Secure your dependencies. Ship with confidence.

The code contains clear indicators of malicious behavior. It collects sensitive information such as tokens, user data, and system information, and sends it to a Discord webhook. The obfuscation techniques used in the code further indicate an intent to hide its true functionality.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

This preinstall script is malicious: it accesses Kubernetes service account credentials and namespace, retrieves namespace secrets from the cluster API, encodes them, and exfiltrates them to an external HTTP server. It poses a severe data-exfiltration and supply-chain risk and should be treated as malware. Do not install or run this package; rotate any potentially exposed secrets and investigate any cluster access using the service account.

Live on npm for 14 hours and 47 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This postinstall script performs clear data-collection and exfiltration of host-identifying information to a hardcoded external server during package installation. The behavior is inappropriate for an install-time script, and given the lack of consent, plaintext transport, and hardcoded remote destination, it should be treated as malicious or at minimum unacceptable telemetry. Avoid installing this package on sensitive systems and consider it compromised.

The code is intended for deployment automation and does not exhibit malicious intent. However, the presence of hardcoded credentials is a significant security risk, especially if the code is publicly accessible. There is no evidence of malware or code obfuscation.

Live on npm for 15 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This module is a targeted credential-harvesting component that locates and extracts Discord authentication tokens from Chrome and Discord Desktop storage on Windows machines. It uses multiple methods (raw file scanning, direct LevelDB access, and OS-level copying) combined with validation heuristics to identify likely tokens. While it does not itself exfiltrate data over the network, it returns sensitive tokens to the caller and therefore is highly dangerous if used by malicious code. Treat tokens discovered by or accessible to this module as compromised. Avoid including or executing this module in trusted environments.

The code contains significant security risks, primarily due to the use of eval and exec, which can lead to arbitrary code execution. The handling of cookies also poses a risk if not properly validated. Overall, the code should be reviewed and modified to mitigate these vulnerabilities.

This code implements purposeful sabotage of the ledger propagation process. For early slots it forges the last entry's hash and broadcasts/storage-duplicates a corrupted last shred while preserving the correct shred locally and revealing it only after a configured delay. The timing and 'is_last' manipulation force peer validators into repair behavior and can cause verification failures and denial-of-service or consensus disruption. This is a high-risk, protocol-level backdoor and should be treated as malicious. Avoid deploying or accepting this code in any validator or production supply chain.

This module contains powerful host-privileged operations (starting privileged containers, binding/unbinding kernel drivers, partitioning disks) and accepts user-supplied data that is interpolated into shell commands and container configurations without sanitization. I found no clear evidence of explicit malware (no obfuscated payloads, no reverse shell code, no hardcoded backdoor credentials). However, the code has multiple serious security issues that could be exploited to execute arbitrary commands, damage disks, or exfiltrate secrets (insecure Docker TCP usage, unsanitized os.popen/shell execution, privileged container mounts, GELF log forwarding to client-supplied addresses). Treat this package as high-risk in deployment unless network access to its HTTP API and Docker daemon is strictly limited and inputs are validated/authorized.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

The code primarily serves to provide alert functionality using the SweetAlert2 library. However, it includes potentially risky behavior, such as the use of new Function(), and dynamically playing a remote audio file based on locale and domain conditions. This requires further scrutiny for any context-specific vulnerabilities.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on PyPI for 5 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This fragment attempts a network exfiltration/beacon to a hardcoded remote server and would be considered suspicious and potentially malicious in a package. The snippet contains a likely bug (undefined 'encoded') which may prevent successful exfiltration as shown, but the intent is clear and this is unsafe for use in libraries (side-effectful network call at import). Treat the package as high risk until full context is available; if 'encoded' is defined elsewhere to include sensitive data, this would be a direct data exfiltration backdoor.

The source code is part of a malicious hacking tool for the Free Fire game, promoting cheating and linking to suspicious external resources. Although no direct malicious code is visible, the intent and metadata clearly indicate high risk and probable malware. This package should be considered dangerous and avoided.

The code is designed to exfiltrate sensitive system and network information to an external server. The conditions in `isValid` and use of specific encoding functions suggest a deliberate attempt to hide the true nature and selectively activate this behavior, indicative of a malware-like payload.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

This code is malicious and designed to secretly exfiltrate data to a Telegram bot. It sends any data passed to the send_data method to a hardcoded Telegram chat without user consent or notification. This is a clear security risk and exhibits characteristics of spyware or a supply chain attack component.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits high-risk behavior by downloading and executing an arbitrary executable from the internet without user consent or validation. This is a classic malware pattern and poses a severe security risk. The lack of obfuscation does not reduce the threat level. The code should be considered malicious or highly suspicious and not safe for use in any trusted software supply chain.

Live on PyPI for 11 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code implements a powerful remote agent/backdoor: it can start an unauthenticated command execution HTTP endpoint, receive and write arbitrary files to disk, and operate as a SOCKS proxy relaying network traffic. There are no authentication checks or input sanitization on the sensitive sinks (subprocess execution, file writes, outbound connections), so use of this module in any environment would present a severe supply-chain risk. The code contains multiple bugs and possibly truncated/edited lines (e.g., LOGGER_BASENAME unset), which may indicate either poor-quality/incomplete source or tampering. Avoid installing or running this package in production or on trusted hosts.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

The code contains clear indicators of malicious behavior. It collects sensitive information such as tokens, user data, and system information, and sends it to a Discord webhook. The obfuscation techniques used in the code further indicate an intent to hide its true functionality.

