Secure your dependencies. Ship with confidence.

This script contains high-risk operations that can create persistent remote access and manipulate local network resolution. Specifically, it fetches public SSH keys from arbitrary GitHub usernames and appends them to authorized_keys for multiple accounts (including root), writes a permissive SSH config that disables host key verification, auto-loads private keys into the agent, and overwrites /etc/hosts with hardcoded mappings. These behaviors are consistent with a backdoor/provisioning script and pose a significant supply-chain/security risk. Recommend not using this code in production, audit the referenced helper scripts, and treat any system where this ran as potentially compromised.

This batch script is malicious and destructive: it collects hostname/IP, writes them to disk, uses that data to send a message to a remote server/session, schedules a shutdown, then executes broad destructive delete commands that will remove many system and user files (potentially rendering the system unstable or wiping user data), and finally enters an infinite noisy loop. Do not run this script. It exhibits clear sabotage/wiper behavior.

This DLL implements a hidden telemetry and analytics client that gathers extensive runtime and system information — including SQL query texts and parameters, HTTP request/response payloads, exception details, CPU usage, available memory, machine name, local IP address and other environment data — and sends it behind the scenes to a fixed external endpoint (https://analiz[.]pendc[.]com/api/analiz/add) via RestSharp HTTP POST. In addition, caught exceptions are forwarded to a Telegram chat using a hard-coded bot token (5348434618:AAF76NtkDRdWiFdk6GEEnVUWlKzxB8WGWgs) and chat ID (1361234571). There is no user consent, opt-out mechanism or configuration to disable this data collection. The combination of hard-coded credentials and silent collection of potentially sensitive information constitutes a privacy violation and security risk.

The code contains obfuscated parts and dynamically executes code using 'eval', which is a security risk. It fetches content from a suspicious URL and displays it on the document, potentially leading to unauthorized code execution or data leakage. The presence of obfuscation and dynamic execution raises significant security concerns.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

This code collects extensive system information—including hostname, OS type, platform, release, architecture, local IP, current user, and working directory—and fetches the public IP from https://api64[.]ipify[.]org?format=json. It then exfiltrates this data without user consent via HTTP GET and POST requests to http://54[.]173[.]15[.]59:8080/jpd[.]php (with a fake Mozilla/5.0 User-Agent) and falls back to a WebSocket connection to wss://yourserver[.]com/socket if HTTP fails. It suppresses console output during the npm preinstall lifecycle and uses dynamic imports to evade static analysis. These behaviors demonstrate clear malicious intent and high security risk.

Live on npm for 2 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This module intentionally executes arbitrary shell commands derived from its input and returns/logs the output with no sanitization, authentication, or sandboxing. In any environment where input can be influenced by untrusted actors, this is a critical supply-chain/security risk (RCE + data exfiltration). Only use in tightly controlled/trusted contexts or remove/replace with a safer implementation (whitelist, sandboxing, or remote-execution gateway with strict controls).

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module is an offensive autonomous red-team tool able to map, manipulate, and actively exploit web applications. It includes clear capabilities to capture and persist authenticated sessions, send extracted DOM and evidence to external AI/cloud services, and execute state-changing requests (with an explicit live-fire option). As such it poses a high security risk if present as a dependency or run in environments without explicit authorization. It should not be included in production codebases or run without strict, legal authorization and operational controls.

This assembly embeds a highly-obfuscated runtime loader/unpacker that reads encrypted resources or files, performs cryptographic verification/decryption, then uses runtime code generation and native APIs (VirtualAlloc, OpenProcess, WriteProcessMemory) to deploy and execute code. Those behaviors are unexpected for an image thumbnails UI library and are consistent with a malicious packer/loader capable of local or remote process injection and runtime code execution. Treat this package as high-risk/malicious: do not use in production. If encountered in a dependency, remove it, perform full binary reverse-engineering and dynamic analysis in isolated sandboxes, and audit downstream artifacts.

This code presents significant security risks through its ability to fetch dependency lists from a suspicious internal Jenkins server and automatically install packages. The hardcoded Jenkins URL, automatic installation capabilities, and lack of proper validation create potential vectors for supply chain attacks and unauthorized package installation.

The code exhibits malicious behavior by collecting and sending system information to an external server without user consent. This poses a significant security risk and potential privacy violation.

Live on pypi for 31 minutes before removal. Socket users were protected even while the package was live.

