Secure your dependencies. Ship with confidence.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 1 hour and 46 minutes before removal. Socket users were protected even while the package was live.

The code is likely harvesting sensitive system and user information and sending it to an external server without the user's consent. The unusual domain name and the custom '___resolved' property in package.json are strong indicators of a supply chain attack, likely aimed at data exfiltration.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code is malicious in nature as it collects sensitive system information without explicit user consent and sends it to an external web service. This could lead to a data privacy breach.

Live on npm for 25 days, 5 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This code communicates with a suspicious external domain that could be used for data collection or surveillance. The domain name pattern, code quality issues, and potential for search query exfiltration raise significant security concerns.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This file executes a shell command using 'exec' to gather system information (e.g., hostname, pwd, whoami, uname -a, env, id, df -h) and sends the collected data to a suspicious external domain (2uxnh0yuaias5l78sbomep9p6gcd03os.bc.oauth.us[.]to) without user consent. This behavior represents active data exfiltration and constitutes a high-severity security risk.

The code is performing unauthorized data collection and transmission to a remote server, which is a significant security and privacy concern. This behavior aligns with malicious activities, such as data exfiltration, without user consent.

Live on npm for 11 days, 3 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends data to multiple remote domains. The purpose of this data collection is unclear, but it may be part of a supply chain attack or data exfiltration attempt. The code should be reviewed and the domains it sends data to should be investigated.

Live on npm for 1 day, 10 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code implements an automated npm package publishing system that generates random package names and versions every 5 seconds, creating potential registry abuse. It hardcodes a placeholder authentication token directly in the source code (process.env.NODE_AUTH_TOKEN = 'your-npm-token'), which poses credential exposure risks if replaced with real tokens. The script continuously overwrites package.json with randomized metadata and executes 'npm publish' via execSync without rate limiting or validation. This behavior can lead to npm registry pollution, violation of npm policies, potential account suspension, and security risks from exposed authentication credentials. While not containing direct malicious payloads or data theft mechanisms, the automated spam-like publishing pattern represents abusive behavior that could disrupt the package ecosystem.

Live on npm for 4 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The package contained malicious code, which warranted its removal from the registry. The lack of detailed reports limits further analysis, but the known issues justify high scores in malware and security risk categories.

This script is potentially malicious as it sends the current working directory to an external server and attempts to download data from it. This behavior raises significant security concerns.

Live on npm for 8 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code is malicious and implements covert data exfiltration by sending sensitive system information over DNS queries to a hardcoded external DNS server. This behavior constitutes a serious security risk and privacy violation. The code is moderately obfuscated by encoding data and chunking, but remains readable. The malware score is high due to the clear intent to steal system information without user consent. The security risk is high because of sensitive data leakage. This package should be considered unsafe and potentially malicious.

This script collects sensitive system information and sends it to remote servers without the user's consent. It poses a high security risk and should be considered malicious.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code poses a security risk due to its use of eval on data fetched from an external source. This can lead to remote code execution if the external data is compromised. The obfuscation through hexadecimal encoding adds to the risk by hiding the code's true intent.

Live on npm for 16 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This code retrieves a DLL from hxxp://example[.]com/tts/Trade.dll and a ZIP file from hxxp://example[.]com/tts/TdxTradeServer-0.1_20170823174759.zip, modifies the DLL with user-provided credentials, and sets up a server environment. The absence of file integrity or signature checks significantly increases the risk of executing malicious code. Embedding user account details in the DLL also raises privacy concerns. Reliance on potentially unsafe external URLs for core functionality further escalates the threat potential.

The module does not contain malware or obfuscated code but poses a moderate to high security risk due to potential command injection through unsanitized interfaceName input used in shell commands. It is recommended to sanitize or strictly validate interfaceName before use to mitigate this risk.

This assembly embeds a hidden telemetry backdoor. It serializes internal application data—SQL statements and parameters, HTTP request/response payloads, exception stacks and system environment details (MachineName, IP address, CPU and RAM usage, working directory, transactionID, playerID)—into JSON and sends it: • via HTTPS POST to https://analiz[.]pendc[.]com/api/analiz/add • via Telegram Bot API using hard-coded bot token “5348434618:AAF76NtkDRdWiFdk6GEEnVUWlKzxB8WGWgs” to chat ID 1361234571 No user consent or opt-out exists. This covert data exfiltration channel constitutes unauthorized data theft and a serious supply-chain security risk.

The code presents several security concerns, including downloading and executing files from the internet without verification and using subprocess.call with shell=True, which can lead to command injection vulnerabilities. These factors contribute to a moderate to high risk score.

Live on PyPI for 158 days, 8 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This code retrieves a DLL from hxxp://example[.]com/tts/Trade.dll and a ZIP file from hxxp://example[.]com/tts/TdxTradeServer-0.1_20170823174759.zip, modifies the DLL with user-provided credentials, and sets up a server environment. The absence of file integrity or signature checks significantly increases the risk of executing malicious code. Embedding user account details in the DLL also raises privacy concerns. Reliance on potentially unsafe external URLs for core functionality further escalates the threat potential.

The script poses a high security risk as malware due to its ability to alter disk partitions without user interaction, leading to data loss or system damage.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code implements a Discord bot that provides commands enabling destructive actions on a Discord server without proper authorization checks. It includes commands to delete all channels, change channel names, spam messages, delete roles, ban members, and change member nicknames. These actions can be executed based on user input without additional verification or safeguards, posing a significant security risk. The bot's functionalities can be misused by malicious actors to disrupt server operations, cause data loss, and harm the server community.

This script is making a direct HTTP request to the specified URL. There is not enough information to determine the safety of this request. The user should examine this script carefully and determine if the remote site is trusted and the request is necessary.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 1 hour and 46 minutes before removal. Socket users were protected even while the package was live.

