Secure your dependencies. Ship with confidence.

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

The code exhibits potential malicious behavior, particularly with the use of dynamic function execution and conditional actions based on the user's locale, which can lead to harmful outcomes if exploited.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

This module coordinates a malicious background agent that periodically extracts tokens (Discord tokens implied), verifies them, and exfiltrates them via Telegram. It also provides mechanisms to run as a detached background process and to control execution using a filesystem flag. The code shows clear signs of credential harvesting/exfiltration and stealthy persistence. Do not use this package; inspect and remove it from systems and repositories. The true exfiltration targets and network endpoints are implemented in the dynamically imported modules, which should be considered confirmed malicious given this controller code.

This code is malicious and constitutes a covert DNS-based data exfiltration backdoor. It explicitly harvests environment variables, compresses and encodes them, chunks the payload into DNS-compatible labels, and sends those labels as A-record queries to an attacker-controlled DNS server (165.232.68.239). Do not execute or include this code in any trusted environment; consider it a high-risk supply-chain compromise and treat artifacts and any systems that ran it as potentially compromised.

Live on npm for 5 days, 17 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This code is a sandbox-escape / RCE bypass toolkit. It intentionally constructs and executes payloads to restore builtins, import modules, run commands, and read files in restricted Python environments. It should be considered malicious or at minimum highly dangerous for inclusion in dependencies or execution in untrusted contexts. Do not install or run this package in production or on sensitive hosts without thorough review and containment.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on PyPI for 5 days, 6 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 8 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and exfiltrating system information to an external domain using DNS queries. This poses a significant security risk.

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 13 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

The code includes potentially suspicious behavior by sending error details along with environment variables to an external server. This could lead to information leakage. The dynamic fetching of keys from external sources and the use of hardcoded API endpoints are additional concerns. The presence of platform-specific logic to fetch keys might be intended to obfuscate or complicate analysis. Given these points, the code warrants a closer review for potential malicious intent.

Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.

The code poses a potential security risk due to the execution of `sendSystemData`, which may send system data over the network. The dynamic modification of package files is also suspicious. Further investigation into the `collector` module is necessary to determine the exact nature of `sendSystemData`.

Live on npm for 1 day, 16 hours and 21 minutes before removal. Socket users were protected even while the package was live.

This source file implements command-and-control implant handlers that intentionally provide full remote control over command execution, file system read/write/delete, environment disclosure/modification, and data exfiltration. The code contains no access controls or sandboxing and follows symlinks when archiving, increasing the risk of unintended traversal. Treated in isolation, this module is highly dangerous and should only be present in environments where such functionality is explicitly required and authorized (e.g., red-team infrastructure). If found in repositories or dependencies not explicitly labeled as C2/implant tooling, consider it malicious and remove or isolate it.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code exhibits clear malicious behavior, including downloading and executing scripts from an untrusted source, obfuscation, and data exfiltration. It poses a significant security risk.

Live on PyPI for 6 days, 10 hours and 38 minutes before removal. Socket users were protected even while the package was live.

This code is malicious: it intentionally reads a sensitive local file and exfiltrates its contents by encoding chunks into DNS queries to an attacker-controlled domain. Treat as a high-risk backdoor/exfiltration component; remove and investigate affected hosts. Patch systems to block or monitor suspicious outbound DNS queries and audit execution context that ran this code.

The code contains sensitive hardcoded credentials, posing a significant security risk if the information is valid. There is no evidence of malware or intentional obfuscation.

Live on npm for 1 hour and 33 minutes before removal. Socket users were protected even while the package was live.

This code contains a critical command injection vulnerability that allows arbitrary code execution through the audioTrans function. While the messaging functionality appears legitimate, the security flaws effectively turn this into a potential backdoor when exploited. The combination of command injection, path traversal, and unrestricted network access creates multiple high-impact attack vectors.

This assembly contains a heavily obfuscated runtime loader/anti-tamper module that reads encrypted embedded resources, verifies signatures/time checks, allocates executable memory, writes bytes into process memory (including via VirtualAlloc/WriteProcessMemory and /proc/self/mem), patches runtime/JIT entrypoints and creates dynamic delegates — effectively unpacking and executing code in-memory. Those are high-risk behaviors for a library (and strongly resemble packer/protector or malicious loader functionality). Unless you explicitly expect a native protector/packer from a trusted vendor, consider this code malicious or at least unacceptable for use in trusted environments. Remove or replace it, and treat artifacts as potentially hostile.

The source code exhibits behaviors consistent with data exfiltration, including sending system information and project data to external servers. This poses a significant security risk and is indicative of malicious intent.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

This module is not obfuscated and shows no explicit backdoor or exfiltration code, but it performs many shell-based filesystem operations using user-controlled strings with shell=True and insufficient sanitization — creating high risk of command injection and accidental or malicious destructive actions (rm -fr, mv, cp). Treat this code as unsafe for use in untrusted contexts; it should be refactored to avoid shell=True, use list-argument subprocess calls, and properly validate/escape inputs before filesystem operations.

Live on PyPI for 5 days, 17 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The script creates a persistent, predictable remote access vector by adding a user with a hardcoded password and by replacing SSH configuration to enable password and root logins and forwarding. This behavior is high-risk and consistent with a backdoor/persistence implant; treat any occurrence as malicious unless used in a tightly controlled, ephemeral testing environment with compensating controls. Do not run this script on production systems; if it has run, assume compromise, remove the user, restore secure SSH configuration, and rotate credentials.

