Secure your dependencies. Ship with confidence.

The provided bundle contains a clear malicious insertion: code that detects environment (timezone) and then constructs a large political/propaganda message, calls alert() and opens external links including a Tor .onion URL and change.org. This is unrelated to the tournament UI functionality and amounts to a supply-chain compromise / defacement/backdoor. Remove and do not use this package version. Investigate the package source, verify upstream integrity/commit history, and restore from a known-good release. Treat any deployed instances as potentially affected (users may have been navigated to external sites).

The script exhibits several behaviors indicative of malicious activity, including collecting sensitive system information and exfiltrating it to external domains via DNS and HTTP requests. The setting of NODE_TLS_REJECT_UNAUTHORIZED to 0 further increases the security risk.

Live on npm for 5 days, 23 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code is a normal application bundle composed of many standard libraries and the application's admin modules, but it contains at least one deliberate, targeted malicious behavior: a locale-and-host-specific block that disables pointer events and injects/auto-plays an external audio file (https://flag-gimn.ru/.../Ukraina.mp3) for Russian locales/hosts. This is a hostile payload (propaganda/sabotage) and should be considered malicious. There is also an injection of a script tag loading CLodop from http://localhost:8000 which can execute code from a local HTTP server; this is risky and should be made optional/secure. Other uses of dynamic code compilation (vue-i18n) and sending Authorization tokens via axios are expected in such an app but increase attack surface. I recommend removing the locale-specific audio injection immediately and auditing any injected external scripts (especially the localhost CLodop include).

This code collects various system information and sends it to a remote server via an HTTPS request. The purpose of this tracking data collection is unclear from the provided code. However, it could potentially be used for legitimate analytics or monitoring purposes. The lack of error handling and the inclusion of sensitive information such as the user's home directory and DNS servers raise some security concerns. Further investigation and review of the remote server and its purpose are necessary to determine if this behavior is malicious or not.

Live on npm for 29 days and 16 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code contains potentially malicious behavior due to the use of base64 encoding to hide code that is executed with exec(). This behavior, combined with the network communication to a Telegram API, suggests data exfiltration risks. The code is obfuscated and poses a high security risk.

Live on PyPI for 41 minutes before removal. Socket users were protected even while the package was live.

This module collects and sends the entire runtime environment (process.env), job info, and GitHub context to a remote webhook URL supplied via action input or environment variable, and can optionally disable TLS verification. This constitutes a high-risk data-exfiltration behavior (credential harvesting/leakage). Unless this exact behavior is explicitly desired and the webhook endpoint is fully trusted and auditable, this package should be treated as malicious or at least dangerously unsafe for use in CI. Recommend not using it in CI runners with secrets present, or audit/modify it to avoid sending all environment variables and to never disable TLS verification.

The code is configured to collect sensitive user data and maintain persistence, which could be used maliciously if the full logic were implemented. The absence of actual data extraction or network communication logic in the provided code does not negate the potential for misuse.

Live on PyPI for 10 hours before removal. Socket users were protected even while the package was live.

This file collects system information (home directory, hostname, user details, DNS servers, and other environment data) and transmits it to 120[.]57[.]83[.]1 via an HTTP POST request. The hardcoded external IP address, absence of user consent, and exfiltration of personal or system data indicate malicious intent.

Live on npm for 1 day, 15 hours and 1 minute before removal. Socket users were protected even while the package was live.

This is malicious software that functions as a sophisticated backdoor daemon. It implements a multi-threaded HTTP server listening on ports 4600 and 4601 that accepts JSON POST requests from any network interface (0.0.0.0). The daemon provides remote code execution through a 'shell' operation that directly executes arbitrary commands via subprocess without validation or sanitization. It includes privilege escalation capabilities using sudo commands for network interface manipulation, creating dynamic network aliases with ifconfig. The malware can download files from S3 buckets to arbitrary locations with overwrite capability, start SSH forward proxies on privileged port 22, and manipulate system network configuration. Variable names are intentionally obfuscated (_A=True, _B='error', _G='uname -a') to hide the true nature of operations. The code includes mechanisms for remote termination via 'kill' operations and uses hardcoded AWS credential fallbacks. This backdoor provides attackers with extensive system access including shell command execution, file manipulation, network interface control, and SSH proxy services with root privileges.

