🎩 You're Invited:Meet the Socket team at Black Hat in Las Vegas, August 3-6.RSVP
Sign In

solidity-dev

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
This package has been flagged as malicious. It is considered unsafe regardless of version.

This module is highly suspicious and very likely malicious. On import, it drops an embedded binary payload to a hidden directory in the user’s home (~/.config/.npm-cache/snapd-network), marks it executable, and persists execution via periodic cron updates. It also attempts targeted removal of specific Python package metadata ('solidity_dev' dist/egg-info) and deletes __pycache__, consistent with sabotage and anti-forensics in a supply-chain context. The snippet’s embedded payload bytes are not verifiable from the excerpt, but the persistence/drop/chmod pattern is clear.

solidity-dev

Solidity development helpers — ABI encoding, contract verification utils

pipPyPI
Version
1.3.0
Weekly downloads
0
Maintainers
1
Weekly downloads
 

Solidity development helpers — ABI encoding, contract verification utils

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts