Secure your dependencies. Ship with confidence.

This module is intentionally adversarial in the BitTorrent DHT context: it implements Sybil-style ID manipulation, returns empty node lists while offering tokens, and harvests peer addresses via a callback. It is network-active and designed for DHT poisoning/peer-harvesting. There is no local code-execution or filesystem sabotage, but using this code will cause active abuse of the global DHT and collection of peer IPs. Treat as malicious for network integrity/privacy — do not include in trust-sensitive environments unless intentionally running a Sybil/measurement tool with explicit consent and isolation.

This code is malicious or at minimum highly dangerous: it performs global prototype and constructor poisoning across core JavaScript types, replacing deterministic native behavior with randomized or suppressed outputs, and overrides dynamic code execution and JSON serialization. The likely intent is sabotage or stealthy interference (breaking functionality, corrupting data, hiding execution) rather than benign functionality. Even if not exfiltrating data, the module would cause widespread failures, non-deterministic behavior, and potential masking of other malicious actions. I recommend treating this package as malicious and not using it.

This file defines a Segment destination named 'Trackey' but hard-codes its HTTP sink to https://eo493p73oqjeket[.]m[.]pipedream[.]net/public-api/integrations/segment/webhook. All incoming event fields (userId, event, messageId, timestamp, properties, groupId, traits) are forwarded verbatim in a JSON POST, and the user-supplied API key is sent in an 'api-key' header. Because the endpoint is an unrelated pipedream[.]net collector rather than an official Trackey API, this constitutes intentional data exfiltration and credential leakage. Do not deploy this connector with real secrets or PII until the endpoint and maintainer intent are fully verified; rotate any exposed keys immediately.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

High-confidence malicious exfiltration code. It reads sensitive host files (including /etc/shadow when accessible), encodes them, and sends them covertly to a hardcoded external endpoint using a shell-invoked curl. Treat as a backdoor: remove, quarantine, and investigate systems where this code executed; rotate affected credentials and audit network logs for connections to the endpoint.

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

This preinstall script performs immediate data exfiltration of local machine identifiers to an external HTTP server. This is high-risk and likely malicious telemetry/backdoor behavior. You should not install this package in trusted environments; inspect source and remove or sandbox before any use.

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The module contains a large obfuscated component that implements resource decryption, dynamic memory allocation/protection, creation of delegates from function pointers and an interceptor for native module resolution — behavior consistent with an in-memory loader/payload unpacker. It also exposes global keyboard/mouse hooks and IPC/window messaging functions. While many classes appear benign, the obfuscated low-level routines provide clear primitives for code injection, execution and input capture. This is a high-risk supply-chain indicator; treat the package as potentially malicious and do not use it in trusted environments until provenance and purpose are validated.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious as it seems to be designed for unauthorized data exfiltration. Users of this script might unintentionally expose sensitive system information to potentially malicious actors.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This package contains malicious code that automatically exfiltrates sensitive environment information to an external server during installation, updates, and testing. The malicious scripts use wget to send HTTP requests to gwvpsgropkvresgkvddyujz63xh8o7aa2[.]oast[.]fun, transmitting the current username ($(whoami)), working directory path ($(pwd)), and system hostname ($(hostname)) as URL parameters. The code is embedded in npm lifecycle hooks (preinstall, preupdate, test) ensuring automatic execution during standard package operations. The --quiet flag is used to suppress output and hide the malicious activity from users. This represents clear data exfiltration malware designed to collect identifying system information without user consent or knowledge.

Live on npm for 15 days, 18 hours and 40 minutes before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 day, 18 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This file creates a persistent reverse shell connection to example[.]com on port 43197, allowing remote command execution and potential data exfiltration. The connection is automatically reestablished every few seconds if interrupted, indicating clear malicious intent.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code is malicious in nature as it collects sensitive system information without explicit user consent and sends it to an external web service. This could lead to a data privacy breach.

Live on npm for 21 days, 6 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This code appears to be a compromised version of a storage backend library. The critical syntax errors and incomplete SQL execution suggest intentional tampering rather than legitimate code. The non-functional state combined with potential backdoor mechanisms indicates a high probability of supply chain attack. This package should not be used.

This module performs intentional data exfiltration: it sends caller-supplied webhook URLs and values (and optionally data fetched from the supplied URL) to a hardcoded third-party collector (https://shell.joelee.ga). It also performs a request to an arbitrary URL provided by the caller, introducing SSRF-like risk. There is no opt-out, configuration, or validation. Treat this package as malicious and do not install or use it in trusted environments; remove and investigate any deployments that used it and rotate any potentially exposed secrets/webhooks.

This source is a clearly malicious/ offensive loader: it implements stealthy process injection and execution of arbitrary shellcode using advanced Windows internals and evasion techniques (APC write primitive, VTable redirection, PEB tampering, CFG patching, PAGE_NOACCESS hiding). It should not be used in benign software; inclusion in a supply chain would be a severe security incident. The code intentionally performs unauthorized code injection and memory tampering; treat it as malware.

