Secure your dependencies. Ship with confidence.

The code presents significant privacy risks and potential for misuse in generating fake identities, which is indicative of malicious intent. The scraping of sensitive information from a third-party website without clear user consent is highly suspicious.

Live on pypi for 15 minutes before removal. Socket users were protected even while the package was live.

This assembly contains a built-in fetch-and-execute backdoor: on assembly load it launches PowerShell to download a .bat from a hardcoded GitHub raw URL and runs it hidden. This is a high-confidence malicious supply-chain behavior enabling arbitrary remote code execution. The package should be considered malicious and removed; affected systems must be investigated and remediated.

This code performs clear, deliberate data exfiltration: it fetches data from an internal API and sends it to an external webhook by redirecting the parent frame with the data in the URL. Treat as malicious/backdoor. Immediate remediation: remove or quarantine the script, block the external destination, perform forensic and secrets rotation as needed.

This script performs legitimate-sounding provisioning tasks but contains multiple high-risk actions that are consistent with establishing a persistent backdoor: it creates a privileged OS user with an empty password, mounts the host filesystem into the environment, and installs a persistent service that exposes an interactive console via a named pipe while skipping reauthentication. Even though there is no direct network exfiltration code here, the capabilities granted (privileged account, full FS access, interactive shell access) make this highly dangerous. Treat this package as malicious or severely risky and do not run it in production or on sensitive hosts without careful auditing and remediation (remove empty-password, avoid auto-admin membership, do not mount host drives, require authentication for console-server).

This module intentionally performs high-risk operations: installing user-specified packages, staging and uploading local code, and executing the agent module in-process. If the provided agent code or requirements are untrusted, they can execute arbitrary actions (data access, exfiltration, spawning processes, network calls). The code is not itself obfuscated or clearly malicious, but it provides functionality that can be abused as a supply-chain or remote-execution vector. Recommendations: only run this with trusted agent code and vetted requirements; avoid executing untrusted modules in-process; consider performing static checks, running the agent code inside a strongly isolated sandbox/container, and preventing upload of sensitive files beyond the explicit excludes.

This module implements an unauthenticated remote Python REPL over plain TCP that executes received text as Python code in-process. That is effectively a full remote code execution backdoor. Use of this code or enabling its listening behavior on network-accessible interfaces constitutes a high security risk. If present in a dependency, it should be treated as critical: either remove it, ensure it cannot be enabled at runtime, or restrict access via strong authentication, network isolation, and encryption. If the server is reachable by untrusted actors, assume full compromise is possible.

The code appears to be intentionally obfuscated and contains potentially malicious behavior in the dynamic construction of the path parameter for the HTTPS request, leading to potential data leakage. It should be further investigated and considered a security risk.

Live on npm for 1 day, 4 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code fragment exhibits a high-risk pattern: it blindly sources every file named 'activate' found anywhere under the project. This creates a potential for arbitrary code execution if an attacker places a malicious activate script in the repository, or if a legitimate but unsafe script is discovered and executed. It represents a serious supply-chain risk due to unvalidated code execution and environment manipulation; hardening is required (e.g., explicit, validated paths; quoting and sanitization; minimal or no sourcing; checksum verification; restricted sandbox).

The fragment implements a JupyterLab extension that explicitly advertises and implements 'UNICORE reverse shells'. It fetches a list of systems and adds commands that create terminal widgets and invoke session-creation functions that very likely establish remote interactive sessions. This functionality is equivalent to providing remote shell/backdoor capability from a developer environment and therefore represents a high security risk. Without the missing implementation details for the network/session functions, certainty is limited, but the naming and flows are strong indicators of potentially malicious or at least extremely risky behavior. Treat as untrusted until proven benign.

This class implements an in-memory webshell/backdoor that tunnels arbitrary TCP and HTTP traffic under control of data delivered in HTTP requests. It installs permissive SSL handling, uses reflection to interact with host request/response objects, manages persistent in-memory tunnel state, spawns threads to forward traffic, and can redirect requests to arbitrary remote endpoints. This is a high-risk supply-chain/memshell backdoor and should be considered malicious and removed/contained.

