Secure your dependencies. Ship with confidence.

The codebase contains a covert, environment-dependent beacon mechanism that can leak data or load remote content via an iframe, coupled with normal but privacy-sensitive AI data flows. This constitutes a significant supply-chain/security risk and should be treated as high-risk. Remove or disable the hidden iframe beacon, replace obfuscated logic with transparent telemetry, and ensure explicit user consent and auditable data handling for all external communications.

The code exhibits clear signs of malicious behavior by collecting and transmitting sensitive user information without consent to a suspicious domain. This poses a significant security risk and should be flagged for potential data theft.

Live on npm for 19 days and 30 minutes before removal. Socket users were protected even while the package was live.

This file is a legitimate-looking destructive cleanup script for removing AWS Landing Zone resources across an AWS Organization. It contains no signs of data-exfiltration, obfuscation, or third-party command-and-control. However, it performs many high-impact destructive AWS operations (deleting stacks, buckets, StackSets, moving accounts, deleting OUs, etc.) and thus is extremely dangerous to run with privileged credentials. Treat as a destructive tool: do not run in production unless you intend to irreversibly remove the listed resources and have backups/approval.

Live on pypi for 23 days and 48 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code acts as a client-side analytics/telemetry injector that captures account/user/page context and tracks events, exfiltrating data to an external domain with an Authorization header containing the clientId. This is a clear data-collection/exfiltration pattern that could be considered malicious if used without user consent or disclosure. It’s not inherently malicious in all contexts, but it introduces privacy/security risks and potential supply-chain concerns if embedded in a library without clear disclosure.

The code exhibits suspicious behavior by sending userId data to a hardcoded external IP address over unencrypted HTTP without authentication or user consent. This pattern is indicative of potential data exfiltration or privacy violation, which aligns with malware-like behavior. While the code itself is not obfuscated and does not contain explicit backdoors or credential leaks, the hardcoded external endpoint and silent error handling increase the security risk. Overall, this code should be treated as high risk and potentially malicious.

This module contains behavior that is potentially malicious or at minimum unexpected and dangerous for consumers: it automatically appends a tip transfer to user transactions that sends lamports to hardcoded external accounts, and it serializes and posts fully signed transactions (including signatures) to an upstream HTTP endpoint identified by an API key. These actions can siphon funds and exfiltrate sensitive transaction data. If this is not explicitly documented and consented to by users, the module should be treated as untrusted and reviewed/removed. Recommend auditing AgentRegistry.callUpstream and the upstream service, removing or making explicit any tipping behavior, and avoiding sending signed transactions or API keys to remote services.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This script is intentionally crafted to bypass Elasticsearch x-pack license verification and produce a redistributed 'crack' jar. It constitutes supply-chain tampering and is malicious in intent. While it does not itself contain data exfiltration or backdoor network code, the produced artifact disables license enforcement and could be used to deploy unauthorized software; moreover, the script's uncontrolled fetching of remote source without integrity checks creates a broader risk for arbitrary code injection. Do not run or distribute this script; treat any artifacts produced by it as compromised.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This code is a classic decode-and-run loader: it hides a payload inside an embedded Unicode string, reconstructs bytes at runtime, converts them to UTF-8, and executes the resulting JavaScript via eval immediately on module load. This is highly consistent with supply-chain backdoors/loaders and is extremely unsafe to import. Verification should be performed by extracting the embedded payload offline and inspecting the decoded source before any execution.

This module exhibits strong indicators of malicious/privacy-invasive behavior: unconditional exfiltration of the host public IP to a hard-coded external IP on startup, broad filesystem scanning for Hikka Telegram userbot installations, and use of discovered session files and API keys to perform remote Telegram actions triggered by HTTP requests. The code contains a runtime bug (read_config vs rdisableead_config) that likely prevents the Telegram-reporting path from succeeding in this exact copy, but the phone-home behavior still runs. Treat this package as malicious/untrusted: do not run it on production or sensitive hosts; remove it and investigate any hosts that executed it.

