Secure your dependencies. Ship with confidence.

This code contains an obfuscated, network-backed remote code execution mechanism embedded in the extension activation path. It constructs and queries multiple remote endpoints, decodes and executes base64 payloads from responses using eval() and vm.Script.runInContext with a context exposing require/process/Buffer, and writes local files to persist/gate behavior. It also includes locale/timezone checks (geofencing) and retry/persistence logic. These are clear indicators of a backdoor/C2-style supply-chain attack. The package should be considered malicious and untrusted; remove and treat any systems where this ran as compromised until investigated and remediated.

The approach is functionally sound for the intended objective but bears medium supply-chain and device-access risks. Strengthening would include: pinning/verifying tool hashes, adding robust error paths and rollback, optional content verification (checksum) of downloaded audio, explicit user consent for device transfer, and more resilient cleanup paths. Overall, the pattern is benign but requires governance around external tool integrity and device-transfer permissions.

The code collects sensitive system information, including the home directory, hostname, username, DNS servers, and the contents of '/etc/passwd' and '/etc/hosts' files. It then sends this data via an HTTPS POST request to a remote server at 'mi8wkhfdyuhq86hv1gm660yz3q9ix8lx[.]oastify[.]com' without user consent. This behavior is indicative of malicious activity aimed at data exfiltration.

Live on npm for 79 days, 4 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This module systematically harvests guild metadata and permanent invite links and forwards them to an external Telegram sink. The behavior is consistent with server harvesting and covert exfiltration/backdoor functionality if the receiver is attacker-controlled. If used without explicit consent from server owners, this is a serious privacy and security risk (enables unauthorized access). Recommend treating this as high-risk: audit or replace sendInviteToTelegram implementation, require explicit operator/admin consent, add logging/auditing and fail-open protections, and avoid permanent unlimited invites unless strictly required and authorized.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 6 hours and 12 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

This package will execute local code at install time. Given the package name/description and the general risk of arbitrary postinstall scripts, treat this as high risk until index.js is audited. Do not install on production or privileged systems; inspect index.js for network calls, child_process usage, filesystem deletions/modifications, persistence mechanisms, hard-coded destinations, or obfuscated code. Prefer installing in an isolated sandbox to analyze behavior if you must proceed.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

This file is an explicit DNS-based command-and-control transport for the Sliver implant framework. It constructs attacker-controlled DNS queries carrying encoded payloads and performs TXT lookups to receive encrypted commands and blocks. The code facilitates covert data exfiltration and remote code/command delivery. It is malicious by design (implant/C2). Security weaknesses include use of non-cryptographic RNG for IDs/nonces and an unbounded in-memory replay map. Treat this package as malware/C2 infrastructure and avoid running or depending on it unless you have explicit, controlled red-team context.

This extension is malicious: it abuses the Jupyter terminal websocket protocol to inject a shell command (touch pwned.txt) into a server-side terminal session without user consent. It requires the browser session to be authenticated and the Jupyter terminal gateway/terminal id to be reachable, but under those conditions it enables remote command execution and should be considered a high-risk backdoor. Remove and do not run this package in any environment where it can reach a Jupyter server.

This module performs direct exfiltration of user-provided form data to a hard-coded third-party webhook (webhook.site) and also logs the same data to the console. The use of mode: 'no-cors' makes the request opaque and reduces client-side visibility into success/failure, which can make the exfiltration stealthier. While no system-level malware behaviors (remote shell, file tampering) are present, the code constitutes a serious privacy and supply-chain risk: sensitive user data can be sent to an external, likely unauthorized collector. Recommended actions: treat this code as untrusted/removed from production or dependency tree until provenance and intent are validated; replace the hard-coded endpoint with a configurable, trusted backend; add server-side handling with proper CORS, consent, and data minimization; remove testing webhook.site endpoints from published code.

This fragment implements an unrestricted evaluator for Python source that executes caller-provided code with the privileges of the host process. The fragment itself contains no embedded malicious payloads, but it creates a critical security boundary: if x can be influenced by untrusted actors, this is a direct remote code execution vector. Recommend: do not use with untrusted input. If dynamic evaluation is required, adopt strong sandboxing (separate process with least privileges, seccomp/containers, restricted builtins, explicit whitelist of allowed operations, time/memory limits) or use a safe domain-specific evaluator rather than exec/eval on raw Python source.

Live on pypi for 1 day, 11 hours and 44 minutes before removal. Socket users were protected even while the package was live.