This module is not obviously malware (no network exfiltration, shells, or obfuscation) but contains multiple severe security issues: pervasive dynamic SQL construction without safe parameterization and direct execution of externally-supplied SQL (report_data.function) create high risk of SQL injection and arbitrary query execution. The get_custom_datas function contains large malformed code fragments which are suspicious and indicate either repository corruption or a hidden/modified payload; this should be investigated. Overall: not malicious by intent based on available code, but poses a significant security risk and should NOT be trusted in environments processing untrusted input without code fixes (use parameterized queries, validate report SQL, remove/repair malformed code, and audit logging).

This file is a clear ARP poisoning / MITM tool. It crafts and sends forged ARP replies and enables kernel IP forwarding to intercept traffic between a target and gateway. It should be treated as malicious for unauthorized use — do not run on networks unless you have explicit permission and understand the legal/ethical implications. The code lacks input validation and robust error handling and provides only minimal cleanup.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 17 days and 38 minutes before removal. Socket users were protected even while the package was live.

The fragment is an opaque, binary/packed payload or heavily obfuscated content that cannot be reliably analyzed statically. While this alone does not prove malicious intent, it signals high risk and warrants isolation, request for a readable source or deobfuscated form, and controlled dynamic analysis to determine any harmful behavior or data leakage potential.

The code embodies a sophisticated iframe-based interception framework that can hijack asset loading, rewrite engine internals, and communicate with a parent frame about detected engine versions. While it could have legitimate defensive uses, its combination of extensive API overrides, blob-resource redirection, and cross-context telemetry constitutes a high-risk pattern for supply-chain abuse or stealth data manipulation. Treat as suspicious; require a strict review of its inclusion in any open-source dependency and implement containment controls in any deployment.

This code is a credential-exfiltration tool that automates remote Windows secrets dumping and Active Directory NTDS extraction. It uses supplied credentials to remotely execute a PowerShell payload that saves registry hives and, on domain controllers, runs DSInternals to export NTDS data; both are exfiltrated to a locally hosted HTTPS server and then processed using Impacket's secretsdump. The behavior is clearly malicious when used without explicit authorization (credential harvesting, exfiltration, and anti-forensics). Do not run this code on networks or systems where you do not have explicit permission; treat it as a high-risk offensive tool.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 2 days, 4 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk remote agent: it intentionally executes server-sent JavaScript in the page context and transmits captured DOM/event data back to a hub. Functionality can be legitimate for remote debugging or live UI updates, but absent strict authentication, message signing, origin checks, and explicit consent, it provides powerful primitives (RCE and exfiltration) that are easily abused by a malicious or compromised hub operator. Treat the module as dangerous for use in untrusted supply chains or production builds unless its hub, transport, and message integrity are strictly controlled and audited.

The analyzed fragment implements an automated installer that performs privileged system changes and sets up a persistent reverse SSH tunnel to a hardcoded external host (jet@hq.vyomos.org) using a private key written by the installer. This behavior constitutes a high-risk persistent remote access/backdoor. The source is also garbled and incomplete, increasing uncertainty about additional actions. Treat this code as suspicious and high risk: remove or tightly audit the reverse SSH functionality, verify provenance of the package, inspect missing helper functions and service scripts, and monitor/block outbound connections to the indicated host until provenance is validated.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 15 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This module intentionally installs and exposes a server-side eval endpoint and forwards caller-provided code to it, creating a remote arbitrary code execution vector and potential backdoor. This is a high-risk construct: treat as malicious or dangerously insecure unless used in a tightly controlled, audited environment with strong access controls. Avoid using this module in production; remove or replace the remote-eval behavior and add strict authentication, authorization, input validation, and sandboxing if evaluation of dynamic code is required.

The code presents significant privacy risks and potential for misuse in generating fake identities, which is indicative of malicious intent. The scraping of sensitive information from a third-party website without clear user consent is highly suspicious.

Live on pypi for 15 minutes before removal. Socket users were protected even while the package was live.

