Secure your dependencies. Ship with confidence.

This code fragment performs targeted discovery of an AWS SSO refresh token from a local credential cache directory and directly returns that secret to the HTTP caller via NextResponse.json. That pattern is characteristic of credential theft/exfiltration. While it may be intended as an “auto-import” feature, the absence of any visible authentication/authorization gating in this fragment makes it dangerous: any caller capable of reaching the endpoint could obtain a highly sensitive refresh token.

A VS Code extension uses Chrome DevTools Protocol to harvest browser session cookies and related headers, then reuses them for subsequent download requests; it also orchestrates external binaries and embedded components, creating significant session-theft and data-leak risks. A formal threat model and privacy controls are recommended to prevent unintended exfiltration and to ensure explicit user consent and secure data handling.

Live on openvsx for 21 days, 12 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module largely performs filesystem parsing and keyword matching for “skills,” but the save_skill() function is dangerously inconsistent with its purpose: it builds content without writing it, then deletes the computed skill directory using shutil.rmtree() driven by a caller-controlled path component (name) without path validation. Combined with a clear `return Tru` bug and broken frontmatter parsing, the code strongly suggests sabotage or severe corruption with high risk of data loss, especially if name is influenced by untrusted input.

This module contains intentionally malicious or highly negligent behavior: it captures credentials passed to validateUser, logs them in plaintext to the console, unconditionally redirects the browser to a hard-coded external URL, and returns success for any credentials. Treat this package/file as compromised: remove it from sensitive code paths, do not call validateUser, and investigate the package provenance and any uses of the external URL. Replace with a proper authentication implementation that never logs secrets and does not perform unsolicited redirects.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 5 days, 13 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

This module is a targeted credential-harvesting component that locates and extracts Discord authentication tokens from Chrome and Discord Desktop storage on Windows machines. It uses multiple methods (raw file scanning, direct LevelDB access, and OS-level copying) combined with validation heuristics to identify likely tokens. While it does not itself exfiltrate data over the network, it returns sensitive tokens to the caller and therefore is highly dangerous if used by malicious code. Treat tokens discovered by or accessible to this module as compromised. Avoid including or executing this module in trusted environments.

The source code collects extensive system information and sends it to an external server without user consent. This behavior poses a significant security risk as it involves the transmission of potentially sensitive data. The code is not obfuscated and is straightforward, but the actions it performs are indicative of malicious intent.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The package code is likely collecting and transmitting user data to a third-party domain without sufficient protection, and may contain a backdoor or malware. The package should not be used without further investigation.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code contains a severe backdoor/sabotage indicator: a hardcoded encrypted 'token' whose decrypted value is compared inside JwtHelper.ValidUser and can cause Environment.Exit(0). JwtTokenAuth middleware calls this on incoming Authorization headers, making it remotely triggerable via HTTP requests with bearer tokens. Additionally, broad request/response logging and an unprotected '/allservices' endpoint create data-leak and information-disclosure risks. These behaviors make the package unsafe for use in production without code removal/audit. Recommend removing or auditing the JwtHelper.ValidUser logic immediately, sanitizing or disabling sensitive logging, and restricting the /allservices endpoint. Do not trust builds containing this code.

This module implements persistent local capture of keyboard events, mouse events, and frequent screenshots and writes them to disk along with system metadata including public IP/geo info. That behavior is characteristic of spyware/keyloggers and is highly privacy-sensitive. The code itself does not obfuscate its behavior and does not perform remote exfiltration in this fragment (aside from calling ipinfo.io to obtain public IP/host info). Use of this module in software distributed without explicit, informed consent or deployed silently on user machines constitutes a severe security/privacy risk. If you did not intend to collect keystrokes/screenshots, do not install/run this package; if you maintain it, require clear consent and secure handling (encryption, retention policies, and opt-in).

The code exhibits clear security concerns: embedded hardcoded API credentials enabling access to external AI services, and multiple outbound data flows that could exfiltrate user inputs (scripts, SQL, factor data) to remote endpoints. This constitutes a high-risk pattern for a public package, presenting credential leakage risk and potential data leakage through external services. Recommended remediation includes removing hardcoded secrets, migrating credentials to secure server-side management or runtime-provisioned tokens, enforcing strict input validation/sanitation, implementing least-privilege access for outbound calls, auditing all external endpoints, and ensuring proper logging/telemetry controls to prevent sensitive data exposure.

The migration tool exhibits legitimate migration behaviors but contains a pronounced backdoor-like pattern in selfHidingFile, wrapped with license gating and __HALT_COMPILER usage. This creates a dangerous supply-chain and runtime risk: if artifacts are deployed, an attacker could leverage the HALT payload to read or serve files, or otherwise exfiltrate data. Recommend removing selfHidingFile, isolating license logic, auditing all remote file fetches, and enforcing strict provenance controls before adoption.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on pypi for 5 days, 5 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code is clearly malicious, as it establishes a reverse shell to a remote host, allowing for unauthorized remote command execution. This poses a significant security risk to any system running this code.

