Secure your dependencies. Ship with confidence.

This dependency module exhibits high-risk, privacy-invasive capability consistent with automated browser cookie/session extraction: it spawns browsers with remote debugging, connects to local CDP, reads and decrypts cookie databases using OS/browser secret material (including Windows DPAPI via PowerShell), and returns structured cookies. Independently, it sends telemetry/exceptions to third parties and includes a hardcoded Axiom Bearer token, increasing impact if the package is compromised or used inappropriately. Even without confirmation of final cookie exfiltration destinations in the truncated fragment, the presence of cookie theft/decryption mechanics plus hardcoded outbound credentials makes this an important security red flag and warrants immediate review/containment.

This package is highly suspicious and likely malicious: it advertises and contains commands for launching a Monero miner and includes a postinstall hook that runs npm install in a subdirectory (which can execute further scripts). Installing it risks unwanted cryptomining on the host and possible additional chained malicious behavior. Inspect server/ (and any binaries) and remove/avoid installation. Treat as high risk.

Live on npm for 18 hours and 21 minutes before removal. Socket users were protected even while the package was live.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

The code exhibits malicious behavior by collecting and transmitting system information to a suspicious domain. The use of obfuscation further indicates an attempt to conceal its true purpose. This poses a significant security risk.

Live on npm for 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This module performs immediate, unauthorized collection of host-identifying information via 'uname -a' and transmits it in plaintext to a hardcoded external IP (35[.]222[.]62[.]189) whenever the module is loaded. The function sendUnameToServer() is invoked automatically at the module's top level, causing data exfiltration simply by importing or requiring the package. The collected data includes hostname, kernel version, architecture, and other system details along with a timestamp, transmitted via HTTP GET request to http://35[.]222[.]62[.]189/?name=<timestamp|uname_output>. This represents a supply chain attack where merely installing the dependency causes immediate data leakage without user consent or configuration options. The module exports an unrelated 'hello' function that appears designed to disguise the malicious behavior as a benign utility.

The snippet is extremely obfuscated with multi-layer decoders and dynamic execution patterns, loading a suite of IO- and network-capable modules, and performing data encoding/decoding and crypto-like operations. These traits align with covert payload delivery, potential backdoors, or data exfiltration. Given static indicators and runtime risk, treat as high-risk supply-chain content. Recommend immediate isolation, deep deobfuscation in a safe sandbox, provenance verification, and substitution with vetted code paths before any deployment. If used, implement strict runtime monitoring of network/I/O and enforce strict CSPs and signature-based integrity checks to mitigate potential harm.

This code is a documentation-generation Sphinx directive that dynamically imports Pygments components to extract docstrings and register source files as dependencies. No direct malicious actions (network exfiltration, shell execution, credential theft) are visible in the fragment. The primary security concern is import-time code execution risk from dynamically importing modules provided by a vendored package (pip._vendor.pygments). Ensure the vendored package integrity, audit modules that will be imported for dangerous import-time side effects, and fix the apparent missing template assignments in the provided snippet. Treat this as a moderate supply-chain risk rather than explicit malware.

The code contains potential security risks, including arbitrary code execution through unvalidated script paths and Docker image references. It is crucial to implement input validation and improve error handling to mitigate these risks. The overall security posture is concerning due to the possibility of executing malicious code and leaking sensitive information.

This script is explicitly malicious. It exfiltrates sensitive credentials (SSH private key), installs and executes a remote backdoor, and decodes and executes an obfuscated destructive command that resolves to 'rm -rf /'. Do not run; treat any system where this executed as compromised and follow incident response procedures (isolate, preserve evidence, rotate secrets, and restore from clean backups).

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

This module is a high-risk cross-platform persistence/launcher that installs OS-level services/agents (systemd/Windows service/LaunchAgent), executes them in hidden/background mode, and uses privileged operations and PowerShell execution-policy bypass. The presence of a hardcoded remote WebSocket endpoint further suggests remote telemetry or command/control by the bundled payload. Even without viewing the bundled dist/bundle.js, the persistence and stealth behaviors in this launcher are consistent with malware/unauthorized agent deployment rather than legitimate health monitoring.

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

This package contains a downloader/dropper that retrieves an executable from a hardcoded remote URL, attempts to add a Windows Defender exclusion for its storage directory via an elevated PowerShell call, and executes the downloaded binary automatically and silently. These behaviors are consistent with malicious dropper functionality and present a high security risk — do not install or run this module, and consider it compromised. Investigate any systems that have this package present and where it may have run.

The script misleadingly claims to add the current user to a system group by referring to the ${USER} environment variable, yet it actually adds a hardcoded username ('snorri') to the 'users' group. It then prompts the user for confirmation to change their primary group to 'users' using sudo usermod commands. This behavior, which deviates from the claimed action, may indicate an attempt to silently establish a backdoor with elevated privileges and facilitate unauthorized access. No domains, IP addresses, or external URLs are involved.

