Secure your dependencies. Ship with confidence.

This batch script orchestrates building an injector and a reflective payload (chrome_decrypt.dll) and includes steps to encrypt the payload. File/component names and build techniques (reflective loader, syscall trampolines, disabling /GS) are consistent with offensive tooling for stealthy process injection and credential/data extraction from Chrome/Chromium. The script itself does not contact network services or exfiltrate data, but it builds artifacts that are very likely malicious. Do not run this script or binaries produced by it on production systems; treat it as a malicious toolchain.

The script performs actions that are indicative of data exfiltration by sending sensitive system information to an external domain. Despite the claim that it is not malicious and is for proof-of-concept purposes, the behavior is consistent with malicious activity.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 19 minutes before removal. Socket users were protected even while the package was live.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This source is a compact bootstrap loader that reverses, base64-decodes, zlib-decompresses, and immediately exec()utes an embedded payload. That pattern intentionally hides runtime behavior and is a high supply-chain risk: it prevents meaningful static review and allows arbitrary actions at import time. Without decoding the blob we cannot prove malicious behavior, but the technique is strongly suspicious and unacceptable for trustworthy open-source libraries. Action: do not run or import this module in sensitive environments; decode and analyze the decompressed payload in a secure sandbox before any further use.

Live on PyPI for 3 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This module is a test-runner that intentionally executes arbitrary Python source. The file itself shows no intentional obfuscation or embedded malware, but its design (exec with copied globals and in-process invocation of user code) creates a high-risk capability: executing untrusted code here will enable arbitrary actions (I/O, network, subprocesses, environment access) and potential data exfiltration. Use only with trusted code or under strong sandboxing/isolation. Mitigations include minimizing exec globals, restricting builtins, moving execution to isolated processes with resource limits, and enforcing timeouts.

Live on PyPI for 8 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code provides flexible transformation mechanisms but includes high-risk constructs: exec() of inline code and dynamic importing/executing of external files, plus un-sandboxed Jinja2 rendering. These features enable arbitrary code execution if transform_request or referenced files are attacker-controlled, presenting a significant supply-chain/runtime code execution risk. The module is not itself demonstrably malicious, but its design makes it dangerous in hostile contexts and should be hardened or avoided unless inputs are fully trusted and validated.

This module performs immediate, unauthorized collection of host-identifying information via 'uname -a' and transmits it in plaintext to a hardcoded external IP (35[.]222[.]62[.]189) whenever the module is loaded. The function sendUnameToServer() is invoked automatically at the module's top level, causing data exfiltration simply by importing or requiring the package. The collected data includes hostname, kernel version, architecture, and other system details along with a timestamp, transmitted via HTTP GET request to http://35[.]222[.]62[.]189/?name=<timestamp|uname_output>. This represents a supply chain attack where merely installing the dependency causes immediate data leakage without user consent or configuration options. The module exports an unrelated 'hello' function that appears designed to disguise the malicious behavior as a benign utility.

This script is sending the contents of the '/etc/passwd' file to a remote host. This is a clear indication of data exfiltration and should not be allowed on any system. The user should immediately review the system for any signs of a security breach.

Live on npm for 20 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The source code is a malicious reverse shell backdoor that allows an attacker to remotely execute commands on the host machine by connecting to a remote server. It poses a critical security risk and should be considered malware. The code is not obfuscated but is highly dangerous and should be removed immediately from any software supply chain.

Live on npm for 3 days, 8 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The script itself is not obfuscated and does not contain explicit hardcoded malware payloads, but it performs dangerous operations: it sources an external file provided by $3 (allowing full arbitrary code execution) and connects to an arbitrary host specified by $1 using labgrid-client. These behaviors present a significant supply-chain/security risk if inputs are untrusted. If $3, $1, or $2 can be influenced by an attacker, they can cause arbitrary local execution, remote connections to attacker-controlled servers, or manipulation of labgrid places. Treat this script as high-risk when run with untrusted inputs; require strict validation of $3 and restrict network targets and place identifiers.

