Secure your dependencies. Ship with confidence.

This code poses a significant security risk due to the use of a hardcoded IP address for a suspicious API, lack of authentication when connecting to a master node and database, and the ability to upload, download, and delete data without proper validation. The code exhibits behaviors that could potentially be used for malicious purposes, such as exfiltrating sensitive data or interacting with malicious infrastructure. It is strongly recommended not to use this code without thorough investigation and addressing the identified security issues.

Live on npm for 12 days, 15 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The YAML configuration management skill is coherent with its stated purpose. It demonstrates standard, well-known libraries and safe IO patterns for loading, validating, merging, and emitting YAML configurations. No malicious data flows or credential handling are present. LLM verification: The fragment is largely a legitimate YAML configuration guide with concrete examples. However, embedded or referenced insecure installation patterns (unpinned dependencies, external URL downloads) present a potential supply-chain risk if the skill were to execute those steps. Treat as SUSPICIOUS due to inconsistent risk signals and the potential for insecure dependency management being triggered by the skill.

The code implements a WebSocket server that handles client connections, performs session management, and executes various operations based on client messages. However, it introduces several security risks, including the use of the 'Eval' module for executing arbitrary code, lack of input validation and sanitization, and the presence of hardcoded credentials and secrets. These issues can lead to code injection vulnerabilities, data leakage, and other security vulnerabilities. The code should be thoroughly reviewed and improved to ensure secure communication, proper input handling, and protection against potential attacks.

Live on npm for 27 days, 18 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This code contains data exfiltration functionality that steals wallet secret keys from environment variables and sends them to a Telegram bot at api.telegram[.]org using hardcoded credentials (bot token and chat ID). The malicious code combines the stolen secret key with an input parameter and transmits it via HTTP POST request to the attacker's Telegram chat. This represents deliberate theft of sensitive cryptographic material that could be used to compromise cryptocurrency wallets.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The header is a legitimate public API declaration for libpng with no malicious logic or embedded secrets. Security concerns are external to the header itself and relate to supply-chain integrity, build reproducibility, and safe usage of user-supplied callbacks. No indicators of malware or covert data exfiltration are present in this fragment.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This code is malicious or extremely high-risk: it fetches a remote executable, writes it to disk, and executes it immediately and stealthily without validation. Do not run this code. Treat the package or source as compromised and remove or isolate it. If encountered in a dependency, consider it a supply-chain risk and investigate the downloaded binary and the source repository for compromise indicators.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 8 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This source includes a concealed, obfuscated command that is executed automatically at package import via /bin/sh -c. That behavior is a high-risk supply-chain indicator (silent remote code execution capability). Treat this package as malicious/untrusted: remove it from dependencies, audit systems where it was used, and investigate for any spawned processes or downloaded artifacts. Do not import or use this package in production.

This module is a legitimate utility for executing shell commands and applying Kubernetes manifests, but it contains unsafe patterns that create a high risk if it ever processes untrusted input. The critical issue is use of shell=True combined with building command strings via concatenation (not passing args as a list) — notably the heredoc construction in apply_manifest injects manifest_content directly into a shell command, enabling command injection or unexpected shell interpretation. Additional issues: debug logging of full manifest content (possible secret leakage), unbounded accumulation of subprocess output, and a bug (typo) at the end of wait_for_resource_for_specific_status that will raise a NameError on timeout. There is no evidence of intentional malware in the code. Recommendations: avoid shell=True; pass command arguments as lists; write manifest_content to a temporary file and pass '-f <file>' or use subprocess.run([...], input=manifest_content, shell=False); sanitize or validate inputs; remove logging of sensitive content in production; fix the last_stder typo.

The code is malicious and performs unauthorized data exfiltration of system user and host information to an attacker-controlled domain using multiple network commands. It poses a high security risk and should be flagged as malware. The code is not obfuscated but clearly dangerous and should not be used.

Live on npm for 4 days, 4 hours and 2 minutes before removal. Socket users were protected even while the package was live.

