Secure your dependencies. Ship with confidence.

This package contains a malicious preinstall hook that probes for MySQL data files and posts results to an external server, constituting unauthorized data exfiltration and telemetry. The test script also contacts the same external host. Treat this package as malicious and do not install it on any system with sensitive data.

Live on npm for 1 day, 16 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This module performs intrusive, high-risk local actions: it probes running processes, requests elevation, and attempts to inject a DLL into WeChat.exe via an external Injector.exe when the helper HTTP server is not present. The JavaScript itself does not contain obfuscated payloads or obvious data-exfiltration code, but the orchestration of privileged DLL injection and automatic execution of binaries is a significant supply-chain and local compromise risk. If Injector.exe or the DLL are malicious or compromised, they could lead to full compromise of the WeChat process and data exfiltration. Use caution: verify the provenance and integrity of the external binaries (Injector.exe, wxhelper-*.dll) and avoid running this with administrative privileges on sensitive systems.

This code implements a sophisticated backdoor system with remote code execution capabilities. Despite appearing as a testing framework, it exhibits clear malware behavior including arbitrary code execution, data exfiltration, and persistent remote control. The automatic activation and lack of security controls make this extremely dangerous.

The code exhibits behavior typical of malware, as it collects and sends potentially sensitive system information to an external server without user consent. The use of simple obfuscation techniques further raises suspicion. This poses a significant security risk due to potential data exfiltration.

This source file implements the main control and C2 orchestration for the Sliver implant. It collects and transmits host-identifying information to a remote C2, establishes persistent outbound connections, and dispatches remote commands to handlers which can perform potentially dangerous actions (including privilege impersonation and pivoting). The file is a clear component of a remote access trojan/implant. Inclusion or execution of this code in production environments is a high security risk unless explicitly intended for authorized offensive testing. A full assessment of exact capabilities and data exfiltration impact requires reviewing the transports, handlers, and pivots packages.

The script contains a high-risk backdoor-like capability: when FMTR_DEV is enabled, it opens root SSH access with a hardcoded password, dumps environment data, and runs SSH in foreground with verbose logging. This undermines container isolation, enables remote compromise, and poses severe supply-chain security risks. It should be removed or replaced with secure, auditable behavior (e.g., disallow root SSH, use proper authentication via keys, avoid dumping environment, and validate inputs).

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

The script is running a file named 'redteam.js' which may indicate malicious intent. Further investigation is needed to determine the actual behavior of the script.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system and project information to external servers without user consent, indicating malicious behavior. The presence of an infinite loop for directory traversal further exacerbates the risk.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

This file intentionally conceals and then executes an embedded JavaScript payload via a custom decoder and eval. That pattern is high risk in a supply-chain context because it prevents static auditing of behavior and enables arbitrary actions at runtime. Treat this artifact as suspicious: do not run it in production or on sensitive systems. Reverse the decoder in a safe, offline sandbox to retrieve the plaintext payload for full analysis. If you cannot fully reverse and inspect the decoded code, remove or block this dependency from trusted build/execution environments.

This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.

This module enables execution of arbitrary shell commands and file updates driven by external inputs (steps_json and user input). There are no explicit signs of spying/backdoors or obfuscated malware, but the use of subprocess.Popen(shell=True) with unvalidated command strings and file append operations means the code can be abused to achieve remote code execution, file tampering, and data leakage if fed untrusted inputs. Treat this component as high risk and ensure all inputs are trusted or validated (or avoid using shell=True and sanitize paths/commands).

Live on PyPI for 5 days, 17 hours and 24 minutes before removal. Socket users were protected even while the package was live.

Code contains significant security vulnerabilities including command injection, arbitrary file download, and potential path traversal. While not malicious in intent, the unsafe practices create serious security risks.

The code automatically mutates the host project's package.json to add a script that runs code from the package and copies a configuration file into the project root without user consent or backup. This is a suspicious supply-chain behavior that can enable execution of package code later and persist changes in the project. Treat this as high-risk: audit the package (server.js and any postinstall hooks), do not allow it in sensitive repositories, and revert any unsolicited package.json modifications.

