Secure your dependencies. Ship with confidence.

The code contains potentially unsafe usage of 'eval' and 'Function' constructor, which could lead to code injection vulnerabilities and should be addressed immediately.

Live on npm for 65 days, 22 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code imports and uses several modules with unusual names and method names. While there is no direct evidence of malicious behavior, the naming conventions are suspicious and could potentially indicate obfuscation or hidden behavior. The code also contains syntactical errors due to the use of dashes in variable names, making it non-executable in its current form. The code should be reviewed further, especially focusing on the imported modules and their functionality.

Live on npm for 57 days, 7 hours and 39 minutes before removal. Socket users were protected even while the package was live.

The code primarily handles module imports and includes a suspicious functionality in the getTransactions function, which sends wallet data to a remote server using a hardcoded IP. This poses a high security and privacy risk.

Live on npm for 4 days, 16 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The script is sending data to a remote server without any context or explanation. This behavior is considered suspicious and potentially malicious.

The package contains heavily obfuscated code that interacts with an Ethereum smart contract to retrieve data used in constructing a download URL specific to the user's operating system. Without user consent or validation, the code downloads an executable file from this URL and executes it in the background. This behavior allows for the execution of malicious code on the user's system.

Live on npm for 7 days, 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The script is designed to exfiltrate sensitive system information to an external server via DNS queries. The use of obfuscation and the method of data transmission indicate malicious intent.

Live on npm for 48 minutes before removal. Socket users were protected even while the package was live.

The source code collects detailed system information and sends it to a remote server without user consent. This behavior is highly suspicious and can be classified as data exfiltration, posing a significant security risk.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

There is a potential security risk due to the script performing file deletions, dynamically constructing execution paths from environmental variables, and executing a Python script with unsanitized arguments. No direct evidence of malicious intent is present, but due to the actions being taken and lack of input validation, there is a risk of the script being used for malicious purposes if an attacker can manipulate the environment variables or the expected .bat files.

Live on pypi for 124 days, 1 hour and 10 minutes before removal. Socket users were protected even while the package was live.

The code exhibits several concerning behaviors, including the use of hardcoded credentials, subprocess execution with potential for command injection, and interactions with external websites. These activities pose a significant security risk and should be further investigated.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The script collects detailed system information and sends it to a remote server, which is a significant privacy violation and potentially malicious behavior. This data collection and transmission could be used for unauthorized access or further exploitation.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

The code schedules a job to open a reverse shell connection, which is a highly suspicious and likely malicious activity. The hardcoded IP address and port indicate a targeted attack. This behavior constitutes a serious security risk and potential malware.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code snippet makes an HTTP request to a potentially suspicious domain, which could be used for unauthorized data transmission. This behavior is typically associated with security testing but could pose a risk if present in a production environment.

Malicious code in bfx-facs-graylog (npm) Source: ghsa-malware (1c827ea9bb1a85af6bce95ec512fdc282af7bf7d6d2a00174548b5d52c710d1e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 2 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The script is using command substitution to execute a command containing the hostname, which can cause the shell to execute arbitrary code. This behavior is commonly used in command injection attacks and should be avoided.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The 'add' function contains malicious behavior by sending system data to a remote server, which poses a significant security risk. The other arithmetic functions do not exhibit any suspicious behavior.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The script exhibits clear malicious behavior by sending sensitive system information to an external server without user consent. This poses a significant security risk.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code sends potentially sensitive system information to an external domain without user consent, which is indicative of malicious behavior. This poses a significant security risk.

Live on npm for 20 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code collects detailed environment and network information and sends it to an external server without any user consent or clear reason. This is a significant privacy violation and potential security risk. This behavior is suspicious and indicates possible malicious intent.

The code is designed to exfiltrate sensitive system information to an external server (pingb.in) using both ping command and HTTP requests. This behavior is indicative of malicious intent and poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code is highly obfuscated and uses dynamic execution, which is a common technique for hiding malicious behavior. Without deobfuscating the payload, it is difficult to determine the exact intent, but the use of exec() on potentially harmful code suggests a high risk of malicious activity.

Live on pypi for 18 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

The code is involved in data exfiltration by sending sensitive system information to a remote domain using DNS queries. This behavior is both malicious and obfuscated, posing a significant risk to users. The provided reports were inadequate and did not offer any useful information, necessitating a thorough independent analysis.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

The code contains potentially unsafe usage of 'eval' and 'Function' constructor, which could lead to code injection vulnerabilities and should be addressed immediately.

