Secure your dependencies. Ship with confidence.

This module exposes a high-risk remote code execution backdoor: it connects to an obfuscated server endpoint, sends local configuration/browser core data, and evaluates server-sent scripts which are invoked with full access to the module context. This pattern permits arbitrary remote control and data exfiltration. Do not use this package unless you fully trust the server and can inspect/verify ____0.eval sandboxing and the decoded server URL and message types. Review the surrounding project, remove or replace the remote-eval behavior, or require strict authentication and signed code verification before executing any remote script.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 10 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This code fragment exhibits significant security and supply-chain risks. Key concerns include credential exposure via URL-embedded parameters, in-database patch storage (potential covert payload delivery), dynamic and non-parameterized SQL operations that enable injection, and local network interactions that could leak credentials or trigger unintended actions. While some functionality may be legitimate as an admin tool, its broad and untrusted-input-driven behavior warrants stringent access controls, input validation, parameterized queries, separation of patch handling from production data paths, and audit logging. Treat this as high-risk and subject to formal hardening or removal from open-source dependencies until properly sandboxed.

This file contains a high-risk backdoor-like behavior: a module initializer that downloads content from a remote GitHub URL, writes it to a .bat in the TEMP folder, and executes it via cmd.exe automatically when the assembly is loaded, after creating a local marker file to avoid repeat execution and manipulating WoW64 FS redirection. This is a supply-chain / remote code execution risk and should be treated as malicious. The rest of the file appears to be a benign UI/control library, but the module initializer compromises the package. Do not use this package; remove it from builds and investigate systems where this assembly was loaded.

This file is a concise offensive payload catalogue for probing and exploiting WordPress installations. It contains many high-risk payloads (LFI, SSRF, file-disclosure, XML-RPC brute-force examples, file upload endpoints, and references to known vulnerable plugin endpoints). The JSON is inert but would enable automated scanning or exploitation when consumed by tooling; therefore treat it as potentially malicious tooling and restrict use to authorized security testing environments. Review and defend targets against the enumerated techniques: disable unused endpoints (XML-RPC), protect backups and swap files from public access, harden upload handling, patch known vulnerable plugins (e.g., RevSlider), and monitor outbound requests to detect SSRF attempts.

The code handles sensitive operations related to user authentication and session management with potential risks due to the use of obfuscated code and direct environment variable access. The complexity and lack of clear documentation or secure coding practices could make it vulnerable to attacks such as code injection or unauthorized access.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module is a high-risk malicious client-side hook that tampers with fetch to harvest ChatGPT authentication and sentinel/proof tokens, exfiltrates them to another window via wildcard postMessage, and uses the stolen secrets to perform authenticated conversation actions triggered by external commands. This is consistent with credential/session theft and delegated control within a browser frame context.

This install script leaks hostname, current user, and working directory to an external server during install. That is a privacy breach and can be used for fingerprinting, targeted follow-ups, or as part of a larger malicious campaign. Treat as high risk; do not install without removing or thoroughly auditing and understanding the intent.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file is a loader that turns an opaque, embedded Base85+zlib payload into live code via compile+exec and alters sys.path to prioritize the package directory. That combination is a strong indicator of concealed behavior and poses a high supply-chain and runtime risk. Without decoding the payload in a safe environment we cannot state specific malicious actions, but dynamic execution of hidden code is unacceptable for most security-sensitive contexts and should be treated as untrusted until analyzed.

Live on pypi for 6 days, 15 hours and 53 minutes before removal. Socket users were protected even while the package was live.

This script programmatically renames a project's package.json and publishes the package to a hardcoded GitHub Packages registry, removing potential prepublish safeguards. It executes on import without confirmation and uses shell commands to replace files and run `npm publish`, which will upload repository contents to the specified registry using any available npm credentials. This behavior can enable unauthorized republishing or exfiltration of code and is a significant supply-chain risk. Do not run or include this code in library dependencies unless its purpose and invocation are explicitly trusted and audited.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This script collects a username and password and uploads all files found in the current working directory (except '__pycache__') to hardcoded HTTP endpoints at 3.108.252.238, then opens that host in a browser. This is behavior consistent with data exfiltration and credential harvesting. Do not run this code on systems containing sensitive data or credentials. Replace with a vetted, secure implementation that uses TLS, explicit user confirmation, file filters, and configurable endpoints if this functionality is legitimately required.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The code contains malicious behavior that exfiltrates a hardcoded secret string to an external server on every fetch call by overriding the global fetch function. This is a clear supply chain security incident involving data theft and unauthorized network communication. The reports provided are invalid and do not reflect the severity of the issue. The package should be considered malicious and blocked from use until fixed.

This module contains critical security vulnerabilities: use of eval() on multiple untrusted inputs allows arbitrary code execution (RCE) in the process. Database persistence calls create an additional exfiltration path depending on DatabaseV1 behavior. The code should never eval untrusted data; instead it should parse structured, safe formats (e.g., JSON arrays) and validate types and shapes. Treat this code as unsafe to run on untrusted input until eval usage is removed or replaced with a safe parser/executor.

The code poses significant security risks due to unauthorized access to Discord tokens and handling of sensitive authentication data. It could be used for malicious purposes such as account hijacking.

Live on npm for 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This code is a supply-chain tampering installer: it overwrites a module inside an installed dependency with a backdoored version that auto-subscribes the host to a list of newsletters. This constitutes unauthorized manipulation of installed packages and causes the host application to perform hidden network actions. Treat this as malicious — do not run it. Remediation: remove/restore the overwritten file from a trusted package source, delete the .cache sentinel, rotate any credentials used by processes that loaded the backdoored module, and inspect environment for other similar modifications.