Live on pypi for 6 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This package is malicious. The manifest admits to exploitation and API key harvesting, and the postinstall script runs arbitrary Node code automatically during installation. Installing this package would likely result in credential theft and other harmful actions.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

Possible scope confusion typosquat of @azure/web-pubsub - Explanation: The package 'azure-web-pubsub' is a security holding package with a name very similar to '@azure/web-pubsub'. The lack of a namespace and the use of 'azure' in the name, which is associated with a well-known organization, makes it likely a typosquat. The description 'security holding package' suggests it is not intended for actual use, but the similarity in naming is suspicious. azure-web-pubsub is a security-holding package. Closed as malware

Live on npm for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.

The script is sending potentially sensitive system information to a remote server without any clear justification. This behavior is suspicious and could be considered a security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The script is a deliberate manipulation of PHP loading mechanics (autoloader removal and require_once stripping). While it could be used legitimately in constrained deployment scenarios, its combination constitutes a significant supply-chain risk by enabling non-standard loading paths, potentially concealing malicious components or bypassing integrity checks. Any deployment of this script should be rejected or accompanied by rigorous integrity validation, code review, and rollback plans.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

Overall, the module is designed to establish and maintain external connectivity via a Cloudflare tunnel, register the tunnel endpoint with a remote backend, and—when enabled—automatically start a MITM server using locally stored credentials. The MITM capability combined with persistent restart/availability logic and shell-based archive/process execution makes this a high-suspicion supply-chain component requiring in-depth review of the MITM implementation, credential handling, and how downloaded/extracted artifacts are obtained and verified.

This module contains high-risk functionality: it executes shell commands (subprocess.Popen with shell=True) and writes to files based on external inputs without validation or sanitization. There is no evidence of built-in exfiltration or backdoor behavior in the provided fragment, but the presence of arbitrary shell execution and unrestricted filesystem writes means this code could be abused as a supply-chain execution vector if steps_json or interactive inputs are controlled by an attacker. Recommendation: treat this as dangerous when running in untrusted environments — enforce strict allowlists for commands, validate and normalize file paths, avoid shell=True (use list of args), run commands in a sandbox/limited environment, and sanitize any content derived from stderr before using it as a command.

Live on pypi for 5 days, 6 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The codebase contains a covert, environment-dependent beacon mechanism that can leak data or load remote content via an iframe, coupled with normal but privacy-sensitive AI data flows. This constitutes a significant supply-chain/security risk and should be treated as high-risk. Remove or disable the hidden iframe beacon, replace obfuscated logic with transparent telemetry, and ensure explicit user consent and auditable data handling for all external communications.

The code exhibits clear signs of malicious behavior by collecting and transmitting sensitive user information without consent to a suspicious domain. This poses a significant security risk and should be flagged for potential data theft.

Live on npm for 19 days and 30 minutes before removal. Socket users were protected even while the package was live.

This file is a legitimate-looking destructive cleanup script for removing AWS Landing Zone resources across an AWS Organization. It contains no signs of data-exfiltration, obfuscation, or third-party command-and-control. However, it performs many high-impact destructive AWS operations (deleting stacks, buckets, StackSets, moving accounts, deleting OUs, etc.) and thus is extremely dangerous to run with privileged credentials. Treat as a destructive tool: do not run in production unless you intend to irreversibly remove the listed resources and have backups/approval.

Live on pypi for 23 days and 48 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The code acts as a client-side analytics/telemetry injector that captures account/user/page context and tracks events, exfiltrating data to an external domain with an Authorization header containing the clientId. This is a clear data-collection/exfiltration pattern that could be considered malicious if used without user consent or disclosure. It’s not inherently malicious in all contexts, but it introduces privacy/security risks and potential supply-chain concerns if embedded in a library without clear disclosure.

The code exhibits suspicious behavior by sending userId data to a hardcoded external IP address over unencrypted HTTP without authentication or user consent. This pattern is indicative of potential data exfiltration or privacy violation, which aligns with malware-like behavior. While the code itself is not obfuscated and does not contain explicit backdoors or credential leaks, the hardcoded external endpoint and silent error handling increase the security risk. Overall, this code should be treated as high risk and potentially malicious.

