Secure your dependencies. Ship with confidence.

This source collects persistent hardware identifiers, contacts a hardcoded remote server with the machine UUID, and attempts to silently install and start a Windows service (SystemTimerClient). The remote server response can toggle local behavior via a marker file. These are high-risk supply-chain behaviors: secretive fingerprinting, remote-controlled toggling, and persistence installation without visible consent. Treat this package as suspicious and avoid use until provenance and purpose are validated. If encountered in a dependency, block and investigate companion binaries and the remote server.

This module contains code that locates system pip/pip3 and overwrites those executables with a packaged script (static/new_pip.py), formatted with a discovered python interpreter path. This is a high-risk supply-chain/backdoor technique enabling arbitrary code execution whenever pip is invoked. Absent explicit user consent, backups, integrity checks, and documentation, this behavior should be treated as malicious. Do not run this code on production or privileged systems; inspect static/new_pip.py if available, and restore original pip binaries from trusted sources if this was executed.

This module injects custom WebSocket heartbeat handlers into the pybotters library for hosts futures[.]ourbit[.]com, www[.]ourbit[.]com, quote[.]edgex[.]exchange and uuws[.]rerrkvifj[.]com at import time. It then drills into private session internals (ws._response._session.__dict__['_apis']) to extract API tokens and immediately sends them in a JSON login payload (via ws.send_json) to the connected host. By mutating pybotters.ws.HeartbeatHosts.items and AuthHosts.items globally, it enables automatic credential exfiltration whenever any of these endpoints are contacted. The inclusion of a random-looking, typosquatted domain (uuws[.]rerrkvifj[.]com) and side-effectful import-time modifications strongly indicate supply-chain tampering or malicious backdoor behavior. Remove this code, audit package provenance, and rotate any potentially exposed credentials.

This module intentionally conceals its functionality by executing a decompressed, base64-encoded payload at import/runtime. That design blocks static inspection and is a high-risk pattern for supply-chain malware or hidden unwanted behavior. Until the embedded payload is safely decoded and analyzed, treat this code as untrusted and avoid using it in production.

Live on pypi for 2 days, 13 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This script is executing a local command '/readflag' and piping the output to 'curl'. The pipe symbol '|' is a shell feature that allows the output of one command to be used as input to another command. This allows for arbitrary code injection. The script is sending the output to a remote server 'https://073a-178-247-141-177.eu.ngrok.io' via port 443. This could potentially be a malicious server.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The original package posed a significant risk due to its malicious content, leading to its removal. The placeholder does not exhibit malicious behavior, but caution is advised due to the package's history.

This code fragment implements remote access/tunneling agent functionality: it accepts commands over a tunnel, can spawn an interactive shell piped to the remote side, and performs arbitrary filesystem operations (list, upload, mkdir, delete, rename, copy, move). Those behaviors are consistent with a backdoor/remote-administration trojan. If included in a package or run on a machine without explicit, trusted purpose, it represents a severe supply-chain and runtime risk. Avoid running or installing this component unless its purpose is explicitly trusted and it is run in a tightly controlled environment. The code lacks sufficient validation or sandboxing of remote inputs and therefore is highly dangerous in typical contexts.

This code implements a classic reverse shell/backdoor: it unconditionally spawns /bin/sh and forwards its I/O over a TCP connection to a hard-coded remote IP and port. It provides remote command execution and data exfiltration capabilities and should be treated as malicious. Do not execute this file; if found in a repository or system, remove it, investigate execution history, and assume compromise.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module resolves a hostname to an IP and blindly performs pip2 install from an HTTP URL built from that IP using subprocess with shell=True. That creates a direct, high-risk remote code retrieval-and-execute path: attacker-controlled DNS/host or the HTTP endpoint can deliver arbitrary packages that execute code during installation. Additional risks include command injection via shell=True, lack of TLS and signature/integrity checks, and poor error handling. Do not use this code in production: require HTTPS, validate inputs, avoid shell=True, use pip APIs or verified package indexes, and implement signature/integrity checks for packages.

This file is an offensive command cookbook that documents numerous practical methods for spawning shells, escalating privileges, and exfiltrating data using widely available tools and runtimes. As a passive artifact it is dangerous because it provides actionable, copy-paste-ready commands. If this content appears in an open-source dependency — particularly in code paths executed during install, package build, or by privileged tooling — it constitutes a severe supply-chain risk. Treat any package containing this text with high suspicion: remove or isolate it, audit install/build hooks, and do not run its commands on production systems.

