Secure your dependencies. Ship with confidence.

This module contains a high-risk pattern: executing model-generated code (exec of LLM responses) in the host process with access to globals and the filesystem. While there are no explicit hardcoded credentials or obvious obfuscated malware payloads in the static code, the dynamic behavior allows arbitrary remote code execution and sensitive data exfiltration (PDF contents sent as base64 to the LLM). If the LLM or its responses are compromised or manipulated, an attacker could perform data theft, spawn processes, modify files, or establish persistent backdoors. Recommend treating this as dangerous for untrusted inputs: either remove exec usage, sandbox or strictly validate generated code, restrict globals, and avoid sending sensitive documents to external services without explicit user consent.

Live on pypi for 17 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This module is an exploit client: it assembles and delivers complex PHP exploitation payloads to a configured webshell/target. The payloads contain memory corruption exploitation primitives (UAF), ELF parsing and symbol resolution to gain native system() execution, multiple remote execution paths (exec/system/popen/FFI/COM), file read/write and trace-cleaning. The module also includes request randomization and templating/obfuscation. Treat this code as malicious/offensive tooling. Do not include in trusted supply chains, conduct provenance/origin investigation, and remove or quarantine any packages depending on it.

High supply-chain risk. This module downloads a platform-specific native executable from a hardcoded remote CDN, writes it to disk, activates it via symlink/copy, and executes it to perform only a heuristic --help/banner string check. There is no checksum/signature verification and redirects are followed without domain allowlisting, meaning a tampered CDN payload could execute arbitrary native code. Treat as a security alert requiring strong integrity controls (pinned hashes/signatures and constrained redirect targets) before use.

This code implements a phishing framework (MaxPhisher) that builds and serves phishing pages, exposes them via tunneling services, captures victims' credentials and other data, stores them locally and can exfiltrate via SMTP. It contains intentionally obfuscated dynamic code (exec of base-decoded, zlib-decompressed blobs), automatic downloads and execution of external binaries, and numerous behaviors typical of malicious tooling. This is malicious in purpose and should not be run. Use of this package would constitute a supply-chain/security risk.

Best report: Report 3 (highest confidence and most directly ties code behavior to offensive implant/C2 capabilities, while noting a concrete robustness issue). Improved assessment: This module is a high-risk component because it generates/encodes Windows in-memory payloads (shellcode/.NET assemblies), resolves PE export offsets for DLL/function targeting, and forwards execution/migration/sideload/spawn directives via rpc.GenericHandler. It also passes evasion flags (AmsiBypass/EtwBypass) to downstream execution. No direct data exfiltration or credential theft is evidenced in this snippet, but the presence of centralized remote in-memory execution orchestration strongly indicates malicious intent/capability for malware-style operation. Reliability concern: tasksLog.Fatal in getFuncName can crash the server on malformed PE/export data.

This code collects extensive system information—including hostname, OS type, platform, release, architecture, local IP, current user, and working directory—and fetches the public IP from https://api64[.]ipify[.]org?format=json. It then exfiltrates this data without user consent via HTTP GET and POST requests to http://54[.]173[.]15[.]59:8080/jpd[.]php (with a fake Mozilla/5.0 User-Agent) and falls back to a WebSocket connection to wss://yourserver[.]com/socket if HTTP fails. It suppresses console output during the npm preinstall lifecycle and uses dynamic imports to evade static analysis. These behaviors demonstrate clear malicious intent and high security risk.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 4 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This controller file implements routing and handlers for a phishing application. I found no obfuscated code, hardcoded credentials, remote shells, or covert exfiltration to external domains in this file. The primary risks are: (1) deliberate serving of arbitrary HTML from the DB (PhishHandler) and an unescaped preview endpoint (Preview) which create XSS and content delivery of potentially malicious pages; (2) many API routes are exempt from CSRF (may be appropriate but increases risk if cookies are used); and (3) unchecked context type assertions that can cause runtime panics. Functionally, the package is used to run phishing campaigns (malicious by intent) even though this file contains no stealthy malware primitives. Review and restrict who can deploy/use this software and harden endpoints (require auth for Preview, sanitize or validate stored page HTML where appropriate, tighten CSRF/exemptions, and add type checks).

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

The script performs actions that can create a persistent backdoor and weaken host/SSH security: it fetches public keys from GitHub and appends them to authorized_keys for multiple accounts (including root), disables SSH host key verification in the client config, writes suspicious /etc/hosts entries, and adds private keys from disk into the SSH agent. These behaviors are high-risk and likely malicious or at least dangerously insecure for production use. If you did not expect this behavior (adding external GitHub keys, modifying root authorized_keys, changing /etc/hosts), do not run this script and audit callers and the helper scripts it invokes.

