Secure your dependencies. Ship with confidence.

The code presents significant security risks associated with arbitrary code injection and memory manipulation. The potential for exploitation is high, warranting a malware score of 0.8 and a risk score of 0.7 due to the serious implications of its functionality.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

Malicious code in action-pubsub (RubyGems)

This script is exfiltrating sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 3 hours and 53 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information to a remote server without the user's consent. It poses a significant security risk as it could lead to data leakage and potential system compromise.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code exhibits potential security risks, particularly in the 'spawn' function, due to the lack of input validation and potential misuse of callback functions. It should be reviewed and hardened to mitigate these risks.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

The code has potential security risks and allows for arbitrary code execution

Live on pypi for 98 days, 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.

Malicious code in ardm_validations (RubyGems)

This script is attempting to exfiltrate sensitive information by sending it to a remote server. It poses a high security risk and should be considered malicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by sending sensitive system and project information to external servers without user consent. This includes directory paths, OS hostname, user information, and the contents of `package.json`. The busy-wait loop is inefficient but not a security risk. The code is not obfuscated.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potentially malicious behavior by downloading and executing an executable file from the internet without user consent or validation. The use of a hardcoded URL for the download, automatic execution upon file modification, and the lack of security measures around the execution of the downloaded file are particularly concerning. The presence of dead code and lack of error handling further contribute to the suspicious nature of the code.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This script downloads content from 'https://4dii5lvq33941h0b63exuyh35ublzbn0.oastify.com'. This is considered suspicious and could be a sign of a malicious actor attempting to exploit a vulnerability in the system.

Live on npm for 2 days, 4 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code appears to dynamically execute code obtained from network responses based on the system platform. This behavior could be potentially dangerous and should be reviewed further to ensure it does not contain malicious or unauthorized actions.

Live on npm for 31 days and 43 minutes before removal. Socket users were protected even while the package was live.

The code provides JSON syntax highlighting and CSS injection functionality. However, the presence of obfuscated code that decodes and executes a base64 string poses a significant security risk. This behavior suggests potential malicious intent, such as tracking or injecting additional scripts.

Live on npm for 1 day and 14 hours before removal. Socket users were protected even while the package was live.

The script executes a batch script and then deletes it. This behavior is potentially suspicious and could be used to hide malicious actions.

Live on npm for 5 days and 46 minutes before removal. Socket users were protected even while the package was live.

The code is intended to authenticate users with the GLPI API. However, the presence of a `console.table` statement that logs user credentials is a severe security flaw. There is no evidence of intentional obfuscation or malware, but this security risk needs immediate attention.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code is likely malicious due to its obfuscation and behavior of collecting and sending system information to a suspicious domain. This poses a significant security risk.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @ljon/meterpreter-backdoor (npm) Source: ghsa-malware (fc8d64a22d47684bee253cf7b8c674edd75ce97c1f420c5bdf550e7fd1e145cc) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This script is highly suspicious and likely malicious as it attempts to exploit SSRF vulnerabilities and execute commands on a remote server.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

The code is dangerous and should not be used. The file downloaded from the external source should be verified and validated before being executed, and errors and exceptions should be handled properly.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The script collects information like package details, user's home directory, hostname, username, DNS servers etc., and sends it to a remote server.

The code presents significant security risks associated with arbitrary code injection and memory manipulation. The potential for exploitation is high, warranting a malware score of 0.8 and a risk score of 0.7 due to the serious implications of its functionality.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

Malicious code in action-pubsub (RubyGems)

This script is exfiltrating sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 3 hours and 53 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information to a remote server without the user's consent. It poses a significant security risk as it could lead to data leakage and potential system compromise.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code exhibits potential security risks, particularly in the 'spawn' function, due to the lack of input validation and potential misuse of callback functions. It should be reviewed and hardened to mitigate these risks.

Live on npm for 14 minutes before removal. Socket users were protected even while the package was live.

The code has potential security risks and allows for arbitrary code execution

Live on pypi for 98 days, 1 hour and 21 minutes before removal. Socket users were protected even while the package was live.

Malicious code in ardm_validations (RubyGems)

This script is attempting to exfiltrate sensitive information by sending it to a remote server. It poses a high security risk and should be considered malicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by sending sensitive system and project information to external servers without user consent. This includes directory paths, OS hostname, user information, and the contents of `package.json`. The busy-wait loop is inefficient but not a security risk. The code is not obfuscated.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potentially malicious behavior by downloading and executing an executable file from the internet without user consent or validation. The use of a hardcoded URL for the download, automatic execution upon file modification, and the lack of security measures around the execution of the downloaded file are particularly concerning. The presence of dead code and lack of error handling further contribute to the suspicious nature of the code.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This script downloads content from 'https://4dii5lvq33941h0b63exuyh35ublzbn0.oastify.com'. This is considered suspicious and could be a sign of a malicious actor attempting to exploit a vulnerability in the system.

Live on npm for 2 days, 4 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code appears to dynamically execute code obtained from network responses based on the system platform. This behavior could be potentially dangerous and should be reviewed further to ensure it does not contain malicious or unauthorized actions.

Live on npm for 31 days and 43 minutes before removal. Socket users were protected even while the package was live.

The code provides JSON syntax highlighting and CSS injection functionality. However, the presence of obfuscated code that decodes and executes a base64 string poses a significant security risk. This behavior suggests potential malicious intent, such as tracking or injecting additional scripts.

Live on npm for 1 day and 14 hours before removal. Socket users were protected even while the package was live.

The script executes a batch script and then deletes it. This behavior is potentially suspicious and could be used to hide malicious actions.

Live on npm for 5 days and 46 minutes before removal. Socket users were protected even while the package was live.

The code is intended to authenticate users with the GLPI API. However, the presence of a `console.table` statement that logs user credentials is a severe security flaw. There is no evidence of intentional obfuscation or malware, but this security risk needs immediate attention.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code is likely malicious due to its obfuscation and behavior of collecting and sending system information to a suspicious domain. This poses a significant security risk.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @ljon/meterpreter-backdoor (npm) Source: ghsa-malware (fc8d64a22d47684bee253cf7b8c674edd75ce97c1f420c5bdf550e7fd1e145cc) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This script is highly suspicious and likely malicious as it attempts to exploit SSRF vulnerabilities and execute commands on a remote server.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

The code is dangerous and should not be used. The file downloaded from the external source should be verified and validated before being executed, and errors and exceptions should be handled properly.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The script collects information like package details, user's home directory, hostname, username, DNS servers etc., and sends it to a remote server.