Secure your dependencies. Ship with confidence.

This file contains import-time backdoor behavior: immediately upon module import it opens local files “config.py” and “menu.py” and uploads them as multipart attachments in HTTP GET requests to http://87[.]251[.]77[.]103:5000. All exceptions are silently suppressed, ensuring stealth. The rest of the code implements benign callback utilities, but these two requests constitute deliberate data exfiltration and a high-risk supply-chain compromise.

The provided code is malicious. It's designed to steal sensitive information from the user's system, including Discord tokens, and exfiltrate this data to an attacker. It also collects system and network configuration information. The code shows signs of intentional obfuscation and use of hardcoded credentials for malicious purposes.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

This script is sending system information and a payload to a remote server. This behavior is suspicious and potentially malicious.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code contains potentially malicious behavior by sending data to an external server and exposing environment variables. This poses a significant security risk.

Live on npm for 4 days, 13 hours and 19 minutes before removal. Socket users were protected even while the package was live.

Heavily obfuscated module that automatically downloads code archives from a local GitLab server (192[.]168[.]1[.]242:10985) using hardcoded private tokens embedded in the source code. The module extracts downloaded content to temporary directories and automatically overwrites local project source files without validation or explicit user consent. It performs string replacements in JavaScript files to modify require statements and module loading behavior. The obfuscation techniques include string array lookups and encoded function names to obscure functionality. Hardcoded authentication tokens ('G4HJRsHr9D7Ssmixegw2' and 'FT3pKzxpRynFkmddJ9Bs') pose credential exposure risks. While no explicit data exfiltration or reverse shells are present, the automatic code download and local file modification without integrity checks creates significant supply chain security risks and potential for code injection if the remote server or tokens are compromised.

This module is a high-risk utility because it fetches Python code from remote URLs and local markdown files and executes that code directly via execute_py_script_string_as_new_proc without validation or sandboxing. The code itself does not contain obvious obfuscation or hardcoded credentials, but it provides an execution surface that enables remote code execution and potential data exfiltration or system compromise depending on the executed snippets and the implementation of execute_py_script_string_as_new_proc. Treat calls that use remote URLs or untrusted markdown as dangerous. Use only with trusted content or add validation/sandboxing (e.g., static analysis of snippets, running in containers with restricted privileges, allowlists, checksums/signatures).

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code functions as a dropper/downloader that retrieves files from arbitrary URLs and executes them with hidden console windows. The code uses urllib.request.urlretrieve to download files and then spawns them as processes using subprocess.Popen with shell=True, which enables remote code execution. The execution is hidden from users through the SW_HIDE flag. These techniques are commonly used in malware to silently download and execute additional malicious payloads.

Live on pypi for 7 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The code offers convenient completion helpers but contains a high-risk pattern: using eval() on a substring derived from a user-controlled completion string with an attacker-controlled or broad globals mapping. This enables arbitrary code execution and information disclosure of objects available in 'globs'. The fragment is not evidently malicious or obfuscated, but it represents a moderate-to-high security risk in any context where 's' or 'globs' can be influenced by untrusted parties. Recommend removing eval and implementing a safe dotted-name resolution and tightening what globals are exposed.

Live on pypi for 1 day, 11 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This module deliberately hides executable code inside a base64-encoded, zlib-compressed blob and executes it unconditionally with exec() on import. That pattern prevents code review and is a high-risk supply-chain anti-pattern. Without decoding the blob we cannot determine whether the payload is malicious, but the use of exec() over an obfuscated, embedded payload executed at import time is sufficient grounds to treat this package as untrusted until the embedded code is decoded and audited. Recommend immediate offline decoding and full review, or removal/blocking of this package from sensitive environments.

Live on pypi for 15 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

This module is functionally a network-exposed SSH remote shell. After public-key authentication, it spawns an unrestricted interactive system shell in a PTY and relays the shell I/O over the SSH connection, enabling remote command execution on the host. Additional concerns include setting TERM in the server environment from untrusted client input and, in debug mode, logging potentially sensitive session content. No explicit stealth/exfiltration/persistence code is present in this file, but the capability itself is high-impact and strongly suspicious in a supply-chain context unless the deployment purpose and access controls are tightly governed.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits malicious behavior by exfiltrating system and package information to external servers. This poses a significant security risk and indicates a high probability of malicious intent.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This module is best classified as a suspicious packed/loader component rather than a normal business utility library. It contains strong indicators of runtime hidden behavior: embedded-resource decoding, Reflection.Emit DynamicMethod/IL generation, and delegate/field injection, plus credential-like values materialized during static initialization (SysVars). Although the snippet does not conclusively show specific exfiltration targets, the loader capabilities and packing indicators warrant immediate isolation, sandbox execution, and inspection of the embedded resources and generated IL/delegates.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This package executes index.js as a postinstall script. That is a high-risk pattern because the installed script can run arbitrary code on the host (data exfiltration, remote shells, modifying or deleting files, adding persistent hooks, etc.). Given the package description explicitly saying "Hijack", treat this as potentially malicious until you inspect index.js in a safe environment. Do not install it on production or sensitive machines; inspect the file contents, run it in an isolated sandbox, and verify the publisher before trusting.