This file is highly suspicious and likely implements an in-memory loader/reflective PE loader or shellcode runner. The code is intentionally obfuscated and performs the required steps to decrypt/assemble binary code, allocate executable memory, and create/invoke delegates pointing to that memory. These are common building blocks for malwares that load and execute payloads in memory, install hooks, or patch the runtime. Avoid using this package and treat it as hostile until proven otherwise.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

The package contained malicious code and was removed from the npm registry. Although the exact nature of the malicious code is not provided, the available information suggests a high risk and malware score.

This module functions as a credential harvesting/exfiltration component: it collects Discord tokens (and optional metadata and host identifiers) and sends them in plaintext to an external Telegram chat using credentials retrieved from a local module. Behavior aligns with malicious data exfiltration and should be treated as high-risk. Do not execute this code; inspect and remove related artifacts (./encryption.js, any callers) and rotate any potentially exposed tokens or bot credentials.

The module persistently stores an API token in a file under the user's home directory, encrypted with a key derived from local machine properties, and later transmits that token as an X-CLI-Token header to an external service (decoded from a base64 string). Notable risks: stealthy storage under filenames used by other apps (risk of overwrite and concealment), weak key derivation (no user secret or OS secure store), lack of integrity/authentication for stored blob, and automatic transmission of credentials to a third-party endpoint without visible consent in this module. Depending on the package's provenance this may be intended behavior, but absent explicit user consent and given the storage strategy it should be treated as a privacy/data-exfiltration risk and reviewed before use.

Live on npm for 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The Repomix manifest appears benign and coherent with its stated goal of packaging repositories for AI analysis. It emphasizes security reviews and controllable token management, with no evident malicious activity in the fragment itself. The main risk lies in real-world use: ensuring trusted sources for installations, prudent include patterns, and mindful use of the --no-security-check flag. Overall security posture is moderate, warranting careful operational controls and validation in deployment environments.

This package provides reverse-shell/remote-PTY functionality (potentially malicious or dual-use). The postinstall script triggers a native rebuild of the node-pty dependency by executing node-gyp in that dependency's directory. While rebuilding node-pty is common for native modules, executing build steps during install means code (scripts, makefiles, etc.) in the dependency will run on the host with the installer's privileges. Combined with the package's purpose (reverse shell client), this is high risk — treat as malicious or extremely sensitive. Recommend manual review of package source, dependency source (node-pty), and performing installation only in a sandboxed environment.

The code exhibits high-risk dynamic loading and obfuscation patterns typical of loaders/backdoors. The presence of AssemblyResolve hooks, embedded-resource payloads, Deflate/transform flows, and IL-emission-based execution creates plausible attack surfaces for supply-chain abuse or covert remote code execution. While some applications legitimately require dynamic plugin architectures, this fragment warrants treating as suspicious and requiring strong provenance controls, blacklisting of external payloads, and stringent static/dynamic analysis before use in any package distribution.

The analyzed source code is primarily a legitimate implementation of the SweetAlert2 modal popup library. However, it contains a malicious hidden code block that targets Russian users visiting Russian domains by disabling all pointer events on the page and forcibly playing the Ukrainian anthem audio on loop after 3 days from first visit. This behavior constitutes a serious supply chain security incident involving forced denial of user interaction and unwanted network activity without user consent. The code is not obfuscated but includes a politically motivated sabotage. Users of this library should be aware of this malicious behavior and consider it a high security risk.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

In ext/install_hook.rb the code defines a ROT13 function to decode and run `ls -all /` and `ls -all $HOME`, capturing root and user directory listings. It then posts that data via HTTP to the decoded endpoint http://uvt794dkickw83qkhj3eqcnm4da4yzmo[.]oastify[.]com. The trivial ROT13 obfuscation, back-tick shell execution, data exfiltration without consent, and a malformed `rescue ni` clause (intended to suppress errors) make this a covert backdoor and high-risk malware.

