Secure your dependencies. Ship with confidence.

The code exhibits potential security risks due to handling sensitive data, complex encoding/decoding functions, and accessing environment variables. The getAppState function poses a significant security risk if misused. Caution is advised when using these functions. The malware score should be higher due to the identified risks. The obfuscated score is accurate. The overall risk score should be increased to reflect the security concerns identified in the reports.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

This package.json does not directly contain an explicit reverse shell or data exfiltration command, but it has potentially risky behaviors: the preinstall hook forcibly installs global packages (network fetch + code execution), and the prepare/test/build scripts run multiple tools that execute arbitrary code. These lifecycle hooks and wildcard dependency specifications raise a high security risk during installation. Recommended actions: avoid installing this package without auditing the invoked scripts and the global packages being installed; inspect all referenced scripts (Makefile, test suite, doc build scripts) and prefer not to run the package's lifecycle hooks or to run them in an isolated environment.

Live on npm for 1 hour and 12 minutes before removal. Socket users were protected even while the package was live.

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package JSON content. It then sends this data to a remote server.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates a high-risk pattern: it fetches remote payloads and writes them directly into the consumer's project tree without validation, sandboxing, or integrity checks. Its presence inside node_modules and unconditional file writes create a plausible vector for backdoors or supply-chain manipulation. Requires provenance review, endpoint trust verification, and strict content validation or removal from the codebase.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module installs/executes a Monero cryptocurrency miner in a stealthy manner (bundled binary on Unix-like systems or runtime download on Windows), connecting to pool.minexmr.com and crediting a hardcoded wallet. Behavior matches malicious cryptomining and supply-chain/backdoor activity. Do not use this package. Treat any systems that executed it as compromised: stop and remove the miner process, delete the dropped/bundled binaries, rotate any potentially exposed credentials, and investigate for further persistence. Replace package and audit dependencies for similar artifacts.

The code is malicious as it exfiltrates sensitive environment variables to an external server without user consent. This poses a significant security risk.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill documentation is internally consistent: the capabilities, required binary, macOS Automation permission, and install instructions align with the stated purpose of managing Apple Notes. No direct indicators of malicious behavior appear in the provided text. The main risks are privacy and supply-chain trust: the memo binary will have powerful local access to users' notes and the Homebrew tap is a third‑party source whose code should be audited. Without the actual implementation code or network behavior, we cannot exclude the possibility of exfiltration or telemetry, so caution is advised. LLM verification: This skill document itself is coherent: capabilities (managing and exporting Apple Notes) align with the permissions and CLI actions described. No code was provided to inspect for direct malicious behavior. The main security concerns are supply-chain and privacy: installing software from a third-party Homebrew tap or performing a pip install without a verified source can introduce compromised code, and granting macOS Automation access gives broad programmatic access to all Notes (sensitive perso

The code is not overtly malicious by itself (it contains no backdoor implementation or hardcoded credential exfiltration). However it performs unsafe deserialization of remote-provided model weights (torch.load on untrusted bytes from a websocket), which is a serious supply-chain / remote code execution risk if the websocket endpoint is not fully trusted and authenticated. Recommend treating fetched weights as untrusted: add TLS/wss, authentication, signed payloads or integrity checks, and avoid torch.load on unauthenticated data (or use restricted unpickling).

Live on pypi for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

This code collects sensitive host data (including usernames, home directory, local IPs/MACs) and exfiltrates it to a hardcoded external ngrok domain on module load. Absent explicit, documented consent and a legitimate reason tied to this exact endpoint, treat this as malicious/spying behavior. Remediation: remove the code, block network egress to the hostname, and audit package provenance and recent changes. If encountered in a dependency, consider removing or replacing the package and rotating any exposed credentials on affected hosts.

Live on npm for 59 minutes before removal. Socket users were protected even while the package was live.

The migration tool exhibits legitimate migration behaviors but contains a pronounced backdoor-like pattern in selfHidingFile, wrapped with license gating and __HALT_COMPILER usage. This creates a dangerous supply-chain and runtime risk: if artifacts are deployed, an attacker could leverage the HALT payload to read or serve files, or otherwise exfiltrate data. Recommend removing selfHidingFile, isolating license logic, auditing all remote file fetches, and enforcing strict provenance controls before adoption.