The composite action contains high-risk patterns due to remote code execution from downloaded install scripts without integrity verification (curl | sh and irm | iex). While these are common in some setup scripts, the lack of verification constitutes a significant supply-chain and runtime security risk. If the external sources are compromised or serve malicious payloads, an attacker could gain code execution on the runner and potentially exfiltrate data or alter the environment. Recommend adding integrity checks (hash/signature verification), pinning to known-good installers, or using verified actions, and avoiding direct remote code execution when possible.

This module is not obviously malicious: it implements display backends for Sage/IPython and contains expected behavior for launching viewers and composing MIME outputs. The primary security issue is unsafe construction of shell commands with unsanitized filenames passed to os.system, which can lead to command injection if filenames can be influenced by an attacker. Additional concerns: embedding local scripts into notebook HTML can expose local resources and the file shows syntax/truncation errors that must be fixed. Remediation: avoid os.system with formatted strings (use subprocess with args), validate/quote filenames, and correct the malformed notebook code before use.

This script is sending data to a remote server and attempting to read the contents of the '/etc/hosts' file. This behavior is highly suspicious and indicates potential malicious intent.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.

The code implements a custom obfuscation and decoding scheme that culminates in executing arbitrary code via exec() on decoded input. This pattern is a critical security risk as it allows execution of potentially malicious code embedded in the input. The obfuscation and dynamic execution strongly indicate malicious intent or a high risk of exploitation in a software supply chain context. There is no direct evidence of network communication or data exfiltration, but the arbitrary code execution alone warrants immediate attention and remediation.

This module is an exploitation/bypass toolkit intended to achieve remote code execution by uploading native payloads and/or registering MySQL UDFs and invoking them. It actively probes for extensions, uploads binaries, executes SQL to create UDFs, and triggers commands on the target. As distributed code, it poses a high security risk and should be treated as offensive tooling — acceptable only in authorized testing environments. The provided fragment contains some invalid placeholders/syntax which may be copy errors or templating; however the malicious exploitation intent is clear.

This module implements an agent/manager capable of fingerprinting the host, downloading and extracting payloads, executing arbitrary shell commands, updating itself via npm, and communicating with a remote server (HTTP POST and TCP). The hardcoded 'TIMMINING' User-Agent and hardware enumeration strongly suggest this is part of a cryptocurrency-mining management agent or similar remote-control tool. The code has high potential for abuse: it can fetch and run arbitrary code, exfiltrate host identifiers, and perform system-level actions (reboot, update). If you do not trust the remote server or package source, treat this as malicious and avoid running on sensitive hosts. Further review of surrounding code (definition/value of 'v', implementation of z(), and any code that invokes downloads or execs) is required to definitively classify intent.

This package runs a local install script during postinstall which likely downloads and installs a platform-specific binary from a remote tarball URL. That behavior is potentially risky: the install script can execute arbitrary code, the downloaded binary is a non-registry artifact (template URL) and could be tampered with upstream or replaced if releases are compromised. Recommend reviewing src/install.js and any code it invokes (including the exact download URL resolution and any verification steps, e.g., signatures/checksums) before installing in sensitive environments. If src/install.js performs verified downloads (checksums/signatures) and limits execution, risk is lower; if it unconditionally downloads and executes the tarball contents, treat as high risk.

Live on npm for 2 days, 12 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code performs clear, immediate destructive filesystem actions that delete SSH- and Git-related configuration files in the module directory. This behavior is consistent with supply-chain sabotage: removing credentials/configuration without user consent. Even though there is no network exfiltration, the deletion of .ssh and .gitconfig can cause credential loss and workflow breakage. Treat this module as malicious/untrusted and do not run or install it; restore affected files from backups and audit systems where it ran.

The fragment describes a coherent, sandboxed desktop-automation capability with explicit precautions and a clear data flow involving screenshots and API interactions. Primary risks derive from rich UI data exposure, credential handling, and the potential for over-privileged automation if sandboxing fails. With disciplined secret management, strict access controls for tool results, and enforced human-in-the-loop for sensitive actions, the design can be treated as BENIGN-to-SUSPICIOUS rather than malicious, but requires careful operational governance in a supply-chain deployment.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 2 hours and 1 minute before removal. Socket users were protected even while the package was live.

