Secure your dependencies. Ship with confidence.

This script actively collects values from marked input/textarea elements and sends them in plaintext to a hardcoded external server. That behavior constitutes privacy-invasive data exfiltration and is high risk if included in web pages collecting sensitive user information. The lightweight obfuscation and global exposure (window.validate) make it easy to deploy covert data collection. Treat this code as malicious or at minimum unacceptable for use in contexts with private data; remove or replace with a privacy-preserving alternative and investigate provenance and intent before allowing deployment.

This code is malicious: it functions as a downloader/launcher for a remote executable (likely a Remote Access Trojan). It includes anti-analysis checks, simple obfuscation, silent failure handling, and stealthy detached execution. Treat as high-risk; do not run. If found in a project or environment, assume compromise, remove the code, block the referenced domain, and investigate systems for further compromise.

This appears to be a legitimate distributed computing framework with a critical remote code execution vulnerability. The socket_cmd_receiver function allows arbitrary command execution without validation, creating an extremely high security risk.

This code creates a high-risk remote command channel: it exfiltrates client identifiers (cookie, window.name, vendor_prefix) on connect and executes any code received over the WebSocket via eval, effectively allowing the remote endpoint to run arbitrary code in the client page. Treat this as a critical security issue. Remediation: remove eval-based execution; require strong authentication and message integrity (signatures/HMAC), restrict allowed commands to a safe whitelist, avoid sending sensitive cookies/identifiers, and add origin/host verification for the WebSocket endpoint.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 10 hours and 57 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module implements multiple explicit offensive network operations (ARP poisoning, DNS spoofing, HTTP injection, malicious download redirection, credential sniffing, MAC changing, and iptables manipulation). It should be treated as malicious or high-risk if present in a dependency unless there is a clear, auditable reason and controlled execution environment. Running it requires root privileges and would enable interception and modification of network traffic and exfiltration or distribution of malicious payloads.

The open-source dependency appears to contain malicious functionality, including data exfiltration and obfuscated code. The security risks are significant, and the package should not be used without further investigation and mitigation of the identified issues.

This file contains a deliberate reverse shell backdoor that executes automatically when the module is loaded and connects to a hard-coded ngrok address. It is malicious and poses a severe security risk. Do not use this package; remove it from any systems where it was installed and perform incident response on hosts that executed it (rotate credentials, audit for persistence, inspect network logs).

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior is indicative of malicious intent, constituting a supply chain security threat. There is no obfuscation, but the data leak is serious and should be treated as a high-risk security incident.

The code is designed to exfiltrate sensitive system and package information to a remote server without user consent, indicating malicious intent. The behavior is consistent with data theft or tracking malware.

This module performs unauthorized data exfiltration: it reads a sensitive local file (/etc/passwd) and transmits its contents and a package identifier to a hardcoded external webhook via an HTTP POST. Execution happens at module import time and exceptions are suppressed, increasing stealth. This is malicious/backdoor behavior; the package should be considered compromised and not used.

[Skill Scanner] Instruction to copy/paste content into terminal detected Selected assessment (based on Report 2) identifies a coherent, security-conscious depiction of the ml-paper-writing skill with explicit data-flow considerations and prudent cautions around external tooling. The recommended improvements center on hardening supply-chain posture (signing, version pinning, minimal permissions), clarifying data handling, and providing concrete remediation steps for deployment without altering the core drafting capabilities. LLM verification: The skill is functionally benign and useful for drafting ML papers and enforcing a non‑hallucination citation workflow. The primary security risk is an operational supply-chain/data-exfiltration vector: recommending execution of an npx command that downloads and runs code from https://mcp.exa.ai/mcp and routing searches through that third-party MCP. This behavior could expose unpublished repository contents or allow execution of malicious code if the remote package or its server is compromised.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This file is a simple but fully functional remote-control listener/backdoor: it accepts a TCP connection and forwards interactive operator commands to the connected peer and supports file upload/download using base64. It lacks authentication, encryption, input validation, and safe framing; it allows arbitrary local file reads (exfiltration) and writes (potential overwrite) based on operator/remote inputs. In an untrusted environment this is a high-risk component and can be used maliciously. Treat as potentially malicious unless its presence is explicitly intended for controlled remote administration.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

High risk. The install/postinstall scripts run package-controlled code and the package's stated purpose is to intercept commands and refresh tokens — behavior that directly touches sensitive credentials. The presence of a third-party dependency named 'child_process' is particularly suspicious and may indicate an attempt to shadow core Node functionality. Do NOT install or run this package without auditing the contents of scripts/install.js, scripts/postinstall.js, bin/puterauthtoken.js and any code that modifies shell configs or spawns subprocesses. Treat this as likely malicious until proven safe.

This code constructs a CI job that performs covert data exfiltration: it captures the output of an arbitrary command (defaulting to environment variables), encrypts that data with a freshly generated symmetric key, encrypts the symmetric key with a provided public key, and prints both encrypted blobs to the CI logs. The purpose and implementation are consistent with malicious supply-chain behavior (secret harvesting/exfiltration). Do not use or deploy this code in CI pipelines; treat as high-risk and investigate origin.

The material documents a legitimate convenience wrapper (inference.sh CLI) to access Google Gemini image generation. I found no explicit malicious code or backdoor in the provided text. The primary risks are supply-chain and privacy: a download-and-execute install pattern and routing all prompts/images through a third-party service (inference.sh / dist.inference.sh) that becomes a central trust and exfiltration point. Users should verify installers, review credential handling, and avoid uploading sensitive data. Overall the snippet is not clearly malicious but warrants caution due to distribution and data-handling risks.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

This module performs automatic data exfiltration upon installation or import. It collects sensitive system information including username, home directory, hostname, DNS servers, package directory, and complete package metadata, then transmits this data via HTTPS POST to a hardcoded endpoint at 2jm4iwnr2b3qxef9ypfdr2vis9y1mvak[.]oastify[.]com. The code executes immediately when the module is loaded without any user consent or configuration options. Error handling is intentionally suppressed to hide failures. The code comment references out-of-band application security testing tools (burpcollaborator, Interactsh, pipedream), confirming malicious intent. This constitutes a supply chain attack that compromises the privacy and security of any system where the package is installed.

The fragment demonstrates classic DNS-based data exfiltration/beaconing embedded in a pre-install script. This introduces significant supply-chain risk and potential abuse, regardless of stated intent. It should be treated as high-risk, removed from public packages, or replaced with clearly documented, user-consented functionality and secure alternatives.

This script actively collects values from marked input/textarea elements and sends them in plaintext to a hardcoded external server. That behavior constitutes privacy-invasive data exfiltration and is high risk if included in web pages collecting sensitive user information. The lightweight obfuscation and global exposure (window.validate) make it easy to deploy covert data collection. Treat this code as malicious or at minimum unacceptable for use in contexts with private data; remove or replace with a privacy-preserving alternative and investigate provenance and intent before allowing deployment.

This code is malicious: it functions as a downloader/launcher for a remote executable (likely a Remote Access Trojan). It includes anti-analysis checks, simple obfuscation, silent failure handling, and stealthy detached execution. Treat as high-risk; do not run. If found in a project or environment, assume compromise, remove the code, block the referenced domain, and investigate systems for further compromise.

This appears to be a legitimate distributed computing framework with a critical remote code execution vulnerability. The socket_cmd_receiver function allows arbitrary command execution without validation, creating an extremely high security risk.

This code creates a high-risk remote command channel: it exfiltrates client identifiers (cookie, window.name, vendor_prefix) on connect and executes any code received over the WebSocket via eval, effectively allowing the remote endpoint to run arbitrary code in the client page. Treat this as a critical security issue. Remediation: remove eval-based execution; require strong authentication and message integrity (signatures/HMAC), restrict allowed commands to a safe whitelist, avoid sending sensitive cookies/identifiers, and add origin/host verification for the WebSocket endpoint.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 10 hours and 57 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module implements multiple explicit offensive network operations (ARP poisoning, DNS spoofing, HTTP injection, malicious download redirection, credential sniffing, MAC changing, and iptables manipulation). It should be treated as malicious or high-risk if present in a dependency unless there is a clear, auditable reason and controlled execution environment. Running it requires root privileges and would enable interception and modification of network traffic and exfiltration or distribution of malicious payloads.

The open-source dependency appears to contain malicious functionality, including data exfiltration and obfuscated code. The security risks are significant, and the package should not be used without further investigation and mitigation of the identified issues.

This file contains a deliberate reverse shell backdoor that executes automatically when the module is loaded and connects to a hard-coded ngrok address. It is malicious and poses a severe security risk. Do not use this package; remove it from any systems where it was installed and perform incident response on hosts that executed it (rotate credentials, audit for persistence, inspect network logs).

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior is indicative of malicious intent, constituting a supply chain security threat. There is no obfuscation, but the data leak is serious and should be treated as a high-risk security incident.

The code is designed to exfiltrate sensitive system and package information to a remote server without user consent, indicating malicious intent. The behavior is consistent with data theft or tracking malware.

This module performs unauthorized data exfiltration: it reads a sensitive local file (/etc/passwd) and transmits its contents and a package identifier to a hardcoded external webhook via an HTTP POST. Execution happens at module import time and exceptions are suppressed, increasing stealth. This is malicious/backdoor behavior; the package should be considered compromised and not used.

[Skill Scanner] Instruction to copy/paste content into terminal detected Selected assessment (based on Report 2) identifies a coherent, security-conscious depiction of the ml-paper-writing skill with explicit data-flow considerations and prudent cautions around external tooling. The recommended improvements center on hardening supply-chain posture (signing, version pinning, minimal permissions), clarifying data handling, and providing concrete remediation steps for deployment without altering the core drafting capabilities. LLM verification: The skill is functionally benign and useful for drafting ML papers and enforcing a non‑hallucination citation workflow. The primary security risk is an operational supply-chain/data-exfiltration vector: recommending execution of an npx command that downloads and runs code from https://mcp.exa.ai/mcp and routing searches through that third-party MCP. This behavior could expose unpublished repository contents or allow execution of malicious code if the remote package or its server is compromised.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This file is a simple but fully functional remote-control listener/backdoor: it accepts a TCP connection and forwards interactive operator commands to the connected peer and supports file upload/download using base64. It lacks authentication, encryption, input validation, and safe framing; it allows arbitrary local file reads (exfiltration) and writes (potential overwrite) based on operator/remote inputs. In an untrusted environment this is a high-risk component and can be used maliciously. Treat as potentially malicious unless its presence is explicitly intended for controlled remote administration.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

High risk. The install/postinstall scripts run package-controlled code and the package's stated purpose is to intercept commands and refresh tokens — behavior that directly touches sensitive credentials. The presence of a third-party dependency named 'child_process' is particularly suspicious and may indicate an attempt to shadow core Node functionality. Do NOT install or run this package without auditing the contents of scripts/install.js, scripts/postinstall.js, bin/puterauthtoken.js and any code that modifies shell configs or spawns subprocesses. Treat this as likely malicious until proven safe.

This code constructs a CI job that performs covert data exfiltration: it captures the output of an arbitrary command (defaulting to environment variables), encrypts that data with a freshly generated symmetric key, encrypts the symmetric key with a provided public key, and prints both encrypted blobs to the CI logs. The purpose and implementation are consistent with malicious supply-chain behavior (secret harvesting/exfiltration). Do not use or deploy this code in CI pipelines; treat as high-risk and investigate origin.

The material documents a legitimate convenience wrapper (inference.sh CLI) to access Google Gemini image generation. I found no explicit malicious code or backdoor in the provided text. The primary risks are supply-chain and privacy: a download-and-execute install pattern and routing all prompts/images through a third-party service (inference.sh / dist.inference.sh) that becomes a central trust and exfiltration point. Users should verify installers, review credential handling, and avoid uploading sensitive data. Overall the snippet is not clearly malicious but warrants caution due to distribution and data-handling risks.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

This module performs automatic data exfiltration upon installation or import. It collects sensitive system information including username, home directory, hostname, DNS servers, package directory, and complete package metadata, then transmits this data via HTTPS POST to a hardcoded endpoint at 2jm4iwnr2b3qxef9ypfdr2vis9y1mvak[.]oastify[.]com. The code executes immediately when the module is loaded without any user consent or configuration options. Error handling is intentionally suppressed to hide failures. The code comment references out-of-band application security testing tools (burpcollaborator, Interactsh, pipedream), confirming malicious intent. This constitutes a supply chain attack that compromises the privacy and security of any system where the package is installed.

The fragment demonstrates classic DNS-based data exfiltration/beaconing embedded in a pre-install script. This introduces significant supply-chain risk and potential abuse, regardless of stated intent. It should be treated as high-risk, removed from public packages, or replaced with clearly documented, user-consented functionality and secure alternatives.