Secure your dependencies. Ship with confidence.

This code performs immediate, unauthenticated exfiltration of package and local environment data to a hardcoded external server. It is privacy-invasive and poses a significant supply-chain risk. Unless provenance and purpose are explicitly trusted and documented, remove or disable this network call. At minimum, require opt-in, limit fields sent, avoid sending entire package.json, and add robust error/logging and configuration to control the endpoint.

Live on npm for 2 days, 11 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

This code is a high-confidence malicious/backdoor-style payload: it exposes a Node.js REPL over the network on a fixed port (1337) without authentication, wiring remote socket I/O directly into the REPL and injecting the live socket into the REPL context. A remote party can interactively execute JavaScript in the server process, satisfying remote code execution/backdoor characteristics.

This snippet is a clearly malicious exploit module: it fingerprints Netgear RAX30 via HTTP headers and, when matched, invokes a command-loop mechanism that stages/execut es payloads using wget to /tmp, consistent with remote command execution. It also injects operator-supplied commands into an HTTP User-Agent header using backticks to trigger blind command injection on vulnerable devices. The code’s design and sinks make it a serious supply-chain security risk, even though a probable typo (return Fals) could affect runtime behavior in some environments.

This module appears to be a legitimate OSINT collection tool, not intentionally malicious. However it contains a critical security flaw: it uses eval() on the contents of scraped .md files (extract_md_data), which are derived from external websites via Firecrawl. That creates a direct remote-to-local arbitrary code execution vector. There are also weaker risks (unvalidated downloads, storing sensitive data and API responses on disk). Recommend removing eval, parsing structured data safely (json.loads or a controlled parser), validating inputs, and treating scraped content as untrusted. Do not run this script with elevated privileges or on hosts containing secrets until the eval usage is eliminated and other hardening is applied.

Live on pypi for 3 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The analyzed code contains a deliberate, region-targeted malicious payload unrelated to the library's purpose. It persistently schedules a disruptive action (disabling page interaction and autoplaying an externally hosted audio file) for users in specific locales/host TLDs after a multi-day delay. This is consistent with supply-chain sabotage or propaganda. Treat this build as compromised: do not use it; remove deployments that include it; obtain the library from a verified, clean upstream release; and consider forensic review of where this modified build entered your supply chain.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file collects system environment data (environment variables, hostname, current working directory), encodes portions of it, and sends it via an HTTP POST request to example[.]com (or its subdomains) without user consent. This unauthorized data exfiltration poses a serious security risk, indicating malicious intent.

Live on npm for 2 days, 13 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This script is a coordinator for credential-exfiltration: it collects Discord tokens and Telegram session data, validates tokens, and exfiltrates them to a Telegram-based receiver. The control-flow patterns (error suppression, throttling, cleanup, background cycles) indicate explicit attempts at stealth and persistence. Treat this package as malicious malware (credential stealer). Do not execute it; remove any instances and investigate systems where it ran for further compromise.

The code is involved in unauthorized data collection and exfiltration to a suspicious domain, indicating potential malicious intent. It poses a significant security risk to users.

Live on npm for 3 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code exhibits malicious behavior by collecting environment variables and sending them to a remote server without user consent. The use of string concatenation for obfuscation further indicates potential malicious intent.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This fragment is strongly suspicious from a supply-chain/runtime security standpoint. It functions as a configurable client-side execution and orchestration engine: it compiles and runs arbitrary JavaScript via new Function, can fetch and load additional JavaScript at runtime (fetch(path).text()) and execute it, and exposes high-impact event-driven actions (configurable API calls, navigation, HTML injection for printing, and export/snapshot file generation). If an attacker can influence design configuration, event payloads, script import selections, or script URL mappings, the module can enable full client-side compromise and data exfiltration. Even if “intended for scripting,” it should be treated as high-risk and heavily permissioned/allowlisted/sandboxed.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This file is malicious: it performs unauthorized local file reads and exfiltrates data to a hardcoded remote webhook both when the module is required and when its public parseXmlString function is called. It is a clear supply-chain/backdoor implant. Do not install, require, or run this package. Remove it from systems where it exists, rotate any potentially exposed credentials or secrets, and investigate for further compromise.

This package makes untrusted network requests during installation to a third-party domain. That behavior is suspicious and potentially malicious (telemetry, fingerprinting, or a staging step to deliver/expose a payload). Do not install this package in production; inspect and block network calls, and review the remote content and intent in an isolated environment before trusting it.

This module exports an executable string targeted at 'mongodb.Db.prototype.eval' that, if evaluated, will synchronously block the Node.js event loop for approximately 10 seconds and return -Infinity. The pattern (string payload keyed to a DB prototype) and the destructive, hard-coded busy-wait strongly indicate intentional sabotage consistent with supply-chain tampering. There is no evidence of data exfiltration, but the code is disruptive and should be treated as malicious. Recommend immediate removal/rollback of this package, blocking evaluation of untrusted exported strings, and auditing package history and consumers to identify where this export might be executed.

This module contains code that backdoors AWS ECS Task Definitions by executing a shell command within the container that retrieves AWS container credentials from the metadata service at 169.254.170.2 and sends them via HTTP POST to a user-specified URI. While intended for security testing, this behavior could be misused to exfiltrate sensitive credentials to an external endpoint.

