Secure your dependencies. Ship with confidence.

The code logs into Discord accounts using provided tokens, enumerates guilds, obtains or creates persistent invite links, and sends those links to an external Telegram endpoint. This is a privacy-invasive behavior that can be used to exfiltrate server invite links and server names. The code is readable and not obfuscated, but its behavior is consistent with abusive or malicious use (harvesting and sharing guild invites). Recommend treating this module as high risk for misuse; inspect sendInviteToTelegram implementation and validate intent/consent before use. If tokens are not owned/authorized, do not run this code.

This module is primarily a file-based geometry/config ingestion utility, but it contains a critical arbitrary code execution primitive: Create_culvert_bridge_Operator uses eval(value) on text loaded from an external configuration file and then propagates the evaluated results into operator constructors. If culvert_bridge_file contents can be influenced (including via supply-chain/deployment tampering), an attacker can execute arbitrary Python code in the application's context. Other functions are comparatively lower risk aside from parsing/availability concerns and one undefined-variable bug.

This module is a high-risk remote task runner/backdoor: it polls a remote server, downloads Python scripts over HTTP, writes them to disk and executes them with execfile, and posts results back. That design allows full remote code execution and arbitrary data exfiltration by the server operator. It should be considered malicious or at least extremely dangerous for use in production or as a dependency unless its use is explicitly trusted, authenticated, and sandboxed. Recommend removing or isolating this component, blocking its network access, and treating any deployment as compromised until proven otherwise.

This package runs a local Node script during preinstall and hides its output. That behavior is inherently risky because install hooks can execute arbitrary code on the host system. You should treat this as suspicious: inspect the contents of index.js before installing (or remove/disable the preinstall script). If index.js performs network I/O, spawns shells, writes to sensitive files, or spawns background processes, consider the package malicious and do not install.

Live on npm for 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This script is malicious and specifically designed to exfiltrate AWS credentials to an attacker-controlled server. Treat any repository or package containing this file as compromised. Do not execute the script. Perform incident response: remove the file, rotate any potentially exposed AWS credentials immediately, audit systems for further persistence, and investigate how the file was introduced into the supply chain.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This module implements covert telemetry/exfiltration: it gathers local user identifiers and IP-derived location and pushes them to a hardcoded external GitHub repository, doing so silently and with trivial obfuscation. This is privacy-invasive and constitutes a supply-chain risk. Recommend treating this behavior as malicious or at minimum unacceptable telemetry: remove or disable this code, audit repository contents for sensitive data, and avoid running the package on sensitive hosts. Investigate any pushed commits and revoke compromised git credentials.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This fragment is a client-side keylogger that exfiltrates every keystroke to a remote WebSocket server. It should be treated as malicious: immediate removal and investigation are recommended if found in a dependency or served to users. The templated host and plaintext transport increase the risk of credential and data theft in supply-chain or runtime scenarios.

The fragment hides executable payload behind base64 and zlib compression and immediately executes it via exec. This is a strong indicator of obfuscated, potentially malicious behavior. While the exact actions of the inner payload are not visible without decoding, the pattern itself is a known tactic for backdoors or hidden malware in packages. Treat as high risk and require offline decoding/review of the inner payload, or removal from the package until a safe, reproducible, and auditable alternative is provided.

The script collects terminal commands and environment metadata and attempts to POST them to a remote API endpoint. This constitutes sensitive data exfiltration and is high risk for leakage of credentials and private information. The implementation is stealthy (silent handlers, short timeout) and ships a hardcoded default endpoint. Unless this behavior is explicitly documented, consented to, and secured (HTTPS correctly used, opt-in, redaction, and clear privacy policy), the module should be considered malicious or at minimum unsuitable for use in untrusted or production environments.

