Secure your dependencies. Ship with confidence.

The preinstall hook executes a local file (index.js) with output suppressed. This is potentially dangerous because the file could perform malicious actions (exfiltrate data, spawn shells, modify the system, add backdoors, or run untrusted code). Without inspecting index.js, the install script cannot be declared safe. Treat this as a high-risk behavior until the script's contents are audited or the install step is removed.

Best match is the “tunneling/port-forward + remote-driven TunnelID routing/CloseConn teardown” assessment (Reports 1/3). This module is not just a normal library; it implements high-impact bidirectional TCP proxying over an RPC tunnel with remote-controlled connection selection and teardown via a global TunnelID→net.Conn pool. While no classic malware primitives are visible in this fragment (no exec/files/network to unrelated hosts), the intended capability is characteristic of offensive C2 tooling. Treat as a high security risk supply-chain dependency and require strict provenance, isolation, and code review across the full package to confirm authorization and intended use.

The code exhibits malicious behavior by collecting and exfiltrating sensitive system information and file contents to an external server. This poses a significant security risk due to potential data breaches and unauthorized access.

Live on npm for 14 days, 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

This script functions as a credential/session stealer: it enumerates and extracts Discord tokens and Telegram sessions, validates Discord tokens, and exfiltrates the stolen data to a Telegram-based receiver. The behavior is malicious (unauthorized credential harvesting and data exfiltration); the package should be treated as malicious and not used. Review and remove any deployments where this code is present and investigate any systems where it executed.

This module reads local sqlite price/time-series data and unconditionally transmits constructed event payloads (symbol, database identifier, prices, timestamps) to a hard-coded external HTTP endpoint. The external-reporting channel is unencrypted, unauthenticated, and likely to leak sensitive internal data. Combined with unsafe SQL string composition, inconsistent threading usage, undefined variables, and syntactic errors, the code presents a significant security risk. Treat the external reporting behavior as an exfiltration/backdoor indicator: either remove or make it explicitly opt-in, switch to HTTPS with authentication, fix SQL concatenation and threading issues, and correct the syntactic errors before use. Until then, do not trust this package for production use.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code is malicious in intent: it attempts to exfiltrate browser cookies to an external webhook. In its exact form it contains a coding error (document.cookie()), which likely prevents successful exfiltration, but the intent is clear and dangerous. Treat this as a compromise indicator, remove the code, and remediate exposed credentials and cookie configuration.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This code intentionally harvests sensitive environment data (FLAG or all environment variables) and transmits it to a hardcoded external webhook via a shell-executed curl POST. It is a direct data exfiltration backdoor and should be considered malicious. Do not execute in any environment containing secrets; remove or isolate the package and investigate any runtime that executed it for potential data leakage.

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

This package runs an installer binary during npm install which executes code from the @rstreamlabs/installer dependency. Combined with the package-specified custom registry (https://rstream.io), this is a significant supply-chain risk: the installer could fetch and execute remote code, collect telemetry, exfiltrate data, modify git hooks or system configuration, or otherwise perform malicious actions. You should not install without auditing the @rstreamlabs/installer package (its published files and install-time behavior) and any network endpoints it contacts. If you cannot audit those, treat this as high risk.

This file contains a hidden downloader/executor (y) that decodes an obfuscated command and runs curl to fetch and execute a remote batch file. This behavior is malicious and unrelated to the stated purpose of environment helpers. The safe parts (env parsing/config) are overshadowed by this backdoor/download-and-execute functionality. Remove or disable the y() function and audit any occurrences of similar obfuscated exec code. Treat the package as malicious.

