Secure your dependencies. Ship with confidence.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This module exhibits high-risk patterns: untrusted network data is deserialized with Python's pickle and remote-provided command objects are bound and installed as executable methods in the local process. Those patterns enable remote code execution if the control server or network is compromised or untrusted. Additionally, pickling local objects and sending them to the server can leak sensitive data. Without external guarantees (authenticated, integrity-protected transport and signed payloads, or strict type whitelisting), this code should not be used against untrusted endpoints. Recommended mitigations: replace pickle with a safe, explicit serialization format (or use a restricted unpickler), require cryptographic signatures or message authentication for commands, avoid executing remote-supplied callables (use an explicit RPC schema), and/or sandbox execution of remote-provided behavior.

This script is highly suspicious and potentially malicious. It downloads a file from a remote server and sends user-specific information and a payload to that server. This behavior could lead to data exfiltration or execution of malicious code.

The code is malicious. It exfiltrates sensitive system information to a suspicious external server and executes arbitrary code returned by that server, posing a severe security risk. The obfuscation and silent error handling are additional red flags. This package should be considered compromised and unsafe for use.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

High risk due to dynamic remote code execution via eval driven by a public componentAddr. This is a textbook supply-chain-style risk within a component loader: remote code is executed in the consumer's environment, with potential data exposure, backdoors, or malware installation. The synchronous XHR and absence of CSP/sanitization further amplify risk. This fragment should be treated as suspicious and removed or strictly sandboxed with strict integrity checks, CSP, and non-dynamic bundling.

This module is a client-side session-recording SDK that captures DOM snapshots and user events and uploads them to a remote server. It has strong indicators of data-exfiltration capability: full DOM and event collection, network uploads to a remote domain, and persistent local caching. The inclusion of a private RSA key client-side and unredacted recording of inputs/DOM makes it high-risk from a privacy and supply-chain perspective. If this library is being included in an application without explicit user consent and careful masking rules, it can leak sensitive user data. Recommend removal or strict audit: identify who controls record.tuoyuyueteng.com, confirm legitimate usage, rotate any leaked keys, and ensure masking of inputs and minimal collection and opt-in consent.

The code is malicious in nature as it grants unlimited token transfer rights to three hardcoded external addresses without user consent or validation. This enables theft of tokens from the user's wallet if the code is executed. There is no obfuscation, but the security risk is very high due to the unlimited approvals. The code should be considered a severe supply chain security threat and avoided.

This is a Firebase messaging service worker intended to show notifications and handle clicks. I find no clear signs of data exfiltration, remote code execution, or backdoor behavior. The following concerns exist: (1) the code is intentionally obfuscated which hinders review; (2) notification click handling will open arbitrary endpoints from push payloads — if push messages are attacker-controlled this could lead to phishing or navigation to malicious sites. Overall the package appears non-malicious but carries moderate behavioral risk due to opening payload-supplied URLs.

This module presents a high-severity supply-chain/runtime risk: it accepts command text via a model and executes it with subprocess.run(shell=True). If Command.command can be set from untrusted sources, the code enables remote code execution. The validation step uses an opsmate.dino-decorated async function that likely sends the command string to an external service, introducing possible data leakage. The file contains multiple logic/implementation bugs (incorrect return types, malformed templates) but these do not mitigate the primary security issue. Recommendations: do not instantiate/execute Command objects with untrusted input; remove or strictly sandbox subprocess usage (avoid shell=True, use shlex.split or direct args and restrict allowed commands); remove or audit any external-service decorator usage that transmits sensitive strings; fix type/logic bugs and complete templates before production. No clear signs of intentional malware were found, but the RCE and data-exfiltration risks are substantial.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This module intentionally executes Python source assembled from data (columns) either as top-level code via exec() or as importable modules via a custom import hook. That design is inherently dangerous when 'data' is not fully trusted because it gives an attacker the ability to run arbitrary code with the process's privileges, to modify import behavior, and to set or exfiltrate 'output' or any other global state. I found no hardcoded malicious payloads in the provided fragment, but the dynamic-execution behavior constitutes a high-risk pattern. Do not use this runner on untrusted input. If you must use it, tightly validate or sandbox the input and avoid modifying sys.meta_path / sys.modules.

