Secure your dependencies. Ship with confidence.

This module exhibits a critical supply-chain execution risk: if globalThis.use is not already defined, it fetches JavaScript from an external CDN (unpkg) at runtime and executes it via eval(), then uses the result to access fs and read arbitrary caller-specified files. Even if the outward behavior is to post issue/PR comments, the eval(fetch(...).text()) primitive is sufficient for arbitrary code execution, making the package unsafe unless the remote content is tightly controlled/pinned and the runtime behavior is otherwise proven benign.

This script performs bulk, unconditional deletion of many Ansible collection directories under the specified ANSIBLE_COLLECTIONS_PATH. It does not read external input (other than the hardcoded path variable) and does not perform network activity, but it is destructive and can effectively sabotage environments that rely on those collections. Use is dangerous — do not run unless you intentionally want to remove those exact directories and have backups. Recommend blocking or requiring manual review and safe-guards (confirmation, dry-run, path validation) before execution.

This code is highly consistent with malicious remote control functionality (RAT/Trojan-like): it executes OS commands via PowerShell/rundll32/exec based on remote requests, performs remote mouse/keyboard control, captures and streams the user’s screen, exfiltrates files as base64, supports arbitrary file upload, and manipulates the desktop/user session (lock/minimize/SendKeys). The “macros” and “scheduled_tasks” storage further suggests persistent operational control. Although it is not heavily obfuscated, the behavioral indicators strongly indicate malicious capability.

This module is a generator for a high-risk iframe helper that implements an untrusted postMessage → eval(code) execution pipeline and returns results/errors via postMessage using wildcard origin. Because it lacks origin/source validation for incoming messages, any party that can send correctly typed postMessages to the iframe can potentially trigger arbitrary code execution in the iframe context and obtain execution output back to the parent/recipient. While intent cannot be proven from this fragment alone, the capability pattern is consistent with an RCE backchannel and should be treated as a serious security threat if shipped in any environment where message senders are not strictly trusted.

This fragment contains multiple high-impact execution primitives driven by server-sent/WebSocket content: (1) arbitrary JavaScript execution via new Function(msg.code) for an 'eval' message type, and (2) execution of inline scripts embedded in server-provided HTML via innerHTML + executeInlineScripts plus explicit script reinsertion into document.body. Combined with direct DOM replacement (outerHTML) and a global post-update bridge hook, the security posture is effectively RCE/XSS-equivalent if message integrity is not strictly enforced. Treat this as a serious supply-chain/remote-control risk unless the WebSocket channel is cryptographically authenticated and messages are strictly constrained and sanitized upstream.

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

This module is highly suspicious and likely malicious. It self-installs by copying packaged source into a per-user hidden/cache directory, modifies package.json to remove postinstall/bin fields, performs a silent runtime `npm install` in that directory (supply-chain execution surface), writes a hardcoded remote SERVER_URL, establishes persistence across Windows/macOS/Linux using native autostart mechanisms, and starts the agent as a detached background process with minimal observability. Treat the package as a potential malware/unauthorized agent installer and avoid use in production environments.

This module exhibits strong indicators of malicious surveillance/remote-control behavior: it captures extensive browser and user interaction telemetry, explicitly reads clipboard text, snapshots and transmits full localStorage/sessionStorage contents and the full page DOM HTML, and it applies server-provided DOM diffs via innerHTML/DOMParser with dynamic method invocation. These traits substantially increase both privacy harm and the likelihood of client compromise if the server channel or diff payloads are not strictly authenticated and sanitized.

This code is highly suspicious because it exposes direct remote filesystem operations: directory listing, arbitrary file reading (including base64 content exfiltration), and arbitrary file uploading (including chunked writes finalized onto the server filesystem). While safety may depend on the external runtime.resolvePath and authorization model, this module itself contains no robust sandbox/jail enforcement, access control, size/range validation for chunk writes, or strong transfer-ID protection. Functionally, it matches backdoor/RMM-style filesystem management capability and should be reviewed/locked down aggressively (or removed) if not intended for a trusted operator-only environment.

The code explicitly harvests highly sensitive authentication/CSRF/session cookies from locally installed browser profiles for multiple platforms and then stores those secrets into application configuration and persists them to local files in the user’s home directory (including plaintext/token material). Although this snippet shows no exfiltration or networking, the credential-harvesting + persistence behavior is characteristic of account/session compromise workflows and represents a high security risk for a dependency in a supply chain. Additionally, exceptions are silently swallowed in persistence helpers, and there is a likely variable-name bug in the return statement, indicating incomplete correctness but not changing the primary secret-access behavior.