Live on npm for 2 hours and 50 minutes before removal. Socket users were protected even while the package was live.

This module contains a critical remote code execution mechanism: it executes socket-provided n.code by dynamically constructing and evaluating an async function string, with the executed payload granted powerful capabilities (access to the OBS client instance and a backend log POST function). An IP allowlist gate only restricts when the overlay activates and does not mitigate the core code-execution sink. If the trigger source is not strictly authenticated and the code is not cryptographically verified/allowlisted server-side, the risk is high and consistent with backdoor-like integration behavior.

The code exhibits malicious behavior by collecting and sending system information to an external server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 4 days, 4 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code performs malicious data exfiltration by collecting sensitive system information, encrypting it with a static key, and sending it to a suspicious hardcoded IP address during installation. This behavior represents a high security risk and is indicative of malware designed to stealthily leak system data. The obfuscation is moderate, mainly via encryption and string construction. Users should avoid using this package due to the significant privacy and security threat.

Live on npm for 11 hours and 32 minutes before removal. Socket users were protected even while the package was live.

High likelihood of malicious/privacy-invasive behavior. The extension reads sensitive authentication/session data from both the clipboard and local Cursor database files, derives API tokens, and exfiltrates them along with user email and usage/cost details to remote team-server endpoints. It also fetches server configuration from a hardcoded third-party GitHub Gist raw URL, which can direct where exfiltration occurs. No direct evidence of reverse shells or file-destruction is present in the snippet, but the data theft + exfiltration pattern is strong.

Live on openvsx for 7 days, 13 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This file contains import-time backdoor behavior: immediately upon module import it opens local files “config.py” and “menu.py” and uploads them as multipart attachments in HTTP GET requests to http://87[.]251[.]77[.]103:5000. All exceptions are silently suppressed, ensuring stealth. The rest of the code implements benign callback utilities, but these two requests constitute deliberate data exfiltration and a high-risk supply-chain compromise.

The provided code is malicious. It's designed to steal sensitive information from the user's system, including Discord tokens, and exfiltrate this data to an attacker. It also collects system and network configuration information. The code shows signs of intentional obfuscation and use of hardcoded credentials for malicious purposes.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

This script is sending system information and a payload to a remote server. This behavior is suspicious and potentially malicious.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code contains potentially malicious behavior by sending data to an external server and exposing environment variables. This poses a significant security risk.

Live on npm for 4 days, 13 hours and 19 minutes before removal. Socket users were protected even while the package was live.

Heavily obfuscated module that automatically downloads code archives from a local GitLab server (192[.]168[.]1[.]242:10985) using hardcoded private tokens embedded in the source code. The module extracts downloaded content to temporary directories and automatically overwrites local project source files without validation or explicit user consent. It performs string replacements in JavaScript files to modify require statements and module loading behavior. The obfuscation techniques include string array lookups and encoded function names to obscure functionality. Hardcoded authentication tokens ('G4HJRsHr9D7Ssmixegw2' and 'FT3pKzxpRynFkmddJ9Bs') pose credential exposure risks. While no explicit data exfiltration or reverse shells are present, the automatic code download and local file modification without integrity checks creates significant supply chain security risks and potential for code injection if the remote server or tokens are compromised.

This module is a high-risk utility because it fetches Python code from remote URLs and local markdown files and executes that code directly via execute_py_script_string_as_new_proc without validation or sandboxing. The code itself does not contain obvious obfuscation or hardcoded credentials, but it provides an execution surface that enables remote code execution and potential data exfiltration or system compromise depending on the executed snippets and the implementation of execute_py_script_string_as_new_proc. Treat calls that use remote URLs or untrusted markdown as dangerous. Use only with trusted content or add validation/sandboxing (e.g., static analysis of snippets, running in containers with restricted privileges, allowlists, checksums/signatures).

