Secure your dependencies. Ship with confidence.

This file is encrypted with PyArmor

The script collects information like hostname, operating system, user information, and current path, then sends it to a remote server.

This file is encrypted with PyArmor

The script performs several actions that could be considered suspicious, including cloning a repository and modifying project files without explicit user consent. While it does not exhibit overt malicious behavior, the self-destruction aspect and unauthorized modifications raise concerns about its intent and security implications.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive system information and sends it to a remote server, which is highly suspicious and indicative of potential malicious behavior. The inclusion of a hardcoded advertisement in the output further raises concerns about the intent of this code.

Live on npm for 1 day, 9 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The primary concern with this code is the use of 'exec' to execute scripts fetched from the internet without validation. This poses a significant security risk as it can potentially execute malicious code. The use of 'os.spawnle' and 'subprocess.Popen' with user-provided inputs also adds to the security concerns. Additionally, there is a typo in 'Optarser' and incomplete handling of the temporary directory cleanup. http://python-distribute.org/distribute_setup.py was marked as Malicious by 1 engine in VT. https://www.virustotal.com/gui/url/3dce83785eafd47d40edd58b58c82593994cd409fc76351033486881fe943c36

The code exhibits multiple malicious behaviors, including data theft and sending sensitive system information over the network. The use of an infinite loop for directory traversal raises concerns about resource exhaustion. Overall, the code poses a significant security risk and should be treated as malicious.

Live on npm for 1 hour and 3 minutes before removal. Socket users were protected even while the package was live.

The script is running an unknown JavaScript file, which poses a potential security risk. Without further information, it is not possible to determine if the file is malicious or not.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

The code performs risky actions that are not typical for a legitimate package. It downloads and executes an executable file without validation, which is a significant security concern. There is a potential for this behavior to be used maliciously, such as running unauthorized code on the system.

Live on npm for 4 days, 12 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script is downloading and executing remote scripts, which poses a high security risk. The content of the remote scripts should be thoroughly inspected to ensure they are not malicious.

Live on npm for 17 hours and 27 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious due to its obfuscated nature and the exfiltration of system information to an external domain using network requests. This behavior is consistent with malware trying to steal system data.

Live on npm for 1 hour and 18 minutes before removal. Socket users were protected even while the package was live.

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The code is vulnerable to command injection and can be exploited by an attacker to run malicious commands on the system. It poses a high security risk and should be revised to include proper input validation and sanitization.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script is engaging in potentially malicious activities by collecting sensitive information and sending it to suspicious external domains. This poses a significant security risk and should be addressed immediately.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is intentionally designed to exfiltrate sensitive data to a remote server with a suspicious and obfuscated domain name, indicative of a supply chain attack. The lack of user consent and the nature of the data collected suggest malicious intent.

Live on npm for 2 days, 7 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 15 minutes before removal. Socket users were protected even while the package was live.

The script is exfiltrating the public IP address of the machine to an external domain (`0xczar.com`). This is a clear case of data exfiltration and poses a significant security risk.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

This code exhibits malicious behavior by attempting to steal and transmit Discord user tokens to an external server. The use of a hardcoded webhook URL for exfiltration and the focus on Discord tokens are particularly concerning.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.

The source code is engaging in malicious activities by exfiltrating sensitive system and project information to external servers. This behavior poses a significant security risk.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script collects information like hostname, operating system, user information, and current path, then sends it to a remote server.

This file is encrypted with PyArmor

The script performs several actions that could be considered suspicious, including cloning a repository and modifying project files without explicit user consent. While it does not exhibit overt malicious behavior, the self-destruction aspect and unauthorized modifications raise concerns about its intent and security implications.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive system information and sends it to a remote server, which is highly suspicious and indicative of potential malicious behavior. The inclusion of a hardcoded advertisement in the output further raises concerns about the intent of this code.

Live on npm for 1 day, 9 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The primary concern with this code is the use of 'exec' to execute scripts fetched from the internet without validation. This poses a significant security risk as it can potentially execute malicious code. The use of 'os.spawnle' and 'subprocess.Popen' with user-provided inputs also adds to the security concerns. Additionally, there is a typo in 'Optarser' and incomplete handling of the temporary directory cleanup. http://python-distribute.org/distribute_setup.py was marked as Malicious by 1 engine in VT. https://www.virustotal.com/gui/url/3dce83785eafd47d40edd58b58c82593994cd409fc76351033486881fe943c36

The code exhibits multiple malicious behaviors, including data theft and sending sensitive system information over the network. The use of an infinite loop for directory traversal raises concerns about resource exhaustion. Overall, the code poses a significant security risk and should be treated as malicious.

Live on npm for 1 hour and 3 minutes before removal. Socket users were protected even while the package was live.

The script is running an unknown JavaScript file, which poses a potential security risk. Without further information, it is not possible to determine if the file is malicious or not.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

The code performs risky actions that are not typical for a legitimate package. It downloads and executes an executable file without validation, which is a significant security concern. There is a potential for this behavior to be used maliciously, such as running unauthorized code on the system.

Live on npm for 4 days, 12 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script is downloading and executing remote scripts, which poses a high security risk. The content of the remote scripts should be thoroughly inspected to ensure they are not malicious.

Live on npm for 17 hours and 27 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious due to its obfuscated nature and the exfiltration of system information to an external domain using network requests. This behavior is consistent with malware trying to steal system data.

Live on npm for 1 hour and 18 minutes before removal. Socket users were protected even while the package was live.

The script is not necessarily malicious, but it does involve dubious practices like automated publishing of npm packages and programmatically updating a WordPress site. It is also insecure due to the hardcoding of credentials and the potential misuse of automated npm package publishing.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The code is vulnerable to command injection and can be exploited by an attacker to run malicious commands on the system. It poses a high security risk and should be revised to include proper input validation and sanitization.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

The script is engaging in potentially malicious activities by collecting sensitive information and sending it to suspicious external domains. This poses a significant security risk and should be addressed immediately.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is intentionally designed to exfiltrate sensitive data to a remote server with a suspicious and obfuscated domain name, indicative of a supply chain attack. The lack of user consent and the nature of the data collected suggest malicious intent.

Live on npm for 2 days, 7 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 15 minutes before removal. Socket users were protected even while the package was live.

The script is exfiltrating the public IP address of the machine to an external domain (`0xczar.com`). This is a clear case of data exfiltration and poses a significant security risk.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

This code exhibits malicious behavior by attempting to steal and transmit Discord user tokens to an external server. The use of a hardcoded webhook URL for exfiltration and the focus on Discord tokens are particularly concerning.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 1 hour and 16 minutes before removal. Socket users were protected even while the package was live.

The source code is engaging in malicious activities by exfiltrating sensitive system and project information to external servers. This behavior poses a significant security risk.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.