Secure your dependencies. Ship with confidence.

This module is an offensive security scanning toolkit that crafts payloads to trigger XXE, SSRF, SSTI, NoSQL injection and CRLF vulnerabilities on remote targets. While not obfuscated or directly executing malicious actions on the host running the code, it contains explicit hardcoded attacker callback domains and payloads that instruct targets to fetch attacker-controlled URLs and sensitive local/cloud metadata. That design makes it dangerous if distributed or executed without authorization — it can facilitate data exfiltration and remote code execution on vulnerable targets. Use only in authorized testing contexts and remove or replace default callback endpoints before integration.

Live on PyPI for 3 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains explicit instructions and code paths to exfiltrate Slack messages to an attacker-controlled website and to create transient attacker accounts in a Slack workspace. It includes hardcoded attacker identifiers and direct FunctionCall sequences that, when executed with a live Slack environment or an agent capable of calling those functions, would perform malicious actions (data exfiltration, phishing link posting, unauthorized account provisioning). There is a coding error in InjectionTask1 (self._ATTACKER_WEB is referenced but not defined), which might prevent immediate execution, but the intent is clear and dangerous. Treat this package as malicious test code and do not run it in production or with real credentials; remove or restrict it to isolated, instrumented test environments only.

The fragment demonstrates high-risk behavior due to embedding and executing an encoded payload in a Web Worker, with a fallback path that further obfuscates the payload. This is a credible threat for dynamic code execution, data exfiltration, or covert operations that bypass static review. While not definitive malware by itself, the pattern warrants strict scrutiny of the payload origin, integrity, and necessity. Consider removing the encoded payload mechanism or replacing it with transparent, auditable modules, and hardening observability beyond a localStorage toggle.

The code shows several anomalies, such as unusual naming conventions and function names (`functame`). However, without the actual content of the imported modules or additional context, it is difficult to determine if there is any malicious intent. The anomalies noted could suggest potential obfuscation or simply non-standard coding practices. Due to the lack of clear sources, sinks, or data flows, and no explicit malicious behavior observed in this fragment alone, the probability of it containing malware is low. The naming conventions and structure warrant further investigation for security risks.

Live on npm for 57 days, 7 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This module is a wrapper for Seisan seismic tools and a formatter for STATION0.HYP files. It performs numerous system-level operations: downloading and extracting external software, installing system packages via apt-get with sudo, copying a packaged lib into /usr/lib, and executing external Seisan binaries via pexpect/subprocess. There is no clear code that exfiltrates secrets or establishes backdoors, but the lack of integrity checks on downloads, the requirement for root operations, and frequent shell command usage create substantial supply-chain and privilege escalation risk. Use in environments where the package or its downloaded content could be tampered with is dangerous. Recommend not running download_seisan() with sudo on production hosts and reviewing/locking sources, adding checksum verification, and avoiding copying bundled libraries into system paths.

This file implements a Telegram Desktop data stealer. It scans all mounted drives (e.g., C:/, D:/) for Telegram 'tdata' directories, copies and encrypts those files into a password-protected archive, and exfiltrates them via the Telegram Bot API using a hard-coded bot token and chat ID. Additionally, it sends user identifiers, API keys, session tokens, and timestamps to remote endpoints over HTTPS POST to https://api[.]ledgerflux[.]net/v1/session, https://api[.]datastream[.]to/v3/auth, and https://api[.]resolve[.]dev/v2/validate.

Live on PyPI for 28 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates significant security risks and malicious behavior, including data exfiltration and connections to suspicious domains. It should be considered dangerous and potentially harmful.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.

This module is not obviously malware by itself, but it contains high-risk patterns: executing arbitrary shell commands (subprocess.Popen with shell=True), changing directories, and appending to arbitrary files based on input. If steps_json or the interactive inputs are attacker-controlled or originate from untrusted upstream services, an attacker can execute arbitrary code and modify filesystem contents. Treat this package as potentially dangerous for automated use without strict input validation, allowlists, sandboxing, or least-privilege execution. Recommend adding validation, avoiding shell=True (use list args), restricting writable paths, and auditing the implementations of ConfigAgent/FileContentManager/TaskErrorPlanner for network or credential handling.

Live on PyPI for 5 days, 12 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The script makes an HTTP request to a potentially malicious endpoint, sending information about the user's operating system. This behavior is indicative of telemetry or data exfiltration.

