Secure your dependencies. Ship with confidence.

This file implements core C2 implant behaviors: remote interactive shell spawning and arbitrary TCP port forwarding driven by protobuf messages from a controller. Sources are untrusted network messages and sinks include spawning OS processes and sending data back to the controller (exfiltration) as well as dialing arbitrary remote hosts (proxying). The code lacks input validation and contains concurrency risks (unsynchronized global cache). In a supply-chain context this is high-risk and likely malicious functionality (implant/C2). If the package is included as a dependency in benign software this represents a severe supply-chain risk and should be treated as malicious unless explicitly required and audited.

dploot is Python rewrite of SharpDPAPI written un C# by Harmj0y, which is itself a port of DPAPI from Mimikatz by gentilkiwi. It implements all the DPAPI logic of these tools, but this time it is usable with a python interpreter and from a Linux environment. It is meant to be an offensive security tool. It should not be used as a dependency in a production environment. This module implements a credential harvesting system that remotely extracts sensitive browser data from Windows user profiles via SMB connections. It targets Chromium-based browsers (Chrome, Edge, Brave) by reading Local State, Login Data, Cookies, and Web Data files, then decrypts stored passwords, cookies, and Google refresh tokens using DPAPI masterkeys and app-bound key handling. The code contains hardcoded AES and ChaCha20 cryptographic keys (aes_key: B31C6E241AC846728DA9C1FAC4936651CFFB944D143AB816276BCC6DA0284787, chacha20_key: E98F37D7F4E1FA433D19304DC2258042090E2D1D7EEA7670D41F738D08729660) used for decrypting app-bound encrypted payloads. The module enumerates all users on the target system and systematically harvests credentials across multiple browser profiles. Extracted secrets are exposed through configurable callbacks (per_loot_callback) that enable data exfiltration, stdout printing that may leak sensitive data to logs, and return values for programmatic access. This represents a complete credential theft capability designed for post-exploitation scenarios and unauthorized data harvesting.

The script is designed to send potentially sensitive information to a remote server, which poses a significant security risk and indicates malicious behavior.

The code implements a persistent data exfiltration mechanism by sending a bot identifier repeatedly to a suspicious external domain without transparency or consent. This behavior is highly suspicious and indicative of malicious intent or a backdoor. The code poses a significant security risk and should be treated as malicious or potentially malware.

Live on npm for 4 hours and 18 minutes before removal. Socket users were protected even while the package was live.

High risk. The postinstall hook executes a local setup script that must be audited before installing. The declared dependency that is identical to the package name is abnormal and potentially malicious or a packaging error; it increases supply-chain risk because it may cause npm to fetch an external package/version unexpectedly. Treat this package as suspicious until scripts/setup.js is reviewed and the self-dependency is explained or removed.

This module is intentionally obfuscated and executes a large embedded payload at import time. That design is a strong supply-chain/malicious indicator: executing compressed/reversed/base64-encoded code without any verification is dangerous. Even if the embedded payload is benign, the pattern prevents easy review and allows arbitrary harmful behavior (data theft, backdoors, remote code execution, file system damage, etc.). Treat this package as untrusted until the decompressed payload is decoded and reviewed. If this appears in a dependency, remove or quarantine it and obtain a human-reviewed, provenance-verified replacement.

Live on pypi for 6 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 2 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This module implements an automatic downloader-and-executor (dropper/stager). Importing the module triggers a PowerShell command that downloads an executable from a hard-coded remote HTTP URL to ProgramData and runs it hidden. The behavior is strongly indicative of malicious intent or at minimum extremely risky and inappropriate for safe libraries: it enables arbitrary remote code execution, performs covert installation, and provides no integrity checks or user consent. Do not import or use this module. Treat as malicious: remove, block the domain, and investigate any hosts where this code ran.

Live on pypi for 14 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This module is highly suspicious and should be treated as high-risk from a supply-chain/security perspective. The most concerning aspect is server-side injection of a substantial inline client-side JavaScript payload into proxied/served HTML, with apparent network/proxy/WebSocket-like behavior and route-based interaction. Combined with container exec-based environment-variable extraction and ${...} substitution that can feed into the injected payload and headers, it creates a plausible backdoor/persistent-agent pattern. Full remediation requires deobfuscating the injected script, enumerating all endpoints it contacts, and auditing/locking down container exec usage and all inputs used for HTML/header generation.

