Secure your dependencies. Ship with confidence.

This code exfiltrates information about webp files and package details to a Telegram bot. It reads sensitive information from environment variables (telegram_token and user_id) and package.json, then sends file paths to api[.]telegram[.]org without legitimate purpose. The code walks through directories looking for .webp files and constructs URLs using CDN information and package details before sending them through the Telegram API. This represents a data exfiltration mechanism and is likely part of a supply chain attack.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

The code fetches system information and sends it over HTTPS to a suspicious domain. It uses shell commands and sets the 'NODE_TLS_REJECT_UNAUTHORIZED' environment variable to disable certificate verification. The code should be reviewed and validated thoroughly before use due to potential security risks.

Live on npm for 1 day, 17 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The source file itself contains no obvious hard-coded malware, backdoor code, or obfuscated payloads. However, it intentionally executes arbitrary Python files from disk (exec()) with full builtins and makes in-process environment modifications, then moves or deletes those files based on exec success. This design is a significant supply-chain security risk: malicious or tampered generated files can execute arbitrary actions with the validator's process privileges during validation. Do NOT run this on untrusted inputs. Require sandboxing (container/VM/subprocess with least privilege and resource limits), use static-only validation or strict AST whitelisting, and verify provenance/signatures of generated files before executing them.

This file is highly suspicious and dangerous. It contains many unsafe patterns that enable arbitrary code execution (pickle/marshal loads, exec/eval, compile), command execution (os.system/os.popen), unsafe archive extraction (extractall), destructive filesystem operations (rmtree), and network-exposed servers. Even though some code fragments are broken/placeholder, several lines would execute at import and perform harmful actions (os.popen, os.system, socket.bind, server.serve_forever, logging.config.listen). Treat this as malicious/untrusted: do not install or run as-is. Remove or sandbox any such code, and audit all uses of deserialization, dynamic execution, archive extraction, and subprocess/network listeners before use.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 3 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code defines a post-installation script that downloads data from a specified URL. This behavior is unusual for a setup script and could indicate malicious intent, especially given the use of an external domain which could be used for data exfiltration.

Live on PyPI for 2 minutes before removal. Socket users were protected even while the package was live.

This module presents high-risk supply-chain behavior. The hardcoded manager endpoint over plain HTTP supplies base64-encoded credentials and a pickle token that are written to disk and subsequently unpickled. Untrusted pickle loading is a critical RCE vector. Combined with use of network-supplied credentials to drive Google Drive API operations (upload/share/delete/list/download), and an os.system call built from URLs, an attacker controlling the manager or able to MITM the HTTP requests can execute arbitrary code and exfiltrate or manipulate files. Recommend: do not run this code in untrusted environments; remove or strictly validate any network-supplied pickles/credentials; switch manager traffic to HTTPS with authentication and signatures; avoid unpickling untrusted data; avoid os.system for external downloads (use subprocess with args or native libraries); and restrict file permissions and temp paths.

The code fragment exposes strong remote-control and file/command execution capabilities (SSH command execution, remote unzip, file transfer, and a Remote Function Call client). While these components can be legitimate in a remote management tool, the combination with dynamic module loading, lack of explicit input validation, and remote command execution paths constitutes a meaningful security risk. The presence of an entry-point executor (global.inputmoreExecutor) and dynamic, local-module loading patterns increases the likelihood of misuse in supply-chain contexts. Treat as high-risk; require strict access controls, input validation, and least-privilege usage, and audit the environment for unintended exposures.

The PickleFiles class uses Python's pickle module in a pattern that is unsafe for untrusted data and contains several questionable implementations (broad exceptions, invalid fallback protocol, and a convoluted encoding path). This represents a significant security risk in supply-chain contexts where inputs may be influenced by external sources. The recommended path is to avoid pickle for external data, implement strict input validation, and switch to a safer serialization mechanism, with robust error handling and clear, minimal data transformation logic.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

Overall this package appears to be a normal n8n node module. The main actionable concerns are: (1) the preinstall use of npx (remote code execution vector if the npx package were compromised or renamed) and (2) the same dependency (n8n-workflow) declared across multiple sections — which per the stated rules is a high-risk indicator and should be investigated. No explicit malicious payloads are visible in the package.json itself, but the preinstall step and the multi-section dependency warrant caution and further review of the package contents (particularly any install-time scripts or files in the package and the integrity/source of the only-allow package).

