Secure your dependencies. Ship with confidence.

The module performs intrusive operations: it silently appends code into the project's gulpfile.js and executes shell commands that delete files, create SSH keys, and add the generated public key to a remote user's authorized_keys, thereby granting passwordless access. While this may be intended as deployment automation, these behaviors constitute a high-risk pattern (possible backdoor capability and supply-chain modification). Use with caution; review and manual approval are required before running in any environment.

This supply-chain component strongly matches a WhatsApp Web harvesting framework: it generates executable JS that enumerates chats/contacts/groups, dumps comprehensive message/chat/contact fields from in-memory models and IndexedDB, converts binary/media to base64, and installs a real-time listener that forwards full new-message dumps into a Python callback. No explicit network exfiltration is visible in this fragment, but the collected artifacts (including media) are exfil-ready and the architecture is surveillance-like. Treat this module as high-risk unless you have strong assurance of authorized, tightly-scoped use and review of the Python callback’s handling.

High-risk unsolicited data exfiltration: the module gathers local project, user, host, and network information at load time and posts it to a hardcoded Discord webhook. This behavior is privacy-invasive and consistent with a supply-chain backdoor. Actionable recommendations: (1) Do not use or require this package; remove it from projects. (2) Revoke the exposed webhook URL and any associated credentials. (3) Audit systems where this package was installed or required for possible data leakage. (4) Replace with a trusted implementation that requires explicit, documented opt-in telemetry and uses controlled endpoints. (5) If this package was published to a registry, report/takedown and investigate the publisher.

This code contains clear keylogging behavior on Windows: it installs a global low-level keyboard hook and persists keystrokes to files (hidden file './.press_release_callback' and cache/listen_all.bin). That is a high-risk capability (unauthorized capture and storage of user input). There is extensive use of unsafe FFI to WinAPI which increases risk. There is no network exfiltration shown here, but local storage of keystrokes enables later theft. If you did not expect keyboard capture in this dependency, treat it as malicious/unauthorized and remove or audit thoroughly. For other platforms the module provides synthetic key events (xdotool/core_graphics) which is less concerning but combined with the Windows keylogger functionality makes the package dangerous.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days and 5 hours before removal. Socket users were protected even while the package was live.

The fragment is intentionally obfuscated and includes a runtime deobfuscation (RC4-like) plus an integrity/anti-tamper check. In the provided code there is no evidence of network exfiltration, credential harvesting, file-system or process manipulation, or other direct malicious actions. However, because strings are decrypted at runtime and the fragment is truncated, it is not possible to confirm there are no malicious behaviors elsewhere that rely on these decrypted strings. Recommend deobfuscating all strings and scanning the entire package (especially deobfuscated literals) for network calls, dynamic eval/Function, filesystem/child-process use, or hard-coded secrets before trusting the package.

The code exhibits clear signs of malicious behavior by exfiltrating system information and file contents to external servers without user consent. This poses a significant security risk.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This Python module implements a Slowloris-style denial-of-service attack. It opens and holds many simultaneous HTTP or HTTPS connections to a user-specified host and port, sending only partial headers to exhaust the target’s resources. It optionally monkey-patches socket.socket to route traffic through a SOCKS5 proxy (default 127[.]0[.]1:8080) and enters an endless loop of keep-alive header sends and socket recreation. There is no credential harvesting or stealth; its sole purpose is to overwhelm and disrupt a server without explicit authorization.

The fragment is a strongly obfuscated CommonJS bootstrap that merges multiple local modules into exports and contains explicit sandbox-escape/global-object retrieval via `constructor('return this')()`, plus additional constructor-based dynamic invocation gadgets. While the snippet does not directly reveal exfiltration or system modification, the combination of obfuscation, anti-analysis branching, and dynamic execution primitives is a serious supply-chain red flag. A full review of the required local modules (`./llm`, `./util`, and the other computed require target) is required to confirm whether data theft, persistence, or network activity occurs.

This code fragment provides highly privileged “desktop mode” actions driven directly by HTTP request input. The _desktop_open_terminal function enables OS/terminal execution of attacker-controlled commands across macOS/Windows/Linux, which is effectively remote command execution if the endpoints are reachable by untrusted callers. Additionally, client-controlled paths are used for filesystem read/write of JSON content and for opening external resources via OS handlers, with only weak visible path confinement in this snippet. There is no clear authentication/authorization, command allowlisting, or robust sandboxing shown here; security therefore depends on surrounding controls (authz, network exposure, and strict confinement inside read_files/write_files/get_host).