The code collects environment variables and sends them to a potentially malicious remote server under certain conditions. This behavior is highly suspicious and could lead to data leakage or credential theft.

This module contains functionality to perform in-memory process injection (process hollowing / reflective injection): it spawns a process, allocates memory in it, writes an image buffer into that memory, sets thread context, and resumes execution. The managed API ProcessManager.Run accepts a byte[] and triggers this native sequence. That capability is highly suspicious for a library dependency unless clearly documented and expected (e.g., a legitimate loader). Treat this as potentially malicious/supply-chain risk: if you do not expect or require in-memory process injection, do not use or include this package. If you must use it, isolate and audit the callers and ensure images are trusted and usage is legitimate.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code has functionalities that are potentially dangerous if misused, such as downloading and executing binaries, and manipulating firmware locks. It lacks strong authentication for remote command execution, which is a significant security risk. However, there is no explicit malicious intent identified, but it should be reviewed carefully before deployment due to its capabilities.

This module implements a remote-controlled agent that performs arbitrary code execution on received websocket messages (via eval), writes remote-provided certificates and configuration to disk, and issues shell reload commands. The direct use of eval on untrusted network input and shell=True with formatted input constitute severe security vulnerabilities and backdoor-like behavior. Treat this code as high-risk/malicious unless additional safety controls (trusted websocket endpoint, message signing, strict path controls, removal of eval) are proven present in surrounding system.

This install script downloads and executes a shell script from a remote URL, which is a common vector for malicious behavior. The safety of this action depends entirely on the contents of the 'install.sh' script hosted at the specified URL.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This file collects and sends sensitive system and user information (e.g., home directory, hostname, username, DNS servers, and package details) to an unspecified remote host (placeholder '__', similar to example[.]com). Such behavior, without user consent or a legitimate purpose, constitutes data exfiltration and poses a significant privacy and security risk.

Live on npm for 24 days, 21 hours and 1 minute before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This file contains a malware dropper that downloads and executes an unverified Windows executable from a remote GitHub repository. The code fetches version information from https://raw[.]githubusercontent[.]com/deshamed/manager/refs/heads/main/version[.]txt and downloads the payload from https://github[.]com/deshamed/manager/releases/download/love/system_service[.]exe. It creates a hidden folder in the user's home directory, attempts to bypass Windows UAC twice to gain elevated privileges, adds the downloaded executable to the Windows Task Scheduler for persistence, creates firewall rules to allow network access, and executes the payload silently with suppressed output. The downloaded executable lacks integrity verification (no signature or hash checking), making it vulnerable to supply chain attacks. This behavior is consistent with backdoor installation and represents a serious security threat designed to maintain persistent access to compromised systems.

Live on PyPI for 2 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This script aggressively instrumentates a CI environment by wrapping core executables (sh, dash, bash, node, docker) with compiled wrappers that delegate to decoration scripts, installs remote components, and establishes OTEL tracing/hooks. This pattern is highly suspicious for covert interception, data flow manipulation, or persistent backdoor-like behavior in a software supply chain. While telemetry integration is possible, the breadth of binary replacements combined with remote installer execution and environment propagation indicates a high-security risk and potential compromise of build integrity.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 1 hour and 45 minutes before removal. Socket users were protected even while the package was live.

The source code implements a malicious backdoor that stealthily collects and exfiltrates sensitive system and package information to a suspicious external server without user consent. This represents a high-severity supply chain security incident with clear data theft intent. The code is not obfuscated but is malicious, and the risk to users is severe.