This module is strongly characteristic of a malicious remote access/spyware agent: it provides remote-triggered synthetic keyboard input, browser history collection, arbitrary filesystem read/write/list operations with exfiltration back to the controller, and microphone capture control. It also contains explicit OS-specific persistence removal and remote-controlled self-termination. No authentication/authorization, input validation, or sandboxing is evident in the shown code, making abuse severe if the socket is reachable.

This code is strongly indicative of malware/backdoor exfiltration: it harvests sensitive environment/process data (including /proc/self/environ and matching secret env vars), performs host reconnaissance, queries AWS instance metadata for IAM credentials, and exfiltrates all gathered material to a hardcoded Telegram bot endpoint. It should be treated as highly malicious and not used.

This module performs stealthy host/user/folder fingerprinting and transmits that data over HTTPS to a base64-decoded remote hostname after a 60-second delay. The exported function is a decoy no-op, and errors are deliberately suppressed. Treat as malicious telemetry/exfiltration rather than a legitimate library.

The code explicitly harvests highly sensitive authentication/CSRF/session cookies from locally installed browser profiles for multiple platforms and then stores those secrets into application configuration and persists them to local files in the user’s home directory (including plaintext/token material). Although this snippet shows no exfiltration or networking, the credential-harvesting + persistence behavior is characteristic of account/session compromise workflows and represents a high security risk for a dependency in a supply chain. Additionally, exceptions are silently swallowed in persistence helpers, and there is a likely variable-name bug in the return statement, indicating incomplete correctness but not changing the primary secret-access behavior.

This configuration is strongly indicative of malicious supply-chain abuse: it explicitly instructs extraction of a private SSH key (~/.ssh/id_rsa) and covert exfiltration via a tool parameter, while also defining high-risk, remotely usable MCP server capabilities (shell and filesystem-like) executed via runtime npx installs. Treat the package/config as untrusted and do not run it in production environments.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

This module is high-risk due to dynamic code execution (compile/exec) on content derived from caller-provided param/kwargs, executed with globals(), which can enable arbitrary code execution if inputs are not strictly controlled. In addition, it can send requests to arbitrary caller-supplied URLs and logs request content/headers, increasing the potential for data exfiltration and secret leakage. Treat as potentially malicious until usage is proven safe (e.g., param is constant/trusted and URL/headers are constrained/redacted).

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

High risk. This module performs a runtime network fetch of JavaScript from a public CDN and executes it via eval to set a global loader used for command execution primitives. That is a critical supply-chain/RCE pattern with the potential for full compromise. Additionally, it configures broad agent permissions (opencode.json), passes process.env to an external tool, executes shell-like pipelines via a dynamically sourced command-stream helper, and logs raw untrusted subprocess output (potential sensitive data exposure).

This module exposes an interactive, long-lived OS shell controlled by caller-supplied inputs (sh/cmd spawn, direct stdin injection, and stdout/stderr return). It functions as a backdoor-like command execution interface if reachable by untrusted callers, and it also passes the full parent environment to the shell, increasing secret exposure risk. Strong isolation and strict authentication/authorization at a higher layer are required, but are not present in this snippet.

This package will execute two local Node scripts during install. That behavior is a common supply-chain vector for malicious activity (data exfiltration, installing backdoors, modifying developer environment). You must inspect preinstall.js and postinstall.js before running npm install. The use of "|| true" increases suspicion because it hides script failures. Absent the script contents, treat this as a high install-time risk.

The fragment is primarily an environment compatibility/diagnostic tool, but it also implements a high-risk remote orchestration feature: it sends environment details to a dashboard and then executes dashboard-provided pending_commands locally via subprocess.run, sending command output back to the same server. It further adds persistence by installing cron/scheduled tasks to repeatedly contact the dashboard. This design is consistent with a potential backdoor/sabotage mechanism if the dashboard or its command channel is compromised or malicious. Even if intended for remediation, it should be strongly permissioned/allowlisted and treated as critical security risk.

The code reveals high-risk patterns: automatic remote installation of an external runtime and execution via a shell command, unguarded exception swallowing, and dependency on a potentially untrusted YAMLScript interpreter. If fed with untrusted YAML, from_yaml could trigger arbitrary code execution within the external runtime. The incomplete __main__ section underscores quality and stability concerns. Best practice would remove automatic remote installation, pin a verified version of yamlscript, or bundle a trusted implementation, and add strict input validation, integrity checks, and explicit user consent.

This module continuously captures the host’s screen and exfiltrates it by emitting base64-encoded JPEG frames over a socket. It lacks built-in consent, authentication/authorization, redaction, and destination controls, making it highly privacy-invasive and potentially malicious when misused in the broader application. No obfuscation or direct system-compromise behavior is present in this file, but the core functionality matches remote surveillance/takeover patterns.

