Secure your dependencies. Ship with confidence.

The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior is indicative of malicious intent, constituting a supply chain security threat. There is no obfuscation, but the data leak is serious and should be treated as a high-risk security incident.

Primary risk: private keys are exposed to API clients via wallet creation/export endpoints, enabling potential wallet compromise. Secondary risks include bootstrap-time SDK installation, .env key persistence, and complex dynamic imports that can broaden attack surface. Immediate remediation should remove private keys from API responses, enforce server-side signing, and harden bootstrap security to reduce supply-chain and data-leak risks.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This script will uninstall nearly every installed Python package in the active environment without confirmation and then delete the packages list. As provided it contains a syntax error; if corrected and run, it is destructive and likely to break environments. There is no network exfiltration or obfuscation, but the behavior is consistent with sabotage or catastrophic maintenance and therefore presents a high security and operational risk.

This code performs unauthorized and malicious data exfiltration by sending sensitive system and package information to a suspicious external server. It poses a high security risk and should be considered malware. The code is not obfuscated but is clearly malicious in intent.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The code is not overtly malicious (no shelling out, no obfuscated execution), but it implements powerful automated data exfiltration behaviors: it will download arbitrary remote files referenced by configured sources and publish raw bytes to an IPFS endpoint and marketplace listings. Main risks are accidental or malicious data leakage (including internal or sensitive endpoints reachable by the host), disk exhaustion, and abuse via compromised configuration or upstream metadata. Mitigations: enforce source URL allowlists, validate/verify dataset provenance, require manual approval or content scanning before IPFS publication, enforce strict size/time/concurrency quotas, restrict IPFS endpoints and add authentication/auditing, and sanitize marketplace-exposed metadata.

This code contains a high-risk secret-exfiltration behavior: it sends the wallet's private key (PRIVATE_KEY_BASE58) to an external hardcoded domain (https://latinum.ai) via an HTTP POST. That allows the remote service to take control of funds or perform transactions on behalf of the user. Additional concerns: the module performs network and key-generation side effects at import time and exposes the signing function via an MCP Server, enabling remote triggers. The undefined 'serve' return appears to be a bug but does not mitigate the primary malicious behavior. Treat this package as malicious/untrusted for wallet use; do not supply real private keys or run this code in environments with funds.

The code is performing potentially malicious actions by collecting system information and sending it to an external domain. This behavior poses a significant security risk.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a high-risk dynamic code execution pattern by reconstructing functions from client-provided strings via eval in the register and grant flows. This constitutes a serious security risk, enabling remote code execution and potential backdoors if access control is weak or misconfigured. Without server-side sandboxing, strict input validation, or removal of dynamic eval, this module should be considered unsafe for untrusted environments. The remaining routing/subscribe logic is conventional, but the eval pathway dominates risk.

The analyzed code contains embedded remote payload delivery and execution sequence that runs at module import time, representing a severe security risk and clear malware behavior. It resembles a dropper/backdoor mechanism intended to pull in and execute arbitrary code with minimal user interaction, compromising the supply chain integrity of the dependent software.

Live on pypi for 11 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This workflow contains a critical supply-chain vulnerability: it downloads remote content at runtime and executes it via shell eval in the CI runner. That enables arbitrary remote code execution with access to repository files and potentially secrets, and can trivially be used to exfiltrate credentials or poison build artifacts. Treat this as high-risk: remove the eval step, stop executing unverified remote scripts in CI, and adopt signed, vendored, or verified retrieval patterns with least privilege.

This module is dangerous and exhibits clear exfiltration and remote-orchestration behavior. It collects notebook content and local project files, packages them into ./berri_files, and sends them to a hardcoded external server (including user_email in the query). It also executes arbitrary code segments extracted from the notebook via exec(), enabling remote code execution of notebook content. These behaviors indicate intentional data collection/exfiltration and RCE capability; do not run this package in untrusted environments or on machines with sensitive data. If encountered as a dependency, treat it as malicious and remove/block it.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains clear capabilities for reconnaissance (host/IP/MAC), sensitive-data capture (screenshots, filesystem zipping), data exfiltration (uploads to up.ufile.io and proxying Telegram calls via an external web form), and a remote command channel (Telegram GetUpdates via proxy). These features are typical of malware (RAT/botnet client) and present a high security risk. The code also contains implementation bugs but that does not mitigate the malicious intent. The package should be treated as malicious and not used.