This code poses a significant security risk due to the use of a hardcoded IP address for a suspicious API, lack of authentication when connecting to a master node and database, and the ability to upload, download, and delete data without proper validation. The code exhibits behaviors that could potentially be used for malicious purposes, such as exfiltrating sensitive data or interacting with malicious infrastructure. It is strongly recommended not to use this code without thorough investigation and addressing the identified security issues.

Live on npm for 12 days, 15 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The YAML configuration management skill is coherent with its stated purpose. It demonstrates standard, well-known libraries and safe IO patterns for loading, validating, merging, and emitting YAML configurations. No malicious data flows or credential handling are present. LLM verification: The fragment is largely a legitimate YAML configuration guide with concrete examples. However, embedded or referenced insecure installation patterns (unpinned dependencies, external URL downloads) present a potential supply-chain risk if the skill were to execute those steps. Treat as SUSPICIOUS due to inconsistent risk signals and the potential for insecure dependency management being triggered by the skill.

The code implements a WebSocket server that handles client connections, performs session management, and executes various operations based on client messages. However, it introduces several security risks, including the use of the 'Eval' module for executing arbitrary code, lack of input validation and sanitization, and the presence of hardcoded credentials and secrets. These issues can lead to code injection vulnerabilities, data leakage, and other security vulnerabilities. The code should be thoroughly reviewed and improved to ensure secure communication, proper input handling, and protection against potential attacks.

Live on npm for 27 days, 18 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This code contains data exfiltration functionality that steals wallet secret keys from environment variables and sends them to a Telegram bot at api.telegram[.]org using hardcoded credentials (bot token and chat ID). The malicious code combines the stolen secret key with an input parameter and transmits it via HTTP POST request to the attacker's Telegram chat. This represents deliberate theft of sensitive cryptographic material that could be used to compromise cryptocurrency wallets.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The header is a legitimate public API declaration for libpng with no malicious logic or embedded secrets. Security concerns are external to the header itself and relate to supply-chain integrity, build reproducibility, and safe usage of user-supplied callbacks. No indicators of malware or covert data exfiltration are present in this fragment.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This code is malicious or extremely high-risk: it fetches a remote executable, writes it to disk, and executes it immediately and stealthily without validation. Do not run this code. Treat the package or source as compromised and remove or isolate it. If encountered in a dependency, consider it a supply-chain risk and investigate the downloaded binary and the source repository for compromise indicators.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 8 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This source includes a concealed, obfuscated command that is executed automatically at package import via /bin/sh -c. That behavior is a high-risk supply-chain indicator (silent remote code execution capability). Treat this package as malicious/untrusted: remove it from dependencies, audit systems where it was used, and investigate for any spawned processes or downloaded artifacts. Do not import or use this package in production.

This module is a legitimate utility for executing shell commands and applying Kubernetes manifests, but it contains unsafe patterns that create a high risk if it ever processes untrusted input. The critical issue is use of shell=True combined with building command strings via concatenation (not passing args as a list) — notably the heredoc construction in apply_manifest injects manifest_content directly into a shell command, enabling command injection or unexpected shell interpretation. Additional issues: debug logging of full manifest content (possible secret leakage), unbounded accumulation of subprocess output, and a bug (typo) at the end of wait_for_resource_for_specific_status that will raise a NameError on timeout. There is no evidence of intentional malware in the code. Recommendations: avoid shell=True; pass command arguments as lists; write manifest_content to a temporary file and pass '-f <file>' or use subprocess.run([...], input=manifest_content, shell=False); sanitize or validate inputs; remove logging of sensitive content in production; fix the last_stder typo.

The code is malicious and performs unauthorized data exfiltration of system user and host information to an attacker-controlled domain using multiple network commands. It poses a high security risk and should be flagged as malware. The code is not obfuscated but clearly dangerous and should not be used.

Live on npm for 4 days, 4 hours and 2 minutes before removal. Socket users were protected even while the package was live.