This code persistently injects a GitHub Actions workflow that will execute a remotely-hosted installer via curl | bash on self-hosted runners. That is a high-risk supply-chain/backdoor pattern because the remote payload is uncontrolled and can perform arbitrary actions with the privileges of the runner. The behavior is suspicious and dangerous: avoid executing this script, remove the workflow if present, and investigate any runner or secret exposure. Manual review of the remote script content and full audit of any runner that executed it is required.

The code appears to be designed to exfiltrate sensitive information about the system and the Node.js project to a suspicious remote server. Given the nature of the data being sent and the destination, it is likely that this code could be part of a supply chain attack.

Live on npm for 18 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The fragment presents a large opaque payload with no visible execution logic. Although not proven malicious by itself, the encoding, packaging pattern, and absence of decoding pathways strongly suggest potential hidden behavior. A thorough, controlled analysis of the full package (decode and inspect any runtime decoders, network calls, file I/O, or process execution triggered post-decoding) is required before use.

This script displays clear malicious/sabotage behavior: it hides its output, enumerates and forcibly kills Node.js processes across the system, and repeatedly attempts to delete/overwrite a specific package folder (node_modules/github-badge-bot). The behavior is targeted (specific package name and other string matches) and destructive (process termination and file deletion). It is unsafe to run; treat as malicious and remove from any codebase or CI where it appears.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This file implements explicit offensive capabilities: execution of arbitrary native payloads in-process (LocalTask) and injection via memfd + LD_PRELOAD into spawned processes (Sideload). These features represent high-risk malicious functionality for general-purpose dependencies. Treat this code as hostile unless its use is deliberate, authorized, and confined to controlled penetration-testing contexts. Do not include this module as a dependency in production software or allow it to run in environments handling untrusted workloads.

This single-file module conceals a runtime-executed payload via base64 + zlib and executes it via exec(). That is a high-risk pattern for supply-chain attacks because it prevents static inspection and grants arbitrary code execution at import. Treat this as untrusted code until the decompressed payload is inspected in a safe/sandboxed environment. Recommended actions: do not run in production, extract and audit the decompressed code offline, and require the package maintainer to justify and remove opaque execution or supply a visible, signed source.

Live on pypi for 1 day, 9 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This package contains malicious install/test scripts that harvest AWS caller identity and search local files for database/password indicators, then exfiltrate the collected data (base64-encoded) to an external HTTP endpoint. It executes during npm lifecycle events (preinstall/postinstall/test) using child_process to run curl and grep, enabling untrusted command execution and data exfiltration. Treat this package as malicious and block/remove it; investigate any systems where it was installed and rotate any exposed credentials.

The module itself is not explicitly obfuscated or containing a hardcoded backdoor, but it exposes a high-risk capability: executing arbitrary shell commands with shell=True and no effective whitelist. The defined ALLOWED_COMMANDS whitelist is not used, which is a significant bug/issue. If this function is passed untrusted input (or run non-interactively or with a coerced input acceptance), it can be used to run arbitrary commands on the host — enabling data theft, system damage, or persistence depending on the commands provided. Recommend removing shell=True or validating against ALLOWED_COMMANDS, properly parsing commands, avoiding interactive prompts for programmatic use, and sanitizing/escaping inputs before execution.

Live on pypi for 21 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This module intentionally exposes functionality that allows execution of arbitrary Python and shell commands derived from user selection, chat content, or plugins. These capabilities are useful for an advanced UI but are high-risk: exec(), eval(), subprocess.run(..., shell=True), and os.system() are used on data that can come from untrusted sources (LLM responses, plugins, selected text). There is no strong sanitization or explicit user confirmation around executing code produced by chat responses. I did not find hidden obfuscation or clear malicious payloads, but the design creates a high potential for exploitation or accidental destructive actions (remote code execution, data exfiltration via plugins or commands). Recommendations: remove or strictly gate eval/exec/subprocess usage, require explicit user confirmation and sandboxing for code execution, avoid setting keys into subprocess-exposed environment, and validate/quote paths when calling os.system. Treat this package as high-risk for environments where untrusted prompts, plugins or collaborators exist.