This script contains high-risk operations and insecure practices. The most serious issue is copying the local private SSH key to the remote host, which is credential exfiltration and allows the remote host to impersonate the local user elsewhere. Additionally, interpolating passwords and other inputs into shell commands (subprocess.run with shell=True) creates shell injection and credential leakage risks. The code as given contains undefined variables and would not run as-is, but its intent is concerning. Treat this code as dangerous: do not run it with real keys or against untrusted hosts; review and remove any copying of private keys and replace unsafe sudo/password handling and shell interpolation with secure alternatives (use ssh-copy-id for public keys, use ssh-agent or proper key management, avoid echoing passwords, avoid shell=True or properly escape inputs).

This file intentionally conceals executable code by embedding a compressed, Base64-encoded payload and immediately executing it with exec(). That pattern prevents static review and is a strong indicator of obfuscation; it is a supply-chain and runtime security risk. Treat the module as untrusted until the inner payload has been safely decompressed and inspected in an isolated environment.

Live on pypi for 2 days, 9 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The fragment is dominated by a highly obfuscated payload with no visible executable logic. While definitive malicious behavior cannot be proven from this snippet alone, the structure strongly suggests potential for runtime decoding and execution, creating notable supply‑chain security risk. Treat as suspicious/high risk and perform controlled decoding and dynamic analysis in a secure environment before trusting or bundling this dependency.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 1 hour and 49 minutes before removal. Socket users were protected even while the package was live.

This package is malicious: its postinstall hook executes index.js on install and the package description explicitly identifies it as a Discord webhook credential-exfiltration sample. Installing this package will very likely cause sensitive data to be collected and sent to an attacker-controlled webhook and therefore presents a high risk of data exfiltration and compromise.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This file contains import-time backdoor behavior: immediately upon module import it opens local files “config.py” and “menu.py” and uploads them as multipart attachments in HTTP GET requests to http://87[.]251[.]77[.]103:5000. All exceptions are silently suppressed, ensuring stealth. The rest of the code implements benign callback utilities, but these two requests constitute deliberate data exfiltration and a high-risk supply-chain compromise.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This Fabric script contains clearly malicious and dangerous functionality. The breakOs() task intentionally deletes critical filesystem paths (rm -rf on /etc, /usr, /bin, /home, /var/log, etc.) and removes Docker containers and images — this is sabotaging/destructive behavior. The script also embeds a base64 ZIP payload which it decodes, uploads and unzips on remote hosts; combined with arbitrary remote command execution (run/local/put), this presents a high supply-chain and remote-execution risk. Other tasks (remote ssh to root, installing shadowsocks via pip) further increase risk. Do not run this code or the listed tasks on any system you care about; inspect the embedded ZIP payload immediately if already present.

This code collects the host’s name, user home directory path and current directory, serializes them to JSON, converts the payload into hex chunks, and exfiltrates the data via DNS A-record lookups to subdomains under dns[.]alexbirsan-hacks-paypal[.]com (and repeats the transmission after switching the DNS server to dns1[.]alexbirsan-hacks-paypal[.]com and 4.4.4.4). It also contains a hardcoded check to abort on the hostname “BBOGENS-LAPTOP,” indicating targeted deployment, and uses random IDs and chunked DNS queries as a covert channel for data theft.

The script collects information like hostname, platform, user info, and current working directory and sends it to a remote server. Additionally, it creates a local file named 'locatethisfileforpoc'.

Live on npm for 1 day, 7 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This bundle is mostly legitimate UI and polyfill code for a tournaments widget, but it contains an unexpected and inappropriate side-effect: an injected timed block (in the EventSource polyfill) that, for certain timezones, displays a hardcoded political message via alert() and opens an external change.org URL. That behavior is unrelated to the widget's purpose and is a malicious/unwanted side effect (propaganda/easter-egg and unsolicited navigation). Additionally, the widget injects remote CSS (clientstylingurl) into the host DOM and sends session IDs to SSE endpoints — both require trusting remote content and endpoints. Recommend removing the timed political injection and auditing any remote CSS and SSE endpoints before use.