Live on npm for 1 hour and 42 minutes before removal. Socket users were protected even while the package was live.

This preinstall script is malicious: it accesses Kubernetes service account credentials and namespace, retrieves namespace secrets from the cluster API, encodes them, and exfiltrates them to an external HTTP server. It poses a severe data-exfiltration and supply-chain risk and should be treated as malware. Do not install or run this package; rotate any potentially exposed secrets and investigate any cluster access using the service account.

Live on npm for 14 hours and 47 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This postinstall script performs clear data-collection and exfiltration of host-identifying information to a hardcoded external server during package installation. The behavior is inappropriate for an install-time script, and given the lack of consent, plaintext transport, and hardcoded remote destination, it should be treated as malicious or at minimum unacceptable telemetry. Avoid installing this package on sensitive systems and consider it compromised.

The code is intended for deployment automation and does not exhibit malicious intent. However, the presence of hardcoded credentials is a significant security risk, especially if the code is publicly accessible. There is no evidence of malware or code obfuscation.

Live on npm for 15 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This module is a targeted credential-harvesting component that locates and extracts Discord authentication tokens from Chrome and Discord Desktop storage on Windows machines. It uses multiple methods (raw file scanning, direct LevelDB access, and OS-level copying) combined with validation heuristics to identify likely tokens. While it does not itself exfiltrate data over the network, it returns sensitive tokens to the caller and therefore is highly dangerous if used by malicious code. Treat tokens discovered by or accessible to this module as compromised. Avoid including or executing this module in trusted environments.

The code contains significant security risks, primarily due to the use of eval and exec, which can lead to arbitrary code execution. The handling of cookies also poses a risk if not properly validated. Overall, the code should be reviewed and modified to mitigate these vulnerabilities.

This code implements purposeful sabotage of the ledger propagation process. For early slots it forges the last entry's hash and broadcasts/storage-duplicates a corrupted last shred while preserving the correct shred locally and revealing it only after a configured delay. The timing and 'is_last' manipulation force peer validators into repair behavior and can cause verification failures and denial-of-service or consensus disruption. This is a high-risk, protocol-level backdoor and should be treated as malicious. Avoid deploying or accepting this code in any validator or production supply chain.

This module contains powerful host-privileged operations (starting privileged containers, binding/unbinding kernel drivers, partitioning disks) and accepts user-supplied data that is interpolated into shell commands and container configurations without sanitization. I found no clear evidence of explicit malware (no obfuscated payloads, no reverse shell code, no hardcoded backdoor credentials). However, the code has multiple serious security issues that could be exploited to execute arbitrary commands, damage disks, or exfiltrate secrets (insecure Docker TCP usage, unsanitized os.popen/shell execution, privileged container mounts, GELF log forwarding to client-supplied addresses). Treat this package as high-risk in deployment unless network access to its HTTP API and Docker daemon is strictly limited and inputs are validated/authorized.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

The code primarily serves to provide alert functionality using the SweetAlert2 library. However, it includes potentially risky behavior, such as the use of new Function(), and dynamically playing a remote audio file based on locale and domain conditions. This requires further scrutiny for any context-specific vulnerabilities.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Live on PyPI for 5 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This fragment attempts a network exfiltration/beacon to a hardcoded remote server and would be considered suspicious and potentially malicious in a package. The snippet contains a likely bug (undefined 'encoded') which may prevent successful exfiltration as shown, but the intent is clear and this is unsafe for use in libraries (side-effectful network call at import). Treat the package as high risk until full context is available; if 'encoded' is defined elsewhere to include sensitive data, this would be a direct data exfiltration backdoor.

The source code is part of a malicious hacking tool for the Free Fire game, promoting cheating and linking to suspicious external resources. Although no direct malicious code is visible, the intent and metadata clearly indicate high risk and probable malware. This package should be considered dangerous and avoided.

The code is designed to exfiltrate sensitive system and network information to an external server. The conditions in `isValid` and use of specific encoding functions suggest a deliberate attempt to hide the true nature and selectively activate this behavior, indicative of a malware-like payload.

Live on npm for 1 hour and 35 minutes before removal. Socket users were protected even while the package was live.

This code is malicious and designed to secretly exfiltrate data to a Telegram bot. It sends any data passed to the send_data method to a hardcoded Telegram chat without user consent or notification. This is a clear security risk and exhibits characteristics of spyware or a supply chain attack component.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits high-risk behavior by downloading and executing an arbitrary executable from the internet without user consent or validation. This is a classic malware pattern and poses a severe security risk. The lack of obfuscation does not reduce the threat level. The code should be considered malicious or highly suspicious and not safe for use in any trusted software supply chain.

Live on PyPI for 11 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This code implements a powerful remote agent/backdoor: it can start an unauthenticated command execution HTTP endpoint, receive and write arbitrary files to disk, and operate as a SOCKS proxy relaying network traffic. There are no authentication checks or input sanitization on the sensitive sinks (subprocess execution, file writes, outbound connections), so use of this module in any environment would present a severe supply-chain risk. The code contains multiple bugs and possibly truncated/edited lines (e.g., LOGGER_BASENAME unset), which may indicate either poor-quality/incomplete source or tampering. Avoid installing or running this package in production or on trusted hosts.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.