While running a script like 'ping.js' may not inherently be malicious, the suppression of output can be suspicious, as it may hide harmful actions being performed by the script.

Live on npm for 13 days, 15 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The package.json appears to be a normal frontend starter kit with many common build and lint scripts. The main security concern is the install script that runs npm install inside node_modules/nicsdru_unity_theme — this will execute lifecycle scripts for that dependency and any of its transitive dependencies, which is a supply-chain risk. While nothing shown directly downloads or executes remote code, the behavior enables execution of unreviewed third-party install scripts and therefore increases the risk of untrusted code execution or other malicious lifecycle actions. Review the nicsdru_unity_theme package (and its transitive dependencies) and its install/postinstall scripts before running npm install in a privileged environment.

This module intentionally conceals executable Python source inside a base64-encoded, zlib-compressed blob and then executes it at import time. That pattern prevents meaningful static review and is a strong supply-chain/security red flag. Treat this file as high risk: do not run it in trusted environments until the decompressed payload is inspected and its behavior is validated. Immediate, isolated analysis of the decoded payload is required to determine whether the code is benign or malicious.

This file executes an opaque, compressed Python payload at runtime using exec(), which is a high-risk and suspicious pattern in a dependency. Although the wrapper contains no external input sources itself, the exec() of hidden code prevents audit and could enable any malicious action. Treat the package as high security risk: do not use in production until the decompressed payload has been inspected and deemed safe. Immediate remediation: decompress and analyze the payload in a sandbox; if unknown, remove or block the package.

Live on pypi for 11 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This code performs expected batch signing of 'subscribe' contract calls but also constructs and signs a native-value transfer that moves funds (profitPerAddress per subscriber + gas cost) from one subscriber's wallet to getProfitRecipient(). This transfer is not explicit in the function name and is most likely malicious or at minimum deceptive. Treat this as a high-risk backdoor: do not provide private keys to this code or broadcast returned signedTransactions without auditing getProfitRecipient(), understanding where profitPerAddress comes from, and obtaining explicit consent from affected wallets.

This preinstall script is malicious: it collects environment variables, local scripts, Docker overlay metadata, potentially sensitive configuration and key files, and other artifacts and attempts to POST them to an external server. This is a data-exfiltration/backdoor behavior and poses a critical security risk. Do not install this package; remove any artifacts and investigate any systems where it executed.

Live on npm for 2 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The fragment descriptively documents known ransomware behaviors (shadow-copy deletion and recovery-option disabling) associated with Clop. It represents high-risk patterns that should flag potential supply-chain misuse if such capabilities are embedded in a package, but it is not itself executable code. Treat as critical threat signaling rather than a direct exploit payload.

Live on pypi for 4 hours and 9 minutes before removal. Socket users were protected even while the package was live.

Best-matching report: Report 3 (with Report 1 close behind). The fragment shows strong indicators of supply-chain sabotage: it globally hijacks React useContext and overrides Object.keys to inject/alter Hyperliquid order/builder metadata at runtime, conditionally activated via host/URL gating. Combined with wildcard postMessage and persistent storage, this is consistent with stealth manipulation of trading/transaction behavior rather than benign utility code. Recommend treating the dependency as malicious/sabotaging until verified against upstream and integrity-checked (hash/tarball), and consider runtime instrumentation to confirm order payload mutation.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The script is designed to send sensitive information about the user and system to an external server, indicating a high level of malicious behavior.

Live on npm for 14 days, 12 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code exhibits behavior consistent with data exfiltration by sending system information over the network via DNS lookups to a suspicious domain. The use of hexadecimal encoding suggests an attempt to obfuscate the data being sent.

Live on npm for 3 days, 15 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The script collects information like the hostname, home directory, current working directory, and IP addresses. It then sends this data as a series of DNS requests to a custom DNS server.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The module performs intrusive operations: it silently appends code into the project's gulpfile.js and executes shell commands that delete files, create SSH keys, and add the generated public key to a remote user's authorized_keys, thereby granting passwordless access. While this may be intended as deployment automation, these behaviors constitute a high-risk pattern (possible backdoor capability and supply-chain modification). Use with caution; review and manual approval are required before running in any environment.