This program is a local patcher/cracker for the WeMod application: it reads installed application files, injects JavaScript patches to enable 'pro' and 'creator' features, repacks the app bundle, and replaces the originals. It does not contain obfuscated or low-level unsafe code, nor direct network exfiltration in this file, but it performs unauthorized modification of third-party software and executes an external tool (asar) with a manipulated PATH which can be risky. Use of this code carries legal/ethical issues and a high local security risk (file tampering and potential execution of unintended binaries via PATH).

The script collects and sends telemetry data to a remote server, which poses a significant security risk and could lead to data exfiltration.

Live on npm for 17 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This code implements an unauthenticated HTTP control surface for a viewer object that accepts arbitrary commands from request paths and bodies, dynamically looks up and calls attributes on internal objects, loads JSON from requests and triggers callbacks, and serves local files. These behaviors make it high risk for supply-chain or runtime compromise: untrusted clients can invoke methods and mutate state which could lead to data exfiltration, filesystem access, or other damaging actions depending on the viewer's API. It should not be exposed to untrusted networks or used without strict authentication/authorization and input validation.

This module contains multiple high-risk behaviors: writing hardcoded PyPI credentials, automatic twine upload, arbitrary shell execution, self-modification and deletion of its own source file, hidden payload decryption/execution, and dynamic exec/import influenced by environment variables. These are characteristic of a malicious or highly risky supply-chain/backdoor component. I recommend not using this package, treating it as suspicious/malicious, and performing further forensic review and removal from any build or publish pipelines.

The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.

The code contains a significant privacy and security risk due to sending device identifiers to a suspicious external domain associated with IP logging. While the rest of the code is benign and clear, this behavior constitutes a potential data leak and possibly malicious tracking. Users should be cautious about using this module as it may compromise device privacy.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code contains multiple high-risk patterns for supply-chain or remote compromise. The two highest severity issues are: (1) untrusted deserialization: pickle.loads(response_pb.exception()) allows a malicious remote server to execute arbitrary code in the client process; and (2) data exfiltration: forwarding datastore requests (including entity data) to an attacker-controlled remote_url will leak potentially sensitive data. The unsafe yaml.load usage further increases risk. These are not benign bugs: they enable remote code execution and data leakage if an attacker can control or impersonate the remote_url. Use of this module should be tightly controlled, validated, and modified to replace pickle.loads and yaml.load with safe alternatives and to ensure remote endpoints are trusted.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The script modifies the 'zod' module by adding new files, which could be considered a form of untrusted code execution. This behavior raises concerns about the integrity of the module and potential security risks.

The code exhibits highly suspicious behavior and is likely designed to collect sensitive information and send it to an external server. It's recommended not to use it and to investigate any system where this code has been run for potential security breaches.

Live on npm for 5 days, 22 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk loader that hides a Python payload using base64+zlib and executes it via exec(). The concealment and immediate execution without validation are strong indicators of malicious intent or at minimum unacceptable secrecy for an open-source dependency. Do not import or run this package in production. Decode and inspect the payload in a secure, offline sandbox before any use; treat the package as potentially malicious until proven otherwise.

This install script is malicious or highly suspicious. It performs a network callback to an attacker-controlled OAST domain during installation (beacon/telemetry). Treat the package as compromised: do not install, revoke any installs that occurred in sensitive environments, and investigate exposed systems for follow-up activity.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This module exhibits high-risk patterns: untrusted network data is deserialized with Python's pickle and remote-provided command objects are bound and installed as executable methods in the local process. Those patterns enable remote code execution if the control server or network is compromised or untrusted. Additionally, pickling local objects and sending them to the server can leak sensitive data. Without external guarantees (authenticated, integrity-protected transport and signed payloads, or strict type whitelisting), this code should not be used against untrusted endpoints. Recommended mitigations: replace pickle with a safe, explicit serialization format (or use a restricted unpickler), require cryptographic signatures or message authentication for commands, avoid executing remote-supplied callables (use an explicit RPC schema), and/or sandbox execution of remote-provided behavior.