Live on pypi for 17 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This source collects persistent hardware identifiers, contacts a hardcoded remote server with the machine UUID, and attempts to silently install and start a Windows service (SystemTimerClient). The remote server response can toggle local behavior via a marker file. These are high-risk supply-chain behaviors: secretive fingerprinting, remote-controlled toggling, and persistence installation without visible consent. Treat this package as suspicious and avoid use until provenance and purpose are validated. If encountered in a dependency, block and investigate companion binaries and the remote server.

This module contains code that locates system pip/pip3 and overwrites those executables with a packaged script (static/new_pip.py), formatted with a discovered python interpreter path. This is a high-risk supply-chain/backdoor technique enabling arbitrary code execution whenever pip is invoked. Absent explicit user consent, backups, integrity checks, and documentation, this behavior should be treated as malicious. Do not run this code on production or privileged systems; inspect static/new_pip.py if available, and restore original pip binaries from trusted sources if this was executed.

This module injects custom WebSocket heartbeat handlers into the pybotters library for hosts futures[.]ourbit[.]com, www[.]ourbit[.]com, quote[.]edgex[.]exchange and uuws[.]rerrkvifj[.]com at import time. It then drills into private session internals (ws._response._session.__dict__['_apis']) to extract API tokens and immediately sends them in a JSON login payload (via ws.send_json) to the connected host. By mutating pybotters.ws.HeartbeatHosts.items and AuthHosts.items globally, it enables automatic credential exfiltration whenever any of these endpoints are contacted. The inclusion of a random-looking, typosquatted domain (uuws[.]rerrkvifj[.]com) and side-effectful import-time modifications strongly indicate supply-chain tampering or malicious backdoor behavior. Remove this code, audit package provenance, and rotate any potentially exposed credentials.

This module intentionally conceals its functionality by executing a decompressed, base64-encoded payload at import/runtime. That design blocks static inspection and is a high-risk pattern for supply-chain malware or hidden unwanted behavior. Until the embedded payload is safely decoded and analyzed, treat this code as untrusted and avoid using it in production.

Live on pypi for 2 days, 13 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This script is executing a local command '/readflag' and piping the output to 'curl'. The pipe symbol '|' is a shell feature that allows the output of one command to be used as input to another command. This allows for arbitrary code injection. The script is sending the output to a remote server 'https://073a-178-247-141-177.eu.ngrok.io' via port 443. This could potentially be a malicious server.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise concerns about privacy violations. This package should be reviewed carefully before being used.

The original package posed a significant risk due to its malicious content, leading to its removal. The placeholder does not exhibit malicious behavior, but caution is advised due to the package's history.

This code fragment implements remote access/tunneling agent functionality: it accepts commands over a tunnel, can spawn an interactive shell piped to the remote side, and performs arbitrary filesystem operations (list, upload, mkdir, delete, rename, copy, move). Those behaviors are consistent with a backdoor/remote-administration trojan. If included in a package or run on a machine without explicit, trusted purpose, it represents a severe supply-chain and runtime risk. Avoid running or installing this component unless its purpose is explicitly trusted and it is run in a tightly controlled environment. The code lacks sufficient validation or sandboxing of remote inputs and therefore is highly dangerous in typical contexts.

This code implements a classic reverse shell/backdoor: it unconditionally spawns /bin/sh and forwards its I/O over a TCP connection to a hard-coded remote IP and port. It provides remote command execution and data exfiltration capabilities and should be treated as malicious. Do not execute this file; if found in a repository or system, remove it, investigate execution history, and assume compromise.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module resolves a hostname to an IP and blindly performs pip2 install from an HTTP URL built from that IP using subprocess with shell=True. That creates a direct, high-risk remote code retrieval-and-execute path: attacker-controlled DNS/host or the HTTP endpoint can deliver arbitrary packages that execute code during installation. Additional risks include command injection via shell=True, lack of TLS and signature/integrity checks, and poor error handling. Do not use this code in production: require HTTPS, validate inputs, avoid shell=True, use pip APIs or verified package indexes, and implement signature/integrity checks for packages.

This file is an offensive command cookbook that documents numerous practical methods for spawning shells, escalating privileges, and exfiltrating data using widely available tools and runtimes. As a passive artifact it is dangerous because it provides actionable, copy-paste-ready commands. If this content appears in an open-source dependency — particularly in code paths executed during install, package build, or by privileged tooling — it constitutes a severe supply-chain risk. Treat any package containing this text with high suspicion: remove or isolate it, audit install/build hooks, and do not run its commands on production systems.

