Secure your dependencies. Ship with confidence.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

Although most of the code is a conventional UDP transport with heartbeat/log sending and a receive callback surface, HeartSender contains a high-suspicion persistence mechanism on Linux: it writes a SysV init.d script into /etc/init.d for the current process and then chmods it to 777, with the script starting './<processName> &' from a directory derived from constructor parameters. This is a strong indicator of malicious or at least unacceptable supply-chain behavior (persistence/tamperability). If used in production, it should be treated as a security alert and removed/disabled unless there is clear, documented, and permission-restricted legitimate intent.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains an intentionally concealed Python payload executed via exec at import time. That pattern is strongly suspicious and represents a high supply-chain risk: the hidden payload can perform arbitrary actions (networking, data access, persistence) without further user action. Do not import or run this package in any production or sensitive environment until the decompressed payload has been extracted and audited in a safe, isolated environment. Recommended action: treat as potentially malicious, decode/decompress the blob in a sandbox and perform manual code review and behavioral analysis before any trust.

Live on pypi for 3 days, 18 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

[Skill Scanner] Natural language instruction to download and install from URL detected The skill description is coherent and appropriate for a legitimate MCP-based HeyGen integration. It outlines standard toolflows, avoids embedding secrets, and manages sensitive outputs (video IDs, statuses, and shareable URLs) via trusted endpoints. No malicious behavior is evident; key security considerations center on token management, access scope, and handling of expiring shareable URLs. LLM verification: Functional design is coherent for HeyGen automation. The red flag is the undocumented third-party MCP endpoint (https://rube.app/mcp) used for authentication and API proxying — this concentrates credentials and content on an intermediary without a provided trust model. No explicit code-level malware indicators were found in the provided file, but the supply-chain/credential risk is significant unless the MCP operator is verified. Do not provide HeyGen credentials or upload sensitive content thro

This fragment exhibits high-risk supply-chain behavior characteristic of a dynamic remote code loader: it fetches and caches server-controlled content and then executes that content via `Function(...).call(window)`, while also dynamically injecting an external `<script>` from a server-provided URL. Without visible origin/integrity validation, this creates strong potential for arbitrary script execution in the host page if the endpoint or cached content is compromised.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

This package performs active data-leakage: it sends the installing user's username, hostname, and current working directory to an external HTTP endpoint during installation. This is telemetry/data exfiltration and constitutes a high security risk (unencrypted transmission, unknown remote host). Treat this as malicious or at minimum unwanted telemetry and avoid installing; inspect and remove these scripts or block network access if installation is necessary.

Live on npm for 5 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This template is documentation for an offensive malware toolkit (BYOB) and does not itself execute code or read inputs, but it explicitly documents and links to components that enable remote code execution, data theft, persistence, spreading, cryptomining, and ransomware. The file is not malicious by itself, but it describes highly malicious capabilities in the referenced codebase and therefore indicates a high security risk if that codebase is used. Treat the repository and its runtime components as malicious, review thoroughly, and do not run in production or on systems with sensitive data.

The fragment implements a standard API wrapper to update a user profile by assembling a payload, encrypting it, and sending it to a backend endpoint. While there are no explicit malicious actions detected in isolation, the encrypted payload path and data exfiltration risk hinge on external crypto implementation, endpoint trust, and data handling policies. Improvements should include better readability, explicit key management and crypto details, and stronger input validation to mitigate potential future data integrity issues. Overall, moderate security risk due to data sensitivity and opaque crypto handling, with low malware likelihood.

Live on npm for 1 day, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This code implements a malicious command-and-control server used to manage remote compromised Windows clients: it supports remote shell, keylogging, credential theft, file exfiltration, SOCKS proxies, miners, and DDoS control. It accepts encrypted client data, decodes and stores it, accepts file uploads into stealer directories, and allows admins (including a hardcoded/backdoor path) to issue commands that are delivered to clients. The code uses insecure practices (SQL string concatenation, MD5-based password handling, unsafe filename usage), which introduce additional injection/path traversal and authentication weaknesses. Do not use or include this package; it is explicitly malicious.