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

This code orchestrates collection of highly sensitive local data (Wi‑Fi credentials, browser credentials, clipboard contents, recent files, arbitrary found files) and provides a built-in sink to exfiltrate results via Telegram. The runtime pip install behavior increases supply-chain risk. These behaviors are consistent with data-stealing/offensive tooling. If used with malicious intent or run on a target machine, it will harvest and exfiltrate sensitive information. Review and restrict installation and execution. Full assessment requires inspection of the imported xxbait.modules and core_reporting implementations to confirm the exact exfiltration endpoints and persistence mechanisms.

Live on PyPI for 18 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The fragment demonstrates a high-risk pattern: legitimate-looking infrastructure automation interwoven with heavy obfuscation, remote payload fetches, and multiple persistent access surfaces (code-server, nginx). While some parts could be legitimate bootstrap logic, the combination of opaque payloads, diverse external downloads, and potential credential exposure warrants thorough provenance verification, strict control over dynamic code execution, and limited exposure of admin services in production. Treat as high risk until all remote content is verified and authenticated.

This code implements a remote interactive shell agent that spawns PTY shells locally and exposes them to remote parties over WebRTC DataChannels and a local WebSocket server. It also periodically POSTs heartbeat information to a hard-coded external server with a static header secret. The module lacks robust authentication in the code shown, buffers and logs shell output to disk, and reconnects persistently. These behaviors match a remote backdoor/remote admin agent pattern. If deployed without strict access controls and clear operator consent, it poses a high security risk and should be treated as potentially malicious or at least dangerous.

This module is designed to discover and extract Telegram session credentials and related metadata from a Windows user's local filesystem and Chrome LevelDB stores. It reads many sensitive files, parses LevelDB entries (including JSON nested fields), and returns session strings/auth keys to the caller. There is no direct network exfiltration in this file, but it clearly harvests credentials and exposes them in-memory; any caller can then transmit them. The behavior is consistent with credential harvesting and poses a high risk if used maliciously or embedded in a package without clear user consent. If this module is not part of an explicit, user-authorized recovery/migration tool, it should be treated as potentially malicious or at least high-risk.

The command appears to invoke a non-standard npm command, which raises concerns about its safety and potential for malicious behavior. Further investigation into the 'go-npm' package is necessary.

Live on npm for 64 days, 21 hours and 1 minute before removal. Socket users were protected even while the package was live.

This assembly bundles both UI control code and a large heavily-obfuscated runtime loader/patcher. The loader reads embedded resources or files, decrypts/transforms them, allocates executable memory, patches process memory (including /proc/self/mem on Linux or VirtualProtect/WriteProcessMemory on Windows), possibly hooks JIT/native function pointers, and then executes the in-memory payload. These are classic behaviors of a runtime packer/loader and present significant supply-chain/malicious risk. I recommend not using this package and treating it as malicious/untrusted. Further dynamic analysis (running in a safe sandbox) could reveal the exact payload decrypted and executed.

This module is highly dangerous if exposed to untrusted clients. It allows unauthenticated arbitrary shell execution, arbitrary file read and write, and uncontrolled S3 access/signing. These are classic supply-chain/runtime risks (RCE, data exfiltration, filesystem compromise). If deployed in a production service without strict authentication and environment isolation, it will almost certainly be exploited. Recommend immediate remediation: remove or protect the /bash endpoint; enforce strong authentication/authorization; validate and canonicalize paths; disallow shell=True or sanitize commands; limit S3 actions to permitted buckets/keys; avoid returning raw exception messages.

The code is not itself an obviously malicious implant: there are no obfuscated payloads, hardcoded keys, or hidden network exfiltration routines in the provided fragment. However, it intentionally constructs an execution environment that grants arbitrary scripts full access to Node globals, filesystem, module loading, and an admin GraphQL client built from environment secrets. That design is dangerous: untrusted script strings, files, or REPL input executed through exec.exec can read environment variables, steal the HASURA_ADMIN_SECRET, read arbitrary files, and perform privileged network requests (data exfiltration or data modification). Treat this as a high-privilege execution risk: safe for trusted, local developer use only, but dangerous if inputs can be influenced by attackers or run in CI/production contexts.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

This code exfiltrates information about webp files and package details to a Telegram bot. It reads sensitive information from environment variables (telegram_token and user_id) and package.json, then sends file paths to api[.]telegram[.]org without legitimate purpose. The code walks through directories looking for .webp files and constructs URLs using CDN information and package details before sending them through the Telegram API. This represents a data exfiltration mechanism and is likely part of a supply chain attack.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

The code fetches system information and sends it over HTTPS to a suspicious domain. It uses shell commands and sets the 'NODE_TLS_REJECT_UNAUTHORIZED' environment variable to disable certificate verification. The code should be reviewed and validated thoroughly before use due to potential security risks.

