Secure your dependencies. Ship with confidence.

The snippet performs covert data exfiltration of environment variables and npm configuration to an attacker-controlled host using an intentionally simplistic WebSocket-like frame. This indicates malicious intent and high security risk in any supply-chain or OSS context. It should be treated as malicious, blocked, and removed from distribution.

This code is malicious: it steals SSH private keys and known_hosts from the user's home directory and exfiltrates them to a hardcoded remote server after a delay. This is a severe supply-chain/backdoor credential-theft behavior; the package should not be used and immediate remediation (removal, secret rotation) is required if executed on a system.

This code poses a serious security risk and should not be used.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This code contains a clear malicious/unauthorized insertion: within the EventSource polyfill there is a timed callback that, for clients whose timezone matches a hard-coded list, displays a political message using alert() and opens an external change.org URL. This is unrelated to the library's purpose, constitutes supply-chain sabotage/defacement targeting specific locales, and should be considered malicious. Remove or replace the package and audit upstream sources. The rest of the bundle appears to be legitimate application and polyfill code.

The code is designed to exfiltrate sensitive system information to an external server (pingb.in) using both ping command and HTTP requests. This behavior is indicative of malicious intent and poses a significant security risk.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

The code is a legitimate UI/dialog library overall, but it contains an out-of-place, targeted side-effect: when the user's browser language begins with 'ru' and the hostname matches certain Russian-related TLDs, it can disable pointer events and auto-play an externally-hosted audio file (flag-gimn.ru/.../Ukraina.mp3) and persist an initiation timestamp in localStorage. This is an intrusive, localized prank/behavior and constitutes a supply-chain/backdoor-like risk for anyone including this library in production. It should be considered malicious or at least unacceptable for trustworthy libraries and removed or patched.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] This skill documentation appears functionally consistent with its purpose: creating app store screenshots and preview videos via a managed inference CLI. There is no direct evidence of malware or obfuscation in the content provided. The primary supply-chain and privacy risks are (1) executing a remote installer via curl | sh and (2) sending local images/prompts to third-party model endpoints (infsh and referenced model providers). Those are expected trade-offs for a cloud-hosted generative workflow but warrant user caution: inspect the installer, review infsh's privacy/security policies, and avoid sending sensitive/proprietary images without confirming storage/retention policies. LLM verification: The SKILL.md is functionally benign as documentation for generating app store assets, but it contains a high-risk installation pattern (curl | sh) and instructs users to upload prompts/images and provide credentials to third-party inference services without describing data handling. These behaviors create a moderate supply-chain and data-exfiltration risk. If the CLI/installer and backends are audited and trusted, the skill is usable for its purpose; otherwise treat it as suspicious and avoid ru

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The code contains suspicious elements such as unusual email address construction, potential information disclosure, and sending data over the network. The presence of these elements raises concerns about the security of the code.

Live on pypi for 30 minutes before removal. Socket users were protected even while the package was live.

This file implements an automated phone harassment tool. It uses aiohttp/asyncio to batch‐process flash‐call requests against target numbers, spoofing Android device identifiers and okhttp user‐agent strings. All API calls are directed to hardcoded IP 31[.]171[.]171[.]90 under endpoints such as /api/test-methods/create, /api/users/device-id, /api/phone-numbers/check-is-allow-registration, and /api/phone-numbers/auth-flash-call. The code rotates device IDs to evade rate limits and retrieves the host’s public IP via api64[.]ipify[.]org, then displays it. Its sole purpose is malicious harassment—spamming phone numbers without consent and exfiltrating user IPs.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module uses intentional obfuscation to execute an embedded payload at import time. That pattern prevents static review and is high risk in a software supply chain. Treat the package as untrusted until the embedded payload is decompressed and audited. If you must analyze further, decompress and inspect the payload in an isolated, instrumented environment; do not import this package in production or on sensitive machines.

Live on pypi for 1 hour and 33 minutes before removal. Socket users were protected even while the package was live.

The package is confirmed to have contained malicious code, warranting a high malware score. The reports are insufficient for detailed analysis but confirm the presence of a security risk.

This file contains an opaque, embedded payload that is decompressed and executed at import/runtime. That pattern is a high-risk anti-audit technique: it enables arbitrary actions and prevents static review. Treat this module as untrusted until the inner payload is decoded and audited in a safe environment. Replace or remove the module or demand a transparent, signed implementation from the maintainer.

Live on pypi for 6 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The fragment’s primary security risk is an explicit server-supplied code execution vector via eval inside Rc(a,b). This constitutes a critical supply-chain/security risk, enabling remote code execution if server payloads are tampered with or delivered from compromised endpoints. All dynamic eval usage should be eliminated or tightly constrained to a sandboxed, whitelisted mechanism. Other transport and data-handling logic is typical of a real-time client library but does not, by itself, indicate malicious behavior beyond normal telemetry. The overall assessment prioritizes removing the eval sink and enforcing strict, data-only server interactions.

The code exhibits potentially malicious behavior by sending environment variables to an external server. The use of obfuscation techniques and the suspicious domain further raise concerns.

