Secure your dependencies. Ship with confidence.

This code performs continuous, automated screenshot capture and exfiltration to a Telegram chat, along with host metadata. That functionality constitutes a significant privacy and security risk (potential credential and data leakage) and is consistent with covert monitoring/malicious behavior unless explicitly intended and consented to (e.g., endpoint management with transparent consent). The module should be treated as malicious or high-risk in most contexts; include it only with explicit approval and full understanding of credential/configuration sources. Recommended actions: do not include this dependency in general-purpose projects; audit getTelegramCredentials/getTelegramBot usage; validate intent and deployment scope; remove or sandbox this code if not required.

This code is primarily a front-end UI bundle for tournament widgets and appears legitimate in most parts. However, there is a clearly unrelated injected block that displays a large political message and performs alert() and window.open(...) to external URLs (including a .onion URL) on load/timeouts. That behavior is not appropriate for the library's purpose and constitutes a malicious/unwanted modification (supply-chain injection). The presence of session-bearing network flows (X-SessionID) in the module increases the sensitivity: while the political block itself doesn't exfiltrate credentials, the combination shows the package has been tampered with and should not be trusted until audited and cleaned.

The code exhibits suspicious behavior by sending environment variables to an unknown and potentially malicious domain. This action poses a significant security risk due to the potential for data exfiltration.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This code fragment is part of an abuse automation/orchestration tool aimed at causing account suspensions and reputational damage on WhatsApp (or similar) by generating fake verification requests, mass reports, and suspicious activity across simulated devices and geographies. It includes mechanisms to craft realistic payloads and headers, randomize IPs/user agents, and compute ban probabilities to optimize attacks. It is malicious by design and should not be used. There is no evidence of obfuscated/hidden payloads, but the module directly facilitates unauthorized, harmful actions against third-party user accounts.

The code is highly suspicious and likely malicious, as it exfiltrates sensitive system and project data to external servers without user consent. This poses a significant security risk.

Live on npm for 5 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

This JSON is not executable malware but represents a significant security risk because it stores sensitive credentials (API key, username, password) in plaintext alongside a third‑party endpoint. The immediate risk is credential leakage through commits, logs, images, or telemetry and potential unauthorized access to the LLM provider. Treat any real secrets in this file as compromised: remove from source, rotate credentials, and adopt secret management and scanning practices.

The code presents a severe security risk by exposing an unvalidated, unauthenticated API surface that maps client-provided function names to robotjs methods. This enables remote control of the host's input devices and possibly other privileged actions. Immediate remediation should include: implementing an allowlist of robotjs methods, validating and sanitizing parameters, adding authentication/authorization on socket events, and potentially wrapping hardware interactions behind a server-side controlled API layer or eliminating remote hardware control exposure.

This code implements local and S3-backed persistent dictionaries. It does not contain obvious backdoors or obfuscated malware, but it presents significant supply-chain and runtime risks: it uses pickle/jsonpickle deserialization on data from files and S3 (allowing arbitrary code execution if inputs are untrusted), and it performs AWS S3 operations (including create_bucket, uploads, downloads, deletes) which can lead to unintentional creation of remote resources or data exfiltration. No hardcoded credentials or network callbacks to suspicious domains are present. Overall: not overtly malicious, but high-risk if used with untrusted data or in environments where S3/bucket names or local files can be tampered with.

Live on pypi for 16 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module fragment is not overtly malicious (no direct backdoor or destructive actions) but embodies a high-risk data-exfiltration pattern: it sends full repository contents and user prompts to an external AI gateway without redaction, and logs/resends model outputs without strong validation. This creates substantial supply-chain and privacy risk (exposing secrets, intellectual property, or PII). Remediation: avoid sending raw repo contents to external services; implement strict redaction/allow-listing of files, filter secrets, minimize logging of prompts/responses, treat AIGateway as a high-sensitivity sink, and validate/sanitize model outputs before use.