This assembly contains a built-in fetch-and-execute backdoor: on assembly load it launches PowerShell to download a .bat from a hardcoded GitHub raw URL and runs it hidden. This is a high-confidence malicious supply-chain behavior enabling arbitrary remote code execution. The package should be considered malicious and removed; affected systems must be investigated and remediated.

This code performs clear, deliberate data exfiltration: it fetches data from an internal API and sends it to an external webhook by redirecting the parent frame with the data in the URL. Treat as malicious/backdoor. Immediate remediation: remove or quarantine the script, block the external destination, perform forensic and secrets rotation as needed.

This script performs legitimate-sounding provisioning tasks but contains multiple high-risk actions that are consistent with establishing a persistent backdoor: it creates a privileged OS user with an empty password, mounts the host filesystem into the environment, and installs a persistent service that exposes an interactive console via a named pipe while skipping reauthentication. Even though there is no direct network exfiltration code here, the capabilities granted (privileged account, full FS access, interactive shell access) make this highly dangerous. Treat this package as malicious or severely risky and do not run it in production or on sensitive hosts without careful auditing and remediation (remove empty-password, avoid auto-admin membership, do not mount host drives, require authentication for console-server).

This module intentionally performs high-risk operations: installing user-specified packages, staging and uploading local code, and executing the agent module in-process. If the provided agent code or requirements are untrusted, they can execute arbitrary actions (data access, exfiltration, spawning processes, network calls). The code is not itself obfuscated or clearly malicious, but it provides functionality that can be abused as a supply-chain or remote-execution vector. Recommendations: only run this with trusted agent code and vetted requirements; avoid executing untrusted modules in-process; consider performing static checks, running the agent code inside a strongly isolated sandbox/container, and preventing upload of sensitive files beyond the explicit excludes.

This module implements an unauthenticated remote Python REPL over plain TCP that executes received text as Python code in-process. That is effectively a full remote code execution backdoor. Use of this code or enabling its listening behavior on network-accessible interfaces constitutes a high security risk. If present in a dependency, it should be treated as critical: either remove it, ensure it cannot be enabled at runtime, or restrict access via strong authentication, network isolation, and encryption. If the server is reachable by untrusted actors, assume full compromise is possible.

The code appears to be intentionally obfuscated and contains potentially malicious behavior in the dynamic construction of the path parameter for the HTTPS request, leading to potential data leakage. It should be further investigated and considered a security risk.

Live on npm for 1 day, 4 hours and 41 minutes before removal. Socket users were protected even while the package was live.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code fragment exhibits a high-risk pattern: it blindly sources every file named 'activate' found anywhere under the project. This creates a potential for arbitrary code execution if an attacker places a malicious activate script in the repository, or if a legitimate but unsafe script is discovered and executed. It represents a serious supply-chain risk due to unvalidated code execution and environment manipulation; hardening is required (e.g., explicit, validated paths; quoting and sanitization; minimal or no sourcing; checksum verification; restricted sandbox).

The fragment implements a JupyterLab extension that explicitly advertises and implements 'UNICORE reverse shells'. It fetches a list of systems and adds commands that create terminal widgets and invoke session-creation functions that very likely establish remote interactive sessions. This functionality is equivalent to providing remote shell/backdoor capability from a developer environment and therefore represents a high security risk. Without the missing implementation details for the network/session functions, certainty is limited, but the naming and flows are strong indicators of potentially malicious or at least extremely risky behavior. Treat as untrusted until proven benign.

This class implements an in-memory webshell/backdoor that tunnels arbitrary TCP and HTTP traffic under control of data delivered in HTTP requests. It installs permissive SSL handling, uses reflection to interact with host request/response objects, manages persistent in-memory tunnel state, spawns threads to forward traffic, and can redirect requests to arbitrary remote endpoints. This is a high-risk supply-chain/memshell backdoor and should be considered malicious and removed/contained.