This module is intentionally obfuscated and performs network retrieval of concealed payloads (base64 embedded in comments), disables TLS verification, uses execSync for environment probing, and hands remote-fetched data to a native addon. These are strong indicators of a covert C2 or backdoor mechanism and present a high supply-chain risk. I assess this as malicious or at least highly suspicious: it can exfiltrate environment/config (ETH_API_KEY, ETH_CONTRACT), fetch and decode remote payloads, and execute or delegate them to native code. Recommend not using this package and performing a full audit/containment.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This module collects extensive host-identifying and environment information (local usernames, hostnames, home directory, DNS servers, CPU/memory, detailed OS strings obtained via shell commands) and exfiltrates that data to a hardcoded external collaborator domain. This behavior constitutes privacy-invasive data collection and likely unauthorized data exfiltration. Treat this package as malicious or at minimum extremely suspicious and do not install or run it in production or trusted environments without full review and removing the exfiltration code.

This module contains high-risk MITM/tunnel orchestration logic that auto-starts a MITM component using a loaded encrypted credential, optionally derives runtime configuration from a local mitm/server.js on disk, and uses persistent watchdog/network-change monitoring to stop and restart the interception capability. While the /api/init route portion looks like typical Next.js runtime code, the embedded credential-to-MITM startup and resilient restart mechanisms are strong supply-chain security red flags and warrant immediate review and verification of intent and behavior in the referenced internal MITM/tunnel primitives.

The code fragment performs prohibited data exfiltration of sensitive host information to an external, untrusted domain. This represents malicious activity in a software supply-chain risk context, with high potential for data leakage. Removal or isolation is recommended, and further monitoring for similar patterns is warranted.

This code implements a straightforward HTTP backdoor/C2 client: it polls a remote URL for commands, executes them locally via the system shell, and posts outputs and exceptions back to the same endpoint. It provides unauthenticated remote code execution, directory control, and data exfiltration over cleartext HTTP. The component is malicious and should not be executed on production systems; any instance found should be treated as a compromise and investigated in a sandboxed environment.

This module contains multiple clearly abusive/malicious capabilities: a persistent keylogger, an SMS/account bomber, an unbounded DoS launcher, port scanning, arbitrary shell execution (including shutdown), and file encryption utilities. It lacks safeguards, input validation, and contains constructs intended to capture credentials and perform network abuse. Running this code poses significant privacy, availability and integrity risks and it should not be trusted or included in production dependencies.

This code fragment implements a WebSocket-controlled bridge that allows a remote server to request and receive sensitive data (auth tokens, current URL, screenshots) and to instruct the extension to perform actions (navigate tabs, DOM actions). Without explicit, strict safeguards and trust in the remote server, this is a high-risk capability that can be used for credential theft, privacy invasion, and remote control of the browser. Treat as malicious/untrusted unless you can verify the remote endpoint, the background script's checks, and explicit user consent and scope restrictions.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This code intentionally implements a remote command execution primitive: BackdoorProtocol::system executes arbitrary strings via `sh -c` with no validation or access control and returns command output. Combined with an HTTP RPC transport, it provides a straightforward remote-control and exfiltration capability. This should be treated as a backdoor or critical security hazard if reachable by untrusted actors. Do not include or enable this code in production or any environment exposed to untrusted inputs unless strict authentication, authorization, and sandboxing controls are added and reviewed.

This code transmits potentially sensitive inputs (including tokens) to a hardcoded external server. That behavior is consistent with credential harvesting or a backdoor in a supply-chain context. Coupled with the buggy except block and lack of legitimate response handling, this module should be treated as malicious or at minimum highly suspicious and removed or isolated. Replace with audited code or remove calls to this function; do not allow untrusted packages that include this behavior into trusted builds.

Not overtly malware in the sense of explicit data exfiltration, reverse shell, or obfuscated backdoor code; however the script makes high-impact, persistent, and potentially dangerous system changes: it installs packages as root from network sources into a virtualenv that is auto-activated for all users, and — most importantly — it grants passwordless sudo to the 'debian' user. That sudoers change is a major privilege escalation and persistence mechanism for a system image; combined with pip installs as root it presents a substantial supply-chain and operational risk. Recommend NOT using this script in production without review: remove or restrict the passwordless sudo, avoid globally auto-activating virtualenvs for all users, run pip in isolated/built-image contexts with package verification, and avoid URL shorteners in MOTD.