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

This module is explicitly adversarial and returns actionable suggestions that, if consumed and executed without strict validation and authorization, can lead to privilege escalation, unauthorized financial actions, or disruptive incident-response behavior. The file does not itself perform I/O or network activity, but it is a dangerous supply-chain component: treat it as malicious/instrumental in adversarial steering and do not allow automated execution of its outputs without strong governance (human review, authorization checks, parameter validation, and mapping of endpoints to a safe execution policy).

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.

This script is highly suspicious and poses a significant security risk. It should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

The code is highly suspicious due to its behavior of exfiltrating environment variables to an external server if specific conditions are not met. This matches patterns often used in data theft or malicious telemetry gathering. It includes specific hardcoded checks and a remote host, which indicate possible malicious intent.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The script is a convenience bootstrapper but implements high-risk supply-chain and remote code execution patterns: installing unpinned npm packages (which may run lifecycle scripts) and piping a remote script from raw.githubusercontent.com directly into node without integrity checks. The script itself is not obfuscated and contains no embedded payloads, but it creates a simple, reliable path for arbitrary code execution and potential credential theft/exfiltration if either the remote cfat.js or any installed package is compromised. Do not run this script in sensitive or production environments without first: (1) fetching and auditing the remote cfat.js locally, (2) pinning and auditing exact package versions (use a lockfile), (3) verifying artifact integrity (checksums/signatures/pinned commit SHA), and (4) executing in a constrained environment (sandbox, least-privilege account).

Live on pypi for 9 days and 12 hours before removal. Socket users were protected even while the package was live.

This script is using 'nslookup' to resolve a domain and then execute 'node index.js'. This behavior is considered suspicious and potentially malicious. The domain name and IP address should be inspected to determine their legitimacy.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This script performs an explicit and high-risk modification: it temporarily makes /etc/sudoers world-writable and appends a hard-coded passwordless sudo rule for 'orcladmin'. This is effectively a backdoor or unauthorized privilege escalation mechanism. Treat presence of this script or its resulting sudoers line as a severe security incident: investigate account existence and activity, check system logs and sudo logs, restore a vetted /etc/sudoers, rotate credentials, and audit for additional indicators of compromise. Do not run this script on production systems.

This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.

This module implements a remote dropper: it downloads a hardcoded .exe into a user profile directory and executes it without integrity checks or user consent. That pattern is highly dangerous for supply-chain or malware distribution. Do not run this code in a trusted environment. Remove the behavior or replace it with secure update mechanisms (signed packages, integrity checks, user prompts, and least-privilege execution). Investigate the remote binary separately in a safe sandbox if required.

The code contains a critical security vulnerability due to the presence of a reverse shell command, which poses a high risk of unauthorized access and potential system compromise. The rest of the code is benign and performs a simple utility function.

Live on npm for 151 days, 9 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module largely implements legitimate PDF annotation/editor rendering (DOM/SVG/canvas operations and editor lifecycle management). However, it also embeds and executes a large `data:text/javascript;base64` payload containing WebAssembly- and network/request-like capability indicators. That combination is highly consistent with supply-chain compromise or intentional malicious augmentation. Treat the package/file as untrusted: avoid use, retrieve the version from a trusted source, and quarantine or block it via build/runtime policies until the embedded payload execution path is fully verified.

This module performs immediate and unconditional exfiltration of identifying host information and the full process.env to a hard-coded external domain, using both a DNS/HTTP beacon (via generated subdomain) and a JSON POST. The obfuscation and technique are characteristic of malicious supply-chain implants or telemetry backdoors. Treat this as malicious/unwanted code: remove it from trusted builds, rotate any exposed secrets, and investigate exposures where this code may have executed.