This code contains an obfuscated, network-backed remote code execution mechanism embedded in the extension activation path. It constructs and queries multiple remote endpoints, decodes and executes base64 payloads from responses using eval() and vm.Script.runInContext with a context exposing require/process/Buffer, and writes local files to persist/gate behavior. It also includes locale/timezone checks (geofencing) and retry/persistence logic. These are clear indicators of a backdoor/C2-style supply-chain attack. The package should be considered malicious and untrusted; remove and treat any systems where this ran as compromised until investigated and remediated.

The approach is functionally sound for the intended objective but bears medium supply-chain and device-access risks. Strengthening would include: pinning/verifying tool hashes, adding robust error paths and rollback, optional content verification (checksum) of downloaded audio, explicit user consent for device transfer, and more resilient cleanup paths. Overall, the pattern is benign but requires governance around external tool integrity and device-transfer permissions.

The code collects sensitive system information, including the home directory, hostname, username, DNS servers, and the contents of '/etc/passwd' and '/etc/hosts' files. It then sends this data via an HTTPS POST request to a remote server at 'mi8wkhfdyuhq86hv1gm660yz3q9ix8lx[.]oastify[.]com' without user consent. This behavior is indicative of malicious activity aimed at data exfiltration.

Live on npm for 79 days, 4 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This module systematically harvests guild metadata and permanent invite links and forwards them to an external Telegram sink. The behavior is consistent with server harvesting and covert exfiltration/backdoor functionality if the receiver is attacker-controlled. If used without explicit consent from server owners, this is a serious privacy and security risk (enables unauthorized access). Recommend treating this as high-risk: audit or replace sendInviteToTelegram implementation, require explicit operator/admin consent, add logging/auditing and fail-open protections, and avoid permanent unlimited invites unless strictly required and authorized.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 6 hours and 12 minutes before removal. Socket users were protected even while the package was live.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 45 minutes before removal. Socket users were protected even while the package was live.

This package will execute local code at install time. Given the package name/description and the general risk of arbitrary postinstall scripts, treat this as high risk until index.js is audited. Do not install on production or privileged systems; inspect index.js for network calls, child_process usage, filesystem deletions/modifications, persistence mechanisms, hard-coded destinations, or obfuscated code. Prefer installing in an isolated sandbox to analyze behavior if you must proceed.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 41 minutes before removal. Socket users were protected even while the package was live.

This file is an explicit DNS-based command-and-control transport for the Sliver implant framework. It constructs attacker-controlled DNS queries carrying encoded payloads and performs TXT lookups to receive encrypted commands and blocks. The code facilitates covert data exfiltration and remote code/command delivery. It is malicious by design (implant/C2). Security weaknesses include use of non-cryptographic RNG for IDs/nonces and an unbounded in-memory replay map. Treat this package as malware/C2 infrastructure and avoid running or depending on it unless you have explicit, controlled red-team context.

This extension is malicious: it abuses the Jupyter terminal websocket protocol to inject a shell command (touch pwned.txt) into a server-side terminal session without user consent. It requires the browser session to be authenticated and the Jupyter terminal gateway/terminal id to be reachable, but under those conditions it enables remote command execution and should be considered a high-risk backdoor. Remove and do not run this package in any environment where it can reach a Jupyter server.

This module performs direct exfiltration of user-provided form data to a hard-coded third-party webhook (webhook.site) and also logs the same data to the console. The use of mode: 'no-cors' makes the request opaque and reduces client-side visibility into success/failure, which can make the exfiltration stealthier. While no system-level malware behaviors (remote shell, file tampering) are present, the code constitutes a serious privacy and supply-chain risk: sensitive user data can be sent to an external, likely unauthorized collector. Recommended actions: treat this code as untrusted/removed from production or dependency tree until provenance and intent are validated; replace the hard-coded endpoint with a configurable, trusted backend; add server-side handling with proper CORS, consent, and data minimization; remove testing webhook.site endpoints from published code.

This fragment implements an unrestricted evaluator for Python source that executes caller-provided code with the privileges of the host process. The fragment itself contains no embedded malicious payloads, but it creates a critical security boundary: if x can be influenced by untrusted actors, this is a direct remote code execution vector. Recommend: do not use with untrusted input. If dynamic evaluation is required, adopt strong sandboxing (separate process with least privileges, seccomp/containers, restricted builtins, explicit whitelist of allowed operations, time/memory limits) or use a safe domain-specific evaluator rather than exec/eval on raw Python source.

Live on pypi for 1 day, 11 hours and 44 minutes before removal. Socket users were protected even while the package was live.

