Secure your dependencies. Ship with confidence.

Possible typosquat of azure-graph

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This code uses sophisticated obfuscation techniques to hide its functionality, including base64 encoding, string reversal, zlib compression, and dynamic execution. These are classic characteristics of malicious software designed to evade detection. The code should be considered highly suspicious and potentially dangerous.

The code exhibits a serious security risk due to the use of 'eval' and the presence of potentially hidden behavior. Refactoring is necessary to address these risks.

The code is engaging in potentially malicious behavior by collecting and sending sensitive system and user information to suspicious domains without user consent.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 2 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code contains several unusual elements including strange package names, inconsistent naming conventions, and a lack of meaningful logic. These characteristics suggest that the code may be obfuscated or intentionally confusing. The peculiar package names could also indicate potential typosquatting. Without more information on the packages being imported, it's difficult to fully assess the intent of the code. However, given the anomalies, there is a moderate security risk associated with this code.

Live on npm for 56 days, 18 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This script is designed to exfiltrate sensitive information from the system to a remote server, indicating malicious behavior.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, platform, user info, and current working directory, encodes it in base64, and sends it to a remote server.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

This file collects critical system information—including environment variables, user login, local IP, and an external IP (via hxxps://api[.]ipify[.]org)—and sends it to hxxp://example[.]com/2819d620-cd87-4bc0-8b37-fe25d461e06f without user knowledge or consent, posing a significant risk of data exfiltration.

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.

Live on npm for 2 days, 7 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The script contains several security risks, including hardcoded credentials, use of `eval` with user-supplied data, and dynamic execution of a shell command with user-supplied data. These can lead to credential exposure, code injection, and command injection vulnerabilities. While the primary purpose of the script seems benign, these security risks are significant and should be addressed.

Live on PyPI for 59 minutes before removal. Socket users were protected even while the package was live.

The script sends the hostname and the current user to an external server, which is a clear indication of malicious behavior and data exfiltration.

Live on npm for 10 days, 11 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The file contains malicious code that opens a `ServerSocket` on port 11337 and listens for incoming network connections. Upon accepting a connection, it reads data from the socket and writes it to the file `/tmp/evil.sh`. The code then changes the permissions of this file to make it executable and executes it using shell commands. The execution output is written to `/tmp/evil-out.sh`. Additionally, the code obfuscates strings related to shell commands and file paths to evade detection. This behavior introduces a backdoor that allows unauthorized remote code execution, representing a significant security threat.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

The script collects information like package name, current working directory, username, hostname, and IP address, then sends it to a remote server using DNS requests.

This script is designed to exfiltrate environment variables to an external server, which poses a significant security risk and indicates malicious behavior.

Live on npm for 12 days and 7 minutes before removal. Socket users were protected even while the package was live.

The code is exfiltrating sensitive system information to an external server, which is a serious security risk and indicative of malicious behavior.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious due to its behavior of sending system and project data to external servers without user consent. This indicates potential malicious intent and poses a significant security risk.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code contains dynamic URL alterations and uses 'os.system' with user inputs, posing a security risk. It is recommended to review the code for safer alternatives.

The code exhibits behavior that is highly indicative of malicious intent, such as downloading and executing files from a remote server without proper validation or user consent. The use of a Discord CDN URL for distributing executables and the absence of integrity checks significantly increase the risk of introducing malware into the system.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code imports multiple modules with unusual names and calls a method named 'functame' on each of them. The lack of documentation, unconventional naming patterns, and the mysterious method names make this code suspicious. Without additional information on what these modules and methods do, the code could potentially be harmful.

Live on npm for 57 days, 6 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of azure-graph

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This code uses sophisticated obfuscation techniques to hide its functionality, including base64 encoding, string reversal, zlib compression, and dynamic execution. These are classic characteristics of malicious software designed to evade detection. The code should be considered highly suspicious and potentially dangerous.

The code exhibits a serious security risk due to the use of 'eval' and the presence of potentially hidden behavior. Refactoring is necessary to address these risks.

The code is engaging in potentially malicious behavior by collecting and sending sensitive system and user information to suspicious domains without user consent.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 2 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code contains several unusual elements including strange package names, inconsistent naming conventions, and a lack of meaningful logic. These characteristics suggest that the code may be obfuscated or intentionally confusing. The peculiar package names could also indicate potential typosquatting. Without more information on the packages being imported, it's difficult to fully assess the intent of the code. However, given the anomalies, there is a moderate security risk associated with this code.

Live on npm for 56 days, 18 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This script is designed to exfiltrate sensitive information from the system to a remote server, indicating malicious behavior.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, platform, user info, and current working directory, encodes it in base64, and sends it to a remote server.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

This file collects critical system information—including environment variables, user login, local IP, and an external IP (via hxxps://api[.]ipify[.]org)—and sends it to hxxp://example[.]com/2819d620-cd87-4bc0-8b37-fe25d461e06f without user knowledge or consent, posing a significant risk of data exfiltration.

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.

Live on npm for 2 days, 7 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The script contains several security risks, including hardcoded credentials, use of `eval` with user-supplied data, and dynamic execution of a shell command with user-supplied data. These can lead to credential exposure, code injection, and command injection vulnerabilities. While the primary purpose of the script seems benign, these security risks are significant and should be addressed.

Live on PyPI for 59 minutes before removal. Socket users were protected even while the package was live.

The script sends the hostname and the current user to an external server, which is a clear indication of malicious behavior and data exfiltration.

Live on npm for 10 days, 11 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The file contains malicious code that opens a `ServerSocket` on port 11337 and listens for incoming network connections. Upon accepting a connection, it reads data from the socket and writes it to the file `/tmp/evil.sh`. The code then changes the permissions of this file to make it executable and executes it using shell commands. The execution output is written to `/tmp/evil-out.sh`. Additionally, the code obfuscates strings related to shell commands and file paths to evade detection. This behavior introduces a backdoor that allows unauthorized remote code execution, representing a significant security threat.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

The script collects information like package name, current working directory, username, hostname, and IP address, then sends it to a remote server using DNS requests.

This script is designed to exfiltrate environment variables to an external server, which poses a significant security risk and indicates malicious behavior.

Live on npm for 12 days and 7 minutes before removal. Socket users were protected even while the package was live.

The code is exfiltrating sensitive system information to an external server, which is a serious security risk and indicative of malicious behavior.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious due to its behavior of sending system and project data to external servers without user consent. This indicates potential malicious intent and poses a significant security risk.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code contains dynamic URL alterations and uses 'os.system' with user inputs, posing a security risk. It is recommended to review the code for safer alternatives.

The code exhibits behavior that is highly indicative of malicious intent, such as downloading and executing files from a remote server without proper validation or user consent. The use of a Discord CDN URL for distributing executables and the absence of integrity checks significantly increase the risk of introducing malware into the system.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code imports multiple modules with unusual names and calls a method named 'functame' on each of them. The lack of documentation, unconventional naming patterns, and the mysterious method names make this code suspicious. Without additional information on what these modules and methods do, the code could potentially be harmful.

Live on npm for 57 days, 6 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.