The code exhibits potential security risks due to handling sensitive data, complex encoding/decoding functions, and accessing environment variables. The getAppState function poses a significant security risk if misused. Caution is advised when using these functions. The malware score should be higher due to the identified risks. The obfuscated score is accurate. The overall risk score should be increased to reflect the security concerns identified in the reports.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

This package.json does not directly contain an explicit reverse shell or data exfiltration command, but it has potentially risky behaviors: the preinstall hook forcibly installs global packages (network fetch + code execution), and the prepare/test/build scripts run multiple tools that execute arbitrary code. These lifecycle hooks and wildcard dependency specifications raise a high security risk during installation. Recommended actions: avoid installing this package without auditing the invoked scripts and the global packages being installed; inspect all referenced scripts (Makefile, test suite, doc build scripts) and prefer not to run the package's lifecycle hooks or to run them in an isolated environment.

Live on npm for 1 hour and 12 minutes before removal. Socket users were protected even while the package was live.

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package JSON content. It then sends this data to a remote server.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates a high-risk pattern: it fetches remote payloads and writes them directly into the consumer's project tree without validation, sandboxing, or integrity checks. Its presence inside node_modules and unconditional file writes create a plausible vector for backdoors or supply-chain manipulation. Requires provenance review, endpoint trust verification, and strict content validation or removal from the codebase.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module installs/executes a Monero cryptocurrency miner in a stealthy manner (bundled binary on Unix-like systems or runtime download on Windows), connecting to pool.minexmr.com and crediting a hardcoded wallet. Behavior matches malicious cryptomining and supply-chain/backdoor activity. Do not use this package. Treat any systems that executed it as compromised: stop and remove the miner process, delete the dropped/bundled binaries, rotate any potentially exposed credentials, and investigate for further persistence. Replace package and audit dependencies for similar artifacts.

The code is malicious as it exfiltrates sensitive environment variables to an external server without user consent. This poses a significant security risk.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill documentation is internally consistent: the capabilities, required binary, macOS Automation permission, and install instructions align with the stated purpose of managing Apple Notes. No direct indicators of malicious behavior appear in the provided text. The main risks are privacy and supply-chain trust: the memo binary will have powerful local access to users' notes and the Homebrew tap is a third‑party source whose code should be audited. Without the actual implementation code or network behavior, we cannot exclude the possibility of exfiltration or telemetry, so caution is advised. LLM verification: This skill document itself is coherent: capabilities (managing and exporting Apple Notes) align with the permissions and CLI actions described. No code was provided to inspect for direct malicious behavior. The main security concerns are supply-chain and privacy: installing software from a third-party Homebrew tap or performing a pip install without a verified source can introduce compromised code, and granting macOS Automation access gives broad programmatic access to all Notes (sensitive perso

The code is not overtly malicious by itself (it contains no backdoor implementation or hardcoded credential exfiltration). However it performs unsafe deserialization of remote-provided model weights (torch.load on untrusted bytes from a websocket), which is a serious supply-chain / remote code execution risk if the websocket endpoint is not fully trusted and authenticated. Recommend treating fetched weights as untrusted: add TLS/wss, authentication, signed payloads or integrity checks, and avoid torch.load on unauthenticated data (or use restricted unpickling).

Live on pypi for 1 hour and 13 minutes before removal. Socket users were protected even while the package was live.

This code collects sensitive host data (including usernames, home directory, local IPs/MACs) and exfiltrates it to a hardcoded external ngrok domain on module load. Absent explicit, documented consent and a legitimate reason tied to this exact endpoint, treat this as malicious/spying behavior. Remediation: remove the code, block network egress to the hostname, and audit package provenance and recent changes. If encountered in a dependency, consider removing or replacing the package and rotating any exposed credentials on affected hosts.

Live on npm for 59 minutes before removal. Socket users were protected even while the package was live.

The migration tool exhibits legitimate migration behaviors but contains a pronounced backdoor-like pattern in selfHidingFile, wrapped with license gating and __HALT_COMPILER usage. This creates a dangerous supply-chain and runtime risk: if artifacts are deployed, an attacker could leverage the HALT payload to read or serve files, or otherwise exfiltrate data. Recommend removing selfHidingFile, isolating license logic, auditing all remote file fetches, and enforcing strict provenance controls before adoption.