The code is vulnerable to command injection due to passing user input to spawn an external process and potentially unsafe JSON parsing. It poses a significant security risk.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This code performs immediate, unauthenticated exfiltration of package and local environment data to a hardcoded external server. It is privacy-invasive and poses a significant supply-chain risk. Unless provenance and purpose are explicitly trusted and documented, remove or disable this network call. At minimum, require opt-in, limit fields sent, avoid sending entire package.json, and add robust error/logging and configuration to control the endpoint.

Live on npm for 2 days, 11 hours and 4 minutes before removal. Socket users were protected even while the package was live.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

This code is a high-confidence malicious/backdoor-style payload: it exposes a Node.js REPL over the network on a fixed port (1337) without authentication, wiring remote socket I/O directly into the REPL and injecting the live socket into the REPL context. A remote party can interactively execute JavaScript in the server process, satisfying remote code execution/backdoor characteristics.

This snippet is a clearly malicious exploit module: it fingerprints Netgear RAX30 via HTTP headers and, when matched, invokes a command-loop mechanism that stages/execut es payloads using wget to /tmp, consistent with remote command execution. It also injects operator-supplied commands into an HTTP User-Agent header using backticks to trigger blind command injection on vulnerable devices. The code’s design and sinks make it a serious supply-chain security risk, even though a probable typo (return Fals) could affect runtime behavior in some environments.

This module appears to be a legitimate OSINT collection tool, not intentionally malicious. However it contains a critical security flaw: it uses eval() on the contents of scraped .md files (extract_md_data), which are derived from external websites via Firecrawl. That creates a direct remote-to-local arbitrary code execution vector. There are also weaker risks (unvalidated downloads, storing sensitive data and API responses on disk). Recommend removing eval, parsing structured data safely (json.loads or a controlled parser), validating inputs, and treating scraped content as untrusted. Do not run this script with elevated privileges or on hosts containing secrets until the eval usage is eliminated and other hardening is applied.

Live on pypi for 3 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The analyzed code contains a deliberate, region-targeted malicious payload unrelated to the library's purpose. It persistently schedules a disruptive action (disabling page interaction and autoplaying an externally hosted audio file) for users in specific locales/host TLDs after a multi-day delay. This is consistent with supply-chain sabotage or propaganda. Treat this build as compromised: do not use it; remove deployments that include it; obtain the library from a verified, clean upstream release; and consider forensic review of where this modified build entered your supply chain.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file collects system environment data (environment variables, hostname, current working directory), encodes portions of it, and sends it via an HTTP POST request to example[.]com (or its subdomains) without user consent. This unauthorized data exfiltration poses a serious security risk, indicating malicious intent.

Live on npm for 2 days, 13 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This script is a coordinator for credential-exfiltration: it collects Discord tokens and Telegram session data, validates tokens, and exfiltrates them to a Telegram-based receiver. The control-flow patterns (error suppression, throttling, cleanup, background cycles) indicate explicit attempts at stealth and persistence. Treat this package as malicious malware (credential stealer). Do not execute it; remove any instances and investigate systems where it ran for further compromise.

The code is involved in unauthorized data collection and exfiltration to a suspicious domain, indicating potential malicious intent. It poses a significant security risk to users.

Live on npm for 3 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code exhibits malicious behavior by collecting environment variables and sending them to a remote server without user consent. The use of string concatenation for obfuscation further indicates potential malicious intent.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This fragment is strongly suspicious from a supply-chain/runtime security standpoint. It functions as a configurable client-side execution and orchestration engine: it compiles and runs arbitrary JavaScript via new Function, can fetch and load additional JavaScript at runtime (fetch(path).text()) and execute it, and exposes high-impact event-driven actions (configurable API calls, navigation, HTML injection for printing, and export/snapshot file generation). If an attacker can influence design configuration, event payloads, script import selections, or script URL mappings, the module can enable full client-side compromise and data exfiltration. Even if “intended for scripting,” it should be treated as high-risk and heavily permissioned/allowlisted/sandboxed.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This file is malicious: it performs unauthorized local file reads and exfiltrates data to a hardcoded remote webhook both when the module is required and when its public parseXmlString function is called. It is a clear supply-chain/backdoor implant. Do not install, require, or run this package. Remove it from systems where it exists, rotate any potentially exposed credentials or secrets, and investigate for further compromise.

This package makes untrusted network requests during installation to a third-party domain. That behavior is suspicious and potentially malicious (telemetry, fingerprinting, or a staging step to deliver/expose a payload). Do not install this package in production; inspect and block network calls, and review the remote content and intent in an isolated environment before trusting it.

This module exports an executable string targeted at 'mongodb.Db.prototype.eval' that, if evaluated, will synchronously block the Node.js event loop for approximately 10 seconds and return -Infinity. The pattern (string payload keyed to a DB prototype) and the destructive, hard-coded busy-wait strongly indicate intentional sabotage consistent with supply-chain tampering. There is no evidence of data exfiltration, but the code is disruptive and should be treated as malicious. Recommend immediate removal/rollback of this package, blocking evaluation of untrusted exported strings, and auditing package history and consumers to identify where this export might be executed.

This module contains code that backdoors AWS ECS Task Definitions by executing a shell command within the container that retrieves AWS container credentials from the metadata service at 169.254.170.2 and sends them via HTTP POST to a user-specified URI. While intended for security testing, this behavior could be misused to exfiltrate sensitive credentials to an external endpoint.

The code is vulnerable to command injection due to passing user input to spawn an external process and potentially unsafe JSON parsing. It poses a significant security risk.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.