Secure your dependencies. Ship with confidence.

Malicious automation/exfiltration script that controls a running Chromium/Kiwi browser via Chrome DevTools Protocol (connects to http://localhost:9222/json and the tab’s webSocketDebuggerUrl) to inject JavaScript for navigation, DOM interaction, cookie manipulation, and page data extraction. It automates Google account sign-in and recovery flows (accounts.google[.]com, mail.google[.]com), including entering credentials/recovery email and attempting password changes, while reporting statuses and (in some branches) passwords to a remote backend via HTTP requests (requests.patch/requests.post) using an externally-defined server base URL (imported as link_sms). Data theft/exfiltration: on Android, it runs adb commands and uses root (su -c) to copy the browser profile directory /data/user/0/com.kiwibrowser.browser/app_chrome to /sdcard/, zips the collected profile, and uploads the ZIP to the remote server (link_sms/.../upload/...). This directory likely contains cookies/session tokens and other sensitive browser data. Remote code execution/stager: the embedded JS payload under key 'si' includes a command string that retrieves code from https://runcode-d24f5-default-rtdb.firebaseio[.]com/run[.]json, writes it to code.py, and runs "python3 code.py" (download-and-execute behavior). Overall severity is high: combines device/browser control (adb, DevTools websocket), credential/account takeover automation, sensitive profile theft, external exfiltration, and a remote code download/execute mechanism.

This module performs LinkedIn interactions but also repeatedly sends LinkedIn session cookies (li_at and JSESSIONID) as JSON to a hardcoded external API endpoint (https://3hz1hdpnlf.execute-api.eu-west-1.amazonaws.com/prod). That constitutes a high-risk behavior (credential harvesting / data exfiltration). Unless the external endpoint is trusted and intended as a secure proxy maintained by the same project/organization (which should be verified out-of-band), this package should be treated as unsafe. I recommend not using this package or removing/rewriting any calls that transmit session cookies to third-party domains. Also audit any accounts where these credentials may have been used and rotate session tokens/cookies.

This module is primarily an LLM/image/video wrapper that forwards user-controlled prompts/media and resolved provider credentials to external services. The most significant security concern is an explicit LLM-to-bash command generation workflow (execute_llm_command) that is designed for downstream automation and could enable command injection/RCE if executed without strict validation/sandboxing. Additionally, gen_image(save=True) performs filesystem writes using an unsanitized, caller-influenced filename fragment, creating potential path manipulation/overwrite risk. No direct malicious payload or direct subprocess execution is present in the shown fragment, but the agentic command-generation pattern makes this a high-risk component in a supply-chain context.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The fragment demonstrates a high-risk remote code execution backdoor pattern: it fetches code from an external URL and executes it without validation, with potential access to require and the runtime environment. This should be treated as extremely dangerous in any library or dependency context. Implement robust safeguards, remove dynamic execution of untrusted payloads, and replace with strict code signing, integrity checks, or sandboxed evaluation if ever necessary.

The analyzed code shows clear indicators of credential leakage and outbound data transmission via Git hooks, coupled with environment-based tokens and verbose tracing. The presence of a hardcoded credential helper and a push-exfiltration hook constitutes strong security and supply-chain abuse signals. Overall, this pattern represents a high-risk scenario that should be remediated before deployment: remove hardcoded credentials, restrict/validate hook contents, ensure tokens are never embedded in scripts, and audit environment-variable handling and external endpoints.

This code mostly contains standard libraries and application logic, but includes clearly malicious/unwanted behavior: a locale-and-host-targeted payload that, after a delay, disables page interactions and auto-plays an externally-hosted audio file (hardcoded URL). It also injects a script tag loading code from http://localhost:8000 which can execute arbitrary code. These behaviors are unexpected for a UI library and constitute a supply-chain/backdoor risk. Remove or disable the geo-targeted delayed audio injection and avoid unconditional injection of remote scripts (especially via plain HTTP). Review package source and provenance immediately.

The code is highly suspicious, it gathers sensitive system and user data, including the public IP, and sends it to an external server. Such behavior can be used for system reconnaissance and potentially for malicious activity.

Live on npm for 18 days, 20 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code permits runtime evaluation and loading of scripts discovered within its content, a capability that can be legitimate for dynamic features but poses strong security risks in supply chain contexts. Without sanitization, validation, or sandboxing, this pattern enables arbitrary code execution from untrusted input, increasing the risk of data leakage, unauthorized actions, and potential compromise of the host page.

