Secure your dependencies. Ship with confidence.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The code exhibits clear signs of malicious behavior by exfiltrating sensitive system and project data to external servers without user consent. This poses a significant security risk.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code is obfuscated and sends data to an external server, which could be potentially malicious if sensitive data is involved. The obfuscation raises suspicion about the intent of the code.

This module automates reading private keys from an HTML file and transferring a hard-coded, substantial TRX amount from each matched key to a single master address. Behavior is consistent with wallet-draining/siphoning and poses a high supply-chain risk. Treat as malicious or extremely high risk unless you have strong evidence of legitimate, authorized use and additional safety controls implemented elsewhere.

This file implements core implant RPC handlers that enable arbitrary file system access (read/write/delete), file upload/download (exfiltration), remote command execution, environment variable access/modification, and runtime reconfiguration of network behavior. Those capabilities are inherently dangerous in a supply-chain context and are consistent with a remote access trojan/implant (Sliver). There are some defensive checks (path prefix validation in extractFiles, root-deletion guard for rmHandler), but the handlers still permit the controller to perform destructive or data-exfiltrating actions. If present in a package intended for benign use, this is a critical risk; as part of the Sliver implant it is expected functionality but poses severe security implications if unintentionally distributed or executed.

This install script runs a local Node entrypoint and falls back to contacting a suspicious external IP if that entrypoint fails. This pattern is risky: it allows arbitrary, package-supplied code to execute during installation and initiates network traffic to an untrusted host (which may be used for telemetry, callbacks, or to deliver further payloads). Treat this as high risk and avoid running in trusted environments without auditing the local index.js and the remote host's intent.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code contains a high-risk capability: it downloads DLL bytes from a hard-coded Azure endpoint (using an embedded function key), loads them into the Default AssemblyLoadContext, and instantiates types from them — effectively enabling remote code execution in any host process that uses this library. There are no integrity or signature checks on downloaded assemblies and a hard-coded API key is present. This constitutes a serious supply-chain / runtime code-execution risk. Use of this library should be reviewed carefully and avoided or restricted unless the remote source and distribution mechanism are fully trusted and additional safeguards (signing, validation, isolation) are implemented.

This module presents a critical security risk. It transmits API keys and user history to an external service and blindly executes the returned string as a shell command with shell=True. That combination enables remote code execution, credential exfiltration, and data leakage. Do not run this code on machines with sensitive data or elevated privileges. Recommended mitigation: remove automatic remote execution, require explicit user confirmation and dry-run output, implement strict allowlists or local command generation, never send secrets to untrusted endpoints, store keys securely (OS keyring), and sandbox any execution.

This module functions as a remote-control/backdoor agent: it registers identifying host data to a hardcoded external WebSocket endpoint and executes arbitrary shell commands supplied by that endpoint, returning outputs. It lacks any authentication, input validation, or safeguards and therefore constitutes a high-risk backdoor. Do not run this on trusted systems; treat presence as a compromise indicator and investigate origin and intended use.

This module implements backdoor/agent functionality: remote-controlled uploads and execution, Windows autorun persistence, potential self-deletion, and remote-driven network reconfiguration. It exposes an XML-RPC API that allows arbitrary binaries and zip archives to be written and executed on the host, which is a severe supply-chain/backdoor risk. Treat this package as malicious and high-risk; do not run in production or on trusted hosts.

This script contains several highly suspicious and malicious-seeming behaviors: destructive rm -r calls, programmatic injection of a new app and URL paths, automatic execution of migrations (which can run arbitrary code), and automatic creation of a Django superuser with a known weak password ('123') and fixed username/email. Those actions constitute a backdoor and supply-chain sabotage risk. Avoid running this code; treat package as compromised and investigate any added 'erscipcard' code and migrations. If encountered in a repository or package, consider it malicious and remove/rollback changes and rotate credentials.

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

This obfuscated Python module prompts for a user password, generates or loads a symmetric Fernet key into a hidden directory, and then encrypts or decrypts files in-place based on their extensions. All string constants (file paths, commands, extensions) are built via indexing into a single alphabet string to thwart analysis. It writes key and token files to disk, calls os.system under specific OS checks, and uses sys.exit to abort on failed validation. There are no network calls, but the script will irreversibly overwrite user files with ciphertext until the correct password is supplied—matching ransomware-like behavior and posing a severe risk to data integrity if executed without isolation.

