Secure your dependencies. Ship with confidence.

The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code is malicious, with clear intent to exfiltrate data and execute potentially harmful code from a remote source. The use of eval and disabled TLS verification further exacerbate the security risks.

Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.

The code itself does not exhibit direct malicious behavior, but the unusual naming conventions and lack of context around the imported modules' functionalities are concerning. Without further information on what the 'functame' methods do, it is difficult to fully ascertain the intent and security implications. Further review of the imported modules is necessary to determine if there are any hidden security risks or malicious activities.

Live on npm for 57 days, 10 hours and 59 minutes before removal. Socket users were protected even while the package was live.

Malicious code in spider_src (RubyGems)

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The script runs a potentially suspicious file with a non-descriptive name. Without inspecting the contents of '5ar82nk8.cjs', it is difficult to ascertain its safety.

Live on npm for 24 days, 18 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk due to potential data theft and privacy violations.

Live on npm for 4 days, 11 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

The obfuscated text in the 'M' function raises concerns about potential security risks and malicious usage. Further investigation is needed to decode and understand the purpose of the obfuscated content.

Live on npm for 11 days, 15 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code presents several potential security risks and suggests the intent of managing a C2 server, which could be used for malicious purposes. Specifically, the handling of subprocesses with shell=True, the lack of proper input validation, and the exposure of sensitive file operations could facilitate unauthorized actions and access to sensitive data. Therefore, this code should be treated with caution and likely indicates malicious intent in its context.

The code exhibits clear signs of malicious intent by sending sensitive system and project data to external servers without user consent. This poses a significant security risk and should be treated with caution.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious and is used for data exfiltration. It collects a significant amount of system information, some of which is sensitive, and sends it to a potentially malicious third-party server. The code should not be used unless its purpose is understood and considered safe.

Live on npm for 5 days, 16 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code executes a shell command to write the current user's ID to a file in the /tmp directory, which is a significant security risk. The message logged suggests intentional malicious behavior.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This package contains malware designed to steal BIP39 mnemonic phrases, which are used for recovering private keys of cryptocurrency wallets.

Live on PyPI for 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 5 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This code demonstrates characteristics of malware, including obfuscation, remote communication, unauthorized file and system access, and execution of potentially harmful operations. The specific behaviors suggest an attempt to exfiltrate data, execute remote commands, and potentially deploy further payloads.

Live on npm for 2 days, 13 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive system information to an external domain using DNS tunneling. This is a serious security risk and indicates malicious intent.

Live on npm for 2 hours and 34 minutes before removal. Socket users were protected even while the package was live.

The source code is performing malicious activities by sending sensitive system information to a remote server. This poses a significant security risk and indicates potential data theft.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The script collects and transmits sensitive information to a remote server, which poses a significant security risk and indicates malicious behavior.

Live on npm for 5 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code is a legitimate Homebridge accessory implementation for controlling a Phicomm DC1 device using MQTT. However, there are some potential security issues and best practice violations that should be addressed.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The file contains code that uses the 'exec' function from the 'child_process' module to execute a reverse shell command. It establishes a connection to IP address 192.168.98.136 on port 5555 using the netcat utility ('nc'), and executes '/bin/bash'. This grants unauthorized remote access and control of the system to the remote host.

Live on npm for 20 days and 7 hours before removal. Socket users were protected even while the package was live.

The script is designed to send potentially sensitive information to an external server, indicating malicious intent and posing a serious security risk.

Live on npm for 4 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The script is not inherently malicious but poses a high security risk due to its ability to alter disk partitions without user interaction. This can lead to data loss or system damage if executed unintentionally.

The source code exhibits behavior consistent with malware due to the exfiltration of system data to an external server. This poses a significant security risk.

Live on npm for 11 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code is malicious, with clear intent to exfiltrate data and execute potentially harmful code from a remote source. The use of eval and disabled TLS verification further exacerbate the security risks.

Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.

The code itself does not exhibit direct malicious behavior, but the unusual naming conventions and lack of context around the imported modules' functionalities are concerning. Without further information on what the 'functame' methods do, it is difficult to fully ascertain the intent and security implications. Further review of the imported modules is necessary to determine if there are any hidden security risks or malicious activities.

Live on npm for 57 days, 10 hours and 59 minutes before removal. Socket users were protected even while the package was live.

Malicious code in spider_src (RubyGems)

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 43 minutes before removal. Socket users were protected even while the package was live.

The script runs a potentially suspicious file with a non-descriptive name. Without inspecting the contents of '5ar82nk8.cjs', it is difficult to ascertain its safety.

Live on npm for 24 days, 18 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk due to potential data theft and privacy violations.

Live on npm for 4 days, 11 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect sensitive system information and transmit it to an external server using obfuscated methods. This behavior is indicative of malicious activity, specifically data exfiltration.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

The obfuscated text in the 'M' function raises concerns about potential security risks and malicious usage. Further investigation is needed to decode and understand the purpose of the obfuscated content.

Live on npm for 11 days, 15 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code presents several potential security risks and suggests the intent of managing a C2 server, which could be used for malicious purposes. Specifically, the handling of subprocesses with shell=True, the lack of proper input validation, and the exposure of sensitive file operations could facilitate unauthorized actions and access to sensitive data. Therefore, this code should be treated with caution and likely indicates malicious intent in its context.

The code exhibits clear signs of malicious intent by sending sensitive system and project data to external servers without user consent. This poses a significant security risk and should be treated with caution.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This script is highly malicious and is used for data exfiltration. It collects a significant amount of system information, some of which is sensitive, and sends it to a potentially malicious third-party server. The code should not be used unless its purpose is understood and considered safe.

Live on npm for 5 days, 16 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code executes a shell command to write the current user's ID to a file in the /tmp directory, which is a significant security risk. The message logged suggests intentional malicious behavior.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This package contains malware designed to steal BIP39 mnemonic phrases, which are used for recovering private keys of cryptocurrency wallets.

Live on PyPI for 1 minute before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 5 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This code demonstrates characteristics of malware, including obfuscation, remote communication, unauthorized file and system access, and execution of potentially harmful operations. The specific behaviors suggest an attempt to exfiltrate data, execute remote commands, and potentially deploy further payloads.

Live on npm for 2 days, 13 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive system information to an external domain using DNS tunneling. This is a serious security risk and indicates malicious intent.

Live on npm for 2 hours and 34 minutes before removal. Socket users were protected even while the package was live.

The source code is performing malicious activities by sending sensitive system information to a remote server. This poses a significant security risk and indicates potential data theft.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The script collects and transmits sensitive information to a remote server, which poses a significant security risk and indicates malicious behavior.

Live on npm for 5 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code is a legitimate Homebridge accessory implementation for controlling a Phicomm DC1 device using MQTT. However, there are some potential security issues and best practice violations that should be addressed.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The file contains code that uses the 'exec' function from the 'child_process' module to execute a reverse shell command. It establishes a connection to IP address 192.168.98.136 on port 5555 using the netcat utility ('nc'), and executes '/bin/bash'. This grants unauthorized remote access and control of the system to the remote host.

Live on npm for 20 days and 7 hours before removal. Socket users were protected even while the package was live.

The script is designed to send potentially sensitive information to an external server, indicating malicious intent and posing a serious security risk.

Live on npm for 4 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The script is not inherently malicious but poses a high security risk due to its ability to alter disk partitions without user interaction. This can lead to data loss or system damage if executed unintentionally.

The source code exhibits behavior consistent with malware due to the exfiltration of system data to an external server. This poses a significant security risk.

Live on npm for 11 hours and 12 minutes before removal. Socket users were protected even while the package was live.