Live on npm for 65 days, 22 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code imports and uses several modules with unusual names and method names. While there is no direct evidence of malicious behavior, the naming conventions are suspicious and could potentially indicate obfuscation or hidden behavior. The code also contains syntactical errors due to the use of dashes in variable names, making it non-executable in its current form. The code should be reviewed further, especially focusing on the imported modules and their functionality.

Live on npm for 57 days, 7 hours and 39 minutes before removal. Socket users were protected even while the package was live.

The code primarily handles module imports and includes a suspicious functionality in the getTransactions function, which sends wallet data to a remote server using a hardcoded IP. This poses a high security and privacy risk.

Live on npm for 4 days, 16 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The script is sending data to a remote server without any context or explanation. This behavior is considered suspicious and potentially malicious.

The package contains heavily obfuscated code that interacts with an Ethereum smart contract to retrieve data used in constructing a download URL specific to the user's operating system. Without user consent or validation, the code downloads an executable file from this URL and executes it in the background. This behavior allows for the execution of malicious code on the user's system.

Live on npm for 7 days, 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The script is designed to exfiltrate sensitive system information to an external server via DNS queries. The use of obfuscation and the method of data transmission indicate malicious intent.

Live on npm for 48 minutes before removal. Socket users were protected even while the package was live.

The source code collects detailed system information and sends it to a remote server without user consent. This behavior is highly suspicious and can be classified as data exfiltration, posing a significant security risk.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

There is a potential security risk due to the script performing file deletions, dynamically constructing execution paths from environmental variables, and executing a Python script with unsanitized arguments. No direct evidence of malicious intent is present, but due to the actions being taken and lack of input validation, there is a risk of the script being used for malicious purposes if an attacker can manipulate the environment variables or the expected .bat files.

Live on pypi for 124 days, 1 hour and 10 minutes before removal. Socket users were protected even while the package was live.

The code exhibits several concerning behaviors, including the use of hardcoded credentials, subprocess execution with potential for command injection, and interactions with external websites. These activities pose a significant security risk and should be further investigated.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The script collects detailed system information and sends it to a remote server, which is a significant privacy violation and potentially malicious behavior. This data collection and transmission could be used for unauthorized access or further exploitation.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

The code schedules a job to open a reverse shell connection, which is a highly suspicious and likely malicious activity. The hardcoded IP address and port indicate a targeted attack. This behavior constitutes a serious security risk and potential malware.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code snippet makes an HTTP request to a potentially suspicious domain, which could be used for unauthorized data transmission. This behavior is typically associated with security testing but could pose a risk if present in a production environment.

Malicious code in bfx-facs-graylog (npm) Source: ghsa-malware (1c827ea9bb1a85af6bce95ec512fdc282af7bf7d6d2a00174548b5d52c710d1e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Live on npm for 2 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The script is using command substitution to execute a command containing the hostname, which can cause the shell to execute arbitrary code. This behavior is commonly used in command injection attacks and should be avoided.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The 'add' function contains malicious behavior by sending system data to a remote server, which poses a significant security risk. The other arithmetic functions do not exhibit any suspicious behavior.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The script exhibits clear malicious behavior by sending sensitive system information to an external server without user consent. This poses a significant security risk.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code sends potentially sensitive system information to an external domain without user consent, which is indicative of malicious behavior. This poses a significant security risk.

Live on npm for 20 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code collects detailed environment and network information and sends it to an external server without any user consent or clear reason. This is a significant privacy violation and potential security risk. This behavior is suspicious and indicates possible malicious intent.

The code is designed to exfiltrate sensitive system information to an external server (pingb.in) using both ping command and HTTP requests. This behavior is indicative of malicious intent and poses a significant security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code is highly obfuscated and uses dynamic execution, which is a common technique for hiding malicious behavior. Without deobfuscating the payload, it is difficult to determine the exact intent, but the use of exec() on potentially harmful code suggests a high risk of malicious activity.

Live on pypi for 18 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

The code is involved in data exfiltration by sending sensitive system information to a remote domain using DNS queries. This behavior is both malicious and obfuscated, posing a significant risk to users. The provided reports were inadequate and did not offer any useful information, necessitating a thorough independent analysis.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.