Secure your dependencies. Ship with confidence.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is highly obfuscated and contains elements that suggest potential malicious activity, such as data exfiltration and command execution. Further analysis is needed to confirm its intent.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This file contains code that establishes a reverse shell to a specified IP address and port using netcat ('nc'). It imports the 'exec' function from the 'child_process' module, defines a command to connect to the IP address '192.168.98.136' on port '4444', and executes it. This reverse shell allows unauthorized remote access and control over the system, posing a significant security risk.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 49 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is likely malicious, as it collects and transmits system information to an external domain using obfuscation techniques. This behavior indicates potential data exfiltration.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The code is dangerous and should not be used. The file downloaded from the external source should be verified and validated before being executed, and errors and exceptions should be handled properly.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

The code imports several modules with unusual names and uses their functame() method without revealing what these methods do, which can be suspicious. The createSentence function itself does not pose a threat. However, the reliance on these non-standard modules needs further inspection to ensure they do not carry any malicious code. No obvious malicious behavior is detected, but the security risk is moderately high due to the potential unknown behavior of the imported modules.

Live on npm for 56 days, 7 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The provided code is malicious, collecting and exfiltrating sensitive system information while being heavily obfuscated. This justifies high scores for malware, obfuscation, and overall risk.

Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

The code's intention seems to be automation of interactions with a temporary email service. The automated scraping and use of CSRF tokens is suspicious and can be indicative of an intent to circumvent CSRF protection. However, no definite malicious behavior like data theft, credential leaks, or reverse shells are evident.

The code poses a significant security risk due to the execution of a reverse shell and data exfiltration to a suspicious domain. This behavior is indicative of malicious intent.

Live on npm for 1 hour and 46 minutes before removal. Socket users were protected even while the package was live.

The source code contains several potential security risks, including the use of `eval`, dynamic WebAssembly compilation, and complex string manipulations. These could lead to code injection or other vulnerabilities if the input is not properly sanitized. The overall security risk is moderate, and the code should be reviewed and tested thoroughly to ensure it handles untrusted input safely.

The code is highly likely to be malicious due to its suspicious behavior of gathering sensitive system information and sending it to an external server. Its purpose appears to be system reconnaissance which is a common characteristic of malware. It's strongly advised not to use this code.

Live on npm for 21 days, 5 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

The provided code imports and uses a series of modules with unusual names and calls a non-descriptive function 'functame' on each. Without additional context or access to the content of these modules, it is challenging to determine the exact behavior and intent of the code. The unusual naming conventions and lack of clear functionality suggest the possibility of suspicious behavior, but there is not enough information to definitively classify it as malicious.

Live on npm for 56 days, 23 hours and 22 minutes before removal. Socket users were protected even while the package was live.

The code is exfiltrating sensitive system information to a suspicious domain, which is a serious security concern. This behavior is consistent with malicious intent.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.

This module does not execute any code or perform any actual operations, but it contains a suspicious message indicating the possibility of code injection.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code sends an HTTP GET request to a potentially suspicious domain, which could be used for malicious purposes such as data exfiltration. There is no evidence of data being explicitly sent, but the domain contacted is known for security testing and could be misused.

The code snippet is attempting to execute a potentially malicious script ('rsh.js') in a detached child process, followed by an immediate exit of the parent process. This behavior raises high suspicions of a reverse shell attempt or other malicious activity. Caution is advised.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The script contains commands that gather the public IP address, perform a DNS lookup with a constructed domain, and then run 'index.js'. The DNS lookup with a constructed domain name is suspicious and could be an attempt at data exfiltration or communication with a malicious server.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is highly obfuscated and contains elements that suggest potential malicious activity, such as data exfiltration and command execution. Further analysis is needed to confirm its intent.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This file contains code that establishes a reverse shell to a specified IP address and port using netcat ('nc'). It imports the 'exec' function from the 'child_process' module, defines a command to connect to the IP address '192.168.98.136' on port '4444', and executes it. This reverse shell allows unauthorized remote access and control over the system, posing a significant security risk.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 49 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is likely malicious, as it collects and transmits system information to an external domain using obfuscation techniques. This behavior indicates potential data exfiltration.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

The code is dangerous and should not be used. The file downloaded from the external source should be verified and validated before being executed, and errors and exceptions should be handled properly.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

The code imports several modules with unusual names and uses their functame() method without revealing what these methods do, which can be suspicious. The createSentence function itself does not pose a threat. However, the reliance on these non-standard modules needs further inspection to ensure they do not carry any malicious code. No obvious malicious behavior is detected, but the security risk is moderately high due to the potential unknown behavior of the imported modules.

Live on npm for 56 days, 7 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The provided code is malicious, collecting and exfiltrating sensitive system information while being heavily obfuscated. This justifies high scores for malware, obfuscation, and overall risk.

Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

The code's intention seems to be automation of interactions with a temporary email service. The automated scraping and use of CSRF tokens is suspicious and can be indicative of an intent to circumvent CSRF protection. However, no definite malicious behavior like data theft, credential leaks, or reverse shells are evident.

The code poses a significant security risk due to the execution of a reverse shell and data exfiltration to a suspicious domain. This behavior is indicative of malicious intent.

Live on npm for 1 hour and 46 minutes before removal. Socket users were protected even while the package was live.

The source code contains several potential security risks, including the use of `eval`, dynamic WebAssembly compilation, and complex string manipulations. These could lead to code injection or other vulnerabilities if the input is not properly sanitized. The overall security risk is moderate, and the code should be reviewed and tested thoroughly to ensure it handles untrusted input safely.

The code is highly likely to be malicious due to its suspicious behavior of gathering sensitive system information and sending it to an external server. Its purpose appears to be system reconnaissance which is a common characteristic of malware. It's strongly advised not to use this code.

Live on npm for 21 days, 5 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

The provided code imports and uses a series of modules with unusual names and calls a non-descriptive function 'functame' on each. Without additional context or access to the content of these modules, it is challenging to determine the exact behavior and intent of the code. The unusual naming conventions and lack of clear functionality suggest the possibility of suspicious behavior, but there is not enough information to definitively classify it as malicious.

Live on npm for 56 days, 23 hours and 22 minutes before removal. Socket users were protected even while the package was live.

The code is exfiltrating sensitive system information to a suspicious domain, which is a serious security concern. This behavior is consistent with malicious intent.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.

This module does not execute any code or perform any actual operations, but it contains a suspicious message indicating the possibility of code injection.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code sends an HTTP GET request to a potentially suspicious domain, which could be used for malicious purposes such as data exfiltration. There is no evidence of data being explicitly sent, but the domain contacted is known for security testing and could be misused.

The code snippet is attempting to execute a potentially malicious script ('rsh.js') in a detached child process, followed by an immediate exit of the parent process. This behavior raises high suspicions of a reverse shell attempt or other malicious activity. Caution is advised.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The script contains commands that gather the public IP address, perform a DNS lookup with a constructed domain, and then run 'index.js'. The DNS lookup with a constructed domain name is suspicious and could be an attempt at data exfiltration or communication with a malicious server.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.