This module contains high-risk behavior: it serializes and transmits module globals and function inputs/outputs to external VarSnap endpoints and — critically — it deserializes (pickle.loads) remote data and injects it into the running process globals before executing code. Untrusted pickle deserialization plus globals injection is a remote code execution vector; serializing globals is a significant data-exfiltration risk. Treat this package as dangerous for use in untrusted or production environments unless you fully control and audit the remote VarSnap service and the environment variables. The code as written should be considered insecure and potentially malicious in a supply-chain context.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This code contains clear malicious behavior. It establishes unauthorized communication channels, uses hardcoded credentials, and sends system information to external email addresses. It appears to be setting up a backdoor through a TCP tunnel that could allow remote access to the local system.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

This package runs a local Node script at install time (both preinstall and postinstall). That behavior is potentially dangerous because preinstall.js will execute arbitrary code with the installer's privileges. You should inspect the contents of preinstall.js before installing. Treat this as suspicious until proven benign.

Live on npm for 10 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The code contains a dangerous deserialization/execution pattern: it will exec Python source strings stored in MongoDB documents and then call functions created from them. If an attacker can write or modify documents in the database this code reads, they can achieve arbitrary code execution in the running process. There are no explicit hardcoded backdoors or network exfiltration strings in the fragment, but the exec-on-DB-content pattern is a high-risk operation and effectively enables arbitrary malicious behavior. Additionally, there is a clear bug in mpy._serialize_func (a malformed re.search call). Recommendation: treat this as high security risk unless you can guarantee all database writers are fully trusted; remove or sandbox the exec path and validate/cryptographically sign serialized functions.

Live on pypi for 4 days, 22 hours and 44 minutes before removal. Socket users were protected even while the package was live.

The code performs clear, immediate destructive filesystem actions that delete SSH- and Git-related configuration files in the module directory. This behavior is consistent with supply-chain sabotage: removing credentials/configuration without user consent. Even though there is no network exfiltration, the deletion of .ssh and .gitconfig can cause credential loss and workflow breakage. Treat this module as malicious/untrusted and do not run or install it; restore affected files from backups and audit systems where it ran.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

The analyzed code is heavily obfuscated and uses eval() to execute dynamically generated code, which manipulates the DOM and suppresses console output. While no explicit malicious actions like network communication or data theft are clearly visible, the obfuscation, eval usage, and dynamic DOM manipulation strongly indicate a high security risk and potential malicious intent. The lack of meaningful reports and the complexity of the code prevent definitive classification, but caution is strongly advised.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file checks system environment variables against predefined filters and, if no match is found, exfiltrates the variables to a suspicious, obfuscated domain (e.g., eo3v2hvho25[.]bp53[.]m[.]pip[.]edr[.]eam[.]net). The environment data is base64-encoded before transmission, suggesting an attempt to avoid detection. This behavior constitutes data theft and poses a serious security risk.

Malicious automation/exfiltration script that controls a running Chromium/Kiwi browser via Chrome DevTools Protocol (connects to http://localhost:9222/json and the tab’s webSocketDebuggerUrl) to inject JavaScript for navigation, DOM interaction, cookie manipulation, and page data extraction. It automates Google account sign-in and recovery flows (accounts.google[.]com, mail.google[.]com), including entering credentials/recovery email and attempting password changes, while reporting statuses and (in some branches) passwords to a remote backend via HTTP requests (requests.patch/requests.post) using an externally-defined server base URL (imported as link_sms). Data theft/exfiltration: on Android, it runs adb commands and uses root (su -c) to copy the browser profile directory /data/user/0/com.kiwibrowser.browser/app_chrome to /sdcard/, zips the collected profile, and uploads the ZIP to the remote server (link_sms/.../upload/...). This directory likely contains cookies/session tokens and other sensitive browser data. Remote code execution/stager: the embedded JS payload under key 'si' includes a command string that retrieves code from https://runcode-d24f5-default-rtdb.firebaseio[.]com/run[.]json, writes it to code.py, and runs "python3 code.py" (download-and-execute behavior). Overall severity is high: combines device/browser control (adb, DevTools websocket), credential/account takeover automation, sensitive profile theft, external exfiltration, and a remote code download/execute mechanism.

This module performs LinkedIn interactions but also repeatedly sends LinkedIn session cookies (li_at and JSESSIONID) as JSON to a hardcoded external API endpoint (https://3hz1hdpnlf.execute-api.eu-west-1.amazonaws.com/prod). That constitutes a high-risk behavior (credential harvesting / data exfiltration). Unless the external endpoint is trusted and intended as a secure proxy maintained by the same project/organization (which should be verified out-of-band), this package should be treated as unsafe. I recommend not using this package or removing/rewriting any calls that transmit session cookies to third-party domains. Also audit any accounts where these credentials may have been used and rotate session tokens/cookies.