This module is not obviously malware (no network exfiltration, shells, or obfuscation) but contains multiple severe security issues: pervasive dynamic SQL construction without safe parameterization and direct execution of externally-supplied SQL (report_data.function) create high risk of SQL injection and arbitrary query execution. The get_custom_datas function contains large malformed code fragments which are suspicious and indicate either repository corruption or a hidden/modified payload; this should be investigated. Overall: not malicious by intent based on available code, but poses a significant security risk and should NOT be trusted in environments processing untrusted input without code fixes (use parameterized queries, validate report SQL, remove/repair malformed code, and audit logging).

This file is a clear ARP poisoning / MITM tool. It crafts and sends forged ARP replies and enables kernel IP forwarding to intercept traffic between a target and gateway. It should be treated as malicious for unauthorized use — do not run on networks unless you have explicit permission and understand the legal/ethical implications. The code lacks input validation and robust error handling and provides only minimal cleanup.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 17 days and 38 minutes before removal. Socket users were protected even while the package was live.

The fragment is an opaque, binary/packed payload or heavily obfuscated content that cannot be reliably analyzed statically. While this alone does not prove malicious intent, it signals high risk and warrants isolation, request for a readable source or deobfuscated form, and controlled dynamic analysis to determine any harmful behavior or data leakage potential.

The code embodies a sophisticated iframe-based interception framework that can hijack asset loading, rewrite engine internals, and communicate with a parent frame about detected engine versions. While it could have legitimate defensive uses, its combination of extensive API overrides, blob-resource redirection, and cross-context telemetry constitutes a high-risk pattern for supply-chain abuse or stealth data manipulation. Treat as suspicious; require a strict review of its inclusion in any open-source dependency and implement containment controls in any deployment.

This code is a credential-exfiltration tool that automates remote Windows secrets dumping and Active Directory NTDS extraction. It uses supplied credentials to remotely execute a PowerShell payload that saves registry hives and, on domain controllers, runs DSInternals to export NTDS data; both are exfiltrated to a locally hosted HTTPS server and then processed using Impacket's secretsdump. The behavior is clearly malicious when used without explicit authorization (credential harvesting, exfiltration, and anti-forensics). Do not run this code on networks or systems where you do not have explicit permission; treat it as a high-risk offensive tool.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

The code is designed to collect and transmit system information to external endpoints without user consent, which is indicative of malicious behavior. The hardcoded endpoints and the nature of the data being sent pose a significant security risk.

Live on npm for 2 days, 4 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk remote agent: it intentionally executes server-sent JavaScript in the page context and transmits captured DOM/event data back to a hub. Functionality can be legitimate for remote debugging or live UI updates, but absent strict authentication, message signing, origin checks, and explicit consent, it provides powerful primitives (RCE and exfiltration) that are easily abused by a malicious or compromised hub operator. Treat the module as dangerous for use in untrusted supply chains or production builds unless its hub, transport, and message integrity are strictly controlled and audited.

The analyzed fragment implements an automated installer that performs privileged system changes and sets up a persistent reverse SSH tunnel to a hardcoded external host (jet@hq.vyomos.org) using a private key written by the installer. This behavior constitutes a high-risk persistent remote access/backdoor. The source is also garbled and incomplete, increasing uncertainty about additional actions. Treat this code as suspicious and high risk: remove or tightly audit the reverse SSH functionality, verify provenance of the package, inspect missing helper functions and service scripts, and monitor/block outbound connections to the indicated host until provenance is validated.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[.]22[.]251[.]177:8080/jpd1[.]php) via HTTP GET and POST requests. It also attempts to fall back on a WebSocket connection (wss://yourserver[.]com/socket) if needed. The code fetches the public IP address from https://api64.ipify.org, then exfiltrates the collected data without user consent, indicating malicious intent and posing a serious security risk.

Live on npm for 15 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This module intentionally installs and exposes a server-side eval endpoint and forwards caller-provided code to it, creating a remote arbitrary code execution vector and potential backdoor. This is a high-risk construct: treat as malicious or dangerously insecure unless used in a tightly controlled, audited environment with strong access controls. Avoid using this module in production; remove or replace the remote-eval behavior and add strict authentication, authorization, input validation, and sandboxing if evaluation of dynamic code is required.