This module immediately collects detailed system and Node process information (including a JSON serialization of the process object) and transmits it to a hard-coded external analytics endpoint without user consent or filtering. That behavior constitutes a high privacy and supply-chain risk: it can leak environment variables, credentials, CI secrets, and other sensitive runtime data. While the code is not obfuscated and performs no destructive actions, the unconditional network exfiltration and deceptive endpoint naming are strong indicators of malicious or at least highly unsafe telemetry behavior. Do not use this package in sensitive environments; remove or sandbox it and verify author intent and provenance before permitting network access.

This module programmatically elevates privileges, installs and enables OpenSSH on Windows, creates a local user with a plaintext password, opens firewall port 22, and exposes SSH via an ngrok tunnel. It persists credentials and system information to disk and attempts to synchronize that data via a SyncManager (possible exfiltration). The code greatly increases attack surface and can enable unauthorized remote access if misused. Review the implementations of SSHManager, NgrokManager, SyncManager, and UserManager before use, avoid running on sensitive machines, require SSH key-based auth or remove automatic user creation, and do not store or log plaintext credentials. Treat as high security risk until audited.

Live on pypi for 6 days, 15 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This code downloads and executes a remote macOS binary without verifying integrity, disables TLS verification, removes macOS quarantine attributes, runs the binary and deletes it afterwards. Those actions allow arbitrary code execution from a network source and bypass platform protections — a high-risk supply-chain/execution pattern. Even if the target binary is legitimate (mas), the design is dangerous and could be abused to execute malicious payloads. Avoid running this code as-is; require signatures/hashes, enable TLS verification, and do not remove quarantine attributes or execute untrusted binaries.

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

The code provides legitimate Drive utility functions but contains a built-in, covert telemetry/exfiltration mechanism: on object construction it captures the authenticated user's email and appends it to a file that is uploaded to a hard-coded remote Drive ID, then removes the local copy. This is privacy-invasive and likely malicious or at least abusive. Combined with full Drive read/write capabilities, this module should not be used in environments with sensitive credentials. Replace or remove the telemetry upload, avoid eval usage, and avoid performing network side-effects in __init__.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This module deliberately conceals executable code in a base64+zlib blob and executes it directly with exec(). That is a high-risk, obfuscation-first design and is commonly associated with malicious or at least non-transparent behaviour. Treat the package as untrusted until the decompressed payload is fully inspected in a safe, isolated environment. Do not run this code in production or on systems containing sensitive data.

Live on pypi for 3 days, 7 hours and 59 minutes before removal. Socket users were protected even while the package was live.

This module intentionally exposes a full, unauthenticated interactive Python REPL over a Unix-domain socket. That design yields direct in-process arbitrary code execution and broad access to the host process globals and resources. It should be treated as a high security risk: avoid shipping or enabling this in production, restrict socket access with filesystem permissions, add authentication/authorization, or remove the feature. If discovered in a deployed system, treat it as a potential backdoor and investigate connections and created socket files.

This module acts as a remote-controlled network sniffer/injector: it discovers the host's local IP, initializes a native capture/injection module with a filter, streams captured traffic to a remote Socket.IO server, and accepts remote instructions to inject packets. That behavior is consistent with a supply-chain backdoor that can exfiltrate sensitive network data and enable remote network manipulation. The most critical unknown is the native _toori implementation (not provided) — that component likely contains the highest-risk functionality. Recommend treating this package as dangerous: do not install or run it on production or sensitive hosts without full source review of the native extension and strong justification. If you see this in a dependency tree, investigate origin, maintainers, and purpose immediately.