Live on pypi for 5 days, 13 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This module implements a full-featured remote agent with powerful capabilities: arbitrary command evaluation, filesystem CRUD, file upload/download, outbound HTTP/websocket connections (with TLS verification disabled for websockets), Intel AMT interrogation, KVM/WebRTC remote desktop streaming and control, and data reporting back to a controlling server. Those capabilities enable comprehensive remote control and data exfiltration. If this package is deployed without explicit trust and access controls, it poses a high security risk and is functionally equivalent to remote administration or potentially malicious RAT behavior. Use only when you fully trust the source and network controls; otherwise consider this high-risk.

The fragment exhibits high-risk supply-chain and runtime-code execution patterns. Executing externally sourced code via exec is unacceptable in secure deployments. Immediate hardening recommended: remove dynamic exec path, replace with safe evaluation or predefined, vetted code; if external generation is required, implement strict validation, sandboxing, timeouts, resource limits, and comprehensive auditing of generated code and its outputs.

The code is obfuscated and uses decryption, suggesting potential hidden malicious functionality. The presence of file system and network operations raises security concerns. Further deobfuscation and analysis are needed to determine the exact nature of the code.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This package is fraudulent malware that masquerades as a Fortnite skin generator tool to conduct social engineering attacks. The assembly metadata is heavily abused to embed extensive promotional scam content advertising fake 'Free Fortnite Skins Generator' tools and directing users to suspicious URLs (https://www[.]gamemasters[.]xyz/s). The package exhibits classic characteristics of gaming-related scam software, with assembly attributes like 'free v bucks' as the company name and lengthy promotional text promising free in-game currency and skins. While the visible code contains only trivial logging functionality, the package's clear intent is to deceive users and direct them to external sites that likely host additional malware, phishing pages, or other malicious content. The lack of actual skin generation functionality confirms this is purely a deceptive package designed for social engineering rather than legitimate software.

The fragment injects startup commands into user profile files to execute the output of an external tool (nvm-vanilla) via eval/Invoke-Expression at shell startup. This introduces a persistent, automatic execution pathway that can become a backdoor-like mechanism if the external tool is compromised, modified, or if profile content is tampered with. It poses significant security and usability risks and should be treated as suspicious; require explicit user consent, integrity verification of nvm-vanilla, and safer execution alternatives before distribution.

The script captures sensitive information from the local system and sends it to an external server, which is highly malicious and poses a severe security threat.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally malicious and designed to sabotage Windows hosts. When called with the literal 'CRASH' it probabilistically either attempts to cause a kernel-level crash (BSOD) via direct ntdll calls or issues an immediate shutdown command. It also calls an external module with obscene naming that represents an additional supply-chain risk. Do not run this code; mark the package as malicious, remove/quarantine it from systems and the supply chain, and audit any dependencies (especially HuiPornoAscii) and other versions.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module automates reading private keys from an HTML file and transferring a hard-coded, substantial TRX amount from each matched key to a single master address. Behavior is consistent with wallet-draining/siphoning and poses a high supply-chain risk. Treat as malicious or extremely high risk unless you have strong evidence of legitimate, authorized use and additional safety controls implemented elsewhere.

The fragment appears to be a binary artifact bundle containing serialized model data (likely PyTorch state_dicts) packaged with nested archives. The main risk stems from deserializing untrusted payloads (pickle/torch.load) into memory, which can enable code execution or heavy GPU/CPU loads if the artifact is tampered with or from an untrusted source. Immediate actions: verify provenance and cryptographic signatures, confirm integrity with hashes, and enforce safe deserialization (avoid pickle for untrusted data; use torch.load with strict map_location and appropriate device settings; consider loading to a non-executable, isolated environment). If possible, replace with a verified artifact from a trusted source and enable signature-based integrity checks in the deployment pipeline.