Live on npm for 41 days, 17 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by exfiltrating user-provided command line arguments to an external, suspicious domain without user consent. This constitutes a high security risk and malware behavior. The code is not obfuscated beyond base64 encoding. The reports provided are invalid and uninformative.

The fragment is not a conventional source code snippet; it appears to be a binary archive dump (ZIP-like) containing OpenAI package files interleaved within text. There is no direct, verifiable malicious code in the visible plaintext, but the embedding of a full package archive in a text blob is inherently suspicious and could conceal payloads if decompressed. Treat as potentially risky and perform offline integrity verification (hashes, signatures) and safe-scoped decompression before any usage.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This script exhibits high-risk behavior: it fetches and installs an external shell script without integrity verification, creates a system-wide symlink, and attempts to schedule the script to run every minute — a clear persistence mechanism. Even if some lines contain bugs (cron echo missing redirection, sed portability), the intent is to drop and repeatedly execute remote code. Treat this as potentially malicious or at minimum unacceptable for trusted deployments unless the SUB_BASE_URL is fully controlled and the downloaded script is validated and auditable.

This file is an offensive/exploit component intended to bypass PHP disable_functions and achieve remote/native code execution (uploads .so/.dll, creates MySQL UDFs, uses LD_PRELOAD/iconv gconv tricks, php-fpm/CGI attacks). It should be treated as malicious/exploit tooling. The fragment has some syntax/placeholders indicating it may be incomplete or modified, but the behaviors and flows clearly enable remote command execution and persistence on targets.

The code is collecting and sending sensitive information to a remote server without user consent, indicating potential malicious behavior. The domain used for data transmission is suspicious, raising concerns about data privacy and security.

Live on npm for 1 day, 21 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The fragment exfiltrates basic host identity (username and hostname) to a hardcoded external endpoint with minimal visibility or consent, representing a potential data leakage/misuse pattern. While it does not implement persistence or remote command execution, its behavior constitutes a covert data exfiltration sink suitable for abuse in a supply-chain context. Further analysis should verify whether this behavior is intentional (part of a monitoring/audit feature) or a backdoor-like data leakage.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code is a standard minified Leaf language grammar for Highlight.js. It does not exhibit malicious behavior, external data exfiltration, or dangerous dynamic execution. It serves as a safe, static resource for syntax highlighting within a JavaScript project. However, as with any library asset, ensure provenance and integrity (e.g., via checksums or a trusted CDN) to guard against supply chain tampering.

This code fragment is high-risk. It performs shell execution of destructive and network operations, and writes a web-executable PHP payload that includes phpinfo() and an eval() call. Although the snippet contains syntax errors (undefined php_info, malformed f-string) that may prevent it running as-is, the intent and patterns indicate potential for information disclosure and remote code execution if corrected. Treat this as untrusted and do not run. Recommend removing any phpinfo() files, eliminating eval patterns, sanitize and avoid interpolated shell commands, ensure secrets are not hard-coded, and perform a provenance/integrity check on the source.

Live on PyPI for 2 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This install script is malicious: it enumerates sensitive host and environment information and exfiltrates it to an external attacker-controlled endpoint. It poses a high risk of information disclosure, reconnaissance for follow-up attacks, and potential compromise of developer or CI/CD environments. Immediate remediation: do not run; investigate any systems where it ran; rotate affected credentials and secrets and inspect network logs for the outgoing request.

Live on npm for 1 day and 20 minutes before removal. Socket users were protected even while the package was live.

This file implements a Windows DLL injector via remote memory write and CreateRemoteThread calling LoadLibraryW. The code is a dual-use capability (legitimate debugging/extension technique but commonly used by malware). There is no direct evidence of exfiltration or network communication here, but the ability to load arbitrary code into other processes is high-risk. Use only with trusted DLLs and under strict controls; audit any DLLs that would be injected and consider safer alternatives. I classify this as likely-malicious capability if used without consent.

This module is an offensive security scanning toolkit that crafts payloads to trigger XXE, SSRF, SSTI, NoSQL injection and CRLF vulnerabilities on remote targets. While not obfuscated or directly executing malicious actions on the host running the code, it contains explicit hardcoded attacker callback domains and payloads that instruct targets to fetch attacker-controlled URLs and sensitive local/cloud metadata. That design makes it dangerous if distributed or executed without authorization — it can facilitate data exfiltration and remote code execution on vulnerable targets. Use only in authorized testing contexts and remove or replace default callback endpoints before integration.