This module contains a high-risk pattern: executing model-generated code (exec of LLM responses) in the host process with access to globals and the filesystem. While there are no explicit hardcoded credentials or obvious obfuscated malware payloads in the static code, the dynamic behavior allows arbitrary remote code execution and sensitive data exfiltration (PDF contents sent as base64 to the LLM). If the LLM or its responses are compromised or manipulated, an attacker could perform data theft, spawn processes, modify files, or establish persistent backdoors. Recommend treating this as dangerous for untrusted inputs: either remove exec usage, sandbox or strictly validate generated code, restrict globals, and avoid sending sensitive documents to external services without explicit user consent.

Live on pypi for 17 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This module is an exploit client: it assembles and delivers complex PHP exploitation payloads to a configured webshell/target. The payloads contain memory corruption exploitation primitives (UAF), ELF parsing and symbol resolution to gain native system() execution, multiple remote execution paths (exec/system/popen/FFI/COM), file read/write and trace-cleaning. The module also includes request randomization and templating/obfuscation. Treat this code as malicious/offensive tooling. Do not include in trusted supply chains, conduct provenance/origin investigation, and remove or quarantine any packages depending on it.

High supply-chain risk. This module downloads a platform-specific native executable from a hardcoded remote CDN, writes it to disk, activates it via symlink/copy, and executes it to perform only a heuristic --help/banner string check. There is no checksum/signature verification and redirects are followed without domain allowlisting, meaning a tampered CDN payload could execute arbitrary native code. Treat as a security alert requiring strong integrity controls (pinned hashes/signatures and constrained redirect targets) before use.

This code implements a phishing framework (MaxPhisher) that builds and serves phishing pages, exposes them via tunneling services, captures victims' credentials and other data, stores them locally and can exfiltrate via SMTP. It contains intentionally obfuscated dynamic code (exec of base-decoded, zlib-decompressed blobs), automatic downloads and execution of external binaries, and numerous behaviors typical of malicious tooling. This is malicious in purpose and should not be run. Use of this package would constitute a supply-chain/security risk.

Best report: Report 3 (highest confidence and most directly ties code behavior to offensive implant/C2 capabilities, while noting a concrete robustness issue). Improved assessment: This module is a high-risk component because it generates/encodes Windows in-memory payloads (shellcode/.NET assemblies), resolves PE export offsets for DLL/function targeting, and forwards execution/migration/sideload/spawn directives via rpc.GenericHandler. It also passes evasion flags (AmsiBypass/EtwBypass) to downstream execution. No direct data exfiltration or credential theft is evidenced in this snippet, but the presence of centralized remote in-memory execution orchestration strongly indicates malicious intent/capability for malware-style operation. Reliability concern: tasksLog.Fatal in getFuncName can crash the server on malformed PE/export data.

This code collects extensive system information—including hostname, OS type, platform, release, architecture, local IP, current user, and working directory—and fetches the public IP from https://api64[.]ipify[.]org?format=json. It then exfiltrates this data without user consent via HTTP GET and POST requests to http://54[.]173[.]15[.]59:8080/jpd[.]php (with a fake Mozilla/5.0 User-Agent) and falls back to a WebSocket connection to wss://yourserver[.]com/socket if HTTP fails. It suppresses console output during the npm preinstall lifecycle and uses dynamic imports to evade static analysis. These behaviors demonstrate clear malicious intent and high security risk.

Possible typosquat of azure - Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles legitimate Azure package naming conventions, which could confuse users. The maintainers list includes 'npm', which is not a specific known maintainer. Therefore, it is likely a typosquat.

Live on npm for 4 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This controller file implements routing and handlers for a phishing application. I found no obfuscated code, hardcoded credentials, remote shells, or covert exfiltration to external domains in this file. The primary risks are: (1) deliberate serving of arbitrary HTML from the DB (PhishHandler) and an unescaped preview endpoint (Preview) which create XSS and content delivery of potentially malicious pages; (2) many API routes are exempt from CSRF (may be appropriate but increases risk if cookies are used); and (3) unchecked context type assertions that can cause runtime panics. Functionally, the package is used to run phishing campaigns (malicious by intent) even though this file contains no stealthy malware primitives. Review and restrict who can deploy/use this software and harden endpoints (require auth for Preview, sanitize or validate stored page HTML where appropriate, tighten CSRF/exemptions, and add type checks).

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

The script performs actions that can create a persistent backdoor and weaken host/SSH security: it fetches public keys from GitHub and appends them to authorized_keys for multiple accounts (including root), disables SSH host key verification in the client config, writes suspicious /etc/hosts entries, and adds private keys from disk into the SSH agent. These behaviors are high-risk and likely malicious or at least dangerously insecure for production use. If you did not expect this behavior (adding external GitHub keys, modifying root authorized_keys, changing /etc/hosts), do not run this script and audit callers and the helper scripts it invokes.

