Secure your dependencies. Ship with confidence.

The script redirects Git hook execution to an external directory, creating a high-risk supply-chain and runtime vector. It is dangerous in most environments unless the external hooks are tightly controlled, versioned, and validated. Best practice would be to avoid such redirection; if necessary, implement explicit user consent, integrity verification (e.g., signed hooks), and allowlisting of trusted hooks, or revert to repository-contained hooks.

This file contains a highly obfuscated runtime loader/packer with capabilities to decrypt embedded resources, verify signatures, allocate and write executable memory, patch/replace method implementations and invoke native code via function pointers. It also performs anti-analysis (anti-debug) and contains a date-based kill/expiration. Those behaviors are consistent with malware/loader/injector functionality and present a serious supply-chain risk if included in a package. I recommend treating this package as malicious/untrusted and not using it in production.

The script collects information like package name, system directory, user information, and DNS servers, and sends it to a remote server.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code contains a clear attempt to establish a reverse shell to an external IP address, which is highly suspicious and indicative of malicious behavior. The nonce generation appears to be a cover or secondary purpose.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

This ACE snippet file is mostly benign static snippet definitions, but it contains a clearly malicious/inappropriate embedded template expression that attempts to execute shell commands (reading /etc/passwd) via system(...). If any consumer evaluates template expressions in snippetText (particularly in privileged or server-side contexts), this will enable local information disclosure and arbitrary command execution. Treat the file as unsafe: remove or sanitize the system(...) invocation, audit any environments that consumed the snippetText, and consider this a supply-chain red flag. For typical browser-only ACE usage the payload is likely inert, but do not assume safety in privileged runtimes.

This file implements remote-implant handlers that enable arbitrary command execution, file read/write (exfiltration and persistence), process dumping, in-memory code injection (sideload/taskrunner), and system reconnaissance (process list, netstat, network interfaces, screenshots). Those behaviors are characteristic of a post-exploitation backdoor/implant. If used within a legitimate penetration test under authorization, it is a valid tool; in any other context it is malicious. Treat as high-risk: it provides multiple privileged sinks driven directly from untrusted RPC input. Recommend not using in production and auditing usage context and access controls.

This code is highly obfuscated and uses techniques such as base64 encoding and zlib compression to hide the actual payload. The use of exec() to execute the decompressed and decoded payload is a significant security risk as it allows for the execution of arbitrary code, which could be malicious. The intent of the code is unclear due to the obfuscation, but the patterns suggest potentially malicious behavior.

The code contains several methods that can disrupt game sessions and manipulate game states, which could be considered malicious in the context of a game environment. The potential for denial of service and unauthorized actions poses a significant security risk.

Live on npm for 2 hours and 29 minutes before removal. Socket users were protected even while the package was live.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

This module performs high-risk privileged database operations: it creates a global 'superuser' account with a hardcoded weak password ('passw0rd') and grants ALL PRIVILEGES WITH GRANT OPTION for both localhost and '%' (remote) access, then creates a database and tables. This is effectively a backdoor and a severe supply-chain/security risk. Do not use this code in production or as part of a third-party dependency. Recommended actions: remove automated creation of privileged accounts, require secure, auditable credential provisioning (not hardcoded), restrict host access, log to secure sinks, fix the syntax bug, and require code review before any privilege-altering DB operations.

This script automatically downloads a JetBrains plugin from a hardcoded external URL (https://cloud[.]iflow[.]cn/iflow-cli/iflow-idea-0[.]0[.]2[.]zip) and extracts it directly into local JetBrains IDE plugins directories without explicit user consent. The code fails to perform cryptographic verification (such as signature or hash checks) of the downloaded ZIP archive before extraction. Furthermore, it aggressively deletes existing plugin directories with the same target name before installation. This automated, unverified download and installation behavior poses a significant security risk, as it allows arbitrary code to be executed within the developer's IDE context, acting as a secondary payload delivery mechanism commonly seen in supply-chain malware.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The script misleadingly claims to add the current user to a system group by referring to the ${USER} environment variable, yet it actually adds a hardcoded username ('snorri') to the 'users' group. It then prompts the user for confirmation to change their primary group to 'users' using sudo usermod commands. This behavior, which deviates from the claimed action, may indicate an attempt to silently establish a backdoor with elevated privileges and facilitate unauthorized access. No domains, IP addresses, or external URLs are involved.