This code persistently injects a GitHub Actions workflow that will execute a remotely-hosted installer via curl | bash on self-hosted runners. That is a high-risk supply-chain/backdoor pattern because the remote payload is uncontrolled and can perform arbitrary actions with the privileges of the runner. The behavior is suspicious and dangerous: avoid executing this script, remove the workflow if present, and investigate any runner or secret exposure. Manual review of the remote script content and full audit of any runner that executed it is required.

The code appears to be designed to exfiltrate sensitive information about the system and the Node.js project to a suspicious remote server. Given the nature of the data being sent and the destination, it is likely that this code could be part of a supply chain attack.

Live on npm for 18 hours and 8 minutes before removal. Socket users were protected even while the package was live.

The fragment presents a large opaque payload with no visible execution logic. Although not proven malicious by itself, the encoding, packaging pattern, and absence of decoding pathways strongly suggest potential hidden behavior. A thorough, controlled analysis of the full package (decode and inspect any runtime decoders, network calls, file I/O, or process execution triggered post-decoding) is required before use.

This script displays clear malicious/sabotage behavior: it hides its output, enumerates and forcibly kills Node.js processes across the system, and repeatedly attempts to delete/overwrite a specific package folder (node_modules/github-badge-bot). The behavior is targeted (specific package name and other string matches) and destructive (process termination and file deletion). It is unsafe to run; treat as malicious and remove from any codebase or CI where it appears.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This file implements explicit offensive capabilities: execution of arbitrary native payloads in-process (LocalTask) and injection via memfd + LD_PRELOAD into spawned processes (Sideload). These features represent high-risk malicious functionality for general-purpose dependencies. Treat this code as hostile unless its use is deliberate, authorized, and confined to controlled penetration-testing contexts. Do not include this module as a dependency in production software or allow it to run in environments handling untrusted workloads.

This single-file module conceals a runtime-executed payload via base64 + zlib and executes it via exec(). That is a high-risk pattern for supply-chain attacks because it prevents static inspection and grants arbitrary code execution at import. Treat this as untrusted code until the decompressed payload is inspected in a safe/sandboxed environment. Recommended actions: do not run in production, extract and audit the decompressed code offline, and require the package maintainer to justify and remove opaque execution or supply a visible, signed source.

Live on pypi for 1 day, 9 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This package contains malicious install/test scripts that harvest AWS caller identity and search local files for database/password indicators, then exfiltrate the collected data (base64-encoded) to an external HTTP endpoint. It executes during npm lifecycle events (preinstall/postinstall/test) using child_process to run curl and grep, enabling untrusted command execution and data exfiltration. Treat this package as malicious and block/remove it; investigate any systems where it was installed and rotate any exposed credentials.

The module itself is not explicitly obfuscated or containing a hardcoded backdoor, but it exposes a high-risk capability: executing arbitrary shell commands with shell=True and no effective whitelist. The defined ALLOWED_COMMANDS whitelist is not used, which is a significant bug/issue. If this function is passed untrusted input (or run non-interactively or with a coerced input acceptance), it can be used to run arbitrary commands on the host — enabling data theft, system damage, or persistence depending on the commands provided. Recommend removing shell=True or validating against ALLOWED_COMMANDS, properly parsing commands, avoiding interactive prompts for programmatic use, and sanitizing/escaping inputs before execution.

Live on pypi for 21 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This module intentionally exposes functionality that allows execution of arbitrary Python and shell commands derived from user selection, chat content, or plugins. These capabilities are useful for an advanced UI but are high-risk: exec(), eval(), subprocess.run(..., shell=True), and os.system() are used on data that can come from untrusted sources (LLM responses, plugins, selected text). There is no strong sanitization or explicit user confirmation around executing code produced by chat responses. I did not find hidden obfuscation or clear malicious payloads, but the design creates a high potential for exploitation or accidental destructive actions (remote code execution, data exfiltration via plugins or commands). Recommendations: remove or strictly gate eval/exec/subprocess usage, require explicit user confirmation and sandboxing for code execution, avoid setting keys into subprocess-exposed environment, and validate/quote paths when calling os.system. Treat this package as high-risk for environments where untrusted prompts, plugins or collaborators exist.

Live on pypi for 17 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.