Live on pypi for 16 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This code performs continuous, automated screenshot capture and exfiltration to a Telegram chat, along with host metadata. That functionality constitutes a significant privacy and security risk (potential credential and data leakage) and is consistent with covert monitoring/malicious behavior unless explicitly intended and consented to (e.g., endpoint management with transparent consent). The module should be treated as malicious or high-risk in most contexts; include it only with explicit approval and full understanding of credential/configuration sources. Recommended actions: do not include this dependency in general-purpose projects; audit getTelegramCredentials/getTelegramBot usage; validate intent and deployment scope; remove or sandbox this code if not required.

This code is primarily a front-end UI bundle for tournament widgets and appears legitimate in most parts. However, there is a clearly unrelated injected block that displays a large political message and performs alert() and window.open(...) to external URLs (including a .onion URL) on load/timeouts. That behavior is not appropriate for the library's purpose and constitutes a malicious/unwanted modification (supply-chain injection). The presence of session-bearing network flows (X-SessionID) in the module increases the sensitivity: while the political block itself doesn't exfiltrate credentials, the combination shows the package has been tampered with and should not be trusted until audited and cleaned.

The code exhibits suspicious behavior by sending environment variables to an unknown and potentially malicious domain. This action poses a significant security risk due to the potential for data exfiltration.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

This code fragment is part of an abuse automation/orchestration tool aimed at causing account suspensions and reputational damage on WhatsApp (or similar) by generating fake verification requests, mass reports, and suspicious activity across simulated devices and geographies. It includes mechanisms to craft realistic payloads and headers, randomize IPs/user agents, and compute ban probabilities to optimize attacks. It is malicious by design and should not be used. There is no evidence of obfuscated/hidden payloads, but the module directly facilitates unauthorized, harmful actions against third-party user accounts.

The code is highly suspicious and likely malicious, as it exfiltrates sensitive system and project data to external servers without user consent. This poses a significant security risk.

Live on npm for 5 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious/tampering behavior: post-generation modification replaces a core import with a local hack.js, creating a reliable backdoor or covert control path in the generated client. This undermines supply chain integrity and warrants immediate removal of the tampering step, implementation of code integrity checks (hash/signature verification), and strict controls over code generation pipelines. The rest of the flow (codegen via openapi-zod-client) is standard, but the post-generation mutation alone makes the overall artifact untrustworthy.

This JSON is not executable malware but represents a significant security risk because it stores sensitive credentials (API key, username, password) in plaintext alongside a third‑party endpoint. The immediate risk is credential leakage through commits, logs, images, or telemetry and potential unauthorized access to the LLM provider. Treat any real secrets in this file as compromised: remove from source, rotate credentials, and adopt secret management and scanning practices.

The code presents a severe security risk by exposing an unvalidated, unauthenticated API surface that maps client-provided function names to robotjs methods. This enables remote control of the host's input devices and possibly other privileged actions. Immediate remediation should include: implementing an allowlist of robotjs methods, validating and sanitizing parameters, adding authentication/authorization on socket events, and potentially wrapping hardware interactions behind a server-side controlled API layer or eliminating remote hardware control exposure.

This code implements local and S3-backed persistent dictionaries. It does not contain obvious backdoors or obfuscated malware, but it presents significant supply-chain and runtime risks: it uses pickle/jsonpickle deserialization on data from files and S3 (allowing arbitrary code execution if inputs are untrusted), and it performs AWS S3 operations (including create_bucket, uploads, downloads, deletes) which can lead to unintentional creation of remote resources or data exfiltration. No hardcoded credentials or network callbacks to suspicious domains are present. Overall: not overtly malicious, but high-risk if used with untrusted data or in environments where S3/bucket names or local files can be tampered with.

Live on pypi for 16 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module fragment is not overtly malicious (no direct backdoor or destructive actions) but embodies a high-risk data-exfiltration pattern: it sends full repository contents and user prompts to an external AI gateway without redaction, and logs/resends model outputs without strong validation. This creates substantial supply-chain and privacy risk (exposing secrets, intellectual property, or PII). Remediation: avoid sending raw repo contents to external services; implement strict redaction/allow-listing of files, filter secrets, minimize logging of prompts/responses, treat AIGateway as a high-sensitivity sink, and validate/sanitize model outputs before use.