The composite action contains high-risk patterns due to remote code execution from downloaded install scripts without integrity verification (curl | sh and irm | iex). While these are common in some setup scripts, the lack of verification constitutes a significant supply-chain and runtime security risk. If the external sources are compromised or serve malicious payloads, an attacker could gain code execution on the runner and potentially exfiltrate data or alter the environment. Recommend adding integrity checks (hash/signature verification), pinning to known-good installers, or using verified actions, and avoiding direct remote code execution when possible.

This module is not obviously malicious: it implements display backends for Sage/IPython and contains expected behavior for launching viewers and composing MIME outputs. The primary security issue is unsafe construction of shell commands with unsanitized filenames passed to os.system, which can lead to command injection if filenames can be influenced by an attacker. Additional concerns: embedding local scripts into notebook HTML can expose local resources and the file shows syntax/truncation errors that must be fixed. Remediation: avoid os.system with formatted strings (use subprocess with args), validate/quote filenames, and correct the malformed notebook code before use.

This script is sending data to a remote server and attempting to read the contents of the '/etc/hosts' file. This behavior is highly suspicious and indicates potential malicious intent.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 50 minutes before removal. Socket users were protected even while the package was live.

The code implements a custom obfuscation and decoding scheme that culminates in executing arbitrary code via exec() on decoded input. This pattern is a critical security risk as it allows execution of potentially malicious code embedded in the input. The obfuscation and dynamic execution strongly indicate malicious intent or a high risk of exploitation in a software supply chain context. There is no direct evidence of network communication or data exfiltration, but the arbitrary code execution alone warrants immediate attention and remediation.

This module is an exploitation/bypass toolkit intended to achieve remote code execution by uploading native payloads and/or registering MySQL UDFs and invoking them. It actively probes for extensions, uploads binaries, executes SQL to create UDFs, and triggers commands on the target. As distributed code, it poses a high security risk and should be treated as offensive tooling — acceptable only in authorized testing environments. The provided fragment contains some invalid placeholders/syntax which may be copy errors or templating; however the malicious exploitation intent is clear.

This module implements an agent/manager capable of fingerprinting the host, downloading and extracting payloads, executing arbitrary shell commands, updating itself via npm, and communicating with a remote server (HTTP POST and TCP). The hardcoded 'TIMMINING' User-Agent and hardware enumeration strongly suggest this is part of a cryptocurrency-mining management agent or similar remote-control tool. The code has high potential for abuse: it can fetch and run arbitrary code, exfiltrate host identifiers, and perform system-level actions (reboot, update). If you do not trust the remote server or package source, treat this as malicious and avoid running on sensitive hosts. Further review of surrounding code (definition/value of 'v', implementation of z(), and any code that invokes downloads or execs) is required to definitively classify intent.

This package runs a local install script during postinstall which likely downloads and installs a platform-specific binary from a remote tarball URL. That behavior is potentially risky: the install script can execute arbitrary code, the downloaded binary is a non-registry artifact (template URL) and could be tampered with upstream or replaced if releases are compromised. Recommend reviewing src/install.js and any code it invokes (including the exact download URL resolution and any verification steps, e.g., signatures/checksums) before installing in sensitive environments. If src/install.js performs verified downloads (checksums/signatures) and limits execution, risk is lower; if it unconditionally downloads and executes the tarball contents, treat as high risk.

Live on npm for 2 days, 12 hours and 12 minutes before removal. Socket users were protected even while the package was live.

The code performs clear, immediate destructive filesystem actions that delete SSH- and Git-related configuration files in the module directory. This behavior is consistent with supply-chain sabotage: removing credentials/configuration without user consent. Even though there is no network exfiltration, the deletion of .ssh and .gitconfig can cause credential loss and workflow breakage. Treat this module as malicious/untrusted and do not run or install it; restore affected files from backups and audit systems where it ran.

The fragment describes a coherent, sandboxed desktop-automation capability with explicit precautions and a clear data flow involving screenshots and API interactions. Primary risks derive from rich UI data exposure, credential handling, and the potential for over-privileged automation if sandboxing fails. With disciplined secret management, strict access controls for tool results, and enforced human-in-the-loop for sensitive actions, the design can be treated as BENIGN-to-SUSPICIOUS rather than malicious, but requires careful operational governance in a supply-chain deployment.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 2 hours and 1 minute before removal. Socket users were protected even while the package was live.