Live on PyPI for 3 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This module contains explicit instructions and code paths to exfiltrate Slack messages to an attacker-controlled website and to create transient attacker accounts in a Slack workspace. It includes hardcoded attacker identifiers and direct FunctionCall sequences that, when executed with a live Slack environment or an agent capable of calling those functions, would perform malicious actions (data exfiltration, phishing link posting, unauthorized account provisioning). There is a coding error in InjectionTask1 (self._ATTACKER_WEB is referenced but not defined), which might prevent immediate execution, but the intent is clear and dangerous. Treat this package as malicious test code and do not run it in production or with real credentials; remove or restrict it to isolated, instrumented test environments only.

The fragment demonstrates high-risk behavior due to embedding and executing an encoded payload in a Web Worker, with a fallback path that further obfuscates the payload. This is a credible threat for dynamic code execution, data exfiltration, or covert operations that bypass static review. While not definitive malware by itself, the pattern warrants strict scrutiny of the payload origin, integrity, and necessity. Consider removing the encoded payload mechanism or replacing it with transparent, auditable modules, and hardening observability beyond a localStorage toggle.

The code shows several anomalies, such as unusual naming conventions and function names (`functame`). However, without the actual content of the imported modules or additional context, it is difficult to determine if there is any malicious intent. The anomalies noted could suggest potential obfuscation or simply non-standard coding practices. Due to the lack of clear sources, sinks, or data flows, and no explicit malicious behavior observed in this fragment alone, the probability of it containing malware is low. The naming conventions and structure warrant further investigation for security risks.

Live on npm for 57 days, 7 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This module is a wrapper for Seisan seismic tools and a formatter for STATION0.HYP files. It performs numerous system-level operations: downloading and extracting external software, installing system packages via apt-get with sudo, copying a packaged lib into /usr/lib, and executing external Seisan binaries via pexpect/subprocess. There is no clear code that exfiltrates secrets or establishes backdoors, but the lack of integrity checks on downloads, the requirement for root operations, and frequent shell command usage create substantial supply-chain and privilege escalation risk. Use in environments where the package or its downloaded content could be tampered with is dangerous. Recommend not running download_seisan() with sudo on production hosts and reviewing/locking sources, adding checksum verification, and avoiding copying bundled libraries into system paths.

This file implements a Telegram Desktop data stealer. It scans all mounted drives (e.g., C:/, D:/) for Telegram 'tdata' directories, copies and encrypts those files into a password-protected archive, and exfiltrates them via the Telegram Bot API using a hard-coded bot token and chat ID. Additionally, it sends user identifiers, API keys, session tokens, and timestamps to remote endpoints over HTTPS POST to https://api[.]ledgerflux[.]net/v1/session, https://api[.]datastream[.]to/v3/auth, and https://api[.]resolve[.]dev/v2/validate.

Live on PyPI for 28 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates significant security risks and malicious behavior, including data exfiltration and connections to suspicious domains. It should be considered dangerous and potentially harmful.

Live on npm for 1 hour and 5 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This code is not obviously malicious in itself; it is intended to call an external solver (msolve) and parse its output. However, it contains a high-risk design choice: it executes an external binary and directly evaluates that binary's stdout via sage_eval, which yields arbitrary code execution if the external binary or its output is tampered with. If the msolve executable can be compromised (supply-chain attack, replaced binary, or attacker-controlled output), this code can execute arbitrary Python. Recommended mitigations: avoid eval-style parsing of external output, use a strict parser or sandbox evaluation, validate output structure and types before evaluation, and ensure the msolve binary is obtained and verified from a trusted source. Overall: low probability the code is intentionally malicious, but a significant security risk exists due to unsafe evaluation of external output.

This module is not obviously malware by itself, but it contains high-risk patterns: executing arbitrary shell commands (subprocess.Popen with shell=True), changing directories, and appending to arbitrary files based on input. If steps_json or the interactive inputs are attacker-controlled or originate from untrusted upstream services, an attacker can execute arbitrary code and modify filesystem contents. Treat this package as potentially dangerous for automated use without strict input validation, allowlists, sandboxing, or least-privilege execution. Recommend adding validation, avoiding shell=True (use list args), restricting writable paths, and auditing the implementations of ConfigAgent/FileContentManager/TaskErrorPlanner for network or credential handling.

