Secure your dependencies. Ship with confidence.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The source code is clearly malicious, as it exfiltrates sensitive information (directory, hostname, username, home directory, and `package.json` contents) to external servers. The connections to suspicious domains further indicate malicious intent. The provided reports were placeholders and did not identify these critical issues.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

The code contains several points of potential exploitation, particularly through the use of subprocess and dynamic code execution based on user input. This could lead to command injection or execution of arbitrary code if proper validations are not implemented. Therefore, caution should be exercised when using this code in a production environment.

Live on pypi for 5 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code implements a WebSocket server that handles client connections, performs session management, and executes various operations based on client messages. However, it introduces several security risks, including the use of the 'Eval' module for executing arbitrary code, lack of input validation and sanitization, and the presence of hardcoded credentials and secrets. These issues can lead to code injection vulnerabilities, data leakage, and other security vulnerabilities. The code should be thoroughly reviewed and improved to ensure secure communication, proper input handling, and protection against potential attacks.

Live on npm for 38 days, 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

The code explicitly indicates that it is executing 'malicious code' and sends this information to a remote server. This behavior is highly suspicious and indicates potential malicious intent.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive system information without user consent and sends it to an external server via a Discord webhook. The code gathers data such as the user's internal IP address, external IP address (obtained via an HTTP request to 'https[:]//ipinfo[.]io/json'), hostname, username, home directory, DNS server information, and package details from 'package.json'. This information is then formatted into a JSON object and transmitted to a hardcoded Discord webhook URL ('https[:]//discord[.]com/api/webhooks/...'). This behavior constitutes unauthorized data exfiltration and poses significant privacy and security risks.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The source code is designed to exfiltrate sensitive system information (hostname, username, current working directory, network interfaces) to a remote server using DNS queries. This behavior is indicative of malicious intent, posing a significant security risk.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code collects and transmits user data and system information to a remote server for telemetry and error tracking. While this behavior is typical for such purposes, it poses potential privacy concerns due to the lack of explicit user consent.

This package was removed from the npm registry for security reasons.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by exfiltrating environment variables to an external server, which poses a significant security risk. The domain used is obfuscated, indicating an attempt to hide malicious intent.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive system information and environment variables and sends them to a hardcoded Discord webhook URL. This behavior is highly suspicious and can be considered malicious due to the potential for data theft and unauthorized data transmission.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

The code exhibits several concerning behaviors, including the prevention of user access to developer tools, the ability to execute arbitrary code via remote method calls, and the potential for data exposure. These factors contribute to a moderate to high risk assessment, indicating that further investigation and security measures are necessary.

Live on pypi for 5 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate environment variables to a suspicious domain if certain conditions are not met. This behavior is indicative of malicious intent, as it involves unauthorized data transmission to an external server.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The code shows advanced JavaScript usage for various functionalities including async operations and prototype manipulation. However, there are significant security risks due to potential XSS, code injection, and prototype pollution. Review and mitigation strategies, such as sanitizing inputs and limiting dynamic code execution, should be considered.

Live on pypi for 16 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server. The use of encoding and connection to a suspicious domain further indicates potential data theft. The placeholder reports provided do not contain any meaningful information.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious and poses a significant security risk. It downloads and executes code from an untrusted source, which could lead to various malicious activities.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The code imports several libraries with peculiar names and calls a `functame` method on each of them within a single function. This behavior is unusual and suggests the potential for malicious activities or obfuscation, especially since the purpose of the `functame` method is unclear. Without further information on the libraries themselves, it's difficult to definitively conclude the intent. Review of the actual library code would be necessary to fully understand any potential security risks.

Live on npm for 57 days, 10 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This script is potentially malicious as it exfiltrates sensitive information by sending the contents of the '/proc/self/environ' file to a remote server. The specific risk level depends on the intentions of the remote server and the sensitivity of the environment variables.