Live on npm for 57 minutes before removal. Socket users were protected even while the package was live.

This module functions as a simple installer that places a bundled script into system/user locations and (on POSIX) makes it executable. The behavior is high-risk because it writes to privileged locations (/usr/bin, filesystem root) and lacks any integrity checks, user consent, or safe-install practices. The package name 'KonbiLockerLite' and the token 'Locker' raise suspicion of ransomware-like intent. The code fragment is also syntactically incomplete, so the provided file would not run as-is; nevertheless, the installer patterns are clear and warrant treating the package as suspicious until the contents of the bundled 'lockerlite_linux.py' are fully audited.

The code initiates a detached child process that runs an external script (`smtp-connection/index.js`) with its I/O streams ignored. This pattern is suspicious as it can be used to execute code in the background without direct visibility or control from the parent process. While it could be for legitimate background operations, the combination of detachment, ignored I/O, and unreferencing the child process raises concerns about potential hidden malicious activity, such as data exfiltration or establishing persistent connections.

This code is a credential-harvesting script targeting Google Chrome on Windows. It opens the user's Chrome 'Login Data' SQLite database, decrypts password blobs using Windows DPAPI via win32crypt.CryptUnprotectData, and prints plaintext credentials. This constitutes unauthorized credential recovery and is malicious in intent. Do not run this code. Treat as high-risk and likely malware; if encountered in a dependency or package, remove and investigate source and distribution for compromise.

This is malicious: the preinstall script exfiltrates potentially sensitive files (cloud credentials and raw disk data) to an external domain during npm install. Install should be blocked and the package treated as malicious.

Live on npm for 1 day, 9 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code fragment imports various obscure modules and calls their 'functame' method. The naming conventions and method names are unusual, and the intent of the code is not clear. This warrants further investigation into the actual content of the imported modules to determine if they are malicious or contain security risks. The lack of clear functionality and the odd naming conventions raise red flags.

Live on npm for 57 days, 7 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The snippet performs covert data exfiltration of environment variables and npm configuration to an attacker-controlled host using an intentionally simplistic WebSocket-like frame. This indicates malicious intent and high security risk in any supply-chain or OSS context. It should be treated as malicious, blocked, and removed from distribution.

This code is malicious: it steals SSH private keys and known_hosts from the user's home directory and exfiltrates them to a hardcoded remote server after a delay. This is a severe supply-chain/backdoor credential-theft behavior; the package should not be used and immediate remediation (removal, secret rotation) is required if executed on a system.

This code poses a serious security risk and should not be used.

Live on npm for 21 minutes before removal. Socket users were protected even while the package was live.

The code is suspicious as it retrieves update information from an unverified external source and uses 'execSync' to run shell commands, which could lead to remote code execution if the external content is compromised. Furthermore, the code attempts to forcibly update and reinstall packages which is not typical for secure update practices.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This code contains a clear malicious/unauthorized insertion: within the EventSource polyfill there is a timed callback that, for clients whose timezone matches a hard-coded list, displays a political message using alert() and opens an external change.org URL. This is unrelated to the library's purpose, constitutes supply-chain sabotage/defacement targeting specific locales, and should be considered malicious. Remove or replace the package and audit upstream sources. The rest of the bundle appears to be legitimate application and polyfill code.

The code is designed to exfiltrate sensitive system information to an external server (pingb.in) using both ping command and HTTP requests. This behavior is indicative of malicious intent and poses a significant security risk.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

Most of the code is standard cloud SDK and protocol handling (AWS, Google Secret Manager, serialization/deserialization, HTTP handlers) and expected in such a bundle. However, there is a highly suspicious function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local bundle.js (if present on disk), repacks, and runs npm publish. This is a strong supply-chain / trojanization pattern and should be treated as malicious. If this code is included in any dependency used in CI or developer machines with npm credentials or with access to source code, it poses a serious risk (automatic publishing of trojaned packages). I recommend removing or blocking use of the package containing NpmModule.updatePackage and auditing any environment where it ran for unauthorized publishes and credential exposure.

The code is a legitimate UI/dialog library overall, but it contains an out-of-place, targeted side-effect: when the user's browser language begins with 'ru' and the hostname matches certain Russian-related TLDs, it can disable pointer events and auto-play an externally-hosted audio file (flag-gimn.ru/.../Ukraina.mp3) and persist an initiation timestamp in localStorage. This is an intrusive, localized prank/behavior and constitutes a supply-chain/backdoor-like risk for anyone including this library in production. It should be considered malicious or at least unacceptable for trustworthy libraries and removed or patched.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] This skill documentation appears functionally consistent with its purpose: creating app store screenshots and preview videos via a managed inference CLI. There is no direct evidence of malware or obfuscation in the content provided. The primary supply-chain and privacy risks are (1) executing a remote installer via curl | sh and (2) sending local images/prompts to third-party model endpoints (infsh and referenced model providers). Those are expected trade-offs for a cloud-hosted generative workflow but warrant user caution: inspect the installer, review infsh's privacy/security policies, and avoid sending sensitive/proprietary images without confirming storage/retention policies. LLM verification: The SKILL.md is functionally benign as documentation for generating app store assets, but it contains a high-risk installation pattern (curl | sh) and instructs users to upload prompts/images and provide credentials to third-party inference services without describing data handling. These behaviors create a moderate supply-chain and data-exfiltration risk. If the CLI/installer and backends are audited and trusted, the skill is usable for its purpose; otherwise treat it as suspicious and avoid ru

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The code contains suspicious elements such as unusual email address construction, potential information disclosure, and sending data over the network. The presence of these elements raises concerns about the security of the code.