This module is primarily an LLM/image/video wrapper that forwards user-controlled prompts/media and resolved provider credentials to external services. The most significant security concern is an explicit LLM-to-bash command generation workflow (execute_llm_command) that is designed for downstream automation and could enable command injection/RCE if executed without strict validation/sandboxing. Additionally, gen_image(save=True) performs filesystem writes using an unsanitized, caller-influenced filename fragment, creating potential path manipulation/overwrite risk. No direct malicious payload or direct subprocess execution is present in the shown fragment, but the agentic command-generation pattern makes this a high-risk component in a supply-chain context.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The fragment demonstrates a high-risk remote code execution backdoor pattern: it fetches code from an external URL and executes it without validation, with potential access to require and the runtime environment. This should be treated as extremely dangerous in any library or dependency context. Implement robust safeguards, remove dynamic execution of untrusted payloads, and replace with strict code signing, integrity checks, or sandboxed evaluation if ever necessary.

The analyzed code shows clear indicators of credential leakage and outbound data transmission via Git hooks, coupled with environment-based tokens and verbose tracing. The presence of a hardcoded credential helper and a push-exfiltration hook constitutes strong security and supply-chain abuse signals. Overall, this pattern represents a high-risk scenario that should be remediated before deployment: remove hardcoded credentials, restrict/validate hook contents, ensure tokens are never embedded in scripts, and audit environment-variable handling and external endpoints.

This code mostly contains standard libraries and application logic, but includes clearly malicious/unwanted behavior: a locale-and-host-targeted payload that, after a delay, disables page interactions and auto-plays an externally-hosted audio file (hardcoded URL). It also injects a script tag loading code from http://localhost:8000 which can execute arbitrary code. These behaviors are unexpected for a UI library and constitute a supply-chain/backdoor risk. Remove or disable the geo-targeted delayed audio injection and avoid unconditional injection of remote scripts (especially via plain HTTP). Review package source and provenance immediately.

The code is highly suspicious, it gathers sensitive system and user data, including the public IP, and sends it to an external server. Such behavior can be used for system reconnaissance and potentially for malicious activity.

Live on npm for 18 days, 20 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code permits runtime evaluation and loading of scripts discovered within its content, a capability that can be legitimate for dynamic features but poses strong security risks in supply chain contexts. Without sanitization, validation, or sandboxing, this pattern enables arbitrary code execution from untrusted input, increasing the risk of data leakage, unauthorized actions, and potential compromise of the host page.

This module contains high-risk behavior: it serializes and transmits module globals and function inputs/outputs to external VarSnap endpoints and — critically — it deserializes (pickle.loads) remote data and injects it into the running process globals before executing code. Untrusted pickle deserialization plus globals injection is a remote code execution vector; serializing globals is a significant data-exfiltration risk. Treat this package as dangerous for use in untrusted or production environments unless you fully control and audit the remote VarSnap service and the environment variables. The code as written should be considered insecure and potentially malicious in a supply-chain context.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This code contains clear malicious behavior. It establishes unauthorized communication channels, uses hardcoded credentials, and sends system information to external email addresses. It appears to be setting up a backdoor through a TCP tunnel that could allow remote access to the local system.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

This package runs a local Node script at install time (both preinstall and postinstall). That behavior is potentially dangerous because preinstall.js will execute arbitrary code with the installer's privileges. You should inspect the contents of preinstall.js before installing. Treat this as suspicious until proven benign.

Live on npm for 10 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The code contains a dangerous deserialization/execution pattern: it will exec Python source strings stored in MongoDB documents and then call functions created from them. If an attacker can write or modify documents in the database this code reads, they can achieve arbitrary code execution in the running process. There are no explicit hardcoded backdoors or network exfiltration strings in the fragment, but the exec-on-DB-content pattern is a high-risk operation and effectively enables arbitrary malicious behavior. Additionally, there is a clear bug in mpy._serialize_func (a malformed re.search call). Recommendation: treat this as high security risk unless you can guarantee all database writers are fully trusted; remove or sandbox the exec path and validate/cryptographically sign serialized functions.

Live on pypi for 4 days, 22 hours and 44 minutes before removal. Socket users were protected even while the package was live.

The code performs clear, immediate destructive filesystem actions that delete SSH- and Git-related configuration files in the module directory. This behavior is consistent with supply-chain sabotage: removing credentials/configuration without user consent. Even though there is no network exfiltration, the deletion of .ssh and .gitconfig can cause credential loss and workflow breakage. Treat this module as malicious/untrusted and do not run or install it; restore affected files from backups and audit systems where it ran.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

The analyzed code is heavily obfuscated and uses eval() to execute dynamically generated code, which manipulates the DOM and suppresses console output. While no explicit malicious actions like network communication or data theft are clearly visible, the obfuscation, eval usage, and dynamic DOM manipulation strongly indicate a high security risk and potential malicious intent. The lack of meaningful reports and the complexity of the code prevent definitive classification, but caution is strongly advised.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file checks system environment variables against predefined filters and, if no match is found, exfiltrates the variables to a suspicious, obfuscated domain (e.g., eo3v2hvho25[.]bp53[.]m[.]pip[.]edr[.]eam[.]net). The environment data is base64-encoded before transmission, suggesting an attempt to avoid detection. This behavior constitutes data theft and poses a serious security risk.