Secure your dependencies. Ship with confidence.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 45 minutes before removal. Socket users were protected even while the package was live.

Running a Node.js program in the background can be a security risk as it may allow the program to continue running even after the installation process is complete. This could potentially lead to unauthorized access or unintended behavior.

The code has several security risks and potentially malicious behavior, including untrusted input handling, dynamic code execution, hardcoded sensitive information, and unsafe file and system modifications. It should be reviewed and validated to mitigate these risks

Live on npm for 1 day, 12 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code poses a high security risk by sending sensitive system information to an unknown domain without proper authorization. The script should be reviewed and the destination URL should be verified for security purposes.

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

The code is likely obfuscated and possibly malicious. It does not follow conventional JavaScript practices and the function calls seem unrelated to the imported packages. The purpose of this code is unclear, but it raises suspicion.

Live on npm for 44 days, 7 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits malicious behavior by exfiltrating system and project data to external servers. This includes sending directory, hostname, username, and home directory information, as well as 'package.json' contents. The code is not obfuscated, but its actions pose a significant security risk.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

The code is designed to exfiltrate system and user data to potentially malicious servers. It poses a significant security risk due to unauthorized data collection and transmission.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by encrypting files and creating a ransom note. This is a severe security threat and should be addressed immediately.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious and exhibits behavior consistent with malware. It collects sensitive system information and transmits it to an external server without user consent, posing a significant security risk.

Live on npm for 6 days, 13 hours and 51 minutes before removal. Socket users were protected even while the package was live.

The provided source code contains potential security risks due to the presence of base64 encoded URLs that point to potentially sensitive endpoints (e.g., Google Cloud metadata). This could indicate possible malicious intent, such as unauthorized access or data exfiltration. The use of base64 encoding to hide URLs suggests an attempt to obfuscate the code's true intent.

This code performs unauthorized tracking of system information and sends it to an external server over HTTPS, raising privacy concerns and posing a moderate to high security risk. The collected data could be used for malicious purposes, and the origin and purpose of the tracking are unclear.

Live on npm for 6 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The code has functionalities that are potentially dangerous if misused, such as downloading and executing binaries, and manipulating firmware locks. It lacks strong authentication for remote command execution, which is a significant security risk. However, there is no explicit malicious intent identified, but it should be reviewed carefully before deployment due to its capabilities.

The color management functionality of the code seems legitimate, but the inclusion of code that copies and executes an executable file suggests potential malicious intent or a compromised package. This should be investigated further, and the use of this package should be suspended until it's proven safe.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This module does not execute any code or perform any actual operations, but it contains a suspicious message.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code contains serious security risks, including downloading and executing potentially malicious scripts, obfuscation of code, and exfiltration of AWS credentials. These activities indicate a high probability of malicious intent.

Live on pypi for 30 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The script checks for specific environment variables and if certain conditions are met, it sends the collected data to a remote server in base64 encoded format.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code contains functionality for configuration management, database operations, and email sending. There are some security risks due to hardcoded MySQL credentials and a large base64 encoded string that could be a red flag for obfuscation. Database operations need careful handling to avoid SQL injection. Overall, the presence of hardcoded credentials and potential for hidden malicious behavior (base64 string) warrants further review.

Live on pypi for 33 minutes before removal. Socket users were protected even while the package was live.

The code primarily focuses on automating Facebook login and session management. While it does not exhibit explicit malicious behavior, the use of an external Pastebin URL for updates poses a potential security risk. Proper verification of this URL is necessary to mitigate potential threats.

Live on npm for 1 hour and 31 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The provided code shows several red flags that suggest it could be malicious. The obfuscation, combined with the collection of machine IDs and network requests, warrants a high malware and risk score. Proper deobfuscation and further analysis would be necessary to confirm these suspicions.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

This package was removed from the npm registry for security reasons.

Live on npm for 1 hour and 45 minutes before removal. Socket users were protected even while the package was live.

Running a Node.js program in the background can be a security risk as it may allow the program to continue running even after the installation process is complete. This could potentially lead to unauthorized access or unintended behavior.

