Secure your dependencies. Ship with confidence.

This code actively harvests potentially sensitive data (environment variables that look like secrets, system metadata, AWS identity) and exfiltrates it to hardcoded external endpoints (domain and IP), including a DNS leak. Behavior is consistent with credential harvesting and telemetry exfiltration. Treat this as malicious: remove/stop execution, investigate any systems where this ran, rotate exposed credentials and AWS keys. Do not run this package in production or on developer machines.

Live on npm for 11 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The majority of the code is legitimate UI/modal functionality. However, there is an explicit malicious/disruptive snippet that targets users based on navigator.language and host TLDs: it disables page interaction and injects/plays a looping audio file from a hardcoded external URL after a 3-day delay. This is a politically motivated, supply-chain style malicious behavior and should be considered malicious. Remove or patch this code and treat the package as compromised.

The code contains a malicious or highly undesirable injection: a targeted, time-delayed, persistent routine that disables page interaction and autoplays an externally hosted audio file for Russian-locale/hosted pages. This behavior is out-of-scope for a UI/dialog library and should be treated as a compromise or intentional backdoor. Recommendation: do not use this package version; remove or patch out the conditional block immediately and verify package integrity (check upstream source, verify signatures, compare with official release tags). If this version was pulled from npm/untrusted mirror, obtain clean copy from the official repository and rotate any deployment where this code may have run.

This fragment demonstrates a clear data exfiltration and prompt-injection vector aimed at harvesting Slack channel content and sending it to an external website, with optional direct messaging to a recipient. This constitutes malicious behavior from a security and supply-chain perspective, enabling information leakage and potential backdoor-like data exfiltration via the injected instructions.

This file implements a high-risk Android/web automation toolkit with behaviors consistent with malware or malicious automation. Key behaviors: - Privileged access and modification of Android app private data: uses `su -c` plus `cp -rf` and `chmod -R 777` to copy files into and out of `/data/user/0/<apk>` (other apps’ private storage), enabling theft or tampering with app data. - Data exfiltration: `up_file()` copies an app’s private directory (`/data/user/0/<apk>`) to external storage, zips it, and uploads it to a remote server via `requests.post(f"{link_sms}/upload/<folder>/<username>.zip")`, and updates remote JSON state via PATCH/DELETE requests to `link_sms` (operator-controlled endpoint imported from the package). - Remote payload staging/injection: `do_file()` / `do_kiwi()` download ZIP archives from `link_sms` (e.g., `GET {link_sms}/files/<folder>/<username>.zip`), extract to `/sdcard/`, then copy into an app’s private directory under root, effectively allowing remote file deployment into app data. - Remote device control primitives: extensive ADB command execution via `subprocess.run(..., shell=True)` (e.g., `adb shell pm clear`, `am start`, `input text`, swipes/taps), enabling scripted control of a connected device. - Automated CAPTCHA bypass / account-abuse helpers: integrates 2Captcha (`http://2captcha[.]com/...`), AI chat completion calls to DeepSeek (`https://api[.]deepseek[.]com/v1/chat/completions`), audio download + speech-to-text for reCAPTCHA, and OpenCV-based Geetest slider solving; these features are commonly used for large-scale automated signup/login abuse. - Embedded secrets: hardcoded API keys/tokens are present for 2Captcha and AI services, which could be abused by anyone obtaining the code. Observed external endpoints in code include: `2captcha[.]com`, `api[.]deepseek[.]com`, `api[.]us[.]nylas[.]com`, `tempmail[.]plus`, `inboxes[.]com`, and `0x0[.]st` (commented). The primary command-and-control / storage endpoint is `link_sms` (value defined elsewhere in the package), which is used for file download/upload and remote JSON coordination. Overall, the code provides direct mechanisms to steal and remotely upload sensitive app data from rooted Android devices, and to inject remote content into app-private storage, alongside automation/bypass tooling—behavior consistent with malware or a malicious abuse toolkit.

Live on pypi for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This code configures an AI model organism with explicitly malicious capabilities including data exfiltration and blackmail functionality. While containing a syntax error, the clear intent to support harmful operations makes this highly dangerous.