Live on pypi for 5 days, 13 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This module implements a full-featured remote agent with powerful capabilities: arbitrary command evaluation, filesystem CRUD, file upload/download, outbound HTTP/websocket connections (with TLS verification disabled for websockets), Intel AMT interrogation, KVM/WebRTC remote desktop streaming and control, and data reporting back to a controlling server. Those capabilities enable comprehensive remote control and data exfiltration. If this package is deployed without explicit trust and access controls, it poses a high security risk and is functionally equivalent to remote administration or potentially malicious RAT behavior. Use only when you fully trust the source and network controls; otherwise consider this high-risk.

The fragment exhibits high-risk supply-chain and runtime-code execution patterns. Executing externally sourced code via exec is unacceptable in secure deployments. Immediate hardening recommended: remove dynamic exec path, replace with safe evaluation or predefined, vetted code; if external generation is required, implement strict validation, sandboxing, timeouts, resource limits, and comprehensive auditing of generated code and its outputs.

The code is obfuscated and uses decryption, suggesting potential hidden malicious functionality. The presence of file system and network operations raises security concerns. Further deobfuscation and analysis are needed to determine the exact nature of the code.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This package is fraudulent malware that masquerades as a Fortnite skin generator tool to conduct social engineering attacks. The assembly metadata is heavily abused to embed extensive promotional scam content advertising fake 'Free Fortnite Skins Generator' tools and directing users to suspicious URLs (https://www[.]gamemasters[.]xyz/s). The package exhibits classic characteristics of gaming-related scam software, with assembly attributes like 'free v bucks' as the company name and lengthy promotional text promising free in-game currency and skins. While the visible code contains only trivial logging functionality, the package's clear intent is to deceive users and direct them to external sites that likely host additional malware, phishing pages, or other malicious content. The lack of actual skin generation functionality confirms this is purely a deceptive package designed for social engineering rather than legitimate software.

The fragment injects startup commands into user profile files to execute the output of an external tool (nvm-vanilla) via eval/Invoke-Expression at shell startup. This introduces a persistent, automatic execution pathway that can become a backdoor-like mechanism if the external tool is compromised, modified, or if profile content is tampered with. It poses significant security and usability risks and should be treated as suspicious; require explicit user consent, integrity verification of nvm-vanilla, and safer execution alternatives before distribution.

The script captures sensitive information from the local system and sends it to an external server, which is highly malicious and poses a severe security threat.

Live on npm for 26 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally malicious and designed to sabotage Windows hosts. When called with the literal 'CRASH' it probabilistically either attempts to cause a kernel-level crash (BSOD) via direct ntdll calls or issues an immediate shutdown command. It also calls an external module with obscene naming that represents an additional supply-chain risk. Do not run this code; mark the package as malicious, remove/quarantine it from systems and the supply chain, and audit any dependencies (especially HuiPornoAscii) and other versions.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module automates reading private keys from an HTML file and transferring a hard-coded, substantial TRX amount from each matched key to a single master address. Behavior is consistent with wallet-draining/siphoning and poses a high supply-chain risk. Treat as malicious or extremely high risk unless you have strong evidence of legitimate, authorized use and additional safety controls implemented elsewhere.

The fragment appears to be a binary artifact bundle containing serialized model data (likely PyTorch state_dicts) packaged with nested archives. The main risk stems from deserializing untrusted payloads (pickle/torch.load) into memory, which can enable code execution or heavy GPU/CPU loads if the artifact is tampered with or from an untrusted source. Immediate actions: verify provenance and cryptographic signatures, confirm integrity with hashes, and enforce safe deserialization (avoid pickle for untrusted data; use torch.load with strict map_location and appropriate device settings; consider loading to a non-executable, isolated environment). If possible, replace with a verified artifact from a trusted source and enable signature-based integrity checks in the deployment pipeline.

Live on pypi for 16 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.