Secure your dependencies. Ship with confidence.

This code poses a serious security risk and should not be used.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several modules with suspicious and inconsistent naming patterns and calls an undocumented 'functame' method on each without any validation or error handling. The purpose and behavior of these methods are unclear, raising concerns about potential security risks or malicious intent. Due to the lack of context and the unusual module names, further investigation is required.

Live on npm for 57 days, 10 hours and 49 minutes before removal. Socket users were protected even while the package was live.

The code imports several third-party libraries and executes a function from each without clear documentation or context. The use of non-standard naming conventions and the undefined functame() function call makes the code appear suspicious. Additionally, the syntax errors due to hyphens and spaces in variable names make the code non-functional as-is. More context is needed to make a definitive determination of the risk.

Live on npm for 57 days, 7 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated, which is suspicious and commonly associated with potentially malicious intent. However, without concrete evidence of malicious activities, the risk is potential rather than confirmed.

Live on npm for 21 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This script poses a high security risk as it downloads and executes a remote shell script. The content of the remote script should be thoroughly inspected to ensure it is not malicious.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The script is executing a local JavaScript file 'dijxgfz.js'. This behavior is suspicious and could potentially be malicious. The contents of 'dijxgfz.js' should be reviewed for security risks.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk by sending environment variables to an external server, indicating potential data exfiltration. The reports provided were placeholders and did not address these concerns.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is potentially risky as it uses the 'exec' function with a hardcoded command, which can lead to arbitrary code execution if not handled properly.

Live on npm for 1 day, 21 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This code appears to be malicious or at least highly suspicious and should not be used. It contains several security risks that could lead to the theft of sensitive information and the compromise of the system where it is installed.

Live on npm for 3 days, 23 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The code gathers sensitive system information including hostname, current working directory, running processes, environment variables, and directory structure. It then sends this information to a remote server, which could be used for malicious purposes. This behavior is highly suspicious and poses significant security risks.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code executes shell commands based on configuration inputs without validation or sanitization, which is a significant security risk. This could potentially allow command injection attacks. Although no direct malicious intent is identified, the execution of commands from untrusted input sources poses a serious security threat.

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious as it attempts to exfiltrate the machine's public IP address via a DNS query. The execution of 'index.js' adds further risk, as it may contain malicious code.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

The source code is exfiltrating sensitive system information (hostname, username, current working directory, and network interfaces) to an external domain using the 'ping' command. This behavior is indicative of malicious activity.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system and project data to external servers without user consent, indicating malicious intent. The behavior is consistent with data theft and privacy violations, posing a significant security risk.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 19 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and exfiltrate sensitive system and user data to a remote server with a suspicious domain name, without user consent. This is indicative of a potential supply chain attack to steal user data or for reconnaissance purposes.

Live on npm for 22 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

This code appears to be designed for gathering and exfiltrating sensitive system information to a remote server, potentially for malicious purposes. The obfuscated code, hardcoded remote server URL, and the automatic exfiltration of information are all indicative of malicious intent.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

The script is designed to send critical system information and environment variables to an external server, which is highly suspicious and indicative of malicious behavior.

Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.

The code is performing malicious activities by collecting and sending sensitive system and environment information to an external server without user consent. This behavior indicates data theft and poses a significant security risk.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

The provided code imports several modules with suspicious and inconsistent naming patterns and calls an undocumented 'functame' method on each without any validation or error handling. The purpose and behavior of these methods are unclear, raising concerns about potential security risks or malicious intent. Due to the lack of context and the unusual module names, further investigation is required.

Live on npm for 57 days, 10 hours and 49 minutes before removal. Socket users were protected even while the package was live.

The code imports several third-party libraries and executes a function from each without clear documentation or context. The use of non-standard naming conventions and the undefined functame() function call makes the code appear suspicious. Additionally, the syntax errors due to hyphens and spaces in variable names make the code non-functional as-is. More context is needed to make a definitive determination of the risk.

Live on npm for 57 days, 7 hours and 45 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated, which is suspicious and commonly associated with potentially malicious intent. However, without concrete evidence of malicious activities, the risk is potential rather than confirmed.

Live on npm for 21 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This script poses a high security risk as it downloads and executes a remote shell script. The content of the remote script should be thoroughly inspected to ensure it is not malicious.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The script is executing a local JavaScript file 'dijxgfz.js'. This behavior is suspicious and could potentially be malicious. The contents of 'dijxgfz.js' should be reviewed for security risks.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code is likely intended for malicious purposes, as it seems to exfiltrate data to a server with hardcoded credentials. The existence of potentially sensitive file extensions such as '.env' among others indicates the possibility of targeted data theft.

Live on npm for 54 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk by sending environment variables to an external server, indicating potential data exfiltration. The reports provided were placeholders and did not address these concerns.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code is potentially risky as it uses the 'exec' function with a hardcoded command, which can lead to arbitrary code execution if not handled properly.

Live on npm for 1 day, 21 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This code appears to be malicious or at least highly suspicious and should not be used. It contains several security risks that could lead to the theft of sensitive information and the compromise of the system where it is installed.

Live on npm for 3 days, 23 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The code gathers sensitive system information including hostname, current working directory, running processes, environment variables, and directory structure. It then sends this information to a remote server, which could be used for malicious purposes. This behavior is highly suspicious and poses significant security risks.

Live on npm for 25 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

The code executes shell commands based on configuration inputs without validation or sanitization, which is a significant security risk. This could potentially allow command injection attacks. Although no direct malicious intent is identified, the execution of commands from untrusted input sources poses a serious security threat.

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious as it attempts to exfiltrate the machine's public IP address via a DNS query. The execution of 'index.js' adds further risk, as it may contain malicious code.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

The source code is exfiltrating sensitive system information (hostname, username, current working directory, and network interfaces) to an external domain using the 'ping' command. This behavior is indicative of malicious activity.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system and project data to external servers without user consent, indicating malicious intent. The behavior is consistent with data theft and privacy violations, posing a significant security risk.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 19 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and exfiltrate sensitive system and user data to a remote server with a suspicious domain name, without user consent. This is indicative of a potential supply chain attack to steal user data or for reconnaissance purposes.

Live on npm for 22 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

This code appears to be designed for gathering and exfiltrating sensitive system information to a remote server, potentially for malicious purposes. The obfuscated code, hardcoded remote server URL, and the automatic exfiltration of information are all indicative of malicious intent.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

The script is designed to send critical system information and environment variables to an external server, which is highly suspicious and indicative of malicious behavior.

Live on npm for 1 hour and 39 minutes before removal. Socket users were protected even while the package was live.

The code is performing malicious activities by collecting and sending sensitive system and environment information to an external server without user consent. This behavior indicates data theft and poses a significant security risk.

Live on npm for 1 hour and 4 minutes before removal. Socket users were protected even while the package was live.