The code is likely harvesting sensitive system and user information and sending it to an external server without the user's consent. The unusual domain name and the custom '___resolved' property in package.json are strong indicators of a supply chain attack, likely aimed at data exfiltration.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The code is malicious in nature as it collects sensitive system information without explicit user consent and sends it to an external web service. This could lead to a data privacy breach.

Live on npm for 25 days, 5 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This code communicates with a suspicious external domain that could be used for data collection or surveillance. The domain name pattern, code quality issues, and potential for search query exfiltration raise significant security concerns.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This file executes a shell command using 'exec' to gather system information (e.g., hostname, pwd, whoami, uname -a, env, id, df -h) and sends the collected data to a suspicious external domain (2uxnh0yuaias5l78sbomep9p6gcd03os.bc.oauth.us[.]to) without user consent. This behavior represents active data exfiltration and constitutes a high-severity security risk.

The code is performing unauthorized data collection and transmission to a remote server, which is a significant security and privacy concern. This behavior aligns with malicious activities, such as data exfiltration, without user consent.

Live on npm for 11 days, 3 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends data to multiple remote domains. The purpose of this data collection is unclear, but it may be part of a supply chain attack or data exfiltration attempt. The code should be reviewed and the domains it sends data to should be investigated.

Live on npm for 1 day, 10 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code implements an automated npm package publishing system that generates random package names and versions every 5 seconds, creating potential registry abuse. It hardcodes a placeholder authentication token directly in the source code (process.env.NODE_AUTH_TOKEN = 'your-npm-token'), which poses credential exposure risks if replaced with real tokens. The script continuously overwrites package.json with randomized metadata and executes 'npm publish' via execSync without rate limiting or validation. This behavior can lead to npm registry pollution, violation of npm policies, potential account suspension, and security risks from exposed authentication credentials. While not containing direct malicious payloads or data theft mechanisms, the automated spam-like publishing pattern represents abusive behavior that could disrupt the package ecosystem.

Live on npm for 4 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The package contained malicious code, which warranted its removal from the registry. The lack of detailed reports limits further analysis, but the known issues justify high scores in malware and security risk categories.

This script is potentially malicious as it sends the current working directory to an external server and attempts to download data from it. This behavior raises significant security concerns.

Live on npm for 8 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The code is malicious and implements covert data exfiltration by sending sensitive system information over DNS queries to a hardcoded external DNS server. This behavior constitutes a serious security risk and privacy violation. The code is moderately obfuscated by encoding data and chunking, but remains readable. The malware score is high due to the clear intent to steal system information without user consent. The security risk is high because of sensitive data leakage. This package should be considered unsafe and potentially malicious.

This script collects sensitive system information and sends it to remote servers without the user's consent. It poses a high security risk and should be considered malicious.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code poses a security risk due to its use of eval on data fetched from an external source. This can lead to remote code execution if the external data is compromised. The obfuscation through hexadecimal encoding adds to the risk by hiding the code's true intent.

Live on npm for 16 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This code retrieves a DLL from hxxp://example[.]com/tts/Trade.dll and a ZIP file from hxxp://example[.]com/tts/TdxTradeServer-0.1_20170823174759.zip, modifies the DLL with user-provided credentials, and sets up a server environment. The absence of file integrity or signature checks significantly increases the risk of executing malicious code. Embedding user account details in the DLL also raises privacy concerns. Reliance on potentially unsafe external URLs for core functionality further escalates the threat potential.

The module does not contain malware or obfuscated code but poses a moderate to high security risk due to potential command injection through unsanitized interfaceName input used in shell commands. It is recommended to sanitize or strictly validate interfaceName before use to mitigate this risk.

This assembly embeds a hidden telemetry backdoor. It serializes internal application data—SQL statements and parameters, HTTP request/response payloads, exception stacks and system environment details (MachineName, IP address, CPU and RAM usage, working directory, transactionID, playerID)—into JSON and sends it: • via HTTPS POST to https://analiz[.]pendc[.]com/api/analiz/add • via Telegram Bot API using hard-coded bot token “5348434618:AAF76NtkDRdWiFdk6GEEnVUWlKzxB8WGWgs” to chat ID 1361234571 No user consent or opt-out exists. This covert data exfiltration channel constitutes unauthorized data theft and a serious supply-chain security risk.

The code presents several security concerns, including downloading and executing files from the internet without verification and using subprocess.call with shell=True, which can lead to command injection vulnerabilities. These factors contribute to a moderate to high risk score.

Live on PyPI for 158 days, 8 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This code retrieves a DLL from hxxp://example[.]com/tts/Trade.dll and a ZIP file from hxxp://example[.]com/tts/TdxTradeServer-0.1_20170823174759.zip, modifies the DLL with user-provided credentials, and sets up a server environment. The absence of file integrity or signature checks significantly increases the risk of executing malicious code. Embedding user account details in the DLL also raises privacy concerns. Reliance on potentially unsafe external URLs for core functionality further escalates the threat potential.

The script poses a high security risk as malware due to its ability to alter disk partitions without user interaction, leading to data loss or system damage.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code implements a Discord bot that provides commands enabling destructive actions on a Discord server without proper authorization checks. It includes commands to delete all channels, change channel names, spam messages, delete roles, ban members, and change member nicknames. These actions can be executed based on user input without additional verification or safeguards, posing a significant security risk. The bot's functionalities can be misused by malicious actors to disrupt server operations, cause data loss, and harm the server community.

This script is making a direct HTTP request to the specified URL. There is not enough information to determine the safety of this request. The user should examine this script carefully and determine if the remote site is trusted and the request is necessary.