Live on npm for 3 hours and 15 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 3 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

The provided bundle contains a clear malicious insertion: code that detects environment (timezone) and then constructs a large political/propaganda message, calls alert() and opens external links including a Tor .onion URL and change.org. This is unrelated to the tournament UI functionality and amounts to a supply-chain compromise / defacement/backdoor. Remove and do not use this package version. Investigate the package source, verify upstream integrity/commit history, and restore from a known-good release. Treat any deployed instances as potentially affected (users may have been navigated to external sites).

The script exhibits several behaviors indicative of malicious activity, including collecting sensitive system information and exfiltrating it to external domains via DNS and HTTP requests. The setting of NODE_TLS_REJECT_UNAUTHORIZED to 0 further increases the security risk.

Live on npm for 5 days, 23 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code is a normal application bundle composed of many standard libraries and the application's admin modules, but it contains at least one deliberate, targeted malicious behavior: a locale-and-host-specific block that disables pointer events and injects/auto-plays an external audio file (https://flag-gimn.ru/.../Ukraina.mp3) for Russian locales/hosts. This is a hostile payload (propaganda/sabotage) and should be considered malicious. There is also an injection of a script tag loading CLodop from http://localhost:8000 which can execute code from a local HTTP server; this is risky and should be made optional/secure. Other uses of dynamic code compilation (vue-i18n) and sending Authorization tokens via axios are expected in such an app but increase attack surface. I recommend removing the locale-specific audio injection immediately and auditing any injected external scripts (especially the localhost CLodop include).

This code collects various system information and sends it to a remote server via an HTTPS request. The purpose of this tracking data collection is unclear from the provided code. However, it could potentially be used for legitimate analytics or monitoring purposes. The lack of error handling and the inclusion of sensitive information such as the user's home directory and DNS servers raise some security concerns. Further investigation and review of the remote server and its purpose are necessary to determine if this behavior is malicious or not.

Live on npm for 29 days and 16 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code contains potentially malicious behavior due to the use of base64 encoding to hide code that is executed with exec(). This behavior, combined with the network communication to a Telegram API, suggests data exfiltration risks. The code is obfuscated and poses a high security risk.

Live on PyPI for 41 minutes before removal. Socket users were protected even while the package was live.

This module collects and sends the entire runtime environment (process.env), job info, and GitHub context to a remote webhook URL supplied via action input or environment variable, and can optionally disable TLS verification. This constitutes a high-risk data-exfiltration behavior (credential harvesting/leakage). Unless this exact behavior is explicitly desired and the webhook endpoint is fully trusted and auditable, this package should be treated as malicious or at least dangerously unsafe for use in CI. Recommend not using it in CI runners with secrets present, or audit/modify it to avoid sending all environment variables and to never disable TLS verification.

The code is configured to collect sensitive user data and maintain persistence, which could be used maliciously if the full logic were implemented. The absence of actual data extraction or network communication logic in the provided code does not negate the potential for misuse.

Live on PyPI for 10 hours before removal. Socket users were protected even while the package was live.

This file collects system information (home directory, hostname, user details, DNS servers, and other environment data) and transmits it to 120[.]57[.]83[.]1 via an HTTP POST request. The hardcoded external IP address, absence of user consent, and exfiltration of personal or system data indicate malicious intent.

Live on npm for 1 day, 15 hours and 1 minute before removal. Socket users were protected even while the package was live.

This is malicious software that functions as a sophisticated backdoor daemon. It implements a multi-threaded HTTP server listening on ports 4600 and 4601 that accepts JSON POST requests from any network interface (0.0.0.0). The daemon provides remote code execution through a 'shell' operation that directly executes arbitrary commands via subprocess without validation or sanitization. It includes privilege escalation capabilities using sudo commands for network interface manipulation, creating dynamic network aliases with ifconfig. The malware can download files from S3 buckets to arbitrary locations with overwrite capability, start SSH forward proxies on privileged port 22, and manipulate system network configuration. Variable names are intentionally obfuscated (_A=True, _B='error', _G='uname -a') to hide the true nature of operations. The code includes mechanisms for remote termination via 'kill' operations and uses hardcoded AWS credential fallbacks. This backdoor provides attackers with extensive system access including shell command execution, file manipulation, network interface control, and SSH proxy services with root privileges.