Live on PyPI for 5 days, 12 hours and 23 minutes before removal. Socket users were protected even while the package was live.

The script makes an HTTP request to a potentially malicious endpoint, sending information about the user's operating system. This behavior is indicative of telemetry or data exfiltration.

Live on npm for 41 days, 17 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by exfiltrating user-provided command line arguments to an external, suspicious domain without user consent. This constitutes a high security risk and malware behavior. The code is not obfuscated beyond base64 encoding. The reports provided are invalid and uninformative.

The fragment is not a conventional source code snippet; it appears to be a binary archive dump (ZIP-like) containing OpenAI package files interleaved within text. There is no direct, verifiable malicious code in the visible plaintext, but the embedding of a full package archive in a text blob is inherently suspicious and could conceal payloads if decompressed. Treat as potentially risky and perform offline integrity verification (hashes, signatures) and safe-scoped decompression before any usage.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

This script exhibits high-risk behavior: it fetches and installs an external shell script without integrity verification, creates a system-wide symlink, and attempts to schedule the script to run every minute — a clear persistence mechanism. Even if some lines contain bugs (cron echo missing redirection, sed portability), the intent is to drop and repeatedly execute remote code. Treat this as potentially malicious or at minimum unacceptable for trusted deployments unless the SUB_BASE_URL is fully controlled and the downloaded script is validated and auditable.

This file is an offensive/exploit component intended to bypass PHP disable_functions and achieve remote/native code execution (uploads .so/.dll, creates MySQL UDFs, uses LD_PRELOAD/iconv gconv tricks, php-fpm/CGI attacks). It should be treated as malicious/exploit tooling. The fragment has some syntax/placeholders indicating it may be incomplete or modified, but the behaviors and flows clearly enable remote command execution and persistence on targets.

The code is collecting and sending sensitive information to a remote server without user consent, indicating potential malicious behavior. The domain used for data transmission is suspicious, raising concerns about data privacy and security.

Live on npm for 1 day, 21 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The fragment exfiltrates basic host identity (username and hostname) to a hardcoded external endpoint with minimal visibility or consent, representing a potential data leakage/misuse pattern. While it does not implement persistence or remote command execution, its behavior constitutes a covert data exfiltration sink suitable for abuse in a supply-chain context. Further analysis should verify whether this behavior is intentional (part of a monitoring/audit feature) or a backdoor-like data leakage.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code is a standard minified Leaf language grammar for Highlight.js. It does not exhibit malicious behavior, external data exfiltration, or dangerous dynamic execution. It serves as a safe, static resource for syntax highlighting within a JavaScript project. However, as with any library asset, ensure provenance and integrity (e.g., via checksums or a trusted CDN) to guard against supply chain tampering.

This code fragment is high-risk. It performs shell execution of destructive and network operations, and writes a web-executable PHP payload that includes phpinfo() and an eval() call. Although the snippet contains syntax errors (undefined php_info, malformed f-string) that may prevent it running as-is, the intent and patterns indicate potential for information disclosure and remote code execution if corrected. Treat this as untrusted and do not run. Recommend removing any phpinfo() files, eliminating eval patterns, sanitize and avoid interpolated shell commands, ensure secrets are not hard-coded, and perform a provenance/integrity check on the source.

Live on PyPI for 2 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This install script is malicious: it enumerates sensitive host and environment information and exfiltrates it to an external attacker-controlled endpoint. It poses a high risk of information disclosure, reconnaissance for follow-up attacks, and potential compromise of developer or CI/CD environments. Immediate remediation: do not run; investigate any systems where it ran; rotate affected credentials and secrets and inspect network logs for the outgoing request.

Live on npm for 1 day and 20 minutes before removal. Socket users were protected even while the package was live.

This file implements a Windows DLL injector via remote memory write and CreateRemoteThread calling LoadLibraryW. The code is a dual-use capability (legitimate debugging/extension technique but commonly used by malware). There is no direct evidence of exfiltration or network communication here, but the ability to load arbitrary code into other processes is high-risk. Use only with trusted DLLs and under strict controls; audit any DLLs that would be injected and consider safer alternatives. I classify this as likely-malicious capability if used without consent.