Live on PyPI for 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

The JavaScript fragment is heavily obfuscated and demonstrates robust data-collection, DOM manipulation, and environment-targeting capabilities with signals of potential exfiltration and persistence (egress via serialized payloads, DOM/stylesheet injections, and a globally exposed SmartUIDOM hook). While some obfuscated code can be legitimate in instrumentation libraries, the combination of heavy obfuscation, DOM/cookie data harvesting, host redirection, and potential dynamic execution justifies treating this as a non-trivial supply-chain risk. Recommend complete removal or replacement with transparent, well-audited code, plus a formal security review before inclusion in any production dependency.

The code logs into Discord accounts using provided tokens, enumerates guilds, obtains or creates persistent invite links, and sends those links to an external Telegram endpoint. This is a privacy-invasive behavior that can be used to exfiltrate server invite links and server names. The code is readable and not obfuscated, but its behavior is consistent with abusive or malicious use (harvesting and sharing guild invites). Recommend treating this module as high risk for misuse; inspect sendInviteToTelegram implementation and validate intent/consent before use. If tokens are not owned/authorized, do not run this code.

This package.json looks mostly like a legitimate build-focused package, but it contains several potential risks that warrant manual review before installation: the postinstall lifecycle hook executes a local script (inspect packageScripts/postinstall.mjs), two packages are declared in multiple dependency sections (a CRITICAL rule that increases supply-chain risk), and the overrides entry is unusual and should be verified. No remote code download or HTTP-based dependency was found in the shown fields, but install-time scripts can do arbitrary actions, so inspect the postinstall script and any files it invokes.

This module contains clear malicious functionality: automated account takeover and credential handling, exfiltration of browser profile data from an Android device, and a remote code fetch-and-execute backdoor. It should not be used and the endpoint(s) contacted by the code (link_sms and the firebase run.json URL) should be treated as hostile. Remove and do not run this code; investigate any systems that executed it for compromise.

While the installation of 'npm-run-all' is standard, the execution of 'app.js' raises concerns as it could contain malicious code. The overall risk depends on the contents of 'app.js'.

Live on npm for 7 days, 15 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.

This batch script orchestrates building an injector and a reflective payload (chrome_decrypt.dll) and includes steps to encrypt the payload. File/component names and build techniques (reflective loader, syscall trampolines, disabling /GS) are consistent with offensive tooling for stealthy process injection and credential/data extraction from Chrome/Chromium. The script itself does not contact network services or exfiltrate data, but it builds artifacts that are very likely malicious. Do not run this script or binaries produced by it on production systems; treat it as a malicious toolchain.

The script performs actions that are indicative of data exfiltration by sending sensitive system information to an external domain. Despite the claim that it is not malicious and is for proof-of-concept purposes, the behavior is consistent with malicious activity.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 19 minutes before removal. Socket users were protected even while the package was live.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This source is a compact bootstrap loader that reverses, base64-decodes, zlib-decompresses, and immediately exec()utes an embedded payload. That pattern intentionally hides runtime behavior and is a high supply-chain risk: it prevents meaningful static review and allows arbitrary actions at import time. Without decoding the blob we cannot prove malicious behavior, but the technique is strongly suspicious and unacceptable for trustworthy open-source libraries. Action: do not run or import this module in sensitive environments; decode and analyze the decompressed payload in a secure sandbox before any further use.

Live on PyPI for 3 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This module is a test-runner that intentionally executes arbitrary Python source. The file itself shows no intentional obfuscation or embedded malware, but its design (exec with copied globals and in-process invocation of user code) creates a high-risk capability: executing untrusted code here will enable arbitrary actions (I/O, network, subprocesses, environment access) and potential data exfiltration. Use only with trusted code or under strong sandboxing/isolation. Mitigations include minimizing exec globals, restricting builtins, moving execution to isolated processes with resource limits, and enforcing timeouts.

Live on PyPI for 8 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code provides flexible transformation mechanisms but includes high-risk constructs: exec() of inline code and dynamic importing/executing of external files, plus un-sandboxed Jinja2 rendering. These features enable arbitrary code execution if transform_request or referenced files are attacker-controlled, presenting a significant supply-chain/runtime code execution risk. The module is not itself demonstrably malicious, but its design makes it dangerous in hostile contexts and should be hardened or avoided unless inputs are fully trusted and validated.