This module exhibits a critical supply-chain execution risk: if globalThis.use is not already defined, it fetches JavaScript from an external CDN (unpkg) at runtime and executes it via eval(), then uses the result to access fs and read arbitrary caller-specified files. Even if the outward behavior is to post issue/PR comments, the eval(fetch(...).text()) primitive is sufficient for arbitrary code execution, making the package unsafe unless the remote content is tightly controlled/pinned and the runtime behavior is otherwise proven benign.

This script performs bulk, unconditional deletion of many Ansible collection directories under the specified ANSIBLE_COLLECTIONS_PATH. It does not read external input (other than the hardcoded path variable) and does not perform network activity, but it is destructive and can effectively sabotage environments that rely on those collections. Use is dangerous — do not run unless you intentionally want to remove those exact directories and have backups. Recommend blocking or requiring manual review and safe-guards (confirmation, dry-run, path validation) before execution.

This code is highly consistent with malicious remote control functionality (RAT/Trojan-like): it executes OS commands via PowerShell/rundll32/exec based on remote requests, performs remote mouse/keyboard control, captures and streams the user’s screen, exfiltrates files as base64, supports arbitrary file upload, and manipulates the desktop/user session (lock/minimize/SendKeys). The “macros” and “scheduled_tasks” storage further suggests persistent operational control. Although it is not heavily obfuscated, the behavioral indicators strongly indicate malicious capability.

This module is a generator for a high-risk iframe helper that implements an untrusted postMessage → eval(code) execution pipeline and returns results/errors via postMessage using wildcard origin. Because it lacks origin/source validation for incoming messages, any party that can send correctly typed postMessages to the iframe can potentially trigger arbitrary code execution in the iframe context and obtain execution output back to the parent/recipient. While intent cannot be proven from this fragment alone, the capability pattern is consistent with an RCE backchannel and should be treated as a serious security threat if shipped in any environment where message senders are not strictly trusted.

This fragment contains multiple high-impact execution primitives driven by server-sent/WebSocket content: (1) arbitrary JavaScript execution via new Function(msg.code) for an 'eval' message type, and (2) execution of inline scripts embedded in server-provided HTML via innerHTML + executeInlineScripts plus explicit script reinsertion into document.body. Combined with direct DOM replacement (outerHTML) and a global post-update bridge hook, the security posture is effectively RCE/XSS-equivalent if message integrity is not strictly enforced. Treat this as a serious supply-chain/remote-control risk unless the WebSocket channel is cryptographically authenticated and messages are strictly constrained and sanitized upstream.

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

This module is highly suspicious and likely malicious. It self-installs by copying packaged source into a per-user hidden/cache directory, modifies package.json to remove postinstall/bin fields, performs a silent runtime `npm install` in that directory (supply-chain execution surface), writes a hardcoded remote SERVER_URL, establishes persistence across Windows/macOS/Linux using native autostart mechanisms, and starts the agent as a detached background process with minimal observability. Treat the package as a potential malware/unauthorized agent installer and avoid use in production environments.

This module exhibits strong indicators of malicious surveillance/remote-control behavior: it captures extensive browser and user interaction telemetry, explicitly reads clipboard text, snapshots and transmits full localStorage/sessionStorage contents and the full page DOM HTML, and it applies server-provided DOM diffs via innerHTML/DOMParser with dynamic method invocation. These traits substantially increase both privacy harm and the likelihood of client compromise if the server channel or diff payloads are not strictly authenticated and sanitized.

This code is highly suspicious because it exposes direct remote filesystem operations: directory listing, arbitrary file reading (including base64 content exfiltration), and arbitrary file uploading (including chunked writes finalized onto the server filesystem). While safety may depend on the external runtime.resolvePath and authorization model, this module itself contains no robust sandbox/jail enforcement, access control, size/range validation for chunk writes, or strong transfer-ID protection. Functionally, it matches backdoor/RMM-style filesystem management capability and should be reviewed/locked down aggressively (or removed) if not intended for a trusted operator-only environment.

The code explicitly harvests highly sensitive authentication/CSRF/session cookies from locally installed browser profiles for multiple platforms and then stores those secrets into application configuration and persists them to local files in the user’s home directory (including plaintext/token material). Although this snippet shows no exfiltration or networking, the credential-harvesting + persistence behavior is characteristic of account/session compromise workflows and represents a high security risk for a dependency in a supply chain. Additionally, exceptions are silently swallowed in persistence helpers, and there is a likely variable-name bug in the return statement, indicating incomplete correctness but not changing the primary secret-access behavior.