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code functions as a dropper/downloader that retrieves files from arbitrary URLs and executes them with hidden console windows. The code uses urllib.request.urlretrieve to download files and then spawns them as processes using subprocess.Popen with shell=True, which enables remote code execution. The execution is hidden from users through the SW_HIDE flag. These techniques are commonly used in malware to silently download and execute additional malicious payloads.

Live on pypi for 7 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The code offers convenient completion helpers but contains a high-risk pattern: using eval() on a substring derived from a user-controlled completion string with an attacker-controlled or broad globals mapping. This enables arbitrary code execution and information disclosure of objects available in 'globs'. The fragment is not evidently malicious or obfuscated, but it represents a moderate-to-high security risk in any context where 's' or 'globs' can be influenced by untrusted parties. Recommend removing eval and implementing a safe dotted-name resolution and tightening what globals are exposed.

Live on pypi for 1 day, 11 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This module deliberately hides executable code inside a base64-encoded, zlib-compressed blob and executes it unconditionally with exec() on import. That pattern prevents code review and is a high-risk supply-chain anti-pattern. Without decoding the blob we cannot determine whether the payload is malicious, but the use of exec() over an obfuscated, embedded payload executed at import time is sufficient grounds to treat this package as untrusted until the embedded code is decoded and audited. Recommend immediate offline decoding and full review, or removal/blocking of this package from sensitive environments.

Live on pypi for 15 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

This module is functionally a network-exposed SSH remote shell. After public-key authentication, it spawns an unrestricted interactive system shell in a PTY and relays the shell I/O over the SSH connection, enabling remote command execution on the host. Additional concerns include setting TERM in the server environment from untrusted client input and, in debug mode, logging potentially sensitive session content. No explicit stealth/exfiltration/persistence code is present in this file, but the capability itself is high-impact and strongly suspicious in a supply-chain context unless the deployment purpose and access controls are tightly governed.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits malicious behavior by exfiltrating system and package information to external servers. This poses a significant security risk and indicates a high probability of malicious intent.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This module is best classified as a suspicious packed/loader component rather than a normal business utility library. It contains strong indicators of runtime hidden behavior: embedded-resource decoding, Reflection.Emit DynamicMethod/IL generation, and delegate/field injection, plus credential-like values materialized during static initialization (SysVars). Although the snippet does not conclusively show specific exfiltration targets, the loader capabilities and packing indicators warrant immediate isolation, sandbox execution, and inspection of the embedded resources and generated IL/delegates.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This package executes index.js as a postinstall script. That is a high-risk pattern because the installed script can run arbitrary code on the host (data exfiltration, remote shells, modifying or deleting files, adding persistent hooks, etc.). Given the package description explicitly saying "Hijack", treat this as potentially malicious until you inspect index.js in a safe environment. Do not install it on production or sensitive machines; inspect the file contents, run it in an isolated sandbox, and verify the publisher before trusting.

Live on npm for 2 hours and 50 minutes before removal. Socket users were protected even while the package was live.

This module contains a critical remote code execution mechanism: it executes socket-provided n.code by dynamically constructing and evaluating an async function string, with the executed payload granted powerful capabilities (access to the OBS client instance and a backend log POST function). An IP allowlist gate only restricts when the overlay activates and does not mitigate the core code-execution sink. If the trigger source is not strictly authenticated and the code is not cryptographically verified/allowlisted server-side, the risk is high and consistent with backdoor-like integration behavior.

The code exhibits malicious behavior by collecting and sending system information to an external server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 4 days, 4 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code performs malicious data exfiltration by collecting sensitive system information, encrypting it with a static key, and sending it to a suspicious hardcoded IP address during installation. This behavior represents a high security risk and is indicative of malware designed to stealthily leak system data. The obfuscation is moderate, mainly via encryption and string construction. Users should avoid using this package due to the significant privacy and security threat.

Live on npm for 11 hours and 32 minutes before removal. Socket users were protected even while the package was live.

High likelihood of malicious/privacy-invasive behavior. The extension reads sensitive authentication/session data from both the clipboard and local Cursor database files, derives API tokens, and exfiltrates them along with user email and usage/cost details to remote team-server endpoints. It also fetches server configuration from a hardcoded third-party GitHub Gist raw URL, which can direct where exfiltration occurs. No direct evidence of reverse shells or file-destruction is present in the snippet, but the data theft + exfiltration pattern is strong.

Live on openvsx for 7 days, 13 hours and 16 minutes before removal. Socket users were protected even while the package was live.