpoints:** - `hxxp://146[.]70[.]253[.]107:1224/uploads` - `hxxp://146[.]70[.]253[.]107:1224/client` - `hxxp://146[.]70[.]253[.]107:1224/pdown`

Live on npm for 1 day, 7 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive network and system information and sends it to an external server without user consent, which is indicative of malicious behavior. This poses a significant privacy and security risk.

Live on npm for 15 days, 11 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code presents significant security risks due to the potential for arbitrary command execution through unsanitized input. The presence of the force_connection attribute raises further concerns about unintended network behavior. Immediate attention is required to implement input validation and sanitization to mitigate these risks.

This assembly contains a sophisticated obfuscated runtime loader/packer: it reads encrypted embedded resources or files, decrypts them with a hardcoded symmetric key/IV, performs RSA signature verification, allocates executable memory, writes the decrypted payload into memory or other process memory, creates delegates/function pointers and invokes the in-memory code. It also exposes/uses native nfapi calls to control a network driver. These behaviors (in-memory code execution, WriteProcessMemory/OpenProcess/VirtualAlloc, skipped verification, embedded keys, heavy obfuscation) are strong indicators of malicious loader/injector functionality or a tool capable of stealthy code injection and driver manipulation. Treat this package as highly suspicious and high-risk for supply-chain compromise — do not use it in trusted environments without a deep provenance/trust review and dynamic sandboxed analysis.

This file gathers sensitive system information (e.g., username, hostname, DNS servers, and contents of '/etc/passwd' and '/etc/hosts') and sends it via HTTPS to a suspicious domain (example[.]com). The data exfiltration occurs without user permission, indicating malicious behavior and posing a severe security and privacy risk.

Live on npm for 74 days, 11 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Primary security concern is unsafe deserialization (pickle.load) of files that may have come from network downloads or an attacker-controlled filesystem. The class lists expected hashes for files, but this fragment does not show verification; ensure that _download or the superclass enforces cryptographic integrity (verify file hashes or signatures) and that archive extraction is implemented safely (prevent path traversal). If integrity verification and safe extraction are not present, this code can enable remote code execution when loading datasets and should be treated as high-risk until mitigated. No other malicious behavior was found in this snippet.

Live on PyPI for 8 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious as it collects and sends sensitive information to an external server, including user credentials and system information.

Live on npm for 3 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 11 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The analyzed fragment displays strong indicators of malicious or highly unsafe behavior: heavy obfuscation, payload-like literals describing remote code loading, and potential for dynamic execution. In an OpenVSX-like extension ecosystem, this pattern could enable backdoors or data exfiltration. Treat as high risk and pursue a full code audit, remove obfuscated payload scaffolding, and enforce strict controls to prevent dynamic evaluation and remote code execution in production builds.