This supply-chain component strongly matches a WhatsApp Web harvesting framework: it generates executable JS that enumerates chats/contacts/groups, dumps comprehensive message/chat/contact fields from in-memory models and IndexedDB, converts binary/media to base64, and installs a real-time listener that forwards full new-message dumps into a Python callback. No explicit network exfiltration is visible in this fragment, but the collected artifacts (including media) are exfil-ready and the architecture is surveillance-like. Treat this module as high-risk unless you have strong assurance of authorized, tightly-scoped use and review of the Python callback’s handling.

High-risk unsolicited data exfiltration: the module gathers local project, user, host, and network information at load time and posts it to a hardcoded Discord webhook. This behavior is privacy-invasive and consistent with a supply-chain backdoor. Actionable recommendations: (1) Do not use or require this package; remove it from projects. (2) Revoke the exposed webhook URL and any associated credentials. (3) Audit systems where this package was installed or required for possible data leakage. (4) Replace with a trusted implementation that requires explicit, documented opt-in telemetry and uses controlled endpoints. (5) If this package was published to a registry, report/takedown and investigate the publisher.

This code contains clear keylogging behavior on Windows: it installs a global low-level keyboard hook and persists keystrokes to files (hidden file './.press_release_callback' and cache/listen_all.bin). That is a high-risk capability (unauthorized capture and storage of user input). There is extensive use of unsafe FFI to WinAPI which increases risk. There is no network exfiltration shown here, but local storage of keystrokes enables later theft. If you did not expect keyboard capture in this dependency, treat it as malicious/unauthorized and remove or audit thoroughly. For other platforms the module provides synthetic key events (xdotool/core_graphics) which is less concerning but combined with the Windows keylogger functionality makes the package dangerous.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days and 5 hours before removal. Socket users were protected even while the package was live.

The fragment is intentionally obfuscated and includes a runtime deobfuscation (RC4-like) plus an integrity/anti-tamper check. In the provided code there is no evidence of network exfiltration, credential harvesting, file-system or process manipulation, or other direct malicious actions. However, because strings are decrypted at runtime and the fragment is truncated, it is not possible to confirm there are no malicious behaviors elsewhere that rely on these decrypted strings. Recommend deobfuscating all strings and scanning the entire package (especially deobfuscated literals) for network calls, dynamic eval/Function, filesystem/child-process use, or hard-coded secrets before trusting the package.

The code exhibits clear signs of malicious behavior by exfiltrating system information and file contents to external servers without user consent. This poses a significant security risk.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This Python module implements a Slowloris-style denial-of-service attack. It opens and holds many simultaneous HTTP or HTTPS connections to a user-specified host and port, sending only partial headers to exhaust the target’s resources. It optionally monkey-patches socket.socket to route traffic through a SOCKS5 proxy (default 127[.]0[.]1:8080) and enters an endless loop of keep-alive header sends and socket recreation. There is no credential harvesting or stealth; its sole purpose is to overwhelm and disrupt a server without explicit authorization.

The fragment is a strongly obfuscated CommonJS bootstrap that merges multiple local modules into exports and contains explicit sandbox-escape/global-object retrieval via `constructor('return this')()`, plus additional constructor-based dynamic invocation gadgets. While the snippet does not directly reveal exfiltration or system modification, the combination of obfuscation, anti-analysis branching, and dynamic execution primitives is a serious supply-chain red flag. A full review of the required local modules (`./llm`, `./util`, and the other computed require target) is required to confirm whether data theft, persistence, or network activity occurs.

This code fragment provides highly privileged “desktop mode” actions driven directly by HTTP request input. The _desktop_open_terminal function enables OS/terminal execution of attacker-controlled commands across macOS/Windows/Linux, which is effectively remote command execution if the endpoints are reachable by untrusted callers. Additionally, client-controlled paths are used for filesystem read/write of JSON content and for opening external resources via OS handlers, with only weak visible path confinement in this snippet. There is no clear authentication/authorization, command allowlisting, or robust sandboxing shown here; security therefore depends on surrounding controls (authz, network exposure, and strict confinement inside read_files/write_files/get_host).

While running a script like 'ping.js' may not inherently be malicious, the suppression of output can be suspicious, as it may hide harmful actions being performed by the script.