This dependency is strongly obfuscated and includes a high-risk dynamic execution primitive (Function/constructor-like string evaluation) combined with environment-variable-driven branching and filesystem-based JSON configuration loading. Even though explicit exfiltration or persistence is not shown in the excerpt, the combination of arbitrary-code-execution capability, evasive control flow, and untrusted filesystem inputs makes it unsuitable without comprehensive deobfuscation, behavioral tracing at runtime, and verification that the generated code cannot perform malicious actions.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This snippet intentionally exfiltrates all environment variables to a hardcoded external endpoint. It constitutes malicious/backdoor behavior in most contexts and poses a high security risk: any system executing this code likely leaked secrets. Remove the code, treat affected credentials as compromised (rotate secrets, investigate exposures), and audit dependent packages for similar code.

Live on npm for 3 days, 18 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical command injection vulnerability where unsanitized user input is directly interpolated into shell commands. This allows arbitrary command execution through the build_script parameter. Despite being legitimate mutation testing software, this represents a serious security flaw that could be exploited by attackers.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

This code bundle contains mostly legitimate UI and image-processing libraries, but also includes a clearly malicious, targeted payload: a time-gated, locale-and-host-conditioned snippet that disables pointer events and injects/auto-plays a hard-coded external audio file (https://flag-gimn.ru/...) for users with Russian locale on certain TLDs. That payload is unrelated to normal library behavior and constitutes a supply-chain backdoor / disruptive malware (political/propaganda and denial-of-interaction). Remove or patch the bundle to delete the malicious snippet; consider treating any package containing this code as compromised.

The code sends environment variables to a potentially suspicious domain, indicating data exfiltration. This is a clear sign of malicious behavior.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The preinstall hook executes a local file (index.js) with output suppressed. This is potentially dangerous because the file could perform malicious actions (exfiltrate data, spawn shells, modify the system, add backdoors, or run untrusted code). Without inspecting index.js, the install script cannot be declared safe. Treat this as a high-risk behavior until the script's contents are audited or the install step is removed.

Best match is the “tunneling/port-forward + remote-driven TunnelID routing/CloseConn teardown” assessment (Reports 1/3). This module is not just a normal library; it implements high-impact bidirectional TCP proxying over an RPC tunnel with remote-controlled connection selection and teardown via a global TunnelID→net.Conn pool. While no classic malware primitives are visible in this fragment (no exec/files/network to unrelated hosts), the intended capability is characteristic of offensive C2 tooling. Treat as a high security risk supply-chain dependency and require strict provenance, isolation, and code review across the full package to confirm authorization and intended use.

The code exhibits malicious behavior by collecting and exfiltrating sensitive system information and file contents to an external server. This poses a significant security risk due to potential data breaches and unauthorized access.

Live on npm for 14 days, 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

This script functions as a credential/session stealer: it enumerates and extracts Discord tokens and Telegram sessions, validates Discord tokens, and exfiltrates the stolen data to a Telegram-based receiver. The behavior is malicious (unauthorized credential harvesting and data exfiltration); the package should be treated as malicious and not used. Review and remove any deployments where this code is present and investigate any systems where it executed.

This module reads local sqlite price/time-series data and unconditionally transmits constructed event payloads (symbol, database identifier, prices, timestamps) to a hard-coded external HTTP endpoint. The external-reporting channel is unencrypted, unauthenticated, and likely to leak sensitive internal data. Combined with unsafe SQL string composition, inconsistent threading usage, undefined variables, and syntactic errors, the code presents a significant security risk. Treat the external reporting behavior as an exfiltration/backdoor indicator: either remove or make it explicitly opt-in, switch to HTTPS with authentication, fix SQL concatenation and threading issues, and correct the syntactic errors before use. Until then, do not trust this package for production use.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code is malicious in intent: it attempts to exfiltrate browser cookies to an external webhook. In its exact form it contains a coding error (document.cookie()), which likely prevents successful exfiltration, but the intent is clear and dangerous. Treat this as a compromise indicator, remove the code, and remediate exposed credentials and cookie configuration.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This code intentionally harvests sensitive environment data (FLAG or all environment variables) and transmits it to a hardcoded external webhook via a shell-executed curl POST. It is a direct data exfiltration backdoor and should be considered malicious. Do not execute in any environment containing secrets; remove or isolate the package and investigate any runtime that executed it for potential data leakage.

