Secure your dependencies. Ship with confidence.

The script collects and sends sensitive system information to an external server, which poses a significant security risk and indicates malicious intent.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The script collects information like package name, current directory, home directory, hostname, username, DNS servers, package version and package JSON data, and then sends it to a remote server.

Live on npm for 13 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by exfiltrating sensitive data (Facebook cookies and traodoisub.com credentials) to a Telegram bot, and interacts with third-party services in a way that is likely against the terms of service of Facebook. Additionally, it automates actions on Facebook which can be considered a security risk.

The code appears to be collecting sensitive system information without the user's knowledge or consent, and sending it to an obscure server, which could be used for malicious purposes such as system reconnaissance or further attacks. The deactivation of TLS/SSL certificate verification further suggests malicious intent. Therefore, it's recommended not to use this code.

Live on npm for 17 days, 13 hours and 1 minute before removal. Socket users were protected even while the package was live.

The script is potentially harmful as it collects detailed system information and executes an obfuscated script with eval(). This could lead to various types of attacks depending on the content of the obfuscated string. Therefore, using this script without understanding the decompressed content of the obfuscated string is risky and should be avoided.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

The source code contains several security issues including hard coded credentials, potential data leaks, and outdated practices. Refactoring is necessary to address these vulnerabilities.

The code contains several security risks and potential malicious behavior, including untrusted data in XMLHttpRequest, reference to undefined function, and use of 'eval' or 'Function'. These issues should be addressed to reduce the security risk of the code.

Live on npm for 63 days, 12 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The code appears to be downloading content from an unknown URL, writing it to a file, and potentially executing it. The use of 'sync-request', the hardcoded file name, and the use of the 'NODE_TLS_REJECT_UNAUTHORIZED' environment variable are all concerning. The purpose of this code is unclear without additional context. This code should be reviewed and potentially removed.

Live on npm for 6 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The script has multiple security risks primarily due to the use of external data to execute system-level commands and direct filesystem manipulations without thorough validation or sanitation of inputs. The recursive deletion of directories and abrupt termination of the process are additional concerns. These issues could potentially be exploited to perform malicious actions on the host system.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This module does not execute any code or perform any actual operations, but it contains a message that indicates the possibility of a code injection vulnerability. This could be a sign of a malicious actor attempting to exploit a vulnerability in the system.

Live on npm for 10 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This code demonstrates clear signs of malicious intent. It downloads and executes a script from an external source, gathers sensitive system information, and sends it to a hardcoded Discord webhook, which constitutes a severe privacy violation.

Live on pypi for 47 minutes before removal. Socket users were protected even while the package was live.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior consistent with malware, collecting and transmitting sensitive system information to a remote server without user consent. This poses a significant security risk.

Live on pypi for 9 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code contains potential security risks and should be reviewed and refactored to reduce the risk of exploitation.

Live on npm for 39 days, 1 hour and 40 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potential security risks and obfuscated code, requiring further review and testing to ensure secure behavior.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information such as hostname, current user, and current directory to a remote server. This behavior is highly suspicious and poses a significant security risk.

The code contains hardcoded URLs, one of which points to a suspicious endpoint likely used for keylogging or data exfiltration. This behavior is indicative of potential malicious intent.

The script uses curl to send data with various headers to a remote server. The data contains information about the system, including the hostname, username and current directory. This could potentially be used to gather information about the system and could be part of a larger attack.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The code poses significant security risks due to the execution of arbitrary user code without validation and the use of shell=True, which can lead to shell injection attacks. The potential for remote code execution is high, necessitating caution in its use.

Live on pypi for 1 hour before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This code poses a serious security risk and should not be used.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The script collects and sends sensitive system information to an external server, which poses a significant security risk and indicates malicious intent.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The script collects information like package name, current directory, home directory, hostname, username, DNS servers, package version and package JSON data, and then sends it to a remote server.

Live on npm for 13 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by exfiltrating sensitive data (Facebook cookies and traodoisub.com credentials) to a Telegram bot, and interacts with third-party services in a way that is likely against the terms of service of Facebook. Additionally, it automates actions on Facebook which can be considered a security risk.

The code appears to be collecting sensitive system information without the user's knowledge or consent, and sending it to an obscure server, which could be used for malicious purposes such as system reconnaissance or further attacks. The deactivation of TLS/SSL certificate verification further suggests malicious intent. Therefore, it's recommended not to use this code.

Live on npm for 17 days, 13 hours and 1 minute before removal. Socket users were protected even while the package was live.

The script is potentially harmful as it collects detailed system information and executes an obfuscated script with eval(). This could lead to various types of attacks depending on the content of the obfuscated string. Therefore, using this script without understanding the decompressed content of the obfuscated string is risky and should be avoided.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

The source code contains several security issues including hard coded credentials, potential data leaks, and outdated practices. Refactoring is necessary to address these vulnerabilities.

The code contains several security risks and potential malicious behavior, including untrusted data in XMLHttpRequest, reference to undefined function, and use of 'eval' or 'Function'. These issues should be addressed to reduce the security risk of the code.

Live on npm for 63 days, 12 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The code appears to be downloading content from an unknown URL, writing it to a file, and potentially executing it. The use of 'sync-request', the hardcoded file name, and the use of the 'NODE_TLS_REJECT_UNAUTHORIZED' environment variable are all concerning. The purpose of this code is unclear without additional context. This code should be reviewed and potentially removed.

Live on npm for 6 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The script has multiple security risks primarily due to the use of external data to execute system-level commands and direct filesystem manipulations without thorough validation or sanitation of inputs. The recursive deletion of directories and abrupt termination of the process are additional concerns. These issues could potentially be exploited to perform malicious actions on the host system.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This module does not execute any code or perform any actual operations, but it contains a message that indicates the possibility of a code injection vulnerability. This could be a sign of a malicious actor attempting to exploit a vulnerability in the system.

Live on npm for 10 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This code demonstrates clear signs of malicious intent. It downloads and executes a script from an external source, gathers sensitive system information, and sends it to a hardcoded Discord webhook, which constitutes a severe privacy violation.

Live on pypi for 47 minutes before removal. Socket users were protected even while the package was live.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

The code exhibits behavior consistent with malware, collecting and transmitting sensitive system information to a remote server without user consent. This poses a significant security risk.

Live on pypi for 9 minutes before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code contains potential security risks and should be reviewed and refactored to reduce the risk of exploitation.

Live on npm for 39 days, 1 hour and 40 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potential security risks and obfuscated code, requiring further review and testing to ensure secure behavior.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information such as hostname, current user, and current directory to a remote server. This behavior is highly suspicious and poses a significant security risk.

The code contains hardcoded URLs, one of which points to a suspicious endpoint likely used for keylogging or data exfiltration. This behavior is indicative of potential malicious intent.

The script uses curl to send data with various headers to a remote server. The data contains information about the system, including the hostname, username and current directory. This could potentially be used to gather information about the system and could be part of a larger attack.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The code poses significant security risks due to the execution of arbitrary user code without validation and the use of shell=True, which can lead to shell injection attacks. The potential for remote code execution is high, necessitating caution in its use.

Live on pypi for 1 hour before removal. Socket users were protected even while the package was live.

This file is encrypted with PyArmor

This code poses a serious security risk and should not be used.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.