This script contains high-risk operations and insecure practices. The most serious issue is copying the local private SSH key to the remote host, which is credential exfiltration and allows the remote host to impersonate the local user elsewhere. Additionally, interpolating passwords and other inputs into shell commands (subprocess.run with shell=True) creates shell injection and credential leakage risks. The code as given contains undefined variables and would not run as-is, but its intent is concerning. Treat this code as dangerous: do not run it with real keys or against untrusted hosts; review and remove any copying of private keys and replace unsafe sudo/password handling and shell interpolation with secure alternatives (use ssh-copy-id for public keys, use ssh-agent or proper key management, avoid echoing passwords, avoid shell=True or properly escape inputs).

This file intentionally conceals executable code by embedding a compressed, Base64-encoded payload and immediately executing it with exec(). That pattern prevents static review and is a strong indicator of obfuscation; it is a supply-chain and runtime security risk. Treat the module as untrusted until the inner payload has been safely decompressed and inspected in an isolated environment.

Live on pypi for 2 days, 9 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The fragment is dominated by a highly obfuscated payload with no visible executable logic. While definitive malicious behavior cannot be proven from this snippet alone, the structure strongly suggests potential for runtime decoding and execution, creating notable supply‑chain security risk. Treat as suspicious/high risk and perform controlled decoding and dynamic analysis in a secure environment before trusting or bundling this dependency.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 1 hour and 49 minutes before removal. Socket users were protected even while the package was live.

This package is malicious: its postinstall hook executes index.js on install and the package description explicitly identifies it as a Discord webhook credential-exfiltration sample. Installing this package will very likely cause sensitive data to be collected and sent to an attacker-controlled webhook and therefore presents a high risk of data exfiltration and compromise.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This file contains import-time backdoor behavior: immediately upon module import it opens local files “config.py” and “menu.py” and uploads them as multipart attachments in HTTP GET requests to http://87[.]251[.]77[.]103:5000. All exceptions are silently suppressed, ensuring stealth. The rest of the code implements benign callback utilities, but these two requests constitute deliberate data exfiltration and a high-risk supply-chain compromise.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This Fabric script contains clearly malicious and dangerous functionality. The breakOs() task intentionally deletes critical filesystem paths (rm -rf on /etc, /usr, /bin, /home, /var/log, etc.) and removes Docker containers and images — this is sabotaging/destructive behavior. The script also embeds a base64 ZIP payload which it decodes, uploads and unzips on remote hosts; combined with arbitrary remote command execution (run/local/put), this presents a high supply-chain and remote-execution risk. Other tasks (remote ssh to root, installing shadowsocks via pip) further increase risk. Do not run this code or the listed tasks on any system you care about; inspect the embedded ZIP payload immediately if already present.

This code collects the host’s name, user home directory path and current directory, serializes them to JSON, converts the payload into hex chunks, and exfiltrates the data via DNS A-record lookups to subdomains under dns[.]alexbirsan-hacks-paypal[.]com (and repeats the transmission after switching the DNS server to dns1[.]alexbirsan-hacks-paypal[.]com and 4.4.4.4). It also contains a hardcoded check to abort on the hostname “BBOGENS-LAPTOP,” indicating targeted deployment, and uses random IDs and chunked DNS queries as a covert channel for data theft.

The script collects information like hostname, platform, user info, and current working directory and sends it to a remote server. Additionally, it creates a local file named 'locatethisfileforpoc'.

Live on npm for 1 day, 7 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This bundle is mostly legitimate UI and polyfill code for a tournaments widget, but it contains an unexpected and inappropriate side-effect: an injected timed block (in the EventSource polyfill) that, for certain timezones, displays a hardcoded political message via alert() and opens an external change.org URL. That behavior is unrelated to the widget's purpose and is a malicious/unwanted side effect (propaganda/easter-egg and unsolicited navigation). Additionally, the widget injects remote CSS (clientstylingurl) into the host DOM and sends session IDs to SSE endpoints — both require trusting remote content and endpoints. Recommend removing the timed political injection and auditing any remote CSS and SSE endpoints before use.