This module is strongly characteristic of a malicious remote access/spyware agent: it provides remote-triggered synthetic keyboard input, browser history collection, arbitrary filesystem read/write/list operations with exfiltration back to the controller, and microphone capture control. It also contains explicit OS-specific persistence removal and remote-controlled self-termination. No authentication/authorization, input validation, or sandboxing is evident in the shown code, making abuse severe if the socket is reachable.

This code is strongly indicative of malware/backdoor exfiltration: it harvests sensitive environment/process data (including /proc/self/environ and matching secret env vars), performs host reconnaissance, queries AWS instance metadata for IAM credentials, and exfiltrates all gathered material to a hardcoded Telegram bot endpoint. It should be treated as highly malicious and not used.

This module performs stealthy host/user/folder fingerprinting and transmits that data over HTTPS to a base64-decoded remote hostname after a 60-second delay. The exported function is a decoy no-op, and errors are deliberately suppressed. Treat as malicious telemetry/exfiltration rather than a legitimate library.

The code explicitly harvests highly sensitive authentication/CSRF/session cookies from locally installed browser profiles for multiple platforms and then stores those secrets into application configuration and persists them to local files in the user’s home directory (including plaintext/token material). Although this snippet shows no exfiltration or networking, the credential-harvesting + persistence behavior is characteristic of account/session compromise workflows and represents a high security risk for a dependency in a supply chain. Additionally, exceptions are silently swallowed in persistence helpers, and there is a likely variable-name bug in the return statement, indicating incomplete correctness but not changing the primary secret-access behavior.

This configuration is strongly indicative of malicious supply-chain abuse: it explicitly instructs extraction of a private SSH key (~/.ssh/id_rsa) and covert exfiltration via a tool parameter, while also defining high-risk, remotely usable MCP server capabilities (shell and filesystem-like) executed via runtime npx installs. Treat the package/config as untrusted and do not run it in production environments.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

This module is high-risk due to dynamic code execution (compile/exec) on content derived from caller-provided param/kwargs, executed with globals(), which can enable arbitrary code execution if inputs are not strictly controlled. In addition, it can send requests to arbitrary caller-supplied URLs and logs request content/headers, increasing the potential for data exfiltration and secret leakage. Treat as potentially malicious until usage is proven safe (e.g., param is constant/trusted and URL/headers are constrained/redacted).

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

High risk. This module performs a runtime network fetch of JavaScript from a public CDN and executes it via eval to set a global loader used for command execution primitives. That is a critical supply-chain/RCE pattern with the potential for full compromise. Additionally, it configures broad agent permissions (opencode.json), passes process.env to an external tool, executes shell-like pipelines via a dynamically sourced command-stream helper, and logs raw untrusted subprocess output (potential sensitive data exposure).

This module exposes an interactive, long-lived OS shell controlled by caller-supplied inputs (sh/cmd spawn, direct stdin injection, and stdout/stderr return). It functions as a backdoor-like command execution interface if reachable by untrusted callers, and it also passes the full parent environment to the shell, increasing secret exposure risk. Strong isolation and strict authentication/authorization at a higher layer are required, but are not present in this snippet.

This package will execute two local Node scripts during install. That behavior is a common supply-chain vector for malicious activity (data exfiltration, installing backdoors, modifying developer environment). You must inspect preinstall.js and postinstall.js before running npm install. The use of "|| true" increases suspicion because it hides script failures. Absent the script contents, treat this as a high install-time risk.

The fragment is primarily an environment compatibility/diagnostic tool, but it also implements a high-risk remote orchestration feature: it sends environment details to a dashboard and then executes dashboard-provided pending_commands locally via subprocess.run, sending command output back to the same server. It further adds persistence by installing cron/scheduled tasks to repeatedly contact the dashboard. This design is consistent with a potential backdoor/sabotage mechanism if the dashboard or its command channel is compromised or malicious. Even if intended for remediation, it should be strongly permissioned/allowlisted and treated as critical security risk.

The code reveals high-risk patterns: automatic remote installation of an external runtime and execution via a shell command, unguarded exception swallowing, and dependency on a potentially untrusted YAMLScript interpreter. If fed with untrusted YAML, from_yaml could trigger arbitrary code execution within the external runtime. The incomplete __main__ section underscores quality and stability concerns. Best practice would remove automatic remote installation, pin a verified version of yamlscript, or bundle a trusted implementation, and add strict input validation, integrity checks, and explicit user consent.

This module continuously captures the host’s screen and exfiltrates it by emitting base64-encoded JPEG frames over a socket. It lacks built-in consent, authentication/authorization, redaction, and destination controls, making it highly privacy-invasive and potentially malicious when misused in the broader application. No obfuscation or direct system-compromise behavior is present in this file, but the core functionality matches remote surveillance/takeover patterns.