This module is intentionally obfuscated and performs network retrieval of concealed payloads (base64 embedded in comments), disables TLS verification, uses execSync for environment probing, and hands remote-fetched data to a native addon. These are strong indicators of a covert C2 or backdoor mechanism and present a high supply-chain risk. I assess this as malicious or at least highly suspicious: it can exfiltrate environment/config (ETH_API_KEY, ETH_CONTRACT), fetch and decode remote payloads, and execute or delegate them to native code. Recommend not using this package and performing a full audit/containment.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This module collects extensive host-identifying and environment information (local usernames, hostnames, home directory, DNS servers, CPU/memory, detailed OS strings obtained via shell commands) and exfiltrates that data to a hardcoded external collaborator domain. This behavior constitutes privacy-invasive data collection and likely unauthorized data exfiltration. Treat this package as malicious or at minimum extremely suspicious and do not install or run it in production or trusted environments without full review and removing the exfiltration code.

This module contains high-risk MITM/tunnel orchestration logic that auto-starts a MITM component using a loaded encrypted credential, optionally derives runtime configuration from a local mitm/server.js on disk, and uses persistent watchdog/network-change monitoring to stop and restart the interception capability. While the /api/init route portion looks like typical Next.js runtime code, the embedded credential-to-MITM startup and resilient restart mechanisms are strong supply-chain security red flags and warrant immediate review and verification of intent and behavior in the referenced internal MITM/tunnel primitives.

The code fragment performs prohibited data exfiltration of sensitive host information to an external, untrusted domain. This represents malicious activity in a software supply-chain risk context, with high potential for data leakage. Removal or isolation is recommended, and further monitoring for similar patterns is warranted.

This code implements a straightforward HTTP backdoor/C2 client: it polls a remote URL for commands, executes them locally via the system shell, and posts outputs and exceptions back to the same endpoint. It provides unauthenticated remote code execution, directory control, and data exfiltration over cleartext HTTP. The component is malicious and should not be executed on production systems; any instance found should be treated as a compromise and investigated in a sandboxed environment.

This module contains multiple clearly abusive/malicious capabilities: a persistent keylogger, an SMS/account bomber, an unbounded DoS launcher, port scanning, arbitrary shell execution (including shutdown), and file encryption utilities. It lacks safeguards, input validation, and contains constructs intended to capture credentials and perform network abuse. Running this code poses significant privacy, availability and integrity risks and it should not be trusted or included in production dependencies.

This code fragment implements a WebSocket-controlled bridge that allows a remote server to request and receive sensitive data (auth tokens, current URL, screenshots) and to instruct the extension to perform actions (navigate tabs, DOM actions). Without explicit, strict safeguards and trust in the remote server, this is a high-risk capability that can be used for credential theft, privacy invasion, and remote control of the browser. Treat as malicious/untrusted unless you can verify the remote endpoint, the background script's checks, and explicit user consent and scope restrictions.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This code intentionally implements a remote command execution primitive: BackdoorProtocol::system executes arbitrary strings via `sh -c` with no validation or access control and returns command output. Combined with an HTTP RPC transport, it provides a straightforward remote-control and exfiltration capability. This should be treated as a backdoor or critical security hazard if reachable by untrusted actors. Do not include or enable this code in production or any environment exposed to untrusted inputs unless strict authentication, authorization, and sandboxing controls are added and reviewed.

This code transmits potentially sensitive inputs (including tokens) to a hardcoded external server. That behavior is consistent with credential harvesting or a backdoor in a supply-chain context. Coupled with the buggy except block and lack of legitimate response handling, this module should be treated as malicious or at minimum highly suspicious and removed or isolated. Replace with audited code or remove calls to this function; do not allow untrusted packages that include this behavior into trusted builds.

Not overtly malware in the sense of explicit data exfiltration, reverse shell, or obfuscated backdoor code; however the script makes high-impact, persistent, and potentially dangerous system changes: it installs packages as root from network sources into a virtualenv that is auto-activated for all users, and — most importantly — it grants passwordless sudo to the 'debian' user. That sudoers change is a major privilege escalation and persistence mechanism for a system image; combined with pip installs as root it presents a substantial supply-chain and operational risk. Recommend NOT using this script in production without review: remove or restrict the passwordless sudo, avoid globally auto-activating virtualenvs for all users, run pip in isolated/built-image contexts with package verification, and avoid URL shorteners in MOTD.