This module exposes a high-risk remote code execution backdoor: it connects to an obfuscated server endpoint, sends local configuration/browser core data, and evaluates server-sent scripts which are invoked with full access to the module context. This pattern permits arbitrary remote control and data exfiltration. Do not use this package unless you fully trust the server and can inspect/verify ____0.eval sandboxing and the decoded server URL and message types. Review the surrounding project, remove or replace the remote-eval behavior, or require strict authentication and signed code verification before executing any remote script.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 10 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This code fragment exhibits significant security and supply-chain risks. Key concerns include credential exposure via URL-embedded parameters, in-database patch storage (potential covert payload delivery), dynamic and non-parameterized SQL operations that enable injection, and local network interactions that could leak credentials or trigger unintended actions. While some functionality may be legitimate as an admin tool, its broad and untrusted-input-driven behavior warrants stringent access controls, input validation, parameterized queries, separation of patch handling from production data paths, and audit logging. Treat this as high-risk and subject to formal hardening or removal from open-source dependencies until properly sandboxed.

This file contains a high-risk backdoor-like behavior: a module initializer that downloads content from a remote GitHub URL, writes it to a .bat in the TEMP folder, and executes it via cmd.exe automatically when the assembly is loaded, after creating a local marker file to avoid repeat execution and manipulating WoW64 FS redirection. This is a supply-chain / remote code execution risk and should be treated as malicious. The rest of the file appears to be a benign UI/control library, but the module initializer compromises the package. Do not use this package; remove it from builds and investigate systems where this assembly was loaded.

This file is a concise offensive payload catalogue for probing and exploiting WordPress installations. It contains many high-risk payloads (LFI, SSRF, file-disclosure, XML-RPC brute-force examples, file upload endpoints, and references to known vulnerable plugin endpoints). The JSON is inert but would enable automated scanning or exploitation when consumed by tooling; therefore treat it as potentially malicious tooling and restrict use to authorized security testing environments. Review and defend targets against the enumerated techniques: disable unused endpoints (XML-RPC), protect backups and swap files from public access, harden upload handling, patch known vulnerable plugins (e.g., RevSlider), and monitor outbound requests to detect SSRF attempts.

The code handles sensitive operations related to user authentication and session management with potential risks due to the use of obfuscated code and direct environment variable access. The complexity and lack of clear documentation or secure coding practices could make it vulnerable to attacks such as code injection or unauthorized access.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module is a high-risk malicious client-side hook that tampers with fetch to harvest ChatGPT authentication and sentinel/proof tokens, exfiltrates them to another window via wildcard postMessage, and uses the stolen secrets to perform authenticated conversation actions triggered by external commands. This is consistent with credential/session theft and delegated control within a browser frame context.

This install script leaks hostname, current user, and working directory to an external server during install. That is a privacy breach and can be used for fingerprinting, targeted follow-ups, or as part of a larger malicious campaign. Treat as high risk; do not install without removing or thoroughly auditing and understanding the intent.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file is a loader that turns an opaque, embedded Base85+zlib payload into live code via compile+exec and alters sys.path to prioritize the package directory. That combination is a strong indicator of concealed behavior and poses a high supply-chain and runtime risk. Without decoding the payload in a safe environment we cannot state specific malicious actions, but dynamic execution of hidden code is unacceptable for most security-sensitive contexts and should be treated as untrusted until analyzed.

Live on pypi for 6 days, 15 hours and 53 minutes before removal. Socket users were protected even while the package was live.

This script programmatically renames a project's package.json and publishes the package to a hardcoded GitHub Packages registry, removing potential prepublish safeguards. It executes on import without confirmation and uses shell commands to replace files and run `npm publish`, which will upload repository contents to the specified registry using any available npm credentials. This behavior can enable unauthorized republishing or exfiltration of code and is a significant supply-chain risk. Do not run or include this code in library dependencies unless its purpose and invocation are explicitly trusted and audited.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This script collects a username and password and uploads all files found in the current working directory (except '__pycache__') to hardcoded HTTP endpoints at 3.108.252.238, then opens that host in a browser. This is behavior consistent with data exfiltration and credential harvesting. Do not run this code on systems containing sensitive data or credentials. Replace with a vetted, secure implementation that uses TLS, explicit user confirmation, file filters, and configurable endpoints if this functionality is legitimately required.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The code contains malicious behavior that exfiltrates a hardcoded secret string to an external server on every fetch call by overriding the global fetch function. This is a clear supply chain security incident involving data theft and unauthorized network communication. The reports provided are invalid and do not reflect the severity of the issue. The package should be considered malicious and blocked from use until fixed.

This module contains critical security vulnerabilities: use of eval() on multiple untrusted inputs allows arbitrary code execution (RCE) in the process. Database persistence calls create an additional exfiltration path depending on DatabaseV1 behavior. The code should never eval untrusted data; instead it should parse structured, safe formats (e.g., JSON arrays) and validate types and shapes. Treat this code as unsafe to run on untrusted input until eval usage is removed or replaced with a safe parser/executor.

The code poses significant security risks due to unauthorized access to Discord tokens and handling of sensitive authentication data. It could be used for malicious purposes such as account hijacking.

Live on npm for 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This code is a supply-chain tampering installer: it overwrites a module inside an installed dependency with a backdoored version that auto-subscribes the host to a list of newsletters. This constitutes unauthorized manipulation of installed packages and causes the host application to perform hidden network actions. Treat this as malicious — do not run it. Remediation: remove/restore the overwritten file from a trusted package source, delete the .cache sentinel, rotate any credentials used by processes that loaded the backdoored module, and inspect environment for other similar modifications.