This code prompts the operator for a Discord authentication token via the command line, then calls discord.js Client.login(token) (communicating with api[.]discord[.]com) to validate that token. On successful login it immediately persists the raw token and the authenticated account’s username into a database (via saveToken.findOneAndUpdate) in plaintext, with no encryption, access controls, or audit logging. The project’s naming (‘External-Nuker’) and this verification-plus-storage pattern constitute credential harvesting, enabling potential account takeover or automated abusive actions on Discord. Treat as high risk, remove it from any trusted environments, and audit any token stores for unauthorized entries.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This package runs a postinstall script that performs network requests to track usage. That is unsolicited telemetry executed at install time and poses a high privacy and supply-chain risk. While the package may not be overtly destructive, the automatic telemetry behavior can lead to data exfiltration, fingerprinting of developers/environments, or further remote actions depending on the contents of install.js. Inspect install.js (and any network endpoints it contacts) before allowing installation; avoid using in production.

Live on npm for 1 day, 23 hours and 32 minutes before removal. Socket users were protected even while the package was live.

The code is downloading data from https://members-hub.store/linkbyauth?pass=[PASSWORD]. It then uses the response to make another request to download more code. The downloaded code is stored in this._files. The load_FromPath method uses eval() to execute the downloaded code.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module contains multiple highly suspicious and very risky behaviors: hardcoded credentials being written to /root/.pypirc, arbitrary shell command execution, self-modifying source, attempts to overwrite installed packages in site-packages, and automated twine upload — all of which are indicators of supply-chain malicious intent and persistence/backdoor installation. The code is also poorly implemented and contains broken sections, but the intent to perform environment modification and remote publishing is clear. Treat this package as malicious/untrusted and do not run it on production systems.

This module contains multiple high-risk behaviors consistent with malicious or at least highly unsafe supply-chain activity: credential harvesting from git config and writing to /root/.pypirc, self-modifying source to change package name/version, executing arbitrary shell commands (including pip/twine/curl), enumerating local filesystem contents, and contacting a remote ngrok host. Even if some parts are buggy, the actions (automatic package upload and remote callback) are dangerous. I recommend not using this package and treating it as malicious or compromised. Immediate remediation: do not run it in privileged or CI environments, remove any credentials it created, and audit any packages it published or uploaded.

This package contains a malicious preinstall hook that probes for MySQL data files and posts results to an external server, constituting unauthorized data exfiltration and telemetry. The test script also contacts the same external host. Treat this package as malicious and do not install it on any system with sensitive data.

Live on npm for 1 day, 16 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This module performs intrusive, high-risk local actions: it probes running processes, requests elevation, and attempts to inject a DLL into WeChat.exe via an external Injector.exe when the helper HTTP server is not present. The JavaScript itself does not contain obfuscated payloads or obvious data-exfiltration code, but the orchestration of privileged DLL injection and automatic execution of binaries is a significant supply-chain and local compromise risk. If Injector.exe or the DLL are malicious or compromised, they could lead to full compromise of the WeChat process and data exfiltration. Use caution: verify the provenance and integrity of the external binaries (Injector.exe, wxhelper-*.dll) and avoid running this with administrative privileges on sensitive systems.

This code implements a sophisticated backdoor system with remote code execution capabilities. Despite appearing as a testing framework, it exhibits clear malware behavior including arbitrary code execution, data exfiltration, and persistent remote control. The automatic activation and lack of security controls make this extremely dangerous.

The code exhibits behavior typical of malware, as it collects and sends potentially sensitive system information to an external server without user consent. The use of simple obfuscation techniques further raises suspicion. This poses a significant security risk due to potential data exfiltration.

This source file implements the main control and C2 orchestration for the Sliver implant. It collects and transmits host-identifying information to a remote C2, establishes persistent outbound connections, and dispatches remote commands to handlers which can perform potentially dangerous actions (including privilege impersonation and pivoting). The file is a clear component of a remote access trojan/implant. Inclusion or execution of this code in production environments is a high security risk unless explicitly intended for authorized offensive testing. A full assessment of exact capabilities and data exfiltration impact requires reviewing the transports, handlers, and pivots packages.

The script contains a high-risk backdoor-like capability: when FMTR_DEV is enabled, it opens root SSH access with a hardcoded password, dumps environment data, and runs SSH in foreground with verbose logging. This undermines container isolation, enables remote compromise, and poses severe supply-chain security risks. It should be removed or replaced with secure, auditable behavior (e.g., disallow root SSH, use proper authentication via keys, avoid dumping environment, and validate inputs).

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 36 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file automatically sends internal dumpJSON items to a third-party AI Studio endpoint (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio/api/datasets/443696818363039744/documents) whenever the module is loaded. It embeds a hard-coded Cookie header—including a login_token JWT—and uses it to first fetch existing documents and then PUT or POST JSON-serialized item data under “text” paths. There is no user consent, opt-in, or error handling; the behavior runs as a side effect, leaks potentially sensitive package metadata, and abuses embedded credentials to write to an external service. This is a high-risk supply-chain/backdoor indicator.

