Secure your dependencies. Ship with confidence.

This code is malicious and constitutes a supply chain attack by stealthily collecting and exfiltrating sensitive system and environment information to a suspicious external server without user consent. The disabling of TLS certificate validation further increases risk. It should be considered high risk and malware, and the package containing this code should be rejected or removed immediately.

Live on npm for 9 days, 5 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

The code imports several modules with unusual names and calls a specific function from each. Without further context on these modules and their `functame` functions, it is difficult to determine the intent or behavior of this code. The structure and naming conventions are suspicious and could indicate obfuscation or templating. However, the provided snippet does not show clear evidence of malicious behavior.

Live on npm for 57 days, 6 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This file contains a preinstall script that exfiltrates system user information by encoding the results of the 'id' command in base64 and sending it to 66b974f4cf3c8c7ed58ffc767c314b89[.]m[.]pipedream[.]net, demonstrating malicious behavior.

Live on npm for 26 days, 4 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 15 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior by sending environment variables to an unknown and potentially malicious domain. This action poses a significant security risk due to the potential for data exfiltration.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The analyzed code is heavily obfuscated and uses dynamic code execution and process termination, which are definitive patterns associated with malware. The obfuscation and forced process exits pose a moderate security risk, and the code should be treated with caution. Further deobfuscation and dynamic analysis are recommended to fully understand its behavior.

Live on npm for 16 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code poses significant security risks due to the execution of arbitrary user code without validation and the use of shell=True, which can lead to shell injection attacks. The potential for remote code execution is high, necessitating caution in its use.

The code contains several suspicious patterns, including obfuscation, overriding console methods, and loading an external analytics script. The code decrypts an access token and compares it with the domain. If the decrypted token doesn't match the domain, it redirects to 'https://hmh-ai.com'. It injects a script from Baidu's analytics service and performs these checks after a 10-second delay.

The code exhibits malicious behavior by sending environment variables to a potentially suspicious remote server. The obfuscation of the host and the conditional checks to avoid detection increase the security risk.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

The code contains dynamic URL alterations and uses 'os.system' with user inputs, posing a security risk. It is recommended to review the code for safer alternatives.

The code is designed to perform malicious activities such as data theft and unauthorized data transmission. It poses a significant security risk due to its ability to steal sensitive information and maintain persistence on the system.

Live on PyPI for 16 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The heavily obfuscated code poses a potential security risk. It should be further analyzed before use.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

The code has potentially malicious behavior as it sends AWS credentials to an obfuscated URL. The code also attempts to bruteforce permissions on AWS services, which can lead to an AWS account suspension.

This code exhibits highly malicious behavior. It collects a wide range of sensitive system and user data and sends it to a remote server, which indicates an intent for unauthorized data exfiltration. The use of subprocess with `shell=True` further heightens the security risk.

Live on PyPI for 21 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The provided code heavily relies on external modules with unusual method names and non-standard variable naming conventions. While there are no direct sources or sinks in this snippet, the ambiguity surrounding the 'functame' method in each imported module raises concerns. Further inspection of each external module is required to ensure they do not contain malicious code.

Live on npm for 57 days, 10 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits behavior consistent with data exfiltration malware. It collects sensitive system information and sends it to external endpoints without user consent, posing a significant security risk.

Live on npm for 4 days and 55 minutes before removal. Socket users were protected even while the package was live.

This code contains malware due to its ability to execute arbitrary shell commands via WebSocket messages, insecure use of cookies for session verification, and insecure setup of an HTTPS server. These security vulnerabilities are exploited for malicious purposes.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 8 hours and 18 minutes before removal. Socket users were protected even while the package was live.

The code's behavior of writing and executing a potentially malicious executable with elevated privileges poses a significant security risk. This aligns with known malicious activities, such as executing unauthorized code, which could compromise system security.

Live on npm for 14 days, 21 hours and 31 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates potentially malicious behavior by exfiltrating system data to an external server and disabling TLS verification, posing a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The provided source code is clearly malicious. It collects sensitive system information (hostname, environment variables, /etc/passwd file, or systeminfo output) and sends it to a remote server. The code is heavily obfuscated, indicating an attempt to hide its malicious intent. The domain used for exfiltration (cqjgbtujrihlep6ocmg0w7ips7mu33rog.oast.me) is suspicious and commonly associated with malicious activities.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

This code is malicious and constitutes a supply chain attack by stealthily collecting and exfiltrating sensitive system and environment information to a suspicious external server without user consent. The disabling of TLS certificate validation further increases risk. It should be considered high risk and malware, and the package containing this code should be rejected or removed immediately.