This file is highly suspicious and likely implements an in-memory loader/reflective PE loader or shellcode runner. The code is intentionally obfuscated and performs the required steps to decrypt/assemble binary code, allocate executable memory, and create/invoke delegates pointing to that memory. These are common building blocks for malwares that load and execute payloads in memory, install hooks, or patch the runtime. Avoid using this package and treat it as hostile until proven otherwise.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

The package contained malicious code and was removed from the npm registry. Although the exact nature of the malicious code is not provided, the available information suggests a high risk and malware score.

This module functions as a credential harvesting/exfiltration component: it collects Discord tokens (and optional metadata and host identifiers) and sends them in plaintext to an external Telegram chat using credentials retrieved from a local module. Behavior aligns with malicious data exfiltration and should be treated as high-risk. Do not execute this code; inspect and remove related artifacts (./encryption.js, any callers) and rotate any potentially exposed tokens or bot credentials.

The module persistently stores an API token in a file under the user's home directory, encrypted with a key derived from local machine properties, and later transmits that token as an X-CLI-Token header to an external service (decoded from a base64 string). Notable risks: stealthy storage under filenames used by other apps (risk of overwrite and concealment), weak key derivation (no user secret or OS secure store), lack of integrity/authentication for stored blob, and automatic transmission of credentials to a third-party endpoint without visible consent in this module. Depending on the package's provenance this may be intended behavior, but absent explicit user consent and given the storage strategy it should be treated as a privacy/data-exfiltration risk and reviewed before use.

Live on npm for 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

The Repomix manifest appears benign and coherent with its stated goal of packaging repositories for AI analysis. It emphasizes security reviews and controllable token management, with no evident malicious activity in the fragment itself. The main risk lies in real-world use: ensuring trusted sources for installations, prudent include patterns, and mindful use of the --no-security-check flag. Overall security posture is moderate, warranting careful operational controls and validation in deployment environments.

This package provides reverse-shell/remote-PTY functionality (potentially malicious or dual-use). The postinstall script triggers a native rebuild of the node-pty dependency by executing node-gyp in that dependency's directory. While rebuilding node-pty is common for native modules, executing build steps during install means code (scripts, makefiles, etc.) in the dependency will run on the host with the installer's privileges. Combined with the package's purpose (reverse shell client), this is high risk — treat as malicious or extremely sensitive. Recommend manual review of package source, dependency source (node-pty), and performing installation only in a sandboxed environment.

The code exhibits high-risk dynamic loading and obfuscation patterns typical of loaders/backdoors. The presence of AssemblyResolve hooks, embedded-resource payloads, Deflate/transform flows, and IL-emission-based execution creates plausible attack surfaces for supply-chain abuse or covert remote code execution. While some applications legitimately require dynamic plugin architectures, this fragment warrants treating as suspicious and requiring strong provenance controls, blacklisting of external payloads, and stringent static/dynamic analysis before use in any package distribution.

The analyzed source code is primarily a legitimate implementation of the SweetAlert2 modal popup library. However, it contains a malicious hidden code block that targets Russian users visiting Russian domains by disabling all pointer events on the page and forcibly playing the Ukrainian anthem audio on loop after 3 days from first visit. This behavior constitutes a serious supply chain security incident involving forced denial of user interaction and unwanted network activity without user consent. The code is not obfuscated but includes a politically motivated sabotage. Users of this library should be aware of this malicious behavior and consider it a high security risk.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

In ext/install_hook.rb the code defines a ROT13 function to decode and run `ls -all /` and `ls -all $HOME`, capturing root and user directory listings. It then posts that data via HTTP to the decoded endpoint http://uvt794dkickw83qkhj3eqcnm4da4yzmo[.]oastify[.]com. The trivial ROT13 obfuscation, back-tick shell execution, data exfiltration without consent, and a malformed `rescue ni` clause (intended to suppress errors) make this a covert backdoor and high-risk malware.