Live on npm for 13 days, 15 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The package.json appears to be a normal frontend starter kit with many common build and lint scripts. The main security concern is the install script that runs npm install inside node_modules/nicsdru_unity_theme — this will execute lifecycle scripts for that dependency and any of its transitive dependencies, which is a supply-chain risk. While nothing shown directly downloads or executes remote code, the behavior enables execution of unreviewed third-party install scripts and therefore increases the risk of untrusted code execution or other malicious lifecycle actions. Review the nicsdru_unity_theme package (and its transitive dependencies) and its install/postinstall scripts before running npm install in a privileged environment.

This module intentionally conceals executable Python source inside a base64-encoded, zlib-compressed blob and then executes it at import time. That pattern prevents meaningful static review and is a strong supply-chain/security red flag. Treat this file as high risk: do not run it in trusted environments until the decompressed payload is inspected and its behavior is validated. Immediate, isolated analysis of the decoded payload is required to determine whether the code is benign or malicious.

This file executes an opaque, compressed Python payload at runtime using exec(), which is a high-risk and suspicious pattern in a dependency. Although the wrapper contains no external input sources itself, the exec() of hidden code prevents audit and could enable any malicious action. Treat the package as high security risk: do not use in production until the decompressed payload has been inspected and deemed safe. Immediate remediation: decompress and analyze the payload in a sandbox; if unknown, remove or block the package.

Live on pypi for 11 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This code performs expected batch signing of 'subscribe' contract calls but also constructs and signs a native-value transfer that moves funds (profitPerAddress per subscriber + gas cost) from one subscriber's wallet to getProfitRecipient(). This transfer is not explicit in the function name and is most likely malicious or at minimum deceptive. Treat this as a high-risk backdoor: do not provide private keys to this code or broadcast returned signedTransactions without auditing getProfitRecipient(), understanding where profitPerAddress comes from, and obtaining explicit consent from affected wallets.

This preinstall script is malicious: it collects environment variables, local scripts, Docker overlay metadata, potentially sensitive configuration and key files, and other artifacts and attempts to POST them to an external server. This is a data-exfiltration/backdoor behavior and poses a critical security risk. Do not install this package; remove any artifacts and investigate any systems where it executed.

Live on npm for 2 hours and 5 minutes before removal. Socket users were protected even while the package was live.

The fragment descriptively documents known ransomware behaviors (shadow-copy deletion and recovery-option disabling) associated with Clop. It represents high-risk patterns that should flag potential supply-chain misuse if such capabilities are embedded in a package, but it is not itself executable code. Treat as critical threat signaling rather than a direct exploit payload.

Live on pypi for 4 hours and 9 minutes before removal. Socket users were protected even while the package was live.

Best-matching report: Report 3 (with Report 1 close behind). The fragment shows strong indicators of supply-chain sabotage: it globally hijacks React useContext and overrides Object.keys to inject/alter Hyperliquid order/builder metadata at runtime, conditionally activated via host/URL gating. Combined with wildcard postMessage and persistent storage, this is consistent with stealth manipulation of trading/transaction behavior rather than benign utility code. Recommend treating the dependency as malicious/sabotaging until verified against upstream and integrity-checked (hash/tarball), and consider runtime instrumentation to confirm order payload mutation.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The script is designed to send sensitive information about the user and system to an external server, indicating a high level of malicious behavior.

Live on npm for 14 days, 12 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

The code exhibits behavior consistent with data exfiltration by sending system information over the network via DNS lookups to a suspicious domain. The use of hexadecimal encoding suggests an attempt to obfuscate the data being sent.

Live on npm for 3 days, 15 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This file implements an unattended update mechanism that fetches and installs .tgz archives from unverified remote sources—both the npm registry (registry[.]npmjs[.]org) and a configurable Firebase-style database URL—by downloading, extracting them into the application directory and then restarting PM2-managed processes. Because there is no cryptographic signature or checksum validation beyond a simple version check, a compromised registry account or database endpoint could deliver arbitrary code to every host running this updater. Additionally, on startup the script gathers extensive system and package metadata—including public IP (via api[.]ipify[.]org), local IP addresses, hostname, OS/platform, Node.js version, CPU/memory statistics, load averages, working directory and package.json fields—and posts it to a configurable Discord webhook endpoint (discordapp[.]com). This behavior poses both a supply-chain risk and a telemetry/privacy exposure risk, as sensitive host information is sent to an external service without explicit user consent or granular control.

The script collects information like the hostname, home directory, current working directory, and IP addresses. It then sends this data as a series of DNS requests to a custom DNS server.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.