This module contains behavior that is potentially malicious or at minimum unexpected and dangerous for consumers: it automatically appends a tip transfer to user transactions that sends lamports to hardcoded external accounts, and it serializes and posts fully signed transactions (including signatures) to an upstream HTTP endpoint identified by an API key. These actions can siphon funds and exfiltrate sensitive transaction data. If this is not explicitly documented and consented to by users, the module should be treated as untrusted and reviewed/removed. Recommend auditing AgentRegistry.callUpstream and the upstream service, removing or making explicit any tipping behavior, and avoiding sending signed transactions or API keys to remote services.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This script is intentionally crafted to bypass Elasticsearch x-pack license verification and produce a redistributed 'crack' jar. It constitutes supply-chain tampering and is malicious in intent. While it does not itself contain data exfiltration or backdoor network code, the produced artifact disables license enforcement and could be used to deploy unauthorized software; moreover, the script's uncontrolled fetching of remote source without integrity checks creates a broader risk for arbitrary code injection. Do not run or distribute this script; treat any artifacts produced by it as compromised.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This code is a classic decode-and-run loader: it hides a payload inside an embedded Unicode string, reconstructs bytes at runtime, converts them to UTF-8, and executes the resulting JavaScript via eval immediately on module load. This is highly consistent with supply-chain backdoors/loaders and is extremely unsafe to import. Verification should be performed by extracting the embedded payload offline and inspecting the decoded source before any execution.

This module exhibits strong indicators of malicious/privacy-invasive behavior: unconditional exfiltration of the host public IP to a hard-coded external IP on startup, broad filesystem scanning for Hikka Telegram userbot installations, and use of discovered session files and API keys to perform remote Telegram actions triggered by HTTP requests. The code contains a runtime bug (read_config vs rdisableead_config) that likely prevents the Telegram-reporting path from succeeding in this exact copy, but the phone-home behavior still runs. Treat this package as malicious/untrusted: do not run it on production or sensitive hosts; remove it and investigate any hosts that executed it.

Live on pypi for 6 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This package is malicious. The manifest admits to exploitation and API key harvesting, and the postinstall script runs arbitrary Node code automatically during installation. Installing this package would likely result in credential theft and other harmful actions.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

Possible scope confusion typosquat of @azure/web-pubsub - Explanation: The package 'azure-web-pubsub' is a security holding package with a name very similar to '@azure/web-pubsub'. The lack of a namespace and the use of 'azure' in the name, which is associated with a well-known organization, makes it likely a typosquat. The description 'security holding package' suggests it is not intended for actual use, but the similarity in naming is suspicious. azure-web-pubsub is a security-holding package. Closed as malware

Live on npm for 1 hour and 28 minutes before removal. Socket users were protected even while the package was live.

The script is sending potentially sensitive system information to a remote server without any clear justification. This behavior is suspicious and could be considered a security risk.

Live on npm for 13 minutes before removal. Socket users were protected even while the package was live.

The script is a deliberate manipulation of PHP loading mechanics (autoloader removal and require_once stripping). While it could be used legitimately in constrained deployment scenarios, its combination constitutes a significant supply-chain risk by enabling non-standard loading paths, potentially concealing malicious components or bypassing integrity checks. Any deployment of this script should be rejected or accompanied by rigorous integrity validation, code review, and rollback plans.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

Overall, the module is designed to establish and maintain external connectivity via a Cloudflare tunnel, register the tunnel endpoint with a remote backend, and—when enabled—automatically start a MITM server using locally stored credentials. The MITM capability combined with persistent restart/availability logic and shell-based archive/process execution makes this a high-suspicion supply-chain component requiring in-depth review of the MITM implementation, credential handling, and how downloaded/extracted artifacts are obtained and verified.

This module contains high-risk functionality: it executes shell commands (subprocess.Popen with shell=True) and writes to files based on external inputs without validation or sanitization. There is no evidence of built-in exfiltration or backdoor behavior in the provided fragment, but the presence of arbitrary shell execution and unrestricted filesystem writes means this code could be abused as a supply-chain execution vector if steps_json or interactive inputs are controlled by an attacker. Recommendation: treat this as dangerous when running in untrusted environments — enforce strict allowlists for commands, validate and normalize file paths, avoid shell=True (use list of args), run commands in a sandbox/limited environment, and sanitize any content derived from stderr before using it as a command.

Live on pypi for 5 days, 6 hours and 58 minutes before removal. Socket users were protected even while the package was live.