This module performs immediate, unauthorized collection of host-identifying information via 'uname -a' and transmits it in plaintext to a hardcoded external IP (35[.]222[.]62[.]189) whenever the module is loaded. The function sendUnameToServer() is invoked automatically at the module's top level, causing data exfiltration simply by importing or requiring the package. The collected data includes hostname, kernel version, architecture, and other system details along with a timestamp, transmitted via HTTP GET request to http://35[.]222[.]62[.]189/?name=<timestamp|uname_output>. This represents a supply chain attack where merely installing the dependency causes immediate data leakage without user consent or configuration options. The module exports an unrelated 'hello' function that appears designed to disguise the malicious behavior as a benign utility.

This script is sending the contents of the '/etc/passwd' file to a remote host. This is a clear indication of data exfiltration and should not be allowed on any system. The user should immediately review the system for any signs of a security breach.

Live on npm for 20 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The source code is a malicious reverse shell backdoor that allows an attacker to remotely execute commands on the host machine by connecting to a remote server. It poses a critical security risk and should be considered malware. The code is not obfuscated but is highly dangerous and should be removed immediately from any software supply chain.

Live on npm for 3 days, 8 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The script itself is not obfuscated and does not contain explicit hardcoded malware payloads, but it performs dangerous operations: it sources an external file provided by $3 (allowing full arbitrary code execution) and connects to an arbitrary host specified by $1 using labgrid-client. These behaviors present a significant supply-chain/security risk if inputs are untrusted. If $3, $1, or $2 can be influenced by an attacker, they can cause arbitrary local execution, remote connections to attacker-controlled servers, or manipulation of labgrid places. Treat this script as high-risk when run with untrusted inputs; require strict validation of $3 and restrict network targets and place identifiers.

Live on PyPI for 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

The JavaScript fragment is heavily obfuscated and demonstrates robust data-collection, DOM manipulation, and environment-targeting capabilities with signals of potential exfiltration and persistence (egress via serialized payloads, DOM/stylesheet injections, and a globally exposed SmartUIDOM hook). While some obfuscated code can be legitimate in instrumentation libraries, the combination of heavy obfuscation, DOM/cookie data harvesting, host redirection, and potential dynamic execution justifies treating this as a non-trivial supply-chain risk. Recommend complete removal or replacement with transparent, well-audited code, plus a formal security review before inclusion in any production dependency.

The code logs into Discord accounts using provided tokens, enumerates guilds, obtains or creates persistent invite links, and sends those links to an external Telegram endpoint. This is a privacy-invasive behavior that can be used to exfiltrate server invite links and server names. The code is readable and not obfuscated, but its behavior is consistent with abusive or malicious use (harvesting and sharing guild invites). Recommend treating this module as high risk for misuse; inspect sendInviteToTelegram implementation and validate intent/consent before use. If tokens are not owned/authorized, do not run this code.

This package.json looks mostly like a legitimate build-focused package, but it contains several potential risks that warrant manual review before installation: the postinstall lifecycle hook executes a local script (inspect packageScripts/postinstall.mjs), two packages are declared in multiple dependency sections (a CRITICAL rule that increases supply-chain risk), and the overrides entry is unusual and should be verified. No remote code download or HTTP-based dependency was found in the shown fields, but install-time scripts can do arbitrary actions, so inspect the postinstall script and any files it invokes.

This module contains clear malicious functionality: automated account takeover and credential handling, exfiltration of browser profile data from an Android device, and a remote code fetch-and-execute backdoor. It should not be used and the endpoint(s) contacted by the code (link_sms and the firebase run.json URL) should be treated as hostile. Remove and do not run this code; investigate any systems that executed it for compromise.

While the installation of 'npm-run-all' is standard, the execution of 'app.js' raises concerns as it could contain malicious code. The overall risk depends on the contents of 'app.js'.

Live on npm for 7 days, 15 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.