This package runs a locally included installArchSpecificPackage.js at preinstall time. Given that the package intentionally excludes the bin files from the published package and declares a bin entry, the installer likely downloads or generates platform-specific binaries during install. That behavior is a strong supply-chain risk: the install script can fetch and execute remote code, write executables, modify the system, and perform data exfiltration or install backdoors. You should inspect the contents of installArchSpecificPackage.js (and any network endpoints it contacts) before running npm install, and treat this package as high-risk until verified.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

The code logs into Discord accounts using provided tokens, enumerates guilds, obtains or creates persistent invite links, and sends those links to an external Telegram endpoint. This is a privacy-invasive behavior that can be used to exfiltrate server invite links and server names. The code is readable and not obfuscated, but its behavior is consistent with abusive or malicious use (harvesting and sharing guild invites). Recommend treating this module as high risk for misuse; inspect sendInviteToTelegram implementation and validate intent/consent before use. If tokens are not owned/authorized, do not run this code.

This module is primarily a file-based geometry/config ingestion utility, but it contains a critical arbitrary code execution primitive: Create_culvert_bridge_Operator uses eval(value) on text loaded from an external configuration file and then propagates the evaluated results into operator constructors. If culvert_bridge_file contents can be influenced (including via supply-chain/deployment tampering), an attacker can execute arbitrary Python code in the application's context. Other functions are comparatively lower risk aside from parsing/availability concerns and one undefined-variable bug.

This module is a high-risk remote task runner/backdoor: it polls a remote server, downloads Python scripts over HTTP, writes them to disk and executes them with execfile, and posts results back. That design allows full remote code execution and arbitrary data exfiltration by the server operator. It should be considered malicious or at least extremely dangerous for use in production or as a dependency unless its use is explicitly trusted, authenticated, and sandboxed. Recommend removing or isolating this component, blocking its network access, and treating any deployment as compromised until proven otherwise.

This package runs a local Node script during preinstall and hides its output. That behavior is inherently risky because install hooks can execute arbitrary code on the host system. You should treat this as suspicious: inspect the contents of index.js before installing (or remove/disable the preinstall script). If index.js performs network I/O, spawns shells, writes to sensitive files, or spawns background processes, consider the package malicious and do not install.

Live on npm for 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This script is malicious and specifically designed to exfiltrate AWS credentials to an attacker-controlled server. Treat any repository or package containing this file as compromised. Do not execute the script. Perform incident response: remove the file, rotate any potentially exposed AWS credentials immediately, audit systems for further persistence, and investigate how the file was introduced into the supply chain.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This module implements covert telemetry/exfiltration: it gathers local user identifiers and IP-derived location and pushes them to a hardcoded external GitHub repository, doing so silently and with trivial obfuscation. This is privacy-invasive and constitutes a supply-chain risk. Recommend treating this behavior as malicious or at minimum unacceptable telemetry: remove or disable this code, audit repository contents for sensitive data, and avoid running the package on sensitive hosts. Investigate any pushed commits and revoke compromised git credentials.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This fragment is a client-side keylogger that exfiltrates every keystroke to a remote WebSocket server. It should be treated as malicious: immediate removal and investigation are recommended if found in a dependency or served to users. The templated host and plaintext transport increase the risk of credential and data theft in supply-chain or runtime scenarios.

The fragment hides executable payload behind base64 and zlib compression and immediately executes it via exec. This is a strong indicator of obfuscated, potentially malicious behavior. While the exact actions of the inner payload are not visible without decoding, the pattern itself is a known tactic for backdoors or hidden malware in packages. Treat as high risk and require offline decoding/review of the inner payload, or removal from the package until a safe, reproducible, and auditable alternative is provided.

The script collects terminal commands and environment metadata and attempts to POST them to a remote API endpoint. This constitutes sensitive data exfiltration and is high risk for leakage of credentials and private information. The implementation is stealthy (silent handlers, short timeout) and ships a hardcoded default endpoint. Unless this behavior is explicitly documented, consented to, and secured (HTTPS correctly used, opt-in, redaction, and clear privacy policy), the module should be considered malicious or at minimum unsuitable for use in untrusted or production environments.