This fragment is not program code but rather a large forum-like dump of pornographic resource listings and download links (many wrapped by a redirector). It contains numerous external URLs, archive passwords, and descriptions that include potentially illegal sexual content (incest, references to students/JK/’小学妹’ etc.). As data it is not itself malware, but it presents significant security, legal and privacy risks if clicked or downloaded: possible malware/drive-by downloads, distribution of illegal content, and exposure of users to illicit material and tracking. I recommend treating all links as untrusted, not following them, and removing such content from any repository. If this was found inside a package or repo, flag and remove the file, investigate how it was added, and check for supply-chain compromise.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

This file is an active exploit plugin for the Struts2 OGNL remote code execution vulnerability. It intentionally crafts payloads that execute arbitrary commands on remote targets and reports success when command output is observed. The code is not obfuscated but contains hard-coded exploit strings and several implementation bugs (typos, possible URL construction issues). As a security scanner plugin it can be legitimate when used in authorized testing, but it is dual-use and poses a high security risk if used against unauthorized targets. Review and restrict usage, fix implementation bugs, add safe-guards (authorization checks, rate limiting, better URL construction, error handling), and treat it as potentially harmful code.

This barrel module aggregates and exposes a set of functions that, when implemented as their names imply, provide full stealer/backdoor functionality: local secret harvesting (tokens, session files, wallet keys), decryption, exfiltration to messaging platforms, persistence/background tasks, security bypass (Windows Defender exclusions), screen monitoring, and remote update/control. The explicit nature of the exports and their combination strongly indicate malicious intent. I recommend treating the package as hostile: block execution, remove from production, and perform a full code-level audit of each referenced module and any network endpoints or configuration.

This settings module contains multiple insecure configurations and several hardcoded secrets and keys that create a substantial supply‑chain and operational security risk if this repository is public or shared. There is no direct evidence of active malware in the code fragment itself, but the committed secrets and permissive production flags (DEBUG, ALLOWED_HOSTS, CORS allow all) materially increase risk of compromise and misuse. Treat this as high security risk: remove secrets from source control, rotate exposed credentials, tighten hosts/CORS/DEBUG, and audit dependent apps and configured endpoints.

The script exhibits high-risk supply-chain patterns: self-permission modification, potential GUI-triggered exposure, sourcing of user-controlled code, and a likely data/upload operation via a Python script. It is not definitive malware on its own, but it represents substantial attack surfaces and risk if included in shared software. Recommended actions: remove or sandbox self-modification behaviors, disable or restrict sourcing of ~/.command.sh, require explicit consent and clear logging for any upload actions, and inspect the contents of python.setup.py.upload to ensure benign behavior and proper isolation.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This file intentionally conceals and immediately executes an embedded Python payload using multi-stage obfuscation and exec(). That pattern is high risk for supply-chain compromise because it prevents static inspection and allows arbitrary actions at import time. Treat this artifact as untrusted until the embedded payload is fully decoded and audited in an isolated environment. Do not import/run in production. Recommended next steps: decode the blob offline, audit the resulting source, and run dynamic analysis only in an isolated sandbox.

Live on pypi for 13 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This module introduces a high-risk administrative backdoor: it creates a persistent secret stored in a predictable tmpfs path and exposes an HTTP endpoint which, when authenticated, allows execution of registered command objects. The provided CallAribitraryFunctionCommand enables importing any module and invoking any function with caller-supplied parameters — effectively remote code execution. Combined with storing the key in /dev/shm and accepting it via query parameters, the code substantially lowers the barrier for exploitation. Treat this code as a serious security risk; remove or heavily restrict arbitrary import/exec functionality, avoid persisting secrets to predictable tmpfs paths, and do not accept secrets via URL query parameters.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The source code exhibits behavior consistent with data exfiltration techniques, potentially sending sensitive system information to a suspicious domain. This poses a significant security risk and indicates possible malicious intent.

Live on npm for 23 days, 13 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This source file is a clear, explicit implementation of an extension loader and executor for a C2 implant client (Sliver). It reads extension manifests and binary files from disk and transmits raw binaries plus execution parameters to a remote implant via RPC methods that enable remote code execution. There is no obfuscation or hidden exfiltration in this file, but the behavior is inherently dangerous and malicious in many operational contexts. Additional issues: insufficient validation of manifest-supplied paths (risk of reading arbitrary local files), a small configuration bug (linux default host assigned to Windows path), and some error-handling inconsistencies. Treat this component as high-risk and review RPC transport/authorization and manifest provenance before use.