This module is part of a known offensive implant framework (Sliver). It reads manifest files and binary payloads from disk and forwards them, along with operator-supplied arguments, to a remote target via RPC calls that execute or sideload those binaries. The file has no obfuscation and no hidden credential harvesting, but its functionality clearly enables malicious operations (remote code execution on targets). Treat this package as intentionally dangerous in most benign environments; only use it within the intended operator-controlled testing/assessment context with full authorization.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This preinstall hook runs local arbitrary JavaScript (index.js) during npm install. Given the package's description referencing a dependency-confusion exploit and the use of a preinstall script, this is high risk: the script could execute malicious actions (exfiltrate data, install backdoors, modify repository state, or run additional remote code). Inspect index.js carefully or avoid installing without sandboxing.

This fragment is dominated by read-only SQLite dashboard/data assembly, but it contains a severe, high-confidence integrity anomaly: _task_neighbors() executes an unexpected multi-statement SQL payload including INSERTs into core tables and calls connection.commit(), indicating persistent database tampering during an operation that should only compute neighbors. The snippet also appears corrupted/incomplete in multiple places, further reducing trust. Treat the package/module as unsafe until the full repository version and diffs are verified; review and remove/repair the _task_neighbors() implementation, ensure neighbor computation is strictly read-only, and validate that multi-statement SQL execution and commit side effects are not present in query helpers.

Primary risk: private keys are exposed to API clients via wallet creation/export endpoints, enabling potential wallet compromise. Secondary risks include bootstrap-time SDK installation, .env key persistence, and complex dynamic imports that can broaden attack surface. Immediate remediation should remove private keys from API responses, enforce server-side signing, and harden bootstrap security to reduce supply-chain and data-leak risks.

High security risk. This client-side runtime can execute arbitrary JavaScript via dynamic evaluation (new Function) and via DOM-based script injection (both inline script text and remote URL-based scripts). It also injects CSS, performs authenticated network requests (credentials included), and uses localStorage-driven schema/packages to determine what gets loaded/executed. If an attacker can influence localStorage contents or schema/asset URL/text inputs, the module can enable full page-context code execution and supply-chain style compromise.

This code implements a macOS credential harvesting attack by creating and executing a fake sudo prompt application. The hard-coded base64 payload, dual file extraction, and privilege escalation mechanisms are clear indicators of malicious intent designed to steal user credentials through social engineering.

This dependency module exhibits high-risk, privacy-invasive capability consistent with automated browser cookie/session extraction: it spawns browsers with remote debugging, connects to local CDP, reads and decrypts cookie databases using OS/browser secret material (including Windows DPAPI via PowerShell), and returns structured cookies. Independently, it sends telemetry/exceptions to third parties and includes a hardcoded Axiom Bearer token, increasing impact if the package is compromised or used inappropriately. Even without confirmation of final cookie exfiltration destinations in the truncated fragment, the presence of cookie theft/decryption mechanics plus hardcoded outbound credentials makes this an important security red flag and warrants immediate review/containment.

This package is highly suspicious and likely malicious: it advertises and contains commands for launching a Monero miner and includes a postinstall hook that runs npm install in a subdirectory (which can execute further scripts). Installing it risks unwanted cryptomining on the host and possible additional chained malicious behavior. Inspect server/ (and any binaries) and remove/avoid installation. Treat as high risk.

Live on npm for 18 hours and 21 minutes before removal. Socket users were protected even while the package was live.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

The code exhibits malicious behavior by collecting and transmitting system information to a suspicious domain. The use of obfuscation further indicates an attempt to conceal its true purpose. This poses a significant security risk.

Live on npm for 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This module performs immediate, unauthorized collection of host-identifying information via 'uname -a' and transmits it in plaintext to a hardcoded external IP (35[.]222[.]62[.]189) whenever the module is loaded. The function sendUnameToServer() is invoked automatically at the module's top level, causing data exfiltration simply by importing or requiring the package. The collected data includes hostname, kernel version, architecture, and other system details along with a timestamp, transmitted via HTTP GET request to http://35[.]222[.]62[.]189/?name=<timestamp|uname_output>. This represents a supply chain attack where merely installing the dependency causes immediate data leakage without user consent or configuration options. The module exports an unrelated 'hello' function that appears designed to disguise the malicious behavior as a benign utility.

The snippet is extremely obfuscated with multi-layer decoders and dynamic execution patterns, loading a suite of IO- and network-capable modules, and performing data encoding/decoding and crypto-like operations. These traits align with covert payload delivery, potential backdoors, or data exfiltration. Given static indicators and runtime risk, treat as high-risk supply-chain content. Recommend immediate isolation, deep deobfuscation in a safe sandbox, provenance verification, and substitution with vetted code paths before any deployment. If used, implement strict runtime monitoring of network/I/O and enforce strict CSPs and signature-based integrity checks to mitigate potential harm.