This file implements core C2 implant behaviors: remote interactive shell spawning and arbitrary TCP port forwarding driven by protobuf messages from a controller. Sources are untrusted network messages and sinks include spawning OS processes and sending data back to the controller (exfiltration) as well as dialing arbitrary remote hosts (proxying). The code lacks input validation and contains concurrency risks (unsynchronized global cache). In a supply-chain context this is high-risk and likely malicious functionality (implant/C2). If the package is included as a dependency in benign software this represents a severe supply-chain risk and should be treated as malicious unless explicitly required and audited.

dploot is Python rewrite of SharpDPAPI written un C# by Harmj0y, which is itself a port of DPAPI from Mimikatz by gentilkiwi. It implements all the DPAPI logic of these tools, but this time it is usable with a python interpreter and from a Linux environment. It is meant to be an offensive security tool. It should not be used as a dependency in a production environment. This module implements a credential harvesting system that remotely extracts sensitive browser data from Windows user profiles via SMB connections. It targets Chromium-based browsers (Chrome, Edge, Brave) by reading Local State, Login Data, Cookies, and Web Data files, then decrypts stored passwords, cookies, and Google refresh tokens using DPAPI masterkeys and app-bound key handling. The code contains hardcoded AES and ChaCha20 cryptographic keys (aes_key: B31C6E241AC846728DA9C1FAC4936651CFFB944D143AB816276BCC6DA0284787, chacha20_key: E98F37D7F4E1FA433D19304DC2258042090E2D1D7EEA7670D41F738D08729660) used for decrypting app-bound encrypted payloads. The module enumerates all users on the target system and systematically harvests credentials across multiple browser profiles. Extracted secrets are exposed through configurable callbacks (per_loot_callback) that enable data exfiltration, stdout printing that may leak sensitive data to logs, and return values for programmatic access. This represents a complete credential theft capability designed for post-exploitation scenarios and unauthorized data harvesting.

The script is designed to send potentially sensitive information to a remote server, which poses a significant security risk and indicates malicious behavior.

The code implements a persistent data exfiltration mechanism by sending a bot identifier repeatedly to a suspicious external domain without transparency or consent. This behavior is highly suspicious and indicative of malicious intent or a backdoor. The code poses a significant security risk and should be treated as malicious or potentially malware.

Live on npm for 4 hours and 18 minutes before removal. Socket users were protected even while the package was live.

High risk. The postinstall hook executes a local setup script that must be audited before installing. The declared dependency that is identical to the package name is abnormal and potentially malicious or a packaging error; it increases supply-chain risk because it may cause npm to fetch an external package/version unexpectedly. Treat this package as suspicious until scripts/setup.js is reviewed and the self-dependency is explained or removed.

This module is intentionally obfuscated and executes a large embedded payload at import time. That design is a strong supply-chain/malicious indicator: executing compressed/reversed/base64-encoded code without any verification is dangerous. Even if the embedded payload is benign, the pattern prevents easy review and allows arbitrary harmful behavior (data theft, backdoors, remote code execution, file system damage, etc.). Treat this package as untrusted until the decompressed payload is decoded and reviewed. If this appears in a dependency, remove or quarantine it and obtain a human-reviewed, provenance-verified replacement.

Live on pypi for 6 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 2 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This module implements an automatic downloader-and-executor (dropper/stager). Importing the module triggers a PowerShell command that downloads an executable from a hard-coded remote HTTP URL to ProgramData and runs it hidden. The behavior is strongly indicative of malicious intent or at minimum extremely risky and inappropriate for safe libraries: it enables arbitrary remote code execution, performs covert installation, and provides no integrity checks or user consent. Do not import or use this module. Treat as malicious: remove, block the domain, and investigate any hosts where this code ran.

Live on pypi for 14 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This module is highly suspicious and should be treated as high-risk from a supply-chain/security perspective. The most concerning aspect is server-side injection of a substantial inline client-side JavaScript payload into proxied/served HTML, with apparent network/proxy/WebSocket-like behavior and route-based interaction. Combined with container exec-based environment-variable extraction and ${...} substitution that can feed into the injected payload and headers, it creates a plausible backdoor/persistent-agent pattern. Full remediation requires deobfuscating the injected script, enumerating all endpoints it contacts, and auditing/locking down container exec usage and all inputs used for HTML/header generation.

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

This module is explicitly adversarial and returns actionable suggestions that, if consumed and executed without strict validation and authorization, can lead to privilege escalation, unauthorized financial actions, or disruptive incident-response behavior. The file does not itself perform I/O or network activity, but it is a dangerous supply-chain component: treat it as malicious/instrumental in adversarial steering and do not allow automated execution of its outputs without strong governance (human review, authorization checks, parameter validation, and mapping of endpoints to a safe execution policy).