The code has several security risks and potentially malicious behavior, including untrusted input handling, dynamic code execution, hardcoded sensitive information, and unsafe file and system modifications. It should be reviewed and validated to mitigate these risks

Live on npm for 1 day, 12 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code poses a high security risk by sending sensitive system information to an unknown domain without proper authorization. The script should be reviewed and the destination URL should be verified for security purposes.

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

The code is likely obfuscated and possibly malicious. It does not follow conventional JavaScript practices and the function calls seem unrelated to the imported packages. The purpose of this code is unclear, but it raises suspicion.

Live on npm for 44 days, 7 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The source code exhibits malicious behavior by exfiltrating system and project data to external servers. This includes sending directory, hostname, username, and home directory information, as well as 'package.json' contents. The code is not obfuscated, but its actions pose a significant security risk.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

The code is designed to exfiltrate system and user data to potentially malicious servers. It poses a significant security risk due to unauthorized data collection and transmission.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious behavior by encrypting files and creating a ransom note. This is a severe security threat and should be addressed immediately.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious and exhibits behavior consistent with malware. It collects sensitive system information and transmits it to an external server without user consent, posing a significant security risk.

Live on npm for 6 days, 13 hours and 51 minutes before removal. Socket users were protected even while the package was live.

The provided source code contains potential security risks due to the presence of base64 encoded URLs that point to potentially sensitive endpoints (e.g., Google Cloud metadata). This could indicate possible malicious intent, such as unauthorized access or data exfiltration. The use of base64 encoding to hide URLs suggests an attempt to obfuscate the code's true intent.

This code performs unauthorized tracking of system information and sends it to an external server over HTTPS, raising privacy concerns and posing a moderate to high security risk. The collected data could be used for malicious purposes, and the origin and purpose of the tracking are unclear.

Live on npm for 6 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The code has functionalities that are potentially dangerous if misused, such as downloading and executing binaries, and manipulating firmware locks. It lacks strong authentication for remote command execution, which is a significant security risk. However, there is no explicit malicious intent identified, but it should be reviewed carefully before deployment due to its capabilities.

The color management functionality of the code seems legitimate, but the inclusion of code that copies and executes an executable file suggests potential malicious intent or a compromised package. This should be investigated further, and the use of this package should be suspended until it's proven safe.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This module does not execute any code or perform any actual operations, but it contains a suspicious message.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The code contains serious security risks, including downloading and executing potentially malicious scripts, obfuscation of code, and exfiltration of AWS credentials. These activities indicate a high probability of malicious intent.

Live on pypi for 30 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The script checks for specific environment variables and if certain conditions are met, it sends the collected data to a remote server in base64 encoded format.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The code contains functionality for configuration management, database operations, and email sending. There are some security risks due to hardcoded MySQL credentials and a large base64 encoded string that could be a red flag for obfuscation. Database operations need careful handling to avoid SQL injection. Overall, the presence of hardcoded credentials and potential for hidden malicious behavior (base64 string) warrants further review.

Live on pypi for 33 minutes before removal. Socket users were protected even while the package was live.

The code primarily focuses on automating Facebook login and session management. While it does not exhibit explicit malicious behavior, the use of an external Pastebin URL for updates poses a potential security risk. Proper verification of this URL is necessary to mitigate potential threats.

Live on npm for 1 hour and 31 minutes before removal. Socket users were protected even while the package was live.

This package was removed from the npm registry for security reasons.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The provided code shows several red flags that suggest it could be malicious. The obfuscation, combined with the collection of machine IDs and network requests, warrants a high malware and risk score. Proper deobfuscation and further analysis would be necessary to confirm these suspicions.

Live on npm for 51 minutes before removal. Socket users were protected even while the package was live.

Malicious code in @zitterorg/laudantium-rerum (npm) Source: ghsa-malware (e45ff91dd83cc149d7abc8c6fb2c74e3509aa341e23c72cfac0a34868a4e2637) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.