This module immediately collects detailed system and Node process information (including a JSON serialization of the process object) and transmits it to a hard-coded external analytics endpoint without user consent or filtering. That behavior constitutes a high privacy and supply-chain risk: it can leak environment variables, credentials, CI secrets, and other sensitive runtime data. While the code is not obfuscated and performs no destructive actions, the unconditional network exfiltration and deceptive endpoint naming are strong indicators of malicious or at least highly unsafe telemetry behavior. Do not use this package in sensitive environments; remove or sandbox it and verify author intent and provenance before permitting network access.

This module programmatically elevates privileges, installs and enables OpenSSH on Windows, creates a local user with a plaintext password, opens firewall port 22, and exposes SSH via an ngrok tunnel. It persists credentials and system information to disk and attempts to synchronize that data via a SyncManager (possible exfiltration). The code greatly increases attack surface and can enable unauthorized remote access if misused. Review the implementations of SSHManager, NgrokManager, SyncManager, and UserManager before use, avoid running on sensitive machines, require SSH key-based auth or remove automatic user creation, and do not store or log plaintext credentials. Treat as high security risk until audited.

Live on pypi for 6 days, 15 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This code downloads and executes a remote macOS binary without verifying integrity, disables TLS verification, removes macOS quarantine attributes, runs the binary and deletes it afterwards. Those actions allow arbitrary code execution from a network source and bypass platform protections — a high-risk supply-chain/execution pattern. Even if the target binary is legitimate (mas), the design is dangerous and could be abused to execute malicious payloads. Avoid running this code as-is; require signatures/hashes, enable TLS verification, and do not remove quarantine attributes or execute untrusted binaries.

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

The code provides legitimate Drive utility functions but contains a built-in, covert telemetry/exfiltration mechanism: on object construction it captures the authenticated user's email and appends it to a file that is uploaded to a hard-coded remote Drive ID, then removes the local copy. This is privacy-invasive and likely malicious or at least abusive. Combined with full Drive read/write capabilities, this module should not be used in environments with sensitive credentials. Replace or remove the telemetry upload, avoid eval usage, and avoid performing network side-effects in __init__.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 4 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This module deliberately conceals executable code in a base64+zlib blob and executes it directly with exec(). That is a high-risk, obfuscation-first design and is commonly associated with malicious or at least non-transparent behaviour. Treat the package as untrusted until the decompressed payload is fully inspected in a safe, isolated environment. Do not run this code in production or on systems containing sensitive data.

Live on pypi for 3 days, 7 hours and 59 minutes before removal. Socket users were protected even while the package was live.

This module intentionally exposes a full, unauthenticated interactive Python REPL over a Unix-domain socket. That design yields direct in-process arbitrary code execution and broad access to the host process globals and resources. It should be treated as a high security risk: avoid shipping or enabling this in production, restrict socket access with filesystem permissions, add authentication/authorization, or remove the feature. If discovered in a deployed system, treat it as a potential backdoor and investigate connections and created socket files.

This module acts as a remote-controlled network sniffer/injector: it discovers the host's local IP, initializes a native capture/injection module with a filter, streams captured traffic to a remote Socket.IO server, and accepts remote instructions to inject packets. That behavior is consistent with a supply-chain backdoor that can exfiltrate sensitive network data and enable remote network manipulation. The most critical unknown is the native _toori implementation (not provided) — that component likely contains the highest-risk functionality. Recommend treating this package as dangerous: do not install or run it on production or sensitive hosts without full source review of the native extension and strong justification. If you see this in a dependency tree, investigate origin, maintainers, and purpose immediately.

This package runs a locally included installArchSpecificPackage.js at preinstall time. Given that the package intentionally excludes the bin files from the published package and declares a bin entry, the installer likely downloads or generates platform-specific binaries during install. That behavior is a strong supply-chain risk: the install script can fetch and execute remote code, write executables, modify the system, and perform data exfiltration or install backdoors. You should inspect the contents of installArchSpecificPackage.js (and any network endpoints it contacts) before running npm install, and treat this package as high-risk until verified.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.