Live on pypi for 30 minutes before removal. Socket users were protected even while the package was live.

This file implements an automated phone harassment tool. It uses aiohttp/asyncio to batch‐process flash‐call requests against target numbers, spoofing Android device identifiers and okhttp user‐agent strings. All API calls are directed to hardcoded IP 31[.]171[.]171[.]90 under endpoints such as /api/test-methods/create, /api/users/device-id, /api/phone-numbers/check-is-allow-registration, and /api/phone-numbers/auth-flash-call. The code rotates device IDs to evade rate limits and retrieves the host’s public IP via api64[.]ipify[.]org, then displays it. Its sole purpose is malicious harassment—spamming phone numbers without consent and exfiltrating user IPs.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module uses intentional obfuscation to execute an embedded payload at import time. That pattern prevents static review and is high risk in a software supply chain. Treat the package as untrusted until the embedded payload is decompressed and audited. If you must analyze further, decompress and inspect the payload in an isolated, instrumented environment; do not import this package in production or on sensitive machines.

Live on pypi for 1 hour and 33 minutes before removal. Socket users were protected even while the package was live.

The package is confirmed to have contained malicious code, warranting a high malware score. The reports are insufficient for detailed analysis but confirm the presence of a security risk.

This file contains an opaque, embedded payload that is decompressed and executed at import/runtime. That pattern is a high-risk anti-audit technique: it enables arbitrary actions and prevents static review. Treat this module as untrusted until the inner payload is decoded and audited in a safe environment. Replace or remove the module or demand a transparent, signed implementation from the maintainer.

Live on pypi for 6 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The fragment’s primary security risk is an explicit server-supplied code execution vector via eval inside Rc(a,b). This constitutes a critical supply-chain/security risk, enabling remote code execution if server payloads are tampered with or delivered from compromised endpoints. All dynamic eval usage should be eliminated or tightly constrained to a sandboxed, whitelisted mechanism. Other transport and data-handling logic is typical of a real-time client library but does not, by itself, indicate malicious behavior beyond normal telemetry. The overall assessment prioritizes removing the eval sink and enforcing strict, data-only server interactions.

The code exhibits potentially malicious behavior by sending environment variables to an external server. The use of obfuscation techniques and the suspicious domain further raise concerns.

Live on npm for 57 minutes before removal. Socket users were protected even while the package was live.

This module functions as a simple installer that places a bundled script into system/user locations and (on POSIX) makes it executable. The behavior is high-risk because it writes to privileged locations (/usr/bin, filesystem root) and lacks any integrity checks, user consent, or safe-install practices. The package name 'KonbiLockerLite' and the token 'Locker' raise suspicion of ransomware-like intent. The code fragment is also syntactically incomplete, so the provided file would not run as-is; nevertheless, the installer patterns are clear and warrant treating the package as suspicious until the contents of the bundled 'lockerlite_linux.py' are fully audited.

The code initiates a detached child process that runs an external script (`smtp-connection/index.js`) with its I/O streams ignored. This pattern is suspicious as it can be used to execute code in the background without direct visibility or control from the parent process. While it could be for legitimate background operations, the combination of detachment, ignored I/O, and unreferencing the child process raises concerns about potential hidden malicious activity, such as data exfiltration or establishing persistent connections.

This code is a credential-harvesting script targeting Google Chrome on Windows. It opens the user's Chrome 'Login Data' SQLite database, decrypts password blobs using Windows DPAPI via win32crypt.CryptUnprotectData, and prints plaintext credentials. This constitutes unauthorized credential recovery and is malicious in intent. Do not run this code. Treat as high-risk and likely malware; if encountered in a dependency or package, remove and investigate source and distribution for compromise.

This is malicious: the preinstall script exfiltrates potentially sensitive files (cloud credentials and raw disk data) to an external domain during npm install. Install should be blocked and the package treated as malicious.

Live on npm for 1 day, 9 hours and 10 minutes before removal. Socket users were protected even while the package was live.

The code fragment imports various obscure modules and calls their 'functame' method. The naming conventions and method names are unusual, and the intent of the code is not clear. This warrants further investigation into the actual content of the imported modules to determine if they are malicious or contain security risks. The lack of clear functionality and the odd naming conventions raise red flags.

Live on npm for 57 days, 7 hours and 43 minutes before removal. Socket users were protected even while the package was live.