This module contains high-risk behaviors: it feeds unsanitized user-supplied content into an external CAS and then eval()s the CAS output inside the Python process. That combination creates a clear remote code execution / supply-chain risk. Even though there is no explicit networking or credential theft in the file itself, an attacker able to control 'polys' or the CoCoA binary can achieve arbitrary code execution. Recommend: do not trust unvalidated 'polys' input, remove eval() usage (parse expressions safely or implement a restricted expression evaluator), validate/sanitize CAS output before execution, avoid placing MPLCONFIGDIR in world-writable /tmp, and fix looping-variable bugs. Treat this package as risky until those issues are remediated.

This module acts as a remote-controlled network sniffer/injector: it discovers the host's local IP, initializes a native capture/injection module with a filter, streams captured traffic to a remote Socket.IO server, and accepts remote instructions to inject packets. That behavior is consistent with a supply-chain backdoor that can exfiltrate sensitive network data and enable remote network manipulation. The most critical unknown is the native _toori implementation (not provided) — that component likely contains the highest-risk functionality. Recommend treating this package as dangerous: do not install or run it on production or sensitive hosts without full source review of the native extension and strong justification. If you see this in a dependency tree, investigate origin, maintainers, and purpose immediately.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This module is a local hardware utility for camera and audio on systems like NVIDIA Jetson. It does not show network exfiltration, eval/exec code-injection, or remote backdoor behavior. However, it contains a critical insecure and surprising operation: a hardcoded sudo password string used via os.system to restart the nvargus-daemon service during camera initialization. That is a severe security anti-pattern (plaintext credential and automatic privileged command). Combined with global state mutation and side-effectful initialization, this makes the package unsafe to trust in production without review and remediation. Recommended actions: remove hardcoded credential and privileged os.system call, require explicit user action to restart services (or use proper privilege escalation flows), and avoid mutating __main__.

Live on pypi for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.

This code actively harvests potentially sensitive data (environment variables that look like secrets, system metadata, AWS identity) and exfiltrates it to hardcoded external endpoints (domain and IP), including a DNS leak. Behavior is consistent with credential harvesting and telemetry exfiltration. Treat this as malicious: remove/stop execution, investigate any systems where this ran, rotate exposed credentials and AWS keys. Do not run this package in production or on developer machines.

Live on npm for 11 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The majority of the code is legitimate UI/modal functionality. However, there is an explicit malicious/disruptive snippet that targets users based on navigator.language and host TLDs: it disables page interaction and injects/plays a looping audio file from a hardcoded external URL after a 3-day delay. This is a politically motivated, supply-chain style malicious behavior and should be considered malicious. Remove or patch this code and treat the package as compromised.

The code contains a malicious or highly undesirable injection: a targeted, time-delayed, persistent routine that disables page interaction and autoplays an externally hosted audio file for Russian-locale/hosted pages. This behavior is out-of-scope for a UI/dialog library and should be treated as a compromise or intentional backdoor. Recommendation: do not use this package version; remove or patch out the conditional block immediately and verify package integrity (check upstream source, verify signatures, compare with official release tags). If this version was pulled from npm/untrusted mirror, obtain clean copy from the official repository and rotate any deployment where this code may have run.

This fragment demonstrates a clear data exfiltration and prompt-injection vector aimed at harvesting Slack channel content and sending it to an external website, with optional direct messaging to a recipient. This constitutes malicious behavior from a security and supply-chain perspective, enabling information leakage and potential backdoor-like data exfiltration via the injected instructions.