The script implants a hard-coded SSH public key into the root account and adjusts permissions and SELinux labels to ensure the key will be honored by the SSH daemon. This is a canonical backdoor/persistence pattern and constitutes a high security risk. Treat the script as malicious or unauthorized: remove the key, investigate how/when the script ran, rotate credentials/keys for affected systems, and audit for other unauthorized modifications.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This module implements a remote-controlled agent that can delete its executable, attempt to delete local data, and try to stop PID 1 (container init). It sends a provided key in the URL query to a hardcoded remote host, and the server response dictates destructive actions. The dynamic require to hide 'fs' usage and the explicit destructive branches make this a high-risk package for supply-chain sabotage. Treat as dangerous: do not run in production or on critical hosts unless you fully trust the remote service, understand the consequences, and isolate the runtime environment.

The provided source code is malicious as it exfiltrates sensitive system information to a remote server. This poses a significant security risk.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

This module implements full remote interactive shell capability: it can spawn /bin/bash locally and forward stdin/stdout to a remote server controlled via WebSocket/HTTP. That behavior provides remote command execution and data exfiltration capability and therefore represents a high security risk if present in a dependency or used without strict operational controls (authentication, TLS, network isolation). Treat as malicious/untrusted in general-purpose environments unless its use is explicit, authenticated, and restricted.

The code collects extensive system information and file contents, then sends this data to a remote server. This behavior is indicative of data exfiltration and potentially malicious activity.

The code exhibits several security concerns, particularly regarding the handling of sensitive user data (cookies and tokens) and the potential for unauthorized access to Amazon's services. The use of browser cookies for authentication without explicit consent raises significant privacy issues. Overall, the code poses a moderate to high security risk due to these factors.

Live on pypi for 197 days, 19 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The code contains an explicit, high-confidence data-exfiltration path: it reads Google ID tokens from incoming requests and immediately sends them (and error messages) to a Telegram chat whose bot token and chat_id are obtained by recursively searching common user directories for a local 'rgwml.config' file. This is credential theft/backchannel behavior. Combined with file-system scanning for config and usage of external network sinks, this constitutes malicious or highly privacy-violating behavior. The module also contains multiple coding defects that may cause instability, but the exfiltration behavior is clear and severe. Action: do not run this code; remove it from supply chain, investigate presence of rgwml.config files and potential token leaks, and rotate compromised credentials immediately.

The script redirects Git hook execution to an external directory, creating a high-risk supply-chain and runtime vector. It is dangerous in most environments unless the external hooks are tightly controlled, versioned, and validated. Best practice would be to avoid such redirection; if necessary, implement explicit user consent, integrity verification (e.g., signed hooks), and allowlisting of trusted hooks, or revert to repository-contained hooks.

This file contains a highly obfuscated runtime loader/packer with capabilities to decrypt embedded resources, verify signatures, allocate and write executable memory, patch/replace method implementations and invoke native code via function pointers. It also performs anti-analysis (anti-debug) and contains a date-based kill/expiration. Those behaviors are consistent with malware/loader/injector functionality and present a serious supply-chain risk if included in a package. I recommend treating this package as malicious/untrusted and not using it in production.

The script collects information like package name, system directory, user information, and DNS servers, and sends it to a remote server.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code contains a clear attempt to establish a reverse shell to an external IP address, which is highly suspicious and indicative of malicious behavior. The nonce generation appears to be a cover or secondary purpose.

Live on npm for 1 hour and 30 minutes before removal. Socket users were protected even while the package was live.

This script performs an unconditional forced recursive delete of /var/lib/sing-bo. It is high-risk: if executed with sufficient privileges it will irreversibly remove files and may cause application or system disruption. The file itself contains no obfuscation or credential theft but is effectively a destructive payload in the supply chain and should be treated as suspicious. Do not execute it on systems where /var/lib or subpaths are important; if present in a package, block or remove it until its purpose is verified and safer controls are implemented.

This ACE snippet file is mostly benign static snippet definitions, but it contains a clearly malicious/inappropriate embedded template expression that attempts to execute shell commands (reading /etc/passwd) via system(...). If any consumer evaluates template expressions in snippetText (particularly in privileged or server-side contexts), this will enable local information disclosure and arbitrary command execution. Treat the file as unsafe: remove or sanitize the system(...) invocation, audit any environments that consumed the snippetText, and consider this a supply-chain red flag. For typical browser-only ACE usage the payload is likely inert, but do not assume safety in privileged runtimes.

This file implements remote-implant handlers that enable arbitrary command execution, file read/write (exfiltration and persistence), process dumping, in-memory code injection (sideload/taskrunner), and system reconnaissance (process list, netstat, network interfaces, screenshots). Those behaviors are characteristic of a post-exploitation backdoor/implant. If used within a legitimate penetration test under authorization, it is a valid tool; in any other context it is malicious. Treat as high-risk: it provides multiple privileged sinks driven directly from untrusted RPC input. Recommend not using in production and auditing usage context and access controls.

This code is highly obfuscated and uses techniques such as base64 encoding and zlib compression to hide the actual payload. The use of exec() to execute the decompressed and decoded payload is a significant security risk as it allows for the execution of arbitrary code, which could be malicious. The intent of the code is unclear due to the obfuscation, but the patterns suggest potentially malicious behavior.

The code contains several methods that can disrupt game sessions and manipulate game states, which could be considered malicious in the context of a game environment. The potential for denial of service and unauthorized actions poses a significant security risk.

Live on npm for 2 hours and 29 minutes before removal. Socket users were protected even while the package was live.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

This module performs high-risk privileged database operations: it creates a global 'superuser' account with a hardcoded weak password ('passw0rd') and grants ALL PRIVILEGES WITH GRANT OPTION for both localhost and '%' (remote) access, then creates a database and tables. This is effectively a backdoor and a severe supply-chain/security risk. Do not use this code in production or as part of a third-party dependency. Recommended actions: remove automated creation of privileged accounts, require secure, auditable credential provisioning (not hardcoded), restrict host access, log to secure sinks, fix the syntax bug, and require code review before any privilege-altering DB operations.

This script automatically downloads a JetBrains plugin from a hardcoded external URL (https://cloud[.]iflow[.]cn/iflow-cli/iflow-idea-0[.]0[.]2[.]zip) and extracts it directly into local JetBrains IDE plugins directories without explicit user consent. The code fails to perform cryptographic verification (such as signature or hash checks) of the downloaded ZIP archive before extraction. Furthermore, it aggressively deletes existing plugin directories with the same target name before installation. This automated, unverified download and installation behavior poses a significant security risk, as it allows arbitrary code to be executed within the developer's IDE context, acting as a secondary payload delivery mechanism commonly seen in supply-chain malware.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The script misleadingly claims to add the current user to a system group by referring to the ${USER} environment variable, yet it actually adds a hardcoded username ('snorri') to the 'users' group. It then prompts the user for confirmation to change their primary group to 'users' using sudo usermod commands. This behavior, which deviates from the claimed action, may indicate an attempt to silently establish a backdoor with elevated privileges and facilitate unauthorized access. No domains, IP addresses, or external URLs are involved.

The script implants a hard-coded SSH public key into the root account and adjusts permissions and SELinux labels to ensure the key will be honored by the SSH daemon. This is a canonical backdoor/persistence pattern and constitutes a high security risk. Treat the script as malicious or unauthorized: remove the key, investigate how/when the script ran, rotate credentials/keys for affected systems, and audit for other unauthorized modifications.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This module implements a remote-controlled agent that can delete its executable, attempt to delete local data, and try to stop PID 1 (container init). It sends a provided key in the URL query to a hardcoded remote host, and the server response dictates destructive actions. The dynamic require to hide 'fs' usage and the explicit destructive branches make this a high-risk package for supply-chain sabotage. Treat as dangerous: do not run in production or on critical hosts unless you fully trust the remote service, understand the consequences, and isolate the runtime environment.

The provided source code is malicious as it exfiltrates sensitive system information to a remote server. This poses a significant security risk.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

This module implements full remote interactive shell capability: it can spawn /bin/bash locally and forward stdin/stdout to a remote server controlled via WebSocket/HTTP. That behavior provides remote command execution and data exfiltration capability and therefore represents a high security risk if present in a dependency or used without strict operational controls (authentication, TLS, network isolation). Treat as malicious/untrusted in general-purpose environments unless its use is explicit, authenticated, and restricted.

The code collects extensive system information and file contents, then sends this data to a remote server. This behavior is indicative of data exfiltration and potentially malicious activity.

The code exhibits several security concerns, particularly regarding the handling of sensitive user data (cookies and tokens) and the potential for unauthorized access to Amazon's services. The use of browser cookies for authentication without explicit consent raises significant privacy issues. Overall, the code poses a moderate to high security risk due to these factors.

Live on pypi for 197 days, 19 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The code contains an explicit, high-confidence data-exfiltration path: it reads Google ID tokens from incoming requests and immediately sends them (and error messages) to a Telegram chat whose bot token and chat_id are obtained by recursively searching common user directories for a local 'rgwml.config' file. This is credential theft/backchannel behavior. Combined with file-system scanning for config and usage of external network sinks, this constitutes malicious or highly privacy-violating behavior. The module also contains multiple coding defects that may cause instability, but the exfiltration behavior is clear and severe. Action: do not run this code; remove it from supply chain, investigate presence of rgwml.config files and potential token leaks, and rotate compromised credentials immediately.