Secure your dependencies. Ship with confidence.

The provided Bash script is highly suspicious and likely malicious as it sends sensitive system information and environment variables to an external server without user consent. This behavior poses a significant security risk.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The code is designed to collect and transmit sensitive system information to a potentially malicious domain without user consent, indicating a high risk of data theft.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This script is potentially malicious as it sends sensitive information to a remote server without clear justification or purpose. It could be exfiltrating data or performing unauthorized actions.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code dynamically constructs functions based on input data and may lead to code injection vulnerabilities. The use of 't' in various operations without proper validation poses a security risk.

This file is encrypted with PyArmor

This file is encrypted with PyArmor

The code contains a significant security risk due to the use of the 'eval' function, which can lead to code injection and other vulnerabilities. It should be reviewed and refactored to remove the 'eval' function and ensure secure code execution practices.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

This code is highly suspicious and potentially dangerous. It downloads and executes an unknown file from a hardcoded URL, which is a common tactic used by malware. This can potentially introduce malware or a backdoor into the system, so it should be treated as a security risk.

Live on npm for 26 days, 13 hours and 49 minutes before removal. Socket users were protected even while the package was live.

The code contains significant security risks, particularly due to the use of the exec function, which can lead to command injection vulnerabilities. The manipulation of global objects and lack of input validation further exacerbate these risks. Caution is advised when using this code.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior by exfiltrating system and project data to external servers. The lack of obfuscation does not mitigate the severity of the threat. The high malware and risk scores reflect the serious nature of these activities.

Live on npm for 1 hour and 34 minutes before removal. Socket users were protected even while the package was live.

This code snippet is likely malicious. It is designed to extract sensitive system and process data and send them over the network to a certain target URL. It also has the potential to execute shell commands. These behaviors suggest a potential backdoor or information stealing malware.

Live on npm for 9 days, 10 hours and 15 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by sending sensitive system data over the network and potentially exfiltrating project details. The presence of an infinite loop and repeated network requests to suspicious domains further indicates a high risk of data theft and privacy violations.

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

The code is highly likely to be malicious due to its suspicious behavior of gathering sensitive system information and sending it to an external server. Its purpose appears to be system reconnaissance which is a common characteristic of malware. It's strongly advised not to use this code.

Live on npm for 21 days, 6 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The code contains multiple sources of untrusted user input and utilizes them in ways that could lead to arbitrary code execution and security vulnerabilities. It lacks proper input validation and sanitization, making it susceptible to supply chain attacks and code injection. Therefore, it poses a high security risk.

Live on npm for 18 days, 16 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

This code poses a serious security risk and should not be used.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The script exhibits clear malicious behavior by sending sensitive system information to an external server without user consent. This poses a significant security risk due to potential data theft and system compromise.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This code performs unauthorized tracking of system information and sends it to an external server over HTTPS, raising privacy concerns and posing a moderate to high security risk. The collected data could be used for malicious purposes, and the origin and purpose of the tracking are unclear.

Live on npm for 7 hours and 2 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious and exhibits behavior consistent with malware. It collects extensive system information and sends it to external servers without user consent, using both HTTPS and DNS queries. The methods used for data transmission are covert, indicating a high risk of data exfiltration and privacy invasion.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

The provided Bash script is highly suspicious and likely malicious as it sends sensitive system information and environment variables to an external server without user consent. This behavior poses a significant security risk.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The code is designed to collect and transmit sensitive system information to a potentially malicious domain without user consent, indicating a high risk of data theft.

Live on npm for 1 hour and 47 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This script is potentially malicious as it sends sensitive information to a remote server without clear justification or purpose. It could be exfiltrating data or performing unauthorized actions.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code dynamically constructs functions based on input data and may lead to code injection vulnerabilities. The use of 't' in various operations without proper validation poses a security risk.

This file is encrypted with PyArmor

This file is encrypted with PyArmor

The code contains a significant security risk due to the use of the 'eval' function, which can lead to code injection and other vulnerabilities. It should be reviewed and refactored to remove the 'eval' function and ensure secure code execution practices.

Live on npm for 1 hour and 25 minutes before removal. Socket users were protected even while the package was live.

This code is highly suspicious and potentially dangerous. It downloads and executes an unknown file from a hardcoded URL, which is a common tactic used by malware. This can potentially introduce malware or a backdoor into the system, so it should be treated as a security risk.

Live on npm for 26 days, 13 hours and 49 minutes before removal. Socket users were protected even while the package was live.

The code contains significant security risks, particularly due to the use of the exec function, which can lead to command injection vulnerabilities. The manipulation of global objects and lack of input validation further exacerbate these risks. Caution is advised when using this code.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior by exfiltrating system and project data to external servers. The lack of obfuscation does not mitigate the severity of the threat. The high malware and risk scores reflect the serious nature of these activities.

Live on npm for 1 hour and 34 minutes before removal. Socket users were protected even while the package was live.

This code snippet is likely malicious. It is designed to extract sensitive system and process data and send them over the network to a certain target URL. It also has the potential to execute shell commands. These behaviors suggest a potential backdoor or information stealing malware.

Live on npm for 9 days, 10 hours and 15 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by sending sensitive system data over the network and potentially exfiltrating project details. The presence of an infinite loop and repeated network requests to suspicious domains further indicates a high risk of data theft and privacy violations.

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

The code is highly likely to be malicious due to its suspicious behavior of gathering sensitive system information and sending it to an external server. Its purpose appears to be system reconnaissance which is a common characteristic of malware. It's strongly advised not to use this code.

Live on npm for 21 days, 6 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The code contains multiple sources of untrusted user input and utilizes them in ways that could lead to arbitrary code execution and security vulnerabilities. It lacks proper input validation and sanitization, making it susceptible to supply chain attacks and code injection. Therefore, it poses a high security risk.

Live on npm for 18 days, 16 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

This code poses a serious security risk and should not be used.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The script exhibits clear malicious behavior by sending sensitive system information to an external server without user consent. This poses a significant security risk due to potential data theft and system compromise.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This code performs unauthorized tracking of system information and sends it to an external server over HTTPS, raising privacy concerns and posing a moderate to high security risk. The collected data could be used for malicious purposes, and the origin and purpose of the tracking are unclear.

Live on npm for 7 hours and 2 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious and exhibits behavior consistent with malware. It collects extensive system information and sends it to external servers without user consent, using both HTTPS and DNS queries. The methods used for data transmission are covert, indicating a high risk of data exfiltration and privacy invasion.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.