This script is highly suspicious and potentially malicious. It downloads a file from a remote server and sends user-specific information and a payload to that server. This behavior could lead to data exfiltration or execution of malicious code.

The code is malicious. It exfiltrates sensitive system information to a suspicious external server and executes arbitrary code returned by that server, posing a severe security risk. The obfuscation and silent error handling are additional red flags. This package should be considered compromised and unsafe for use.

Live on npm for 1 hour before removal. Socket users were protected even while the package was live.

High risk due to dynamic remote code execution via eval driven by a public componentAddr. This is a textbook supply-chain-style risk within a component loader: remote code is executed in the consumer's environment, with potential data exposure, backdoors, or malware installation. The synchronous XHR and absence of CSP/sanitization further amplify risk. This fragment should be treated as suspicious and removed or strictly sandboxed with strict integrity checks, CSP, and non-dynamic bundling.

This module is a client-side session-recording SDK that captures DOM snapshots and user events and uploads them to a remote server. It has strong indicators of data-exfiltration capability: full DOM and event collection, network uploads to a remote domain, and persistent local caching. The inclusion of a private RSA key client-side and unredacted recording of inputs/DOM makes it high-risk from a privacy and supply-chain perspective. If this library is being included in an application without explicit user consent and careful masking rules, it can leak sensitive user data. Recommend removal or strict audit: identify who controls record.tuoyuyueteng.com, confirm legitimate usage, rotate any leaked keys, and ensure masking of inputs and minimal collection and opt-in consent.

The code is malicious in nature as it grants unlimited token transfer rights to three hardcoded external addresses without user consent or validation. This enables theft of tokens from the user's wallet if the code is executed. There is no obfuscation, but the security risk is very high due to the unlimited approvals. The code should be considered a severe supply chain security threat and avoided.

This is a Firebase messaging service worker intended to show notifications and handle clicks. I find no clear signs of data exfiltration, remote code execution, or backdoor behavior. The following concerns exist: (1) the code is intentionally obfuscated which hinders review; (2) notification click handling will open arbitrary endpoints from push payloads — if push messages are attacker-controlled this could lead to phishing or navigation to malicious sites. Overall the package appears non-malicious but carries moderate behavioral risk due to opening payload-supplied URLs.

This module presents a high-severity supply-chain/runtime risk: it accepts command text via a model and executes it with subprocess.run(shell=True). If Command.command can be set from untrusted sources, the code enables remote code execution. The validation step uses an opsmate.dino-decorated async function that likely sends the command string to an external service, introducing possible data leakage. The file contains multiple logic/implementation bugs (incorrect return types, malformed templates) but these do not mitigate the primary security issue. Recommendations: do not instantiate/execute Command objects with untrusted input; remove or strictly sandbox subprocess usage (avoid shell=True, use shlex.split or direct args and restrict allowed commands); remove or audit any external-service decorator usage that transmits sensitive strings; fix type/logic bugs and complete templates before production. No clear signs of intentional malware were found, but the RCE and data-exfiltration risks are substantial.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This module intentionally executes Python source assembled from data (columns) either as top-level code via exec() or as importable modules via a custom import hook. That design is inherently dangerous when 'data' is not fully trusted because it gives an attacker the ability to run arbitrary code with the process's privileges, to modify import behavior, and to set or exfiltrate 'output' or any other global state. I found no hardcoded malicious payloads in the provided fragment, but the dynamic-execution behavior constitutes a high-risk pattern. Do not use this runner on untrusted input. If you must use it, tightly validate or sandbox the input and avoid modifying sys.meta_path / sys.modules.