The code downloads and executes Python scripts from a remote server, which poses a significant security risk due to the potential for executing malicious code. This behavior is consistent with malware patterns.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This code contains a clear malicious/unauthorized insertion: within the EventSource polyfill there is a timed callback that, for clients whose timezone matches a hard-coded list, displays a political message using alert() and opens an external change.org URL. This is unrelated to the library's purpose, constitutes supply-chain sabotage/defacement targeting specific locales, and should be considered malicious. Remove or replace the package and audit upstream sources. The rest of the bundle appears to be legitimate application and polyfill code.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 18 hours and 1 minute before removal. Socket users were protected even while the package was live.

This code implements an unauthenticated HTTP control surface for a viewer object that accepts arbitrary commands from request paths and bodies, dynamically looks up and calls attributes on internal objects, loads JSON from requests and triggers callbacks, and serves local files. These behaviors make it high risk for supply-chain or runtime compromise: untrusted clients can invoke methods and mutate state which could lead to data exfiltration, filesystem access, or other damaging actions depending on the viewer's API. It should not be exposed to untrusted networks or used without strict authentication/authorization and input validation.

Live on PyPI for 11 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This module reaches out to a hard-coded URL on github[.]com (deprosinal/legendary-funicular/raw/refs/heads/main/helo[.]exe), downloads the .exe if it is not already present, saves it under the name “randar.exe” in the user’s APPDATA (or home) directory, and immediately executes it via subprocess.Popen with shell=True. There is no checksum or signature validation, no sandbox or user prompt, no error handling, and no logging—effectively granting arbitrary remote code execution at the privilege level of the running user. The rename from helo.exe to randar.exe and use of a user-writable directory for persistence are hallmark dropper behaviors. Do not include or run this code in any trusted environment without first removing or securing the download‐and‐execute functionality.

Live on PyPI for 3 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The code exhibits clear signs of malicious behavior by exfiltrating sensitive system and project data to external servers without user consent. This poses a significant security risk.

Live on npm for 31 minutes before removal. Socket users were protected even while the package was live.

The code is obfuscated and sends data to an external server, which could be potentially malicious if sensitive data is involved. The obfuscation raises suspicion about the intent of the code.

This module automates reading private keys from an HTML file and transferring a hard-coded, substantial TRX amount from each matched key to a single master address. Behavior is consistent with wallet-draining/siphoning and poses a high supply-chain risk. Treat as malicious or extremely high risk unless you have strong evidence of legitimate, authorized use and additional safety controls implemented elsewhere.

This file implements core implant RPC handlers that enable arbitrary file system access (read/write/delete), file upload/download (exfiltration), remote command execution, environment variable access/modification, and runtime reconfiguration of network behavior. Those capabilities are inherently dangerous in a supply-chain context and are consistent with a remote access trojan/implant (Sliver). There are some defensive checks (path prefix validation in extractFiles, root-deletion guard for rmHandler), but the handlers still permit the controller to perform destructive or data-exfiltrating actions. If present in a package intended for benign use, this is a critical risk; as part of the Sliver implant it is expected functionality but poses severe security implications if unintentionally distributed or executed.

This install script runs a local Node entrypoint and falls back to contacting a suspicious external IP if that entrypoint fails. This pattern is risky: it allows arbitrary, package-supplied code to execute during installation and initiates network traffic to an untrusted host (which may be used for telemetry, callbacks, or to deliver further payloads). Treat this as high risk and avoid running in trusted environments without auditing the local index.js and the remote host's intent.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code contains a high-risk capability: it downloads DLL bytes from a hard-coded Azure endpoint (using an embedded function key), loads them into the Default AssemblyLoadContext, and instantiates types from them — effectively enabling remote code execution in any host process that uses this library. There are no integrity or signature checks on downloaded assemblies and a hard-coded API key is present. This constitutes a serious supply-chain / runtime code-execution risk. Use of this library should be reviewed carefully and avoided or restricted unless the remote source and distribution mechanism are fully trusted and additional safeguards (signing, validation, isolation) are implemented.