This file implements a high-risk Android/web automation toolkit with behaviors consistent with malware or malicious automation. Key behaviors: - Privileged access and modification of Android app private data: uses `su -c` plus `cp -rf` and `chmod -R 777` to copy files into and out of `/data/user/0/<apk>` (other apps’ private storage), enabling theft or tampering with app data. - Data exfiltration: `up_file()` copies an app’s private directory (`/data/user/0/<apk>`) to external storage, zips it, and uploads it to a remote server via `requests.post(f"{link_sms}/upload/<folder>/<username>.zip")`, and updates remote JSON state via PATCH/DELETE requests to `link_sms` (operator-controlled endpoint imported from the package). - Remote payload staging/injection: `do_file()` / `do_kiwi()` download ZIP archives from `link_sms` (e.g., `GET {link_sms}/files/<folder>/<username>.zip`), extract to `/sdcard/`, then copy into an app’s private directory under root, effectively allowing remote file deployment into app data. - Remote device control primitives: extensive ADB command execution via `subprocess.run(..., shell=True)` (e.g., `adb shell pm clear`, `am start`, `input text`, swipes/taps), enabling scripted control of a connected device. - Automated CAPTCHA bypass / account-abuse helpers: integrates 2Captcha (`http://2captcha[.]com/...`), AI chat completion calls to DeepSeek (`https://api[.]deepseek[.]com/v1/chat/completions`), audio download + speech-to-text for reCAPTCHA, and OpenCV-based Geetest slider solving; these features are commonly used for large-scale automated signup/login abuse. - Embedded secrets: hardcoded API keys/tokens are present for 2Captcha and AI services, which could be abused by anyone obtaining the code. Observed external endpoints in code include: `2captcha[.]com`, `api[.]deepseek[.]com`, `api[.]us[.]nylas[.]com`, `tempmail[.]plus`, `inboxes[.]com`, and `0x0[.]st` (commented). The primary command-and-control / storage endpoint is `link_sms` (value defined elsewhere in the package), which is used for file download/upload and remote JSON coordination. Overall, the code provides direct mechanisms to steal and remotely upload sensitive app data from rooted Android devices, and to inject remote content into app-private storage, alongside automation/bypass tooling—behavior consistent with malware or a malicious abuse toolkit.

Live on pypi for 2 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This code configures an AI model organism with explicitly malicious capabilities including data exfiltration and blackmail functionality. While containing a syntax error, the clear intent to support harmful operations makes this highly dangerous.

This fragment is not program code but rather a large forum-like dump of pornographic resource listings and download links (many wrapped by a redirector). It contains numerous external URLs, archive passwords, and descriptions that include potentially illegal sexual content (incest, references to students/JK/’小学妹’ etc.). As data it is not itself malware, but it presents significant security, legal and privacy risks if clicked or downloaded: possible malware/drive-by downloads, distribution of illegal content, and exposure of users to illicit material and tracking. I recommend treating all links as untrusted, not following them, and removing such content from any repository. If this was found inside a package or repo, flag and remove the file, investigate how it was added, and check for supply-chain compromise.

Live on npm for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

This file is an active exploit plugin for the Struts2 OGNL remote code execution vulnerability. It intentionally crafts payloads that execute arbitrary commands on remote targets and reports success when command output is observed. The code is not obfuscated but contains hard-coded exploit strings and several implementation bugs (typos, possible URL construction issues). As a security scanner plugin it can be legitimate when used in authorized testing, but it is dual-use and poses a high security risk if used against unauthorized targets. Review and restrict usage, fix implementation bugs, add safe-guards (authorization checks, rate limiting, better URL construction, error handling), and treat it as potentially harmful code.

This barrel module aggregates and exposes a set of functions that, when implemented as their names imply, provide full stealer/backdoor functionality: local secret harvesting (tokens, session files, wallet keys), decryption, exfiltration to messaging platforms, persistence/background tasks, security bypass (Windows Defender exclusions), screen monitoring, and remote update/control. The explicit nature of the exports and their combination strongly indicate malicious intent. I recommend treating the package as hostile: block execution, remove from production, and perform a full code-level audit of each referenced module and any network endpoints or configuration.

This settings module contains multiple insecure configurations and several hardcoded secrets and keys that create a substantial supply‑chain and operational security risk if this repository is public or shared. There is no direct evidence of active malware in the code fragment itself, but the committed secrets and permissive production flags (DEBUG, ALLOWED_HOSTS, CORS allow all) materially increase risk of compromise and misuse. Treat this as high security risk: remove secrets from source control, rotate exposed credentials, tighten hosts/CORS/DEBUG, and audit dependent apps and configured endpoints.