Live on npm for 29 days, 11 hours and 36 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The source code is clearly malicious, as it exfiltrates sensitive information (directory, hostname, username, home directory, and `package.json` contents) to external servers. The connections to suspicious domains further indicate malicious intent. The provided reports were placeholders and did not identify these critical issues.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

The code contains several points of potential exploitation, particularly through the use of subprocess and dynamic code execution based on user input. This could lead to command injection or execution of arbitrary code if proper validations are not implemented. Therefore, caution should be exercised when using this code in a production environment.

Live on pypi for 5 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code implements a WebSocket server that handles client connections, performs session management, and executes various operations based on client messages. However, it introduces several security risks, including the use of the 'Eval' module for executing arbitrary code, lack of input validation and sanitization, and the presence of hardcoded credentials and secrets. These issues can lead to code injection vulnerabilities, data leakage, and other security vulnerabilities. The code should be thoroughly reviewed and improved to ensure secure communication, proper input handling, and protection against potential attacks.

Live on npm for 38 days, 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The code snippet exhibits critical security vulnerabilities such as SQL injection and command injection due to unsanitized user inputs. Immediate action is required to implement input validation and sanitization to mitigate these risks.

The code explicitly indicates that it is executing 'malicious code' and sends this information to a remote server. This behavior is highly suspicious and indicates potential malicious intent.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive system information without user consent and sends it to an external server via a Discord webhook. The code gathers data such as the user's internal IP address, external IP address (obtained via an HTTP request to 'https[:]//ipinfo[.]io/json'), hostname, username, home directory, DNS server information, and package details from 'package.json'. This information is then formatted into a JSON object and transmitted to a hardcoded Discord webhook URL ('https[:]//discord[.]com/api/webhooks/...'). This behavior constitutes unauthorized data exfiltration and poses significant privacy and security risks.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The source code is designed to exfiltrate sensitive system information (hostname, username, current working directory, network interfaces) to a remote server using DNS queries. This behavior is indicative of malicious intent, posing a significant security risk.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code collects and transmits user data and system information to a remote server for telemetry and error tracking. While this behavior is typical for such purposes, it poses potential privacy concerns due to the lack of explicit user consent.

This package was removed from the npm registry for security reasons.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by exfiltrating environment variables to an external server, which poses a significant security risk. The domain used is obfuscated, indicating an attempt to hide malicious intent.

Live on npm for 18 minutes before removal. Socket users were protected even while the package was live.

The code collects sensitive system information and environment variables and sends them to a hardcoded Discord webhook URL. This behavior is highly suspicious and can be considered malicious due to the potential for data theft and unauthorized data transmission.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

The code exhibits several concerning behaviors, including the prevention of user access to developer tools, the ability to execute arbitrary code via remote method calls, and the potential for data exposure. These factors contribute to a moderate to high risk assessment, indicating that further investigation and security measures are necessary.

Live on pypi for 5 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate environment variables to a suspicious domain if certain conditions are not met. This behavior is indicative of malicious intent, as it involves unauthorized data transmission to an external server.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The code shows advanced JavaScript usage for various functionalities including async operations and prototype manipulation. However, there are significant security risks due to potential XSS, code injection, and prototype pollution. Review and mitigation strategies, such as sanitizing inputs and limiting dynamic code execution, should be considered.

Live on pypi for 16 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server. The use of encoding and connection to a suspicious domain further indicates potential data theft. The placeholder reports provided do not contain any meaningful information.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious and poses a significant security risk. It downloads and executes code from an untrusted source, which could lead to various malicious activities.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The code imports several libraries with peculiar names and calls a `functame` method on each of them within a single function. This behavior is unusual and suggests the potential for malicious activities or obfuscation, especially since the purpose of the `functame` method is unclear. Without further information on the libraries themselves, it's difficult to definitively conclude the intent. Review of the actual library code would be necessary to fully understand any potential security risks.

Live on npm for 57 days, 10 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This script is potentially malicious as it exfiltrates sensitive information by sending the contents of the '/proc/self/environ' file to a remote server. The specific risk level depends on the intentions of the remote server and the sensitivity of the environment variables.

Live on npm for 29 days, 11 hours and 36 minutes before removal. Socket users were protected even while the package was live.