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

This package runs an installer binary during npm install which executes code from the @rstreamlabs/installer dependency. Combined with the package-specified custom registry (https://rstream.io), this is a significant supply-chain risk: the installer could fetch and execute remote code, collect telemetry, exfiltrate data, modify git hooks or system configuration, or otherwise perform malicious actions. You should not install without auditing the @rstreamlabs/installer package (its published files and install-time behavior) and any network endpoints it contacts. If you cannot audit those, treat this as high risk.

This file contains a hidden downloader/executor (y) that decodes an obfuscated command and runs curl to fetch and execute a remote batch file. This behavior is malicious and unrelated to the stated purpose of environment helpers. The safe parts (env parsing/config) are overshadowed by this backdoor/download-and-execute functionality. Remove or disable the y() function and audit any occurrences of similar obfuscated exec code. Treat the package as malicious.

This dependency is strongly obfuscated and includes a high-risk dynamic execution primitive (Function/constructor-like string evaluation) combined with environment-variable-driven branching and filesystem-based JSON configuration loading. Even though explicit exfiltration or persistence is not shown in the excerpt, the combination of arbitrary-code-execution capability, evasive control flow, and untrusted filesystem inputs makes it unsuitable without comprehensive deobfuscation, behavioral tracing at runtime, and verification that the generated code cannot perform malicious actions.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This snippet intentionally exfiltrates all environment variables to a hardcoded external endpoint. It constitutes malicious/backdoor behavior in most contexts and poses a high security risk: any system executing this code likely leaked secrets. Remove the code, treat affected credentials as compromised (rotate secrets, investigate exposures), and audit dependent packages for similar code.

Live on npm for 3 days, 18 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical command injection vulnerability where unsanitized user input is directly interpolated into shell commands. This allows arbitrary command execution through the build_script parameter. Despite being legitimate mutation testing software, this represents a serious security flaw that could be exploited by attackers.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on pypi for 1 hour and 57 minutes before removal. Socket users were protected even while the package was live.

This code bundle contains mostly legitimate UI and image-processing libraries, but also includes a clearly malicious, targeted payload: a time-gated, locale-and-host-conditioned snippet that disables pointer events and injects/auto-plays a hard-coded external audio file (https://flag-gimn.ru/...) for users with Russian locale on certain TLDs. That payload is unrelated to normal library behavior and constitutes a supply-chain backdoor / disruptive malware (political/propaganda and denial-of-interaction). Remove or patch the bundle to delete the malicious snippet; consider treating any package containing this code as compromised.

The code sends environment variables to a potentially suspicious domain, indicating data exfiltration. This is a clear sign of malicious behavior.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This module contains a high-impact supply-chain and execution risk: it performs an automatic runtime download of JavaScript from a public CDN and executes it via eval() to bootstrap the command runner. That establishes a straightforward path to arbitrary code execution under the CLI’s privileges. It further shells out to codex and git through dynamically constructed pipelines using caller-influenced values, and it invokes codex with explicit “dangerously bypass” flags. Even if the intent is orchestration, the implementation should be treated as unsafe unless the runtime eval bootstrap is removed or cryptographically pinned/verified and command arguments are strictly validated/escaped.

The code implements a migration/transfer workflow with remote manifest handling, but contains a concealed backdoor mechanism (selfHidingFile) that can serve arbitrary internal files when a matching license is provided. This backdoor, combined with broad network/file operations driven by external input, creates a high risk for data leakage, remote access, or supply-chain abuse. The primary recommendation is to remove or isolate the backdoor, enforce rigorous input validation, and implement safer, auditable data transfer mechanisms with least privilege. Given these findings, treat the component as high risk until thoroughly audited and sanitized.

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.