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

This module functions as a high-fidelity interaction capture component: it globally listens for keyboard and form/input-related events, captures e.key and input values (with minimal truncation rather than redaction), enriches events with DOM text and computed XPath identifiers, and sends all data to a Chrome extension via runtime messaging, along with page URL/title. While no external networking is shown here, the collected data types are highly sensitive and the behavior strongly aligns with keylogging/form-data harvesting use cases. The receiving extension logic and declared permissions should be reviewed urgently for consent, scope, minimization, and any external exfiltration.

This script is highly suspicious and poses a significant security risk. It should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

The code is highly suspicious due to its behavior of exfiltrating environment variables to an external server if specific conditions are not met. This matches patterns often used in data theft or malicious telemetry gathering. It includes specific hardcoded checks and a remote host, which indicate possible malicious intent.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The script is a convenience bootstrapper but implements high-risk supply-chain and remote code execution patterns: installing unpinned npm packages (which may run lifecycle scripts) and piping a remote script from raw.githubusercontent.com directly into node without integrity checks. The script itself is not obfuscated and contains no embedded payloads, but it creates a simple, reliable path for arbitrary code execution and potential credential theft/exfiltration if either the remote cfat.js or any installed package is compromised. Do not run this script in sensitive or production environments without first: (1) fetching and auditing the remote cfat.js locally, (2) pinning and auditing exact package versions (use a lockfile), (3) verifying artifact integrity (checksums/signatures/pinned commit SHA), and (4) executing in a constrained environment (sandbox, least-privilege account).

Live on pypi for 9 days and 12 hours before removal. Socket users were protected even while the package was live.

This script is using 'nslookup' to resolve a domain and then execute 'node index.js'. This behavior is considered suspicious and potentially malicious. The domain name and IP address should be inspected to determine their legitimacy.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This script performs an explicit and high-risk modification: it temporarily makes /etc/sudoers world-writable and appends a hard-coded passwordless sudo rule for 'orcladmin'. This is effectively a backdoor or unauthorized privilege escalation mechanism. Treat presence of this script or its resulting sudoers line as a severe security incident: investigate account existence and activity, check system logs and sudo logs, restore a vetted /etc/sudoers, rotate credentials, and audit for additional indicators of compromise. Do not run this script on production systems.

This module itself is not obfuscated and contains no obvious hard-coded secrets or explicit malicious payloads. However it intentionally executes external code (registry files) and exposes registered Python callables to be invoked from request data. If an attacker can supply or modify the registry file, or can reach the server and the registry contains dangerous methods, they can achieve arbitrary code execution on the host. Recommended caution: only load trusted registry files, run behind authentication/authorization, and ensure the runtime transport is secured. For untrusted environments, treat this as high-risk functionality.

This module implements a remote dropper: it downloads a hardcoded .exe into a user profile directory and executes it without integrity checks or user consent. That pattern is highly dangerous for supply-chain or malware distribution. Do not run this code in a trusted environment. Remove the behavior or replace it with secure update mechanisms (signed packages, integrity checks, user prompts, and least-privilege execution). Investigate the remote binary separately in a safe sandbox if required.

The code contains a critical security vulnerability due to the presence of a reverse shell command, which poses a high risk of unauthorized access and potential system compromise. The rest of the code is benign and performs a simple utility function.

Live on npm for 151 days, 9 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module largely implements legitimate PDF annotation/editor rendering (DOM/SVG/canvas operations and editor lifecycle management). However, it also embeds and executes a large `data:text/javascript;base64` payload containing WebAssembly- and network/request-like capability indicators. That combination is highly consistent with supply-chain compromise or intentional malicious augmentation. Treat the package/file as untrusted: avoid use, retrieve the version from a trusted source, and quarantine or block it via build/runtime policies until the embedded payload execution path is fully verified.

This module performs immediate and unconditional exfiltration of identifying host information and the full process.env to a hard-coded external domain, using both a DNS/HTTP beacon (via generated subdomain) and a JSON POST. The obfuscation and technique are characteristic of malicious supply-chain implants or telemetry backdoors. Treat this as malicious/unwanted code: remove it from trusted builds, rotate any exposed secrets, and investigate exposures where this code may have executed.