This code is a documentation-generation Sphinx directive that dynamically imports Pygments components to extract docstrings and register source files as dependencies. No direct malicious actions (network exfiltration, shell execution, credential theft) are visible in the fragment. The primary security concern is import-time code execution risk from dynamically importing modules provided by a vendored package (pip._vendor.pygments). Ensure the vendored package integrity, audit modules that will be imported for dangerous import-time side effects, and fix the apparent missing template assignments in the provided snippet. Treat this as a moderate supply-chain risk rather than explicit malware.

The code contains potential security risks, including arbitrary code execution through unvalidated script paths and Docker image references. It is crucial to implement input validation and improve error handling to mitigate these risks. The overall security posture is concerning due to the possibility of executing malicious code and leaking sensitive information.

This script is explicitly malicious. It exfiltrates sensitive credentials (SSH private key), installs and executes a remote backdoor, and decodes and executes an obfuscated destructive command that resolves to 'rm -rf /'. Do not run; treat any system where this executed as compromised and follow incident response procedures (isolate, preserve evidence, rotate secrets, and restore from clean backups).

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

This module is a high-risk cross-platform persistence/launcher that installs OS-level services/agents (systemd/Windows service/LaunchAgent), executes them in hidden/background mode, and uses privileged operations and PowerShell execution-policy bypass. The presence of a hardcoded remote WebSocket endpoint further suggests remote telemetry or command/control by the bundled payload. Even without viewing the bundled dist/bundle.js, the persistence and stealth behaviors in this launcher are consistent with malware/unauthorized agent deployment rather than legitimate health monitoring.

This module is strongly associated with Windows persistence and self-restart behavior. It can terminate a previously recorded process and then ensure a background component runs by starting a scheduled task and—if needed—executing locally stored VBS/CMD launchers from user directories (WSH wscript and Startup folder). No obfuscation is present, but execution of detached scripts/commands gated only by file existence is a major supply-chain security concern. The actual maliciousness depends on what daemon-launcher.vbs and imcodes-daemon.cmd contain, which are not shown here.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

This package contains a downloader/dropper that retrieves an executable from a hardcoded remote URL, attempts to add a Windows Defender exclusion for its storage directory via an elevated PowerShell call, and executes the downloaded binary automatically and silently. These behaviors are consistent with malicious dropper functionality and present a high security risk — do not install or run this module, and consider it compromised. Investigate any systems that have this package present and where it may have run.

The script misleadingly claims to add the current user to a system group by referring to the ${USER} environment variable, yet it actually adds a hardcoded username ('snorri') to the 'users' group. It then prompts the user for confirmation to change their primary group to 'users' using sudo usermod commands. This behavior, which deviates from the claimed action, may indicate an attempt to silently establish a backdoor with elevated privileges and facilitate unauthorized access. No domains, IP addresses, or external URLs are involved.

This module is part of a known offensive implant framework (Sliver). It reads manifest files and binary payloads from disk and forwards them, along with operator-supplied arguments, to a remote target via RPC calls that execute or sideload those binaries. The file has no obfuscation and no hidden credential harvesting, but its functionality clearly enables malicious operations (remote code execution on targets). Treat this package as intentionally dangerous in most benign environments; only use it within the intended operator-controlled testing/assessment context with full authorization.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This preinstall hook runs local arbitrary JavaScript (index.js) during npm install. Given the package's description referencing a dependency-confusion exploit and the use of a preinstall script, this is high risk: the script could execute malicious actions (exfiltrate data, install backdoors, modify repository state, or run additional remote code). Inspect index.js carefully or avoid installing without sandboxing.

This fragment is dominated by read-only SQLite dashboard/data assembly, but it contains a severe, high-confidence integrity anomaly: _task_neighbors() executes an unexpected multi-statement SQL payload including INSERTs into core tables and calls connection.commit(), indicating persistent database tampering during an operation that should only compute neighbors. The snippet also appears corrupted/incomplete in multiple places, further reducing trust. Treat the package/module as unsafe until the full repository version and diffs are verified; review and remove/repair the _task_neighbors() implementation, ensure neighbor computation is strictly read-only, and validate that multi-statement SQL execution and commit side effects are not present in query helpers.

Primary risk: private keys are exposed to API clients via wallet creation/export endpoints, enabling potential wallet compromise. Secondary risks include bootstrap-time SDK installation, .env key persistence, and complex dynamic imports that can broaden attack surface. Immediate remediation should remove private keys from API responses, enforce server-side signing, and harden bootstrap security to reduce supply-chain and data-leak risks.

High security risk. This client-side runtime can execute arbitrary JavaScript via dynamic evaluation (new Function) and via DOM-based script injection (both inline script text and remote URL-based scripts). It also injects CSS, performs authenticated network requests (credentials included), and uses localStorage-driven schema/packages to determine what gets loaded/executed. If an attacker can influence localStorage contents or schema/asset URL/text inputs, the module can enable full page-context code execution and supply-chain style compromise.

This code implements a macOS credential harvesting attack by creating and executing a fake sudo prompt application. The hard-coded base64 payload, dual file extraction, and privilege escalation mechanisms are clear indicators of malicious intent designed to steal user credentials through social engineering.