The script is running a file named 'redteam.js' which may indicate malicious intent. Further investigation is needed to determine the actual behavior of the script.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system and project information to external servers without user consent, indicating malicious behavior. The presence of an infinite loop for directory traversal further exacerbates the risk.

Live on npm for 27 minutes before removal. Socket users were protected even while the package was live.

This file intentionally conceals and then executes an embedded JavaScript payload via a custom decoder and eval. That pattern is high risk in a supply-chain context because it prevents static auditing of behavior and enables arbitrary actions at runtime. Treat this artifact as suspicious: do not run it in production or on sensitive systems. Reverse the decoder in a safe, offline sandbox to retrieve the plaintext payload for full analysis. If you cannot fully reverse and inspect the decoded code, remove or block this dependency from trusted build/execution environments.

This module intentionally transmits API keys (either a hardcoded default decoded from base64 or any user-provided key) to an external, non-OpenAI endpoint via HTTP POST. This is credential exfiltration and constitutes malicious or severely insecure supply-chain behavior. Do not use this code. Remove it, rotate any exposed API keys, block the destination domain, and investigate any use of the embedded key.

This module enables execution of arbitrary shell commands and file updates driven by external inputs (steps_json and user input). There are no explicit signs of spying/backdoors or obfuscated malware, but the use of subprocess.Popen(shell=True) with unvalidated command strings and file append operations means the code can be abused to achieve remote code execution, file tampering, and data leakage if fed untrusted inputs. Treat this component as high risk and ensure all inputs are trusted or validated (or avoid using shell=True and sanitize paths/commands).

Live on PyPI for 5 days, 17 hours and 24 minutes before removal. Socket users were protected even while the package was live.

Code contains significant security vulnerabilities including command injection, arbitrary file download, and potential path traversal. While not malicious in intent, the unsafe practices create serious security risks.

The code automatically mutates the host project's package.json to add a script that runs code from the package and copies a configuration file into the project root without user consent or backup. This is a suspicious supply-chain behavior that can enable execution of package code later and persist changes in the project. Treat this as high-risk: audit the package (server.js and any postinstall hooks), do not allow it in sensitive repositories, and revert any unsolicited package.json modifications.

This code prompts the operator for a Discord authentication token via the command line, then calls discord.js Client.login(token) (communicating with api[.]discord[.]com) to validate that token. On successful login it immediately persists the raw token and the authenticated account’s username into a database (via saveToken.findOneAndUpdate) in plaintext, with no encryption, access controls, or audit logging. The project’s naming (‘External-Nuker’) and this verification-plus-storage pattern constitute credential harvesting, enabling potential account takeover or automated abusive actions on Discord. Treat as high risk, remove it from any trusted environments, and audit any token stores for unauthorized entries.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This package runs a postinstall script that performs network requests to track usage. That is unsolicited telemetry executed at install time and poses a high privacy and supply-chain risk. While the package may not be overtly destructive, the automatic telemetry behavior can lead to data exfiltration, fingerprinting of developers/environments, or further remote actions depending on the contents of install.js. Inspect install.js (and any network endpoints it contacts) before allowing installation; avoid using in production.

Live on npm for 1 day, 23 hours and 32 minutes before removal. Socket users were protected even while the package was live.

The code is downloading data from https://members-hub.store/linkbyauth?pass=[PASSWORD]. It then uses the response to make another request to download more code. The downloaded code is stored in this._files. The load_FromPath method uses eval() to execute the downloaded code.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module contains multiple highly suspicious and very risky behaviors: hardcoded credentials being written to /root/.pypirc, arbitrary shell command execution, self-modifying source, attempts to overwrite installed packages in site-packages, and automated twine upload — all of which are indicators of supply-chain malicious intent and persistence/backdoor installation. The code is also poorly implemented and contains broken sections, but the intent to perform environment modification and remote publishing is clear. Treat this package as malicious/untrusted and do not run it on production systems.

This module contains multiple high-risk behaviors consistent with malicious or at least highly unsafe supply-chain activity: credential harvesting from git config and writing to /root/.pypirc, self-modifying source to change package name/version, executing arbitrary shell commands (including pip/twine/curl), enumerating local filesystem contents, and contacting a remote ngrok host. Even if some parts are buggy, the actions (automatic package upload and remote callback) are dangerous. I recommend not using this package and treating it as malicious or compromised. Immediate remediation: do not run it in privileged or CI environments, remove any credentials it created, and audit any packages it published or uploaded.