This script is a high-risk, dual-use tool whose primary behavior is to embed AES-encrypted shellcode into a C++ program and build a Windows executable intended to run that shellcode (GUI, no console). That capability is commonly used to create droppers, loaders, or backdoors. While the fragment contains syntax errors and an empty CPP_TEMPLATE (so it is not functional in this exact form), the intent and flow are clear and dangerous. If encountered in a dependency, treat it as malicious-capability enabling and investigate provenance and maintainers. Avoid using or distributing compiled outputs created by this script unless you have a clear, legitimate, documented purpose and authorization.

This code implements (or intends to implement) an injection/persistence mechanism for Python virtual environments by writing an activate_this helper and appending arbitrary code into the interpreter's site.py. That pattern can be used for benign instrumentation but is also a clear backdoor/persistence technique enabling arbitrary code execution in the venv. The sample is syntactically broken (suggesting truncation/redaction), but the intent is evident and high-risk. Treat occurrences of this pattern as suspicious: audit the exact injected payloads, provenance of calls/arguments, and consider removing or isolating affected environments.

This module contains unsafe patterns that allow arbitrary code execution when given untrusted configuration input. The key risks are use of eval() on configuration strings and dynamic importing/instantiation of classes named in configuration. There is no evidence of an included malicious payload, but the code makes it easy for a malicious or compromised configuration to run arbitrary Python code, modify class behavior at runtime, or attach persistent work and methods to instances. Treat configuration inputs as fully trusted only in safe environments; otherwise this package should be considered dangerous to use with untrusted config.

The code is heavily obfuscated, indicating an attempt to conceal its true functionality. It reads sensitive information from the file system and environment variables using modules like 'fs' and 'dotenv'. The code compresses user data directories, such as those related to Telegram, using the 'archiver' module. It then sends the collected and compressed data to external servers using hardcoded Telegram bot API keys, chat IDs, and Discord webhooks. The code utilizes the 'axios' library to make HTTP POST requests to transmit the data to these external services. Specifically, it sends data to endpoints such as discordapp[.]com/api/webhooks/... and api[.]telegram[.]org/bot<bot_token>/sendMessage. The presence of hardcoded webhook URLs and API endpoints suggests potential data exfiltration to malicious servers. This behavior poses a significant risk to user data and privacy by potentially exposing sensitive information to unauthorized third parties.

Live on npm for 17 days, 14 hours and 3 minutes before removal. Socket users were protected even while the package was live.

The code provides an unsafe bridge to Docker on the host, enabling execution of arbitrary containers based on untrusted HTTP input and host environment configuration. Without strict access controls, input validation, or removal of docker.sock exposure, it constitutes a high-security-risk pattern that could be exploited for remote code execution and host compromise.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The package triggers jspm to fetch and install additional packages during postinstall and uses non-registry dependency specifiers (git+ssh and github: source mappings). This is a supply-chain and remote-code-execution risk: the postinstall will cause network downloads and may execute untrusted code (including potential telemetry, data exfiltration, or system modification). Recommend auditing the referenced jspm-cli repository and any remotely resolved packages, or avoid running postinstall/jspm install in untrusted environments.

This assembly mixes legitimate imaging models and controller endpoints with a highly obfuscated runtime loader/unpacker that decrypts embedded data, allocates executable memory, performs native process memory operations (VirtualAlloc/VirtualProtect/OpenProcess/WriteProcessMemory), and dynamically generates and invokes delegates/IL. Those characteristics are strongly indicative of a runtime loader capable of injecting and executing code (in-process or into other processes). This is not normal for standard image processing libraries and constitutes a significant supply-chain / backdoor risk. I recommend treating this package as malicious/untrusted: do not use it in production, perform a full forensic review of the binary and the original source, and check any deployed systems that consumed this package for signs of compromise.

This module fragment contains a critical credential-exfiltration pattern: it reads EVM and Solana private keys from environment variables and returns them in JSON HTTP responses via sendJsonResponse. Even though a steward path masks the keys with placeholders, an empty catch block increases the chance of falling back to the real-key response path. The /api/wallet/nfts functionality involves normal network calls for NFT data, but the private-key disclosure dominates the security assessment and can enable immediate wallet compromise for any caller that can access the affected endpoint(s).