This module is a purpose-built DDoS/DoS toolkit with multiple attack primitives and proxy/Tor anonymization options. It is malicious in intent (designed to send large volumes of traffic or resource-starve remote services). It should not be used, included as a dependency, or run in any environment where legal/ethical constraints apply. Presence in a dependency tree represents a high security and legal risk; treat as malicious and remove/contain immediately.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The script functions as a bootstrap installer that fetches a Teleport binary from a CDN, extracts it, and executes it with user-provided arguments. While common in bootstrap flows, this approach carries significant supply-chain risk due to lack of integrity verification, potential tampering of the CDN content, and execution of an external binary in the host environment. To reduce risk, add cryptographic verification (signatures/checksums), validate the artifact against a trusted manifest, constrain and sanitize teleportArgs, implement isolation (sandbox/container), and improve error handling with cleanup. Consider using pinned TLS/HTTPS, and validating the tarball contents before execution.

This source is a straightforward system DNS resolver that issues A/AAAA and TXT queries and Base64-decodes concatenated TXT responses. The implementation itself contains no process spawning, filesystem modifications, or hard-coded credentials, but it fits a known pattern used by DNS-based command-and-control channels (fetching Base64-encoded commands or payloads via TXT records). Given the header and import path tying it to the Sliver implant framework, treat this module as a likely component of a C2 implant: acceptable as a benign utility in isolation, but high-risk when present in software meant to be benign. Recommend removing or auditing all callers that consume the decoded TXT bytes; if those bytes are ever interpreted or executed, consider the package malicious and block usage.

The fragment exhibits strong indicators of obfuscation and embedded payload usage, which can enable hidden malicious behavior after decoding. While static evidence of concrete malware is not observable, the risk profile is high due to concealment tactics typical of supply-chain attacks. A controlled, in-depth dynamic analysis and deobfuscation are essential before considering inclusion in any public/Open Source package.

This function implements an exec-with-return pattern that executes arbitrary Python source provided in `code` and evaluates the final expression to return its value. It directly uses exec and eval with user-supplied source and caller-provided execution contexts, which enables arbitrary code execution and full access to the process environment. There is no sandboxing or validation; ast.parse/unparse do not mitigate the risk. Also, the provided snippet has a syntax error (unclosed parenthesis) and debug logging that may leak sensitive code/values. Treat use of this function with extreme caution: allow only fully-trusted input or replace with a safer, sandboxed evaluation approach. If this sees untrusted input, consider it a critical RCE vulnerability.

Live on pypi for 1 hour and 3 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior is indicative of malicious intent, constituting a supply chain security threat. There is no obfuscation, but the data leak is serious and should be treated as a high-risk security incident.

Primary risk: private keys are exposed to API clients via wallet creation/export endpoints, enabling potential wallet compromise. Secondary risks include bootstrap-time SDK installation, .env key persistence, and complex dynamic imports that can broaden attack surface. Immediate remediation should remove private keys from API responses, enforce server-side signing, and harden bootstrap security to reduce supply-chain and data-leak risks.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This script will uninstall nearly every installed Python package in the active environment without confirmation and then delete the packages list. As provided it contains a syntax error; if corrected and run, it is destructive and likely to break environments. There is no network exfiltration or obfuscation, but the behavior is consistent with sabotage or catastrophic maintenance and therefore presents a high security and operational risk.

This code performs unauthorized and malicious data exfiltration by sending sensitive system and package information to a suspicious external server. It poses a high security risk and should be considered malware. The code is not obfuscated but is clearly malicious in intent.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

The code is not overtly malicious (no shelling out, no obfuscated execution), but it implements powerful automated data exfiltration behaviors: it will download arbitrary remote files referenced by configured sources and publish raw bytes to an IPFS endpoint and marketplace listings. Main risks are accidental or malicious data leakage (including internal or sensitive endpoints reachable by the host), disk exhaustion, and abuse via compromised configuration or upstream metadata. Mitigations: enforce source URL allowlists, validate/verify dataset provenance, require manual approval or content scanning before IPFS publication, enforce strict size/time/concurrency quotas, restrict IPFS endpoints and add authentication/auditing, and sanitize marketplace-exposed metadata.

This code contains a high-risk secret-exfiltration behavior: it sends the wallet's private key (PRIVATE_KEY_BASE58) to an external hardcoded domain (https://latinum.ai) via an HTTP POST. That allows the remote service to take control of funds or perform transactions on behalf of the user. Additional concerns: the module performs network and key-generation side effects at import time and exposes the signing function via an MCP Server, enabling remote triggers. The undefined 'serve' return appears to be a bug but does not mitigate the primary malicious behavior. Treat this package as malicious/untrusted for wallet use; do not supply real private keys or run this code in environments with funds.

The code is performing potentially malicious actions by collecting system information and sending it to an external domain. This behavior poses a significant security risk.