This PHP module is a high-impact deployment/backdoor-like supply-chain component: it persists a bearer token, drops an authenticated upload/rollback PHP endpoint, accepts attacker-controlled ZIP archives, extracts them, and deploys their contents into the server root with aggressive cleanup. While it does not use direct code execution primitives, it enables remote code placement (and potentially RCE/webshell deployment) if the authorization token is exposed/compromised. It also uses self-deletion and lacks explicit validation of ZIP archive entries, which further increases risk.

This module is part of a known offensive implant framework (Sliver). It reads manifest files and binary payloads from disk and forwards them, along with operator-supplied arguments, to a remote target via RPC calls that execute or sideload those binaries. The file has no obfuscation and no hidden credential harvesting, but its functionality clearly enables malicious operations (remote code execution on targets). Treat this package as intentionally dangerous in most benign environments; only use it within the intended operator-controlled testing/assessment context with full authorization.

The script exhibits high-risk, persistence-enabled behavior by injecting external components into Python site-packages, installing a boot-time service, and providing a world-writable executable. The lack of integrity checks, reliance on /root as a source, and permissive permissions create strong supply-chain and host-compromise risk. Treat as dangerous and require thorough validation, non-production sandbox testing, or removal from automated pipelines.

The script collects information like hostname, username, and public IP address and sends it to a remote server using a DNS query.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

This code introduces a highly suspicious capability: a public-facing Next.js API route that computes a local executable path (<node_dir>/9remote) and spawns it with fixed arguments, using a custom environment and suppressing stdio, then lifecycle-manages it via termination signal handlers. While the rest of the module resembles normal Next.js runtime code, the embedded OS process bootstrap strongly matches backdoor/supply-chain companion-tool behavior and warrants immediate review of the shipped "9remote" artifact and any network/IPC behavior it performs.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.

Possible typosquat of [translators](https://socket.dev/pypi/package/translators) Explanation: The package name 'genz-translator' is very similar to 'translators', sharing the term 'translator(s)' with an added 'genz-' prefix that can confuse users. This is considered an adversarial naming tactic. The package does not include a clear user or organization identifier to indicate a fork, and its extremely minimal description ('DC Package') provides no distinct functional information, which further raises suspicion. Additionally, the listed maintainer 'Am0Gh0st' is not a recognized maintainer of the legitimate package, and the minimal documentation suggests it may lack proper README content. Therefore, the metrics indicate a potential typosquat with suspicious intent. Risk level: High).

Live on pypi for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

This script contains high-risk operations that can create persistent remote access and manipulate local network resolution. Specifically, it fetches public SSH keys from arbitrary GitHub usernames and appends them to authorized_keys for multiple accounts (including root), writes a permissive SSH config that disables host key verification, auto-loads private keys into the agent, and overwrites /etc/hosts with hardcoded mappings. These behaviors are consistent with a backdoor/provisioning script and pose a significant supply-chain/security risk. Recommend not using this code in production, audit the referenced helper scripts, and treat any system where this ran as potentially compromised.

This batch script is malicious and destructive: it collects hostname/IP, writes them to disk, uses that data to send a message to a remote server/session, schedules a shutdown, then executes broad destructive delete commands that will remove many system and user files (potentially rendering the system unstable or wiping user data), and finally enters an infinite noisy loop. Do not run this script. It exhibits clear sabotage/wiper behavior.

This DLL implements a hidden telemetry and analytics client that gathers extensive runtime and system information — including SQL query texts and parameters, HTTP request/response payloads, exception details, CPU usage, available memory, machine name, local IP address and other environment data — and sends it behind the scenes to a fixed external endpoint (https://analiz[.]pendc[.]com/api/analiz/add) via RestSharp HTTP POST. In addition, caught exceptions are forwarded to a Telegram chat using a hard-coded bot token (5348434618:AAF76NtkDRdWiFdk6GEEnVUWlKzxB8WGWgs) and chat ID (1361234571). There is no user consent, opt-out mechanism or configuration to disable this data collection. The combination of hard-coded credentials and silent collection of potentially sensitive information constitutes a privacy violation and security risk.

The code contains obfuscated parts and dynamically executes code using 'eval', which is a security risk. It fetches content from a suspicious URL and displays it on the document, potentially leading to unauthorized code execution or data leakage. The presence of obfuscation and dynamic execution raises significant security concerns.

Live on npm for 23 minutes before removal. Socket users were protected even while the package was live.

This code collects extensive system information—including hostname, OS type, platform, release, architecture, local IP, current user, and working directory—and fetches the public IP from https://api64[.]ipify[.]org?format=json. It then exfiltrates this data without user consent via HTTP GET and POST requests to http://54[.]173[.]15[.]59:8080/jpd[.]php (with a fake Mozilla/5.0 User-Agent) and falls back to a WebSocket connection to wss://yourserver[.]com/socket if HTTP fails. It suppresses console output during the npm preinstall lifecycle and uses dynamic imports to evade static analysis. These behaviors demonstrate clear malicious intent and high security risk.