The script exhibits high-risk supply-chain patterns: self-permission modification, potential GUI-triggered exposure, sourcing of user-controlled code, and a likely data/upload operation via a Python script. It is not definitive malware on its own, but it represents substantial attack surfaces and risk if included in shared software. Recommended actions: remove or sandbox self-modification behaviors, disable or restrict sourcing of ~/.command.sh, require explicit consent and clear logging for any upload actions, and inspect the contents of python.setup.py.upload to ensure benign behavior and proper isolation.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This file intentionally conceals and immediately executes an embedded Python payload using multi-stage obfuscation and exec(). That pattern is high risk for supply-chain compromise because it prevents static inspection and allows arbitrary actions at import time. Treat this artifact as untrusted until the embedded payload is fully decoded and audited in an isolated environment. Do not import/run in production. Recommended next steps: decode the blob offline, audit the resulting source, and run dynamic analysis only in an isolated sandbox.

Live on pypi for 13 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This module introduces a high-risk administrative backdoor: it creates a persistent secret stored in a predictable tmpfs path and exposes an HTTP endpoint which, when authenticated, allows execution of registered command objects. The provided CallAribitraryFunctionCommand enables importing any module and invoking any function with caller-supplied parameters — effectively remote code execution. Combined with storing the key in /dev/shm and accepting it via query parameters, the code substantially lowers the barrier for exploitation. Treat this code as a serious security risk; remove or heavily restrict arbitrary import/exec functionality, avoid persisting secrets to predictable tmpfs paths, and do not accept secrets via URL query parameters.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The source code exhibits behavior consistent with data exfiltration techniques, potentially sending sensitive system information to a suspicious domain. This poses a significant security risk and indicates possible malicious intent.

Live on npm for 23 days, 13 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This source file is a clear, explicit implementation of an extension loader and executor for a C2 implant client (Sliver). It reads extension manifests and binary files from disk and transmits raw binaries plus execution parameters to a remote implant via RPC methods that enable remote code execution. There is no obfuscation or hidden exfiltration in this file, but the behavior is inherently dangerous and malicious in many operational contexts. Additional issues: insufficient validation of manifest-supplied paths (risk of reading arbitrary local files), a small configuration bug (linux default host assigned to Windows path), and some error-handling inconsistencies. Treat this component as high-risk and review RPC transport/authorization and manifest provenance before use.

This module contains high-risk behaviors: it feeds unsanitized user-supplied content into an external CAS and then eval()s the CAS output inside the Python process. That combination creates a clear remote code execution / supply-chain risk. Even though there is no explicit networking or credential theft in the file itself, an attacker able to control 'polys' or the CoCoA binary can achieve arbitrary code execution. Recommend: do not trust unvalidated 'polys' input, remove eval() usage (parse expressions safely or implement a restricted expression evaluator), validate/sanitize CAS output before execution, avoid placing MPLCONFIGDIR in world-writable /tmp, and fix looping-variable bugs. Treat this package as risky until those issues are remediated.

This module acts as a remote-controlled network sniffer/injector: it discovers the host's local IP, initializes a native capture/injection module with a filter, streams captured traffic to a remote Socket.IO server, and accepts remote instructions to inject packets. That behavior is consistent with a supply-chain backdoor that can exfiltrate sensitive network data and enable remote network manipulation. The most critical unknown is the native _toori implementation (not provided) — that component likely contains the highest-risk functionality. Recommend treating this package as dangerous: do not install or run it on production or sensitive hosts without full source review of the native extension and strong justification. If you see this in a dependency tree, investigate origin, maintainers, and purpose immediately.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This module is a local hardware utility for camera and audio on systems like NVIDIA Jetson. It does not show network exfiltration, eval/exec code-injection, or remote backdoor behavior. However, it contains a critical insecure and surprising operation: a hardcoded sudo password string used via os.system to restart the nvargus-daemon service during camera initialization. That is a severe security anti-pattern (plaintext credential and automatic privileged command). Combined with global state mutation and side-effectful initialization, this makes the package unsafe to trust in production without review and remediation. Recommended actions: remove hardcoded credential and privileged os.system call, require explicit user action to restart services (or use proper privilege escalation flows), and avoid mutating __main__.

Live on pypi for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.