Secure your dependencies. Ship with confidence.

This module decodes an embedded blob and executes it with eval(atob(...)). The use of an obfuscated/encoded inline payload plus dynamic eval is a high-risk pattern for supply-chain malware: it enables arbitrary code execution when helper() is called and can be used to exfiltrate data, open network connections, load native binaries, or perform other malicious actions. Even though the visible functions for OS info and random ints look benign, the dynamic execution of hidden code makes the package unsafe to trust without fully decoding and auditing the embedded payload. Recommend treating this as malicious or at minimum requiring full decode and review of the embedded payload before use.

This module implements a remote downloader-and-executor with clear anti-forensic behaviors and no verification of the fetched payload. It presents a high probability of malicious intent and a severe security risk: arbitrary code from an untrusted host is executed locally via a helper named for stealth/evasion and evidence is removed. Treat as malicious: do not run, remove from systems, and investigate other packages or hosts that may have used it. Audit systems where this code executed and revoke any credentials or access potentially exposed.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This installer creates a persistent reverse SSH tunnel to a hardcoded remote host (jet@hq.vyomos.org) using a private key saved to disk and disables SSH host key checking. Combined with automatic systemd service creation and persistent restart, this behaves like a backdoor/persistent remote access mechanism. The module also performs privileged package installs and writes persistent system configuration. If the remote endpoint is not fully trusted and the operator did not explicitly consent, running this on production or sensitive systems is high risk. Recommend not executing this installer without vendor verification, removing or requiring explicit confirmation for reverse SSH setup, and replacing hardcoded endpoints/disabled host verification with operator-controlled, audited configuration.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

Possible typosquat of json-server

Live on npm for 1 hour and 17 minutes before removal. Socket users were protected even while the package was live.

This module is a credential-exfiltration post-exploitation tool. It actively harvests Windows Credential Manager blobs and masterkey files via SMB, extracts domain backup keys via LSARPC, decrypts DPAPI-protected credentials, and saves or prints recovered plaintext credentials. The behavior is malicious in contexts where unauthorized access is present; it poses a high supply-chain/insider risk. Do not run in production or on networks where you lack explicit authorization.

Live on pypi for 1 hour and 38 minutes before removal. Socket users were protected even while the package was live.

This code is a Remote Access Trojan-like agent. It connects to a remote command-and-control server (ORIGIN decoded from the command line) and provides full remote control: arbitrary shell execution, keylogging, screenshots, screen sharing, webcam capture/streaming, file transfer, persistence and privilege elevation attempts. Even though parts of the fragment are incomplete/missing, the provided code clearly implements malicious functionality intended for espionage and remote control. Do not run this code. Treat the package as malicious and remove it from any trust boundary.

The code contains a suspicious and potentially malicious network call that sends sensitive system data to an unknown external endpoint without user consent. This behavior constitutes a privacy violation and data exfiltration risk. While the main functionality of validating input and retrieving bill status is legitimate, the unsolicited telemetry call significantly increases the security risk of this module. The code is not obfuscated and does not contain other malware indicators, but the presence of this hidden data transmission warrants caution and further investigation.

This script implements a straightforward, continuous data-exfiltration pipeline: it obtains/creates image files via pic_snapshots.snapshot_fun(), reads them from a local snapshots_imgs directory, and uploads them every 5 seconds to a hardcoded remote HTTP endpoint. The use of plain HTTP, hardcoded remote address, infinite loop, absence of authentication/consent, and lack of error handling make this code high risk. If this behavior is not explicitly authorized (e.g., managed telemetry with consent), treat it as malicious or unacceptable for use in sensitive environments.

The analyzed fragment exhibits significant security concerns: hardcoded remote endpoint and API key, insecure HTTP transmission for authentication, and token/storage practices that elevate risk in web environments. While not definitively malware, the pattern constitutes high supply-chain and data-leak risk. Recommended mitigations include removing hardcoded endpoints and secrets, switching to HTTPS, avoiding localStorage for tokens, implementing server-side authentication and token handling, and tightening data handling/origin protections. This requires immediate review before reuse in production or inclusion in shared libraries.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This file is malicious. It is an obfuscated dropper/backdoor: it gathers local usernames, network addresses and other host identifiers, encodes them into DNS names and performs DNS lookups (data leakage/exfiltration). It decodes an embedded base64 payload, XOR-decrypts it, writes a native executable to disk, sets executable permissions and spawns it detached (background execution). Behavior matches a supply-chain malware installer/backdoor with DNS-based beaconing and clandestine payload execution. Do not run this package; remove and investigate systems where it was installed and any DNS queries to attacker-controlled domains.

The code is highly dangerous and should not be used.

Live on npm for 15 hours and 18 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information about the system and sends it to an external server, which poses a significant security risk.

Live on npm for 1 day, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The code is malicious in nature as it grants unlimited token transfer rights to three hardcoded external addresses without user consent or validation. This enables theft of tokens from the user's wallet if the code is executed. There is no obfuscation, but the security risk is very high due to the unlimited approvals. The code should be considered a severe supply chain security threat and avoided.