Live on npm for 2 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This module intentionally executes arbitrary shell commands derived from its input and returns/logs the output with no sanitization, authentication, or sandboxing. In any environment where input can be influenced by untrusted actors, this is a critical supply-chain/security risk (RCE + data exfiltration). Only use in tightly controlled/trusted contexts or remove/replace with a safer implementation (whitelist, sandboxing, or remote-execution gateway with strict controls).

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module is an offensive autonomous red-team tool able to map, manipulate, and actively exploit web applications. It includes clear capabilities to capture and persist authenticated sessions, send extracted DOM and evidence to external AI/cloud services, and execute state-changing requests (with an explicit live-fire option). As such it poses a high security risk if present as a dependency or run in environments without explicit authorization. It should not be included in production codebases or run without strict, legal authorization and operational controls.

This assembly embeds a highly-obfuscated runtime loader/unpacker that reads encrypted resources or files, performs cryptographic verification/decryption, then uses runtime code generation and native APIs (VirtualAlloc, OpenProcess, WriteProcessMemory) to deploy and execute code. Those behaviors are unexpected for an image thumbnails UI library and are consistent with a malicious packer/loader capable of local or remote process injection and runtime code execution. Treat this package as high-risk/malicious: do not use in production. If encountered in a dependency, remove it, perform full binary reverse-engineering and dynamic analysis in isolated sandboxes, and audit downstream artifacts.

This code presents significant security risks through its ability to fetch dependency lists from a suspicious internal Jenkins server and automatically install packages. The hardcoded Jenkins URL, automatic installation capabilities, and lack of proper validation create potential vectors for supply chain attacks and unauthorized package installation.

The code exhibits malicious behavior by collecting and sending system information to an external server without user consent. This poses a significant security risk and potential privacy violation.

Live on pypi for 31 minutes before removal. Socket users were protected even while the package was live.

This PHP module is a high-impact deployment/backdoor-like supply-chain component: it persists a bearer token, drops an authenticated upload/rollback PHP endpoint, accepts attacker-controlled ZIP archives, extracts them, and deploys their contents into the server root with aggressive cleanup. While it does not use direct code execution primitives, it enables remote code placement (and potentially RCE/webshell deployment) if the authorization token is exposed/compromised. It also uses self-deletion and lacks explicit validation of ZIP archive entries, which further increases risk.

This module is part of a known offensive implant framework (Sliver). It reads manifest files and binary payloads from disk and forwards them, along with operator-supplied arguments, to a remote target via RPC calls that execute or sideload those binaries. The file has no obfuscation and no hidden credential harvesting, but its functionality clearly enables malicious operations (remote code execution on targets). Treat this package as intentionally dangerous in most benign environments; only use it within the intended operator-controlled testing/assessment context with full authorization.

The script exhibits high-risk, persistence-enabled behavior by injecting external components into Python site-packages, installing a boot-time service, and providing a world-writable executable. The lack of integrity checks, reliance on /root as a source, and permissive permissions create strong supply-chain and host-compromise risk. Treat as dangerous and require thorough validation, non-production sandbox testing, or removal from automated pipelines.

The script collects information like hostname, username, and public IP address and sends it to a remote server using a DNS query.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

This code introduces a highly suspicious capability: a public-facing Next.js API route that computes a local executable path (<node_dir>/9remote) and spawns it with fixed arguments, using a custom environment and suppressing stdio, then lifecycle-manages it via termination signal handlers. While the rest of the module resembles normal Next.js runtime code, the embedded OS process bootstrap strongly matches backdoor/supply-chain companion-tool behavior and warrants immediate review of the shipped "9remote" artifact and any network/IPC behavior it performs.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.

Possible typosquat of [translators](https://socket.dev/pypi/package/translators) Explanation: The package name 'genz-translator' is very similar to 'translators', sharing the term 'translator(s)' with an added 'genz-' prefix that can confuse users. This is considered an adversarial naming tactic. The package does not include a clear user or organization identifier to indicate a fork, and its extremely minimal description ('DC Package') provides no distinct functional information, which further raises suspicion. Additionally, the listed maintainer 'Am0Gh0st' is not a recognized maintainer of the legitimate package, and the minimal documentation suggests it may lack proper README content. Therefore, the metrics indicate a potential typosquat with suspicious intent. Risk level: High).

Live on pypi for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]