The threat is an automated, unsupervised download and installation of a JetBrains IDE plugin from a hardcoded remote URL, which forcibly deletes any existing plugin with the same target name and extracts the ZIP directly into the IDE's plugins directories without user consent. The download is not cryptographically verified against a trusted signature or hash, creating a supply-chain and local compromise risk by enabling arbitrary code execution in the IDE context.

This code fragment is primarily a modal/dialog UI library, but it contains a targeted malicious/sabotage payload: for Russian-language browsers on certain TLDs it disables pointer interactions and injects/auto-plays an externally hosted audio file (hard-coded domain). This behavior is unrelated to the library's stated purpose, causes unsolicited network activity and UX denial-of-interaction, and is persistent via localStorage. Treat this package version as compromised and untrusted; do not use it in production. Use a vetted clean release or inspect the repository/commit history to remove the malicious block.

This module fragment contains multiple high-impact security hazards: (1) arbitrary code execution via eval/new Function (including worker-side execution), (2) an HTML injection sink via domProps.innerHTML in the Paragraph component, (3) dynamic loading/injection of external SVG and remote scripts by URL, and (4) propagation of auth tokens from sessionStorage into axios request headers. If an attacker can influence any of the “code/conditions” strings, paragraph text, or resource/script URLs, the risk escalates to full client-side compromise and potential credential/token exposure. Immediate review/hardening (remove or strictly isolate eval/new Function, sanitize/escape HTML, enforce URL allowlists, and constrain token attachment to trusted endpoints) is recommended.

The provided code contains a covert data-exfiltration routine: it collects local identifiers and the machine's public IP, encodes them into a subdomain and performs a DNS resolution to an externally controlled domain (gfde.site). The exfiltration logic is obfuscated (hex-encoded strings/modules), runs automatically, and is unrelated to the exported utility functions. This behavior is malicious in a software supply-chain context. Remove or isolate this code and consider the package compromised.

The primary security risk is the unsafe use of eval on dynamically parsed content from a file that could be modified by an attacker, leading to arbitrary code execution. No direct malware or obfuscation is detected, but the eval usage represents a high security risk. The LICENSE file should never be treated as executable code without strict validation. The existing reports are inadequate and should be replaced with detailed analysis like this.

Live on npm for 7 days, 23 hours and 38 minutes before removal. Socket users were protected even while the package was live.

This code fragment performs targeted discovery of an AWS SSO refresh token from a local credential cache directory and directly returns that secret to the HTTP caller via NextResponse.json. That pattern is characteristic of credential theft/exfiltration. While it may be intended as an “auto-import” feature, the absence of any visible authentication/authorization gating in this fragment makes it dangerous: any caller capable of reaching the endpoint could obtain a highly sensitive refresh token.

A VS Code extension uses Chrome DevTools Protocol to harvest browser session cookies and related headers, then reuses them for subsequent download requests; it also orchestrates external binaries and embedded components, creating significant session-theft and data-leak risks. A formal threat model and privacy controls are recommended to prevent unintended exfiltration and to ensure explicit user consent and secure data handling.

Live on openvsx for 21 days, 12 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module largely performs filesystem parsing and keyword matching for “skills,” but the save_skill() function is dangerously inconsistent with its purpose: it builds content without writing it, then deletes the computed skill directory using shutil.rmtree() driven by a caller-controlled path component (name) without path validation. Combined with a clear `return Tru` bug and broken frontmatter parsing, the code strongly suggests sabotage or severe corruption with high risk of data loss, especially if name is influenced by untrusted input.

This module contains intentionally malicious or highly negligent behavior: it captures credentials passed to validateUser, logs them in plaintext to the console, unconditionally redirects the browser to a hard-coded external URL, and returns success for any credentials. Treat this package/file as compromised: remove it from sensitive code paths, do not call validateUser, and investigate the package provenance and any uses of the external URL. Replace with a proper authentication implementation that never logs secrets and does not perform unsolicited redirects.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 5 days, 13 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

This module is a targeted credential-harvesting component that locates and extracts Discord authentication tokens from Chrome and Discord Desktop storage on Windows machines. It uses multiple methods (raw file scanning, direct LevelDB access, and OS-level copying) combined with validation heuristics to identify likely tokens. While it does not itself exfiltrate data over the network, it returns sensitive tokens to the caller and therefore is highly dangerous if used by malicious code. Treat tokens discovered by or accessible to this module as compromised. Avoid including or executing this module in trusted environments.