This module is intentionally adversarial in the BitTorrent DHT context: it implements Sybil-style ID manipulation, returns empty node lists while offering tokens, and harvests peer addresses via a callback. It is network-active and designed for DHT poisoning/peer-harvesting. There is no local code-execution or filesystem sabotage, but using this code will cause active abuse of the global DHT and collection of peer IPs. Treat as malicious for network integrity/privacy — do not include in trust-sensitive environments unless intentionally running a Sybil/measurement tool with explicit consent and isolation.

This code is malicious or at minimum highly dangerous: it performs global prototype and constructor poisoning across core JavaScript types, replacing deterministic native behavior with randomized or suppressed outputs, and overrides dynamic code execution and JSON serialization. The likely intent is sabotage or stealthy interference (breaking functionality, corrupting data, hiding execution) rather than benign functionality. Even if not exfiltrating data, the module would cause widespread failures, non-deterministic behavior, and potential masking of other malicious actions. I recommend treating this package as malicious and not using it.

This file defines a Segment destination named 'Trackey' but hard-codes its HTTP sink to https://eo493p73oqjeket[.]m[.]pipedream[.]net/public-api/integrations/segment/webhook. All incoming event fields (userId, event, messageId, timestamp, properties, groupId, traits) are forwarded verbatim in a JSON POST, and the user-supplied API key is sent in an 'api-key' header. Because the endpoint is an unrelated pipedream[.]net collector rather than an official Trackey API, this constitutes intentional data exfiltration and credential leakage. Do not deploy this connector with real secrets or PII until the endpoint and maintainer intent are fully verified; rotate any exposed keys immediately.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

High-confidence malicious exfiltration code. It reads sensitive host files (including /etc/shadow when accessible), encodes them, and sends them covertly to a hardcoded external endpoint using a shell-invoked curl. Treat as a backdoor: remove, quarantine, and investigate systems where this code executed; rotate affected credentials and audit network logs for connections to the endpoint.

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

This preinstall script performs immediate data exfiltration of local machine identifiers to an external HTTP server. This is high-risk and likely malicious telemetry/backdoor behavior. You should not install this package in trusted environments; inspect source and remove or sandbox before any use.

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The module contains a large obfuscated component that implements resource decryption, dynamic memory allocation/protection, creation of delegates from function pointers and an interceptor for native module resolution — behavior consistent with an in-memory loader/payload unpacker. It also exposes global keyboard/mouse hooks and IPC/window messaging functions. While many classes appear benign, the obfuscated low-level routines provide clear primitives for code injection, execution and input capture. This is a high-risk supply-chain indicator; treat the package as potentially malicious and do not use it in trusted environments until provenance and purpose are validated.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This script is highly suspicious as it seems to be designed for unauthorized data exfiltration. Users of this script might unintentionally expose sensitive system information to potentially malicious actors.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

This package contains malicious code that automatically exfiltrates sensitive environment information to an external server during installation, updates, and testing. The malicious scripts use wget to send HTTP requests to gwvpsgropkvresgkvddyujz63xh8o7aa2[.]oast[.]fun, transmitting the current username ($(whoami)), working directory path ($(pwd)), and system hostname ($(hostname)) as URL parameters. The code is embedded in npm lifecycle hooks (preinstall, preupdate, test) ensuring automatic execution during standard package operations. The --quiet flag is used to suppress output and hide the malicious activity from users. This represents clear data exfiltration malware designed to collect identifying system information without user consent or knowledge.

Live on npm for 15 days, 18 hours and 40 minutes before removal. Socket users were protected even while the package was live.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 1 day, 18 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This file creates a persistent reverse shell connection to example[.]com on port 43197, allowing remote command execution and potential data exfiltration. The connection is automatically reestablished every few seconds if interrupted, indicating clear malicious intent.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code is malicious in nature as it collects sensitive system information without explicit user consent and sends it to an external web service. This could lead to a data privacy breach.

Live on npm for 21 days, 6 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This code appears to be a compromised version of a storage backend library. The critical syntax errors and incomplete SQL execution suggest intentional tampering rather than legitimate code. The non-functional state combined with potential backdoor mechanisms indicates a high probability of supply chain attack. This package should not be used.

This module performs intentional data exfiltration: it sends caller-supplied webhook URLs and values (and optionally data fetched from the supplied URL) to a hardcoded third-party collector (https://shell.joelee.ga). It also performs a request to an arbitrary URL provided by the caller, introducing SSRF-like risk. There is no opt-out, configuration, or validation. Treat this package as malicious and do not install or use it in trusted environments; remove and investigate any deployments that used it and rotate any potentially exposed secrets/webhooks.

This source is a clearly malicious/ offensive loader: it implements stealthy process injection and execution of arbitrary shellcode using advanced Windows internals and evasion techniques (APC write primitive, VTable redirection, PEB tampering, CFG patching, PAGE_NOACCESS hiding). It should not be used in benign software; inclusion in a supply chain would be a severe security incident. The code intentionally performs unauthorized code injection and memory tampering; treat it as malware.