This package's install scripts are malicious/unsafe: they execute remote scripts via curl|bash and wget|sh with no integrity verification. This enables arbitrary code execution, potential data exfiltration, reverse shells, and other system compromise. Do not install or run this package; inspect and block the referenced URLs, and remove any systems that executed these scripts until they are audited.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

Although most of the code is a conventional UDP transport with heartbeat/log sending and a receive callback surface, HeartSender contains a high-suspicion persistence mechanism on Linux: it writes a SysV init.d script into /etc/init.d for the current process and then chmods it to 777, with the script starting './<processName> &' from a directory derived from constructor parameters. This is a strong indicator of malicious or at least unacceptable supply-chain behavior (persistence/tamperability). If used in production, it should be treated as a security alert and removed/disabled unless there is clear, documented, and permission-restricted legitimate intent.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains an intentionally concealed Python payload executed via exec at import time. That pattern is strongly suspicious and represents a high supply-chain risk: the hidden payload can perform arbitrary actions (networking, data access, persistence) without further user action. Do not import or run this package in any production or sensitive environment until the decompressed payload has been extracted and audited in a safe, isolated environment. Recommended action: treat as potentially malicious, decode/decompress the blob in a sandbox and perform manual code review and behavioral analysis before any trust.

Live on pypi for 3 days, 18 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

[Skill Scanner] Natural language instruction to download and install from URL detected The skill description is coherent and appropriate for a legitimate MCP-based HeyGen integration. It outlines standard toolflows, avoids embedding secrets, and manages sensitive outputs (video IDs, statuses, and shareable URLs) via trusted endpoints. No malicious behavior is evident; key security considerations center on token management, access scope, and handling of expiring shareable URLs. LLM verification: Functional design is coherent for HeyGen automation. The red flag is the undocumented third-party MCP endpoint (https://rube.app/mcp) used for authentication and API proxying — this concentrates credentials and content on an intermediary without a provided trust model. No explicit code-level malware indicators were found in the provided file, but the supply-chain/credential risk is significant unless the MCP operator is verified. Do not provide HeyGen credentials or upload sensitive content thro

This fragment exhibits high-risk supply-chain behavior characteristic of a dynamic remote code loader: it fetches and caches server-controlled content and then executes that content via `Function(...).call(window)`, while also dynamically injecting an external `<script>` from a server-provided URL. Without visible origin/integrity validation, this creates strong potential for arbitrary script execution in the host page if the endpoint or cached content is compromised.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

This package performs active data-leakage: it sends the installing user's username, hostname, and current working directory to an external HTTP endpoint during installation. This is telemetry/data exfiltration and constitutes a high security risk (unencrypted transmission, unknown remote host). Treat this as malicious or at minimum unwanted telemetry and avoid installing; inspect and remove these scripts or block network access if installation is necessary.

Live on npm for 5 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This template is documentation for an offensive malware toolkit (BYOB) and does not itself execute code or read inputs, but it explicitly documents and links to components that enable remote code execution, data theft, persistence, spreading, cryptomining, and ransomware. The file is not malicious by itself, but it describes highly malicious capabilities in the referenced codebase and therefore indicates a high security risk if that codebase is used. Treat the repository and its runtime components as malicious, review thoroughly, and do not run in production or on systems with sensitive data.

The fragment implements a standard API wrapper to update a user profile by assembling a payload, encrypting it, and sending it to a backend endpoint. While there are no explicit malicious actions detected in isolation, the encrypted payload path and data exfiltration risk hinge on external crypto implementation, endpoint trust, and data handling policies. Improvements should include better readability, explicit key management and crypto details, and stronger input validation to mitigate potential future data integrity issues. Overall, moderate security risk due to data sensitivity and opaque crypto handling, with low malware likelihood.

Live on npm for 1 day, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This code implements a malicious command-and-control server used to manage remote compromised Windows clients: it supports remote shell, keylogging, credential theft, file exfiltration, SOCKS proxies, miners, and DDoS control. It accepts encrypted client data, decodes and stores it, accepts file uploads into stealer directories, and allows admins (including a hardcoded/backdoor path) to issue commands that are delivered to clients. The code uses insecure practices (SQL string concatenation, MD5-based password handling, unsafe filename usage), which introduce additional injection/path traversal and authentication weaknesses. Do not use or include this package; it is explicitly malicious.