The source code collects extensive system information and sends it to an external server without user consent. This behavior poses a significant security risk as it involves the transmission of potentially sensitive data. The code is not obfuscated and is straightforward, but the actions it performs are indicative of malicious intent.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The package code is likely collecting and transmitting user data to a third-party domain without sufficient protection, and may contain a backdoor or malware. The package should not be used without further investigation.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code contains a severe backdoor/sabotage indicator: a hardcoded encrypted 'token' whose decrypted value is compared inside JwtHelper.ValidUser and can cause Environment.Exit(0). JwtTokenAuth middleware calls this on incoming Authorization headers, making it remotely triggerable via HTTP requests with bearer tokens. Additionally, broad request/response logging and an unprotected '/allservices' endpoint create data-leak and information-disclosure risks. These behaviors make the package unsafe for use in production without code removal/audit. Recommend removing or auditing the JwtHelper.ValidUser logic immediately, sanitizing or disabling sensitive logging, and restricting the /allservices endpoint. Do not trust builds containing this code.

This module implements persistent local capture of keyboard events, mouse events, and frequent screenshots and writes them to disk along with system metadata including public IP/geo info. That behavior is characteristic of spyware/keyloggers and is highly privacy-sensitive. The code itself does not obfuscate its behavior and does not perform remote exfiltration in this fragment (aside from calling ipinfo.io to obtain public IP/host info). Use of this module in software distributed without explicit, informed consent or deployed silently on user machines constitutes a severe security/privacy risk. If you did not intend to collect keystrokes/screenshots, do not install/run this package; if you maintain it, require clear consent and secure handling (encryption, retention policies, and opt-in).

The code exhibits clear security concerns: embedded hardcoded API credentials enabling access to external AI services, and multiple outbound data flows that could exfiltrate user inputs (scripts, SQL, factor data) to remote endpoints. This constitutes a high-risk pattern for a public package, presenting credential leakage risk and potential data leakage through external services. Recommended remediation includes removing hardcoded secrets, migrating credentials to secure server-side management or runtime-provisioned tokens, enforcing strict input validation/sanitation, implementing least-privilege access for outbound calls, auditing all external endpoints, and ensuring proper logging/telemetry controls to prevent sensitive data exposure.

The migration tool exhibits legitimate migration behaviors but contains a pronounced backdoor-like pattern in selfHidingFile, wrapped with license gating and __HALT_COMPILER usage. This creates a dangerous supply-chain and runtime risk: if artifacts are deployed, an attacker could leverage the HALT payload to read or serve files, or otherwise exfiltrate data. Recommend removing selfHidingFile, isolating license logic, auditing all remote file fetches, and enforcing strict provenance controls before adoption.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on pypi for 5 days, 5 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code is clearly malicious, as it establishes a reverse shell to a remote host, allowing for unauthorized remote command execution. This poses a significant security risk to any system running this code.

The threat is an automated, unsupervised download and installation of a JetBrains IDE plugin from a hardcoded remote URL, which forcibly deletes any existing plugin with the same target name and extracts the ZIP directly into the IDE's plugins directories without user consent. The download is not cryptographically verified against a trusted signature or hash, creating a supply-chain and local compromise risk by enabling arbitrary code execution in the IDE context.

This code fragment is primarily a modal/dialog UI library, but it contains a targeted malicious/sabotage payload: for Russian-language browsers on certain TLDs it disables pointer interactions and injects/auto-plays an externally hosted audio file (hard-coded domain). This behavior is unrelated to the library's stated purpose, causes unsolicited network activity and UX denial-of-interaction, and is persistent via localStorage. Treat this package version as compromised and untrusted; do not use it in production. Use a vetted clean release or inspect the repository/commit history to remove the malicious block.

This module fragment contains multiple high-impact security hazards: (1) arbitrary code execution via eval/new Function (including worker-side execution), (2) an HTML injection sink via domProps.innerHTML in the Paragraph component, (3) dynamic loading/injection of external SVG and remote scripts by URL, and (4) propagation of auth tokens from sessionStorage into axios request headers. If an attacker can influence any of the “code/conditions” strings, paragraph text, or resource/script URLs, the risk escalates to full client-side compromise and potential credential/token exposure. Immediate review/hardening (remove or strictly isolate eval/new Function, sanitize/escape HTML, enforce URL allowlists, and constrain token attachment to trusted endpoints) is recommended.

The provided code contains a covert data-exfiltration routine: it collects local identifiers and the machine's public IP, encodes them into a subdomain and performs a DNS resolution to an externally controlled domain (gfde.site). The exfiltration logic is obfuscated (hex-encoded strings/modules), runs automatically, and is unrelated to the exported utility functions. This behavior is malicious in a software supply-chain context. Remove or isolate this code and consider the package compromised.

The primary security risk is the unsafe use of eval on dynamically parsed content from a file that could be modified by an attacker, leading to arbitrary code execution. No direct malware or obfuscation is detected, but the eval usage represents a high security risk. The LICENSE file should never be treated as executable code without strict validation. The existing reports are inadequate and should be replaced with detailed analysis like this.

Live on npm for 7 days, 23 hours and 38 minutes before removal. Socket users were protected even while the package was live.