This module presents a critical security risk. It transmits API keys and user history to an external service and blindly executes the returned string as a shell command with shell=True. That combination enables remote code execution, credential exfiltration, and data leakage. Do not run this code on machines with sensitive data or elevated privileges. Recommended mitigation: remove automatic remote execution, require explicit user confirmation and dry-run output, implement strict allowlists or local command generation, never send secrets to untrusted endpoints, store keys securely (OS keyring), and sandbox any execution.

This module functions as a remote-control/backdoor agent: it registers identifying host data to a hardcoded external WebSocket endpoint and executes arbitrary shell commands supplied by that endpoint, returning outputs. It lacks any authentication, input validation, or safeguards and therefore constitutes a high-risk backdoor. Do not run this on trusted systems; treat presence as a compromise indicator and investigate origin and intended use.

This module implements backdoor/agent functionality: remote-controlled uploads and execution, Windows autorun persistence, potential self-deletion, and remote-driven network reconfiguration. It exposes an XML-RPC API that allows arbitrary binaries and zip archives to be written and executed on the host, which is a severe supply-chain/backdoor risk. Treat this package as malicious and high-risk; do not run in production or on trusted hosts.

This script contains several highly suspicious and malicious-seeming behaviors: destructive rm -r calls, programmatic injection of a new app and URL paths, automatic execution of migrations (which can run arbitrary code), and automatic creation of a Django superuser with a known weak password ('123') and fixed username/email. Those actions constitute a backdoor and supply-chain sabotage risk. Avoid running this code; treat package as compromised and investigate any added 'erscipcard' code and migrations. If encountered in a repository or package, consider it malicious and remove/rollback changes and rotate credentials.

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

This obfuscated Python module prompts for a user password, generates or loads a symmetric Fernet key into a hidden directory, and then encrypts or decrypts files in-place based on their extensions. All string constants (file paths, commands, extensions) are built via indexing into a single alphabet string to thwart analysis. It writes key and token files to disk, calls os.system under specific OS checks, and uses sys.exit to abort on failed validation. There are no network calls, but the script will irreversibly overwrite user files with ciphertext until the correct password is supplied—matching ransomware-like behavior and posing a severe risk to data integrity if executed without isolation.

The code downloads and executes Python scripts from a remote server, which poses a significant security risk due to the potential for executing malicious code. This behavior is consistent with malware patterns.

The package contains a hidden payload that targets Russian language users visiting Russian and Belarusian sites. For those users, it will disable user interaction and play a looping audio of the Ukrainian anthem after 3 days. Therefore, it is marked as malware only because it freezes interactions for many users. This behavior is not disclosed in any documentation of the package and seriously disrupts user experience.

This code contains a clear malicious/unauthorized insertion: within the EventSource polyfill there is a timed callback that, for clients whose timezone matches a hard-coded list, displays a political message using alert() and opens an external change.org URL. This is unrelated to the library's purpose, constitutes supply-chain sabotage/defacement targeting specific locales, and should be considered malicious. Remove or replace the package and audit upstream sources. The rest of the bundle appears to be legitimate application and polyfill code.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 18 hours and 1 minute before removal. Socket users were protected even while the package was live.

This code implements an unauthenticated HTTP control surface for a viewer object that accepts arbitrary commands from request paths and bodies, dynamically looks up and calls attributes on internal objects, loads JSON from requests and triggers callbacks, and serves local files. These behaviors make it high risk for supply-chain or runtime compromise: untrusted clients can invoke methods and mutate state which could lead to data exfiltration, filesystem access, or other damaging actions depending on the viewer's API. It should not be exposed to untrusted networks or used without strict authentication/authorization and input validation.

Live on PyPI for 11 hours and 42 minutes before removal. Socket users were protected even while the package was live.

This module reaches out to a hard-coded URL on github[.]com (deprosinal/legendary-funicular/raw/refs/heads/main/helo[.]exe), downloads the .exe if it is not already present, saves it under the name “randar.exe” in the user’s APPDATA (or home) directory, and immediately executes it via subprocess.Popen with shell=True. There is no checksum or signature validation, no sandbox or user prompt, no error handling, and no logging—effectively granting arbitrary remote code execution at the privilege level of the running user. The rename from helo.exe to randar.exe and use of a user-writable directory for persistence are hallmark dropper behaviors. Do not include or run this code in any trusted environment without first removing or securing the download‐and‐execute functionality.

Live on PyPI for 3 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.