This script is a high-risk, dual-use tool whose primary behavior is to embed AES-encrypted shellcode into a C++ program and build a Windows executable intended to run that shellcode (GUI, no console). That capability is commonly used to create droppers, loaders, or backdoors. While the fragment contains syntax errors and an empty CPP_TEMPLATE (so it is not functional in this exact form), the intent and flow are clear and dangerous. If encountered in a dependency, treat it as malicious-capability enabling and investigate provenance and maintainers. Avoid using or distributing compiled outputs created by this script unless you have a clear, legitimate, documented purpose and authorization.

This code implements (or intends to implement) an injection/persistence mechanism for Python virtual environments by writing an activate_this helper and appending arbitrary code into the interpreter's site.py. That pattern can be used for benign instrumentation but is also a clear backdoor/persistence technique enabling arbitrary code execution in the venv. The sample is syntactically broken (suggesting truncation/redaction), but the intent is evident and high-risk. Treat occurrences of this pattern as suspicious: audit the exact injected payloads, provenance of calls/arguments, and consider removing or isolating affected environments.

This module contains unsafe patterns that allow arbitrary code execution when given untrusted configuration input. The key risks are use of eval() on configuration strings and dynamic importing/instantiation of classes named in configuration. There is no evidence of an included malicious payload, but the code makes it easy for a malicious or compromised configuration to run arbitrary Python code, modify class behavior at runtime, or attach persistent work and methods to instances. Treat configuration inputs as fully trusted only in safe environments; otherwise this package should be considered dangerous to use with untrusted config.

The code is heavily obfuscated, indicating an attempt to conceal its true functionality. It reads sensitive information from the file system and environment variables using modules like 'fs' and 'dotenv'. The code compresses user data directories, such as those related to Telegram, using the 'archiver' module. It then sends the collected and compressed data to external servers using hardcoded Telegram bot API keys, chat IDs, and Discord webhooks. The code utilizes the 'axios' library to make HTTP POST requests to transmit the data to these external services. Specifically, it sends data to endpoints such as discordapp[.]com/api/webhooks/... and api[.]telegram[.]org/bot<bot_token>/sendMessage. The presence of hardcoded webhook URLs and API endpoints suggests potential data exfiltration to malicious servers. This behavior poses a significant risk to user data and privacy by potentially exposing sensitive information to unauthorized third parties.

Live on npm for 17 days, 14 hours and 3 minutes before removal. Socket users were protected even while the package was live.

The code provides an unsafe bridge to Docker on the host, enabling execution of arbitrary containers based on untrusted HTTP input and host environment configuration. Without strict access controls, input validation, or removal of docker.sock exposure, it constitutes a high-security-risk pattern that could be exploited for remote code execution and host compromise.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The package triggers jspm to fetch and install additional packages during postinstall and uses non-registry dependency specifiers (git+ssh and github: source mappings). This is a supply-chain and remote-code-execution risk: the postinstall will cause network downloads and may execute untrusted code (including potential telemetry, data exfiltration, or system modification). Recommend auditing the referenced jspm-cli repository and any remotely resolved packages, or avoid running postinstall/jspm install in untrusted environments.

This assembly mixes legitimate imaging models and controller endpoints with a highly obfuscated runtime loader/unpacker that decrypts embedded data, allocates executable memory, performs native process memory operations (VirtualAlloc/VirtualProtect/OpenProcess/WriteProcessMemory), and dynamically generates and invokes delegates/IL. Those characteristics are strongly indicative of a runtime loader capable of injecting and executing code (in-process or into other processes). This is not normal for standard image processing libraries and constitutes a significant supply-chain / backdoor risk. I recommend treating this package as malicious/untrusted: do not use it in production, perform a full forensic review of the binary and the original source, and check any deployed systems that consumed this package for signs of compromise.

This module fragment contains a critical credential-exfiltration pattern: it reads EVM and Solana private keys from environment variables and returns them in JSON HTTP responses via sendJsonResponse. Even though a steward path masks the keys with placeholders, an empty catch block increases the chance of falling back to the real-key response path. The /api/wallet/nfts functionality involves normal network calls for NFT data, but the private-key disclosure dominates the security assessment and can enable immediate wallet compromise for any caller that can access the affected endpoint(s).

This package's install scripts are malicious/unsafe: they execute remote scripts via curl|bash and wget|sh with no integrity verification. This enables arbitrary code execution, potential data exfiltration, reverse shells, and other system compromise. Do not install or run this package; inspect and block the referenced URLs, and remove any systems that executed these scripts until they are audited.