Live on npm for 9 days, 5 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive data to an unauthorized or malicious domain using DNS queries, and poses a high security risk. It should be removed immediately from any project.

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

The code imports several modules with unusual names and calls a specific function from each. Without further context on these modules and their `functame` functions, it is difficult to determine the intent or behavior of this code. The structure and naming conventions are suspicious and could indicate obfuscation or templating. However, the provided snippet does not show clear evidence of malicious behavior.

Live on npm for 57 days, 6 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This file contains a preinstall script that exfiltrates system user information by encoding the results of the 'id' command in base64 and sending it to 66b974f4cf3c8c7ed58ffc767c314b89[.]m[.]pipedream[.]net, demonstrating malicious behavior.

Live on npm for 26 days, 4 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 15 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior by sending environment variables to an unknown and potentially malicious domain. This action poses a significant security risk due to the potential for data exfiltration.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The analyzed code is heavily obfuscated and uses dynamic code execution and process termination, which are definitive patterns associated with malware. The obfuscation and forced process exits pose a moderate security risk, and the code should be treated with caution. Further deobfuscation and dynamic analysis are recommended to fully understand its behavior.

Live on npm for 16 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code poses significant security risks due to the execution of arbitrary user code without validation and the use of shell=True, which can lead to shell injection attacks. The potential for remote code execution is high, necessitating caution in its use.

The code contains several suspicious patterns, including obfuscation, overriding console methods, and loading an external analytics script. The code decrypts an access token and compares it with the domain. If the decrypted token doesn't match the domain, it redirects to 'https://hmh-ai.com'. It injects a script from Baidu's analytics service and performs these checks after a 10-second delay.

The code exhibits malicious behavior by sending environment variables to a potentially suspicious remote server. The obfuscation of the host and the conditional checks to avoid detection increase the security risk.

Live on npm for 30 minutes before removal. Socket users were protected even while the package was live.

The code contains dynamic URL alterations and uses 'os.system' with user inputs, posing a security risk. It is recommended to review the code for safer alternatives.

The code is designed to perform malicious activities such as data theft and unauthorized data transmission. It poses a significant security risk due to its ability to steal sensitive information and maintain persistence on the system.

Live on PyPI for 16 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The heavily obfuscated code poses a potential security risk. It should be further analyzed before use.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

The code has potentially malicious behavior as it sends AWS credentials to an obfuscated URL. The code also attempts to bruteforce permissions on AWS services, which can lead to an AWS account suspension.

This code exhibits highly malicious behavior. It collects a wide range of sensitive system and user data and sends it to a remote server, which indicates an intent for unauthorized data exfiltration. The use of subprocess with `shell=True` further heightens the security risk.

Live on PyPI for 21 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

The code exhibits potential malicious behavior with data exfiltration and tracking activities, posing a significant security risk. It should be further investigated and potentially removed.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The provided code heavily relies on external modules with unusual method names and non-standard variable naming conventions. While there are no direct sources or sinks in this snippet, the ambiguity surrounding the 'functame' method in each imported module raises concerns. Further inspection of each external module is required to ensure they do not contain malicious code.

Live on npm for 57 days, 10 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits behavior consistent with data exfiltration malware. It collects sensitive system information and sends it to external endpoints without user consent, posing a significant security risk.

Live on npm for 4 days and 55 minutes before removal. Socket users were protected even while the package was live.

This code contains malware due to its ability to execute arbitrary shell commands via WebSocket messages, insecure use of cookies for session verification, and insecure setup of an HTTPS server. These security vulnerabilities are exploited for malicious purposes.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 8 hours and 18 minutes before removal. Socket users were protected even while the package was live.

The code's behavior of writing and executing a potentially malicious executable with elevated privileges poses a significant security risk. This aligns with known malicious activities, such as executing unauthorized code, which could compromise system security.

Live on npm for 14 days, 21 hours and 31 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates potentially malicious behavior by exfiltrating system data to an external server and disabling TLS verification, posing a significant security risk.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The provided source code is clearly malicious. It collects sensitive system information (hostname, environment variables, /etc/passwd file, or systeminfo output) and sends it to a remote server. The code is heavily obfuscated, indicating an attempt to hide its malicious intent. The domain used for exfiltration (cqjgbtujrihlep6ocmg0w7ips7mu33rog.oast.me) is suspicious and commonly associated with malicious activities.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.