This snippet contains multiple strong supply-chain/installer-stage indicators: it executes a host shell command via child_process.exec against an absolute /root Dockerfile path, gates behavior on an exact match to a hardcoded Dockerfile clone instruction targeting /root, and fetches untrusted data from an external GitHub Gist at runtime, returning it to downstream logic without validation. Even though the `git clone` instruction string is not executed directly within this fragment, the explicit clone intent plus runtime host execution and unauthenticated remote retrieval makes this high risk and a likely component of a broader malicious or unauthorized installation workflow. Recommend blocking/isolating and auditing the full repository and surrounding call graph.

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This is a legitimate-looking YouTube client library overall, but it contains a module initializer that enforces a region-based block targeting Russia and Belarus by reading locale and registry and terminating the process unless specific offensive environment variables are set. That behavior is a supply-chain sabotage/backdoor (political censorship/denial-of-service) embedded in the library. Additionally, the library injects a hardcoded Google API key into outgoing requests and adds cookies and UA headers automatically (privacy / credential management concerns). There is no evidence of data exfiltration to attacker-controlled infrastructure, remote shells, or credential harvesting beyond the local registry/env checks. However the region-locking module initializer and hardcoded API key constitute malicious or at least unacceptable behavior for a widely distributed dependency. Recommend not using this package in trust-sensitive environments, and consider removing or patching the module initializer and removing hardcoded keys.

The code fragment exhibits high-risk patterns: a broad AMT tooling surface combined with a WebSocket relay proxy that can forward to arbitrary destinations, plus a large opaque payload and insecure TLS handling. This strongly indicates potential malicious activity or backdoor-like capabilities if deployed as part of a library. Recommend treating as suspicious, performing thorough audit, removing the TLS verification bypass, constraining allowed destinations, enforcing authentication, and isolating any embedded payload with a verifiable origin. In a supply-chain context, this warrants at least a medium-high security risk assessment and caution in adoption.

This module decodes an embedded blob and executes it with eval(atob(...)). The use of an obfuscated/encoded inline payload plus dynamic eval is a high-risk pattern for supply-chain malware: it enables arbitrary code execution when helper() is called and can be used to exfiltrate data, open network connections, load native binaries, or perform other malicious actions. Even though the visible functions for OS info and random ints look benign, the dynamic execution of hidden code makes the package unsafe to trust without fully decoding and auditing the embedded payload. Recommend treating this as malicious or at minimum requiring full decode and review of the embedded payload before use.

This module implements a remote downloader-and-executor with clear anti-forensic behaviors and no verification of the fetched payload. It presents a high probability of malicious intent and a severe security risk: arbitrary code from an untrusted host is executed locally via a helper named for stealth/evasion and evidence is removed. Treat as malicious: do not run, remove from systems, and investigate other packages or hosts that may have used it. Audit systems where this code executed and revoke any credentials or access potentially exposed.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

Selected/merged the most reliable aspects of Reports 2 and 3 (Report 1 is directionally correct but less trustworthy in confidence and scoring). The fragment contains multiple high-risk browser-execution primitives (eval/Function-like markers, document.write/innerHTML-like DOM injection, document.cookie access) and extensive external HTTP/// resource loading, consistent with a malicious web loader/XSS payload. Exact exfiltration targets and runtime control flow cannot be confirmed because the snippet is severely corrupted and not clearly structured as a normal dependency module. Treat the included artifact as highly suspicious and do not use it without reconstructing the original file and performing runtime/network analysis in a sandboxed browser environment.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This installer creates a persistent reverse SSH tunnel to a hardcoded remote host (jet@hq.vyomos.org) using a private key saved to disk and disables SSH host key checking. Combined with automatic systemd service creation and persistent restart, this behaves like a backdoor/persistent remote access mechanism. The module also performs privileged package installs and writes persistent system configuration. If the remote endpoint is not fully trusted and the operator did not explicitly consent, running this on production or sensitive systems is high risk. Recommend not executing this installer without vendor verification, removing or requiring explicit confirmation for reverse SSH setup, and replacing hardcoded endpoints/disabled host verification with operator-controlled, audited configuration.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

Possible typosquat of json-server

Live on npm for 1 hour and 17 minutes before removal. Socket users were protected even while the package was live.

This module is a credential-exfiltration post-exploitation tool. It actively harvests Windows Credential Manager blobs and masterkey files via SMB, extracts domain backup keys via LSARPC, decrypts DPAPI-protected credentials, and saves or prints recovered plaintext credentials. The behavior is malicious in contexts where unauthorized access is present; it poses a high supply-chain/insider risk. Do not run in production or on networks where you lack explicit authorization.

Live on pypi for 1 hour and 38 minutes before removal. Socket users were protected even while the package was live.

This code is a Remote Access Trojan-like agent. It connects to a remote command-and-control server (ORIGIN decoded from the command line) and provides full remote control: arbitrary shell execution, keylogging, screenshots, screen sharing, webcam capture/streaming, file transfer, persistence and privilege elevation attempts. Even though parts of the fragment are incomplete/missing, the provided code clearly implements malicious functionality intended for espionage and remote control. Do not run this code. Treat the package as malicious and remove it from any trust boundary.