The code collects environment variables and sends them to a potentially malicious remote server under certain conditions. This behavior is highly suspicious and could lead to data leakage or credential theft.

This module contains functionality to perform in-memory process injection (process hollowing / reflective injection): it spawns a process, allocates memory in it, writes an image buffer into that memory, sets thread context, and resumes execution. The managed API ProcessManager.Run accepts a byte[] and triggers this native sequence. That capability is highly suspicious for a library dependency unless clearly documented and expected (e.g., a legitimate loader). Treat this as potentially malicious/supply-chain risk: if you do not expect or require in-memory process injection, do not use or include this package. If you must use it, isolate and audit the callers and ensure images are trusted and usage is legitimate.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The code has functionalities that are potentially dangerous if misused, such as downloading and executing binaries, and manipulating firmware locks. It lacks strong authentication for remote command execution, which is a significant security risk. However, there is no explicit malicious intent identified, but it should be reviewed carefully before deployment due to its capabilities.

This module implements a remote-controlled agent that performs arbitrary code execution on received websocket messages (via eval), writes remote-provided certificates and configuration to disk, and issues shell reload commands. The direct use of eval on untrusted network input and shell=True with formatted input constitute severe security vulnerabilities and backdoor-like behavior. Treat this code as high-risk/malicious unless additional safety controls (trusted websocket endpoint, message signing, strict path controls, removal of eval) are proven present in surrounding system.

This install script downloads and executes a shell script from a remote URL, which is a common vector for malicious behavior. The safety of this action depends entirely on the contents of the 'install.sh' script hosted at the specified URL.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This file collects and sends sensitive system and user information (e.g., home directory, hostname, username, DNS servers, and package details) to an unspecified remote host (placeholder '__', similar to example[.]com). Such behavior, without user consent or a legitimate purpose, constitutes data exfiltration and poses a significant privacy and security risk.

Live on npm for 24 days, 21 hours and 1 minute before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This file contains a malware dropper that downloads and executes an unverified Windows executable from a remote GitHub repository. The code fetches version information from https://raw[.]githubusercontent[.]com/deshamed/manager/refs/heads/main/version[.]txt and downloads the payload from https://github[.]com/deshamed/manager/releases/download/love/system_service[.]exe. It creates a hidden folder in the user's home directory, attempts to bypass Windows UAC twice to gain elevated privileges, adds the downloaded executable to the Windows Task Scheduler for persistence, creates firewall rules to allow network access, and executes the payload silently with suppressed output. The downloaded executable lacks integrity verification (no signature or hash checking), making it vulnerable to supply chain attacks. This behavior is consistent with backdoor installation and represents a serious security threat designed to maintain persistent access to compromised systems.

Live on PyPI for 2 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This script aggressively instrumentates a CI environment by wrapping core executables (sh, dash, bash, node, docker) with compiled wrappers that delegate to decoration scripts, installs remote components, and establishes OTEL tracing/hooks. This pattern is highly suspicious for covert interception, data flow manipulation, or persistent backdoor-like behavior in a software supply chain. While telemetry integration is possible, the breadth of binary replacements combined with remote installer execution and environment propagation indicates a high-security risk and potential compromise of build integrity.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 1 hour and 45 minutes before removal. Socket users were protected even while the package was live.

The source code implements a malicious backdoor that stealthily collects and exfiltrates sensitive system and package information to a suspicious external server without user consent. This represents a high-severity supply chain security incident with clear data theft intent. The code is not obfuscated but is malicious, and the risk to users is severe.

Live on npm for 3 hours and 15 minutes before removal. Socket users were protected even while the package was live.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 3 hours and 40 minutes before removal. Socket users were protected even while the package was live.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.