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

The code exhibits potential malicious behavior, particularly with the use of dynamic function execution and conditional actions based on the user's locale, which can lead to harmful outcomes if exploited.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

This module coordinates a malicious background agent that periodically extracts tokens (Discord tokens implied), verifies them, and exfiltrates them via Telegram. It also provides mechanisms to run as a detached background process and to control execution using a filesystem flag. The code shows clear signs of credential harvesting/exfiltration and stealthy persistence. Do not use this package; inspect and remove it from systems and repositories. The true exfiltration targets and network endpoints are implemented in the dynamically imported modules, which should be considered confirmed malicious given this controller code.

This code is malicious and constitutes a covert DNS-based data exfiltration backdoor. It explicitly harvests environment variables, compresses and encodes them, chunks the payload into DNS-compatible labels, and sends those labels as A-record queries to an attacker-controlled DNS server (165.232.68.239). Do not execute or include this code in any trusted environment; consider it a high-risk supply-chain compromise and treat artifacts and any systems that ran it as potentially compromised.

Live on npm for 5 days, 17 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This code is a sandbox-escape / RCE bypass toolkit. It intentionally constructs and executes payloads to restore builtins, import modules, run commands, and read files in restricted Python environments. It should be considered malicious or at minimum highly dangerous for inclusion in dependencies or execution in untrusted contexts. Do not install or run this package in production or on sensitive hosts without thorough review and containment.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on PyPI for 5 days, 6 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This file injects a module-load routine that exfiltrates local documentation/metadata (dumpJSON) to a remote AI Studio dataset (ID 443696818363039744) at bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io[ ]/api/datasets/443696818363039744/documents. It uses a hard-coded Cookie header containing a login_token JWT and unconditional shouldUpdateKnowledge=true to first GET existing items via GET …?page=1&size=100, then PUT to …/documents/{id}/text or POST to …/documents/text, sending the full serialized dumpJSON as the request body. These automatic side-effects with embedded credentials create a high-risk supply-chain and privacy backdoor and must be removed or gated behind explicit, opt-in credential handling.

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 8 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and exfiltrating system information to an external domain using DNS queries. This poses a significant security risk.

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 13 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

The code includes potentially suspicious behavior by sending error details along with environment variables to an external server. This could lead to information leakage. The dynamic fetching of keys from external sources and the use of hardcoded API endpoints are additional concerns. The presence of platform-specific logic to fetch keys might be intended to obfuscate or complicate analysis. Given these points, the code warrants a closer review for potential malicious intent.

Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.

The code poses a potential security risk due to the execution of `sendSystemData`, which may send system data over the network. The dynamic modification of package files is also suspicious. Further investigation into the `collector` module is necessary to determine the exact nature of `sendSystemData`.

Live on npm for 1 day, 16 hours and 21 minutes before removal. Socket users were protected even while the package was live.

This source file implements command-and-control implant handlers that intentionally provide full remote control over command execution, file system read/write/delete, environment disclosure/modification, and data exfiltration. The code contains no access controls or sandboxing and follows symlinks when archiving, increasing the risk of unintended traversal. Treated in isolation, this module is highly dangerous and should only be present in environments where such functionality is explicitly required and authorized (e.g., red-team infrastructure). If found in repositories or dependencies not explicitly labeled as C2/implant tooling, consider it malicious and remove or isolate it.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code exhibits clear malicious behavior, including downloading and executing scripts from an untrusted source, obfuscation, and data exfiltration. It poses a significant security risk.

Live on PyPI for 6 days, 10 hours and 38 minutes before removal. Socket users were protected even while the package was live.

This code is malicious: it intentionally reads a sensitive local file and exfiltrates its contents by encoding chunks into DNS queries to an attacker-controlled domain. Treat as a high-risk backdoor/exfiltration component; remove and investigate affected hosts. Patch systems to block or monitor suspicious outbound DNS queries and audit execution context that ran this code.

The code contains sensitive hardcoded credentials, posing a significant security risk if the information is valid. There is no evidence of malware or intentional obfuscation.

Live on npm for 1 hour and 33 minutes before removal. Socket users were protected even while the package was live.

This code contains a critical command injection vulnerability that allows arbitrary code execution through the audioTrans function. While the messaging functionality appears legitimate, the security flaws effectively turn this into a potential backdoor when exploited. The combination of command injection, path traversal, and unrestricted network access creates multiple high-impact attack vectors.

This assembly contains a heavily obfuscated runtime loader/anti-tamper module that reads encrypted embedded resources, verifies signatures/time checks, allocates executable memory, writes bytes into process memory (including via VirtualAlloc/WriteProcessMemory and /proc/self/mem), patches runtime/JIT entrypoints and creates dynamic delegates — effectively unpacking and executing code in-memory. Those are high-risk behaviors for a library (and strongly resemble packer/protector or malicious loader functionality). Unless you explicitly expect a native protector/packer from a trusted vendor, consider this code malicious or at least unacceptable for use in trusted environments. Remove or replace it, and treat artifacts as potentially hostile.

The source code exhibits behaviors consistent with data exfiltration, including sending system information and project data to external servers. This poses a significant security risk and is indicative of malicious intent.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

This module is not obfuscated and shows no explicit backdoor or exfiltration code, but it performs many shell-based filesystem operations using user-controlled strings with shell=True and insufficient sanitization — creating high risk of command injection and accidental or malicious destructive actions (rm -fr, mv, cp). Treat this code as unsafe for use in untrusted contexts; it should be refactored to avoid shell=True, use list-argument subprocess calls, and properly validate/escape inputs before filesystem operations.

Live on PyPI for 5 days, 17 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The script creates a persistent, predictable remote access vector by adding a user with a hardcoded password and by replacing SSH configuration to enable password and root logins and forwarding. This behavior is high-risk and consistent with a backdoor/persistence implant; treat any occurrence as malicious unless used in a tightly controlled, ephemeral testing environment with compensating controls. Do not run this script on production systems; if it has run, assume compromise, remove the user, restore secure SSH configuration, and rotate credentials.