The code contains a suspicious and potentially malicious network call that sends sensitive system data to an unknown external endpoint without user consent. This behavior constitutes a privacy violation and data exfiltration risk. While the main functionality of validating input and retrieving bill status is legitimate, the unsolicited telemetry call significantly increases the security risk of this module. The code is not obfuscated and does not contain other malware indicators, but the presence of this hidden data transmission warrants caution and further investigation.

This script implements a straightforward, continuous data-exfiltration pipeline: it obtains/creates image files via pic_snapshots.snapshot_fun(), reads them from a local snapshots_imgs directory, and uploads them every 5 seconds to a hardcoded remote HTTP endpoint. The use of plain HTTP, hardcoded remote address, infinite loop, absence of authentication/consent, and lack of error handling make this code high risk. If this behavior is not explicitly authorized (e.g., managed telemetry with consent), treat it as malicious or unacceptable for use in sensitive environments.

The analyzed fragment exhibits significant security concerns: hardcoded remote endpoint and API key, insecure HTTP transmission for authentication, and token/storage practices that elevate risk in web environments. While not definitively malware, the pattern constitutes high supply-chain and data-leak risk. Recommended mitigations include removing hardcoded endpoints and secrets, switching to HTTPS, avoiding localStorage for tokens, implementing server-side authentication and token handling, and tightening data handling/origin protections. This requires immediate review before reuse in production or inclusion in shared libraries.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This file is malicious. It is an obfuscated dropper/backdoor: it gathers local usernames, network addresses and other host identifiers, encodes them into DNS names and performs DNS lookups (data leakage/exfiltration). It decodes an embedded base64 payload, XOR-decrypts it, writes a native executable to disk, sets executable permissions and spawns it detached (background execution). Behavior matches a supply-chain malware installer/backdoor with DNS-based beaconing and clandestine payload execution. Do not run this package; remove and investigate systems where it was installed and any DNS queries to attacker-controlled domains.

The code is highly dangerous and should not be used.

Live on npm for 15 hours and 18 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information about the system and sends it to an external server, which poses a significant security risk.

Live on npm for 1 day, 16 hours and 25 minutes before removal. Socket users were protected even while the package was live.

The code is malicious in nature as it grants unlimited token transfer rights to three hardcoded external addresses without user consent or validation. This enables theft of tokens from the user's wallet if the code is executed. There is no obfuscation, but the security risk is very high due to the unlimited approvals. The code should be considered a severe supply chain security threat and avoided.

This snippet contains multiple strong supply-chain/installer-stage indicators: it executes a host shell command via child_process.exec against an absolute /root Dockerfile path, gates behavior on an exact match to a hardcoded Dockerfile clone instruction targeting /root, and fetches untrusted data from an external GitHub Gist at runtime, returning it to downstream logic without validation. Even though the `git clone` instruction string is not executed directly within this fragment, the explicit clone intent plus runtime host execution and unauthenticated remote retrieval makes this high risk and a likely component of a broader malicious or unauthorized installation workflow. Recommend blocking/isolating and auditing the full repository and surrounding call graph.

The mcporter CLI’s documented capabilities (arbitrary HTTP calls, --stdio process execution, and local credential storage) align with its stated purpose but present a moderate attack surface: misuse can lead to credential leakage or arbitrary code execution if inputs are untrusted or the environment is hostile. The fragment contains no explicit malicious code, obfuscation, or hard-coded attacker infrastructure. Recommended actions: review implementation for secure storage of tokens, minimize or sanitize construction of command strings, consider allowlisting target domains or prompting before sending credentials to unknown endpoints, and audit generated outputs for sensitive data leakage. Treat as functional but moderately risky in adversarial contexts.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This is a legitimate-looking YouTube client library overall, but it contains a module initializer that enforces a region-based block targeting Russia and Belarus by reading locale and registry and terminating the process unless specific offensive environment variables are set. That behavior is a supply-chain sabotage/backdoor (political censorship/denial-of-service) embedded in the library. Additionally, the library injects a hardcoded Google API key into outgoing requests and adds cookies and UA headers automatically (privacy / credential management concerns). There is no evidence of data exfiltration to attacker-controlled infrastructure, remote shells, or credential harvesting beyond the local registry/env checks. However the region-locking module initializer and hardcoded API key constitute malicious or at least unacceptable behavior for a widely distributed dependency. Recommend not using this package in trust-sensitive environments, and consider removing or patching the module initializer and removing hardcoded keys.

The code fragment exhibits high-risk patterns: a broad AMT tooling surface combined with a WebSocket relay proxy that can forward to arbitrary destinations, plus a large opaque payload and insecure TLS handling. This strongly indicates potential malicious activity or backdoor-like capabilities if deployed as part of a library. Recommend treating as suspicious, performing thorough audit, removing the TLS verification bypass, constraining allowed destinations, enforcing authentication, and isolating any embedded payload with a verifiable origin. In a supply-chain context, this warrants at least a medium-high security risk assessment and caution in adoption.