Live on npm for 1 hour and 9 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a high-risk dynamic code execution pattern by reconstructing functions from client-provided strings via eval in the register and grant flows. This constitutes a serious security risk, enabling remote code execution and potential backdoors if access control is weak or misconfigured. Without server-side sandboxing, strict input validation, or removal of dynamic eval, this module should be considered unsafe for untrusted environments. The remaining routing/subscribe logic is conventional, but the eval pathway dominates risk.

The analyzed code contains embedded remote payload delivery and execution sequence that runs at module import time, representing a severe security risk and clear malware behavior. It resembles a dropper/backdoor mechanism intended to pull in and execute arbitrary code with minimal user interaction, compromising the supply chain integrity of the dependent software.

Live on pypi for 11 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This workflow contains a critical supply-chain vulnerability: it downloads remote content at runtime and executes it via shell eval in the CI runner. That enables arbitrary remote code execution with access to repository files and potentially secrets, and can trivially be used to exfiltrate credentials or poison build artifacts. Treat this as high-risk: remove the eval step, stop executing unverified remote scripts in CI, and adopt signed, vendored, or verified retrieval patterns with least privilege.

This module is dangerous and exhibits clear exfiltration and remote-orchestration behavior. It collects notebook content and local project files, packages them into ./berri_files, and sends them to a hardcoded external server (including user_email in the query). It also executes arbitrary code segments extracted from the notebook via exec(), enabling remote code execution of notebook content. These behaviors indicate intentional data collection/exfiltration and RCE capability; do not run this package in untrusted environments or on machines with sensitive data. If encountered as a dependency, treat it as malicious and remove/block it.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains clear capabilities for reconnaissance (host/IP/MAC), sensitive-data capture (screenshots, filesystem zipping), data exfiltration (uploads to up.ufile.io and proxying Telegram calls via an external web form), and a remote command channel (Telegram GetUpdates via proxy). These features are typical of malware (RAT/botnet client) and present a high security risk. The code also contains implementation bugs but that does not mitigate the malicious intent. The package should be treated as malicious and not used.

This module is a purpose-built DDoS/DoS toolkit with multiple attack primitives and proxy/Tor anonymization options. It is malicious in intent (designed to send large volumes of traffic or resource-starve remote services). It should not be used, included as a dependency, or run in any environment where legal/ethical constraints apply. Presence in a dependency tree represents a high security and legal risk; treat as malicious and remove/contain immediately.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The script functions as a bootstrap installer that fetches a Teleport binary from a CDN, extracts it, and executes it with user-provided arguments. While common in bootstrap flows, this approach carries significant supply-chain risk due to lack of integrity verification, potential tampering of the CDN content, and execution of an external binary in the host environment. To reduce risk, add cryptographic verification (signatures/checksums), validate the artifact against a trusted manifest, constrain and sanitize teleportArgs, implement isolation (sandbox/container), and improve error handling with cleanup. Consider using pinned TLS/HTTPS, and validating the tarball contents before execution.

This source is a straightforward system DNS resolver that issues A/AAAA and TXT queries and Base64-decodes concatenated TXT responses. The implementation itself contains no process spawning, filesystem modifications, or hard-coded credentials, but it fits a known pattern used by DNS-based command-and-control channels (fetching Base64-encoded commands or payloads via TXT records). Given the header and import path tying it to the Sliver implant framework, treat this module as a likely component of a C2 implant: acceptable as a benign utility in isolation, but high-risk when present in software meant to be benign. Recommend removing or auditing all callers that consume the decoded TXT bytes; if those bytes are ever interpreted or executed, consider the package malicious and block usage.

The fragment exhibits strong indicators of obfuscation and embedded payload usage, which can enable hidden malicious behavior after decoding. While static evidence of concrete malware is not observable, the risk profile is high due to concealment tactics typical of supply-chain attacks. A controlled, in-depth dynamic analysis and deobfuscation are essential before considering inclusion in any public/Open Source package.

This function implements an exec-with-return pattern that executes arbitrary Python source provided in `code` and evaluates the final expression to return its value. It directly uses exec and eval with user-supplied source and caller-provided execution contexts, which enables arbitrary code execution and full access to the process environment. There is no sandboxing or validation; ast.parse/unparse do not mitigate the risk. Also, the provided snippet has a syntax error (unclosed parenthesis) and debug logging that may leak sensitive code/values. Treat use of this function with extreme caution: allow only fully-trusted input or replace with a safer, sandboxed evaluation approach. If this sees untrusted input, consider it a critical RCE vulnerability.

Live on pypi for 1 hour and 3 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.