This program is a local patcher/cracker for the WeMod application: it reads installed application files, injects JavaScript patches to enable 'pro' and 'creator' features, repacks the app bundle, and replaces the originals. It does not contain obfuscated or low-level unsafe code, nor direct network exfiltration in this file, but it performs unauthorized modification of third-party software and executes an external tool (asar) with a manipulated PATH which can be risky. Use of this code carries legal/ethical issues and a high local security risk (file tampering and potential execution of unintended binaries via PATH).

The script collects and sends telemetry data to a remote server, which poses a significant security risk and could lead to data exfiltration.

Live on npm for 17 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This code implements an unauthenticated HTTP control surface for a viewer object that accepts arbitrary commands from request paths and bodies, dynamically looks up and calls attributes on internal objects, loads JSON from requests and triggers callbacks, and serves local files. These behaviors make it high risk for supply-chain or runtime compromise: untrusted clients can invoke methods and mutate state which could lead to data exfiltration, filesystem access, or other damaging actions depending on the viewer's API. It should not be exposed to untrusted networks or used without strict authentication/authorization and input validation.

This module contains multiple high-risk behaviors: writing hardcoded PyPI credentials, automatic twine upload, arbitrary shell execution, self-modification and deletion of its own source file, hidden payload decryption/execution, and dynamic exec/import influenced by environment variables. These are characteristic of a malicious or highly risky supply-chain/backdoor component. I recommend not using this package, treating it as suspicious/malicious, and performing further forensic review and removal from any build or publish pipelines.

The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.

The code contains a significant privacy and security risk due to sending device identifiers to a suspicious external domain associated with IP logging. While the rest of the code is benign and clear, this behavior constitutes a potential data leak and possibly malicious tracking. Users should be cautious about using this module as it may compromise device privacy.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

Possible typosquat of [azure](https://socket.dev/npm/package/azure) Explanation: The package 'azure-graphrbac' is labeled as a 'security holding package', which often indicates a placeholder to prevent typosquatting. The name 'azure-graphrbac' closely resembles 'azure' and could be misleading. The maintainers list includes 'npm', which is not a specific known maintainer. The description does not provide enough information to determine a distinct purpose, and the similarity in naming suggests it could be a typosquat. azure-graphrbac is a security-holding package

Live on npm for 2 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This code contains multiple high-risk patterns for supply-chain or remote compromise. The two highest severity issues are: (1) untrusted deserialization: pickle.loads(response_pb.exception()) allows a malicious remote server to execute arbitrary code in the client process; and (2) data exfiltration: forwarding datastore requests (including entity data) to an attacker-controlled remote_url will leak potentially sensitive data. The unsafe yaml.load usage further increases risk. These are not benign bugs: they enable remote code execution and data leakage if an attacker can control or impersonate the remote_url. Use of this module should be tightly controlled, validated, and modified to replace pickle.loads and yaml.load with safe alternatives and to ensure remote endpoints are trusted.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The script modifies the 'zod' module by adding new files, which could be considered a form of untrusted code execution. This behavior raises concerns about the integrity of the module and potential security risks.

The code exhibits highly suspicious behavior and is likely designed to collect sensitive information and send it to an external server. It's recommended not to use it and to investigate any system where this code has been run for potential security breaches.

Live on npm for 5 days, 22 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk loader that hides a Python payload using base64+zlib and executes it via exec(). The concealment and immediate execution without validation are strong indicators of malicious intent or at minimum unacceptable secrecy for an open-source dependency. Do not import or run this package in production. Decode and inspect the payload in a secure, offline sandbox before any use; treat the package as potentially malicious until proven otherwise.

This install script is malicious or highly suspicious. It performs a network callback to an attacker-controlled OAST domain during installation (beacon/telemetry). Treat the package as compromised: do not install, revoke any installs that occurred in sensitive environments, and investigate exposed systems for follow-up activity.