Secure your dependencies. Ship with confidence.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious. It collects and exfiltrates various system details and potentially sensitive project information to external servers. This behavior is indicative of malicious activity, including data theft.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code is highly suspicious and exhibits several characteristics of malware. It is obfuscated, collects sensitive system information, and sends this information to a remote server using a covert method. The risk, malware, and obfuscation scores should all be high due to the serious nature of these activities.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The code is potentially malicious as it collects and sends system information to a remote server without user consent. The use of a suspicious domain and the inclusion of a Telegram contact link further raise concerns about the intent of this code.

Live on npm for 8 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The code appears to send system data over the network to a remote server, which could potentially be used for malicious purposes.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The code fragment contains obfuscated code and uses unconventional coding patterns, such as dynamic code execution using eval() and regular expressions for file matching. These characteristics raise concerns about the security and maintainability of the code. The lack of clear error handling or logging further adds to the potential risks of using this code.

Live on npm for 1 day, 21 hours and 50 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by collecting and transmitting sensitive system data to a suspicious domain without user consent. The presence of a hostname check indicates an attempt to avoid detection on specific machines. Overall, this code poses a significant security risk.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The code raises some security concerns due to potential untrusted input in the 'createReplicatedHistory' function. The presence of the 'createReplicatedHistory' function with complex logic also raises suspicion. However, without the complete context and usage of the code, it's hard to determine the actual security risks and the presence of malicious behavior.

Live on npm for 7 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code downloads and executes an executable file from a hardcoded URL without any validation or safety checks. This poses a significant security risk and is a common pattern in malware distribution.

Live on pypi for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

The script collects and sends information like package details, hostname, username, directory contents, and IP addresses to a remote server. It may pose a risk to user privacy and security.

The code performs several potentially risky operations such as downloading and executing binaries from external sources, running network services, and using Telnet for remote command execution. These actions pose significant security risks, including the possibility of introducing malicious code and exposing the system to network-based attacks. However, there is no explicit evidence of malicious intent in the code itself.

The source code is likely malicious because it executes an unrelated system command within an email verification function and sends potentially sensitive data to a remote server. There is a high probability that this is a backdoor intended for data exfiltration.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code appears to be safe in terms of the system where the script is running, but it interacts with the game in a potentially unauthorised way, which might be against the game's rules. Therefore, it might pose a risk if used inappropriately. It is recommended to use this script with caution and only in a manner consistent with the game's terms of service.

Live on npm for 2 days, 5 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The code snippet is engaging in potentially malicious behavior by attempting to encrypt and overwrite files on the system. It poses a high security risk due to the possibility of data loss and unauthorized access.

Live on npm for 1 hour and 48 minutes before removal. Socket users were protected even while the package was live.

This script is checking the operating system and running a PowerShell script on Windows. While this behavior is not inherently malicious, it could potentially execute arbitrary code on the system, which poses a security risk.

Live on npm for 4 days, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code exhibits malicious behavior by collecting and sending sensitive system information to an external server without user consent. This is indicative of data exfiltration, posing a significant security risk.

Live on npm for 8 days, 17 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code transmits the user's private key to an external API endpoint at 'https://pumpapi[.]fun/api/trade' during token trading operations. This exposes sensitive credentials over the network, leading to potential unauthorized access and loss of user funds. The external API may not be trustworthy, and sending private keys over unsecured channels poses a significant security threat.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code is engaging in unauthorized data collection and transmission of sensitive system and user information to external servers, indicating potential malicious intent. The risk and malware scores are high due to the serious nature of these actions.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious. It collects and exfiltrates various system details and potentially sensitive project information to external servers. This behavior is indicative of malicious activity, including data theft.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code is highly suspicious and exhibits several characteristics of malware. It is obfuscated, collects sensitive system information, and sends this information to a remote server using a covert method. The risk, malware, and obfuscation scores should all be high due to the serious nature of these activities.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 22 minutes before removal. Socket users were protected even while the package was live.

The code is potentially malicious as it collects and sends system information to a remote server without user consent. The use of a suspicious domain and the inclusion of a Telegram contact link further raise concerns about the intent of this code.

Live on npm for 8 hours and 48 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The code appears to send system data over the network to a remote server, which could potentially be used for malicious purposes.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

The code fragment contains obfuscated code and uses unconventional coding patterns, such as dynamic code execution using eval() and regular expressions for file matching. These characteristics raise concerns about the security and maintainability of the code. The lack of clear error handling or logging further adds to the potential risks of using this code.

Live on npm for 1 day, 21 hours and 50 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by collecting and transmitting sensitive system data to a suspicious domain without user consent. The presence of a hostname check indicates an attempt to avoid detection on specific machines. Overall, this code poses a significant security risk.

Live on npm for 39 minutes before removal. Socket users were protected even while the package was live.

The code raises some security concerns due to potential untrusted input in the 'createReplicatedHistory' function. The presence of the 'createReplicatedHistory' function with complex logic also raises suspicion. However, without the complete context and usage of the code, it's hard to determine the actual security risks and the presence of malicious behavior.

Live on npm for 7 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code downloads and executes an executable file from a hardcoded URL without any validation or safety checks. This poses a significant security risk and is a common pattern in malware distribution.

Live on pypi for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

The script collects and sends information like package details, hostname, username, directory contents, and IP addresses to a remote server. It may pose a risk to user privacy and security.

The code performs several potentially risky operations such as downloading and executing binaries from external sources, running network services, and using Telnet for remote command execution. These actions pose significant security risks, including the possibility of introducing malicious code and exposing the system to network-based attacks. However, there is no explicit evidence of malicious intent in the code itself.

The source code is likely malicious because it executes an unrelated system command within an email verification function and sends potentially sensitive data to a remote server. There is a high probability that this is a backdoor intended for data exfiltration.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code appears to be safe in terms of the system where the script is running, but it interacts with the game in a potentially unauthorised way, which might be against the game's rules. Therefore, it might pose a risk if used inappropriately. It is recommended to use this script with caution and only in a manner consistent with the game's terms of service.

Live on npm for 2 days, 5 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The code snippet is engaging in potentially malicious behavior by attempting to encrypt and overwrite files on the system. It poses a high security risk due to the possibility of data loss and unauthorized access.

Live on npm for 1 hour and 48 minutes before removal. Socket users were protected even while the package was live.

This script is checking the operating system and running a PowerShell script on Windows. While this behavior is not inherently malicious, it could potentially execute arbitrary code on the system, which poses a security risk.

Live on npm for 4 days, 8 hours and 33 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The code exhibits malicious behavior by collecting and sending sensitive system information to an external server without user consent. This is indicative of data exfiltration, posing a significant security risk.

Live on npm for 8 days, 17 hours and 1 minute before removal. Socket users were protected even while the package was live.

The code transmits the user's private key to an external API endpoint at 'https://pumpapi[.]fun/api/trade' during token trading operations. This exposes sensitive credentials over the network, leading to potential unauthorized access and loss of user funds. The external API may not be trustworthy, and sending private keys over unsecured channels poses a significant security threat.

The code engages in potentially malicious behavior by collecting sensitive system information and sending it to a remote server without clear user consent. The hard-coded domain, data obfuscation, and lack of transparency raise significant privacy and security concerns. The risk score is high due to the invasive nature of the code.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The code is engaging in unauthorized data collection and transmission of sensitive system and user information to external servers, indicating potential malicious intent. The risk and malware scores are high due to the serious nature of these actions.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.