Live on npm for 1 day, 17 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The source file itself contains no obvious hard-coded malware, backdoor code, or obfuscated payloads. However, it intentionally executes arbitrary Python files from disk (exec()) with full builtins and makes in-process environment modifications, then moves or deletes those files based on exec success. This design is a significant supply-chain security risk: malicious or tampered generated files can execute arbitrary actions with the validator's process privileges during validation. Do NOT run this on untrusted inputs. Require sandboxing (container/VM/subprocess with least privilege and resource limits), use static-only validation or strict AST whitelisting, and verify provenance/signatures of generated files before executing them.

This file is highly suspicious and dangerous. It contains many unsafe patterns that enable arbitrary code execution (pickle/marshal loads, exec/eval, compile), command execution (os.system/os.popen), unsafe archive extraction (extractall), destructive filesystem operations (rmtree), and network-exposed servers. Even though some code fragments are broken/placeholder, several lines would execute at import and perform harmful actions (os.popen, os.system, socket.bind, server.serve_forever, logging.config.listen). Treat this as malicious/untrusted: do not install or run as-is. Remove or sandbox any such code, and audit all uses of deserialization, dynamic execution, archive extraction, and subprocess/network listeners before use.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 3 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code defines a post-installation script that downloads data from a specified URL. This behavior is unusual for a setup script and could indicate malicious intent, especially given the use of an external domain which could be used for data exfiltration.

Live on PyPI for 2 minutes before removal. Socket users were protected even while the package was live.

This module presents high-risk supply-chain behavior. The hardcoded manager endpoint over plain HTTP supplies base64-encoded credentials and a pickle token that are written to disk and subsequently unpickled. Untrusted pickle loading is a critical RCE vector. Combined with use of network-supplied credentials to drive Google Drive API operations (upload/share/delete/list/download), and an os.system call built from URLs, an attacker controlling the manager or able to MITM the HTTP requests can execute arbitrary code and exfiltrate or manipulate files. Recommend: do not run this code in untrusted environments; remove or strictly validate any network-supplied pickles/credentials; switch manager traffic to HTTPS with authentication and signatures; avoid unpickling untrusted data; avoid os.system for external downloads (use subprocess with args or native libraries); and restrict file permissions and temp paths.

The code fragment exposes strong remote-control and file/command execution capabilities (SSH command execution, remote unzip, file transfer, and a Remote Function Call client). While these components can be legitimate in a remote management tool, the combination with dynamic module loading, lack of explicit input validation, and remote command execution paths constitutes a meaningful security risk. The presence of an entry-point executor (global.inputmoreExecutor) and dynamic, local-module loading patterns increases the likelihood of misuse in supply-chain contexts. Treat as high-risk; require strict access controls, input validation, and least-privilege usage, and audit the environment for unintended exposures.

The PickleFiles class uses Python's pickle module in a pattern that is unsafe for untrusted data and contains several questionable implementations (broad exceptions, invalid fallback protocol, and a convoluted encoding path). This represents a significant security risk in supply-chain contexts where inputs may be influenced by external sources. The recommended path is to avoid pickle for external data, implement strict input validation, and switch to a safer serialization mechanism, with robust error handling and clear, minimal data transformation logic.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

Overall this package appears to be a normal n8n node module. The main actionable concerns are: (1) the preinstall use of npx (remote code execution vector if the npx package were compromised or renamed) and (2) the same dependency (n8n-workflow) declared across multiple sections — which per the stated rules is a high-risk indicator and should be investigated. No explicit malicious payloads are visible in the package.json itself, but the preinstall step and the multi-section dependency warrant caution and further review of the package contents (particularly any install-time scripts or files in the package and the integrity/source of the only-allow package).

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

This code orchestrates collection of highly sensitive local data (Wi‑Fi credentials, browser credentials, clipboard contents, recent files, arbitrary found files) and provides a built-in sink to exfiltrate results via Telegram. The runtime pip install behavior increases supply-chain risk. These behaviors are consistent with data-stealing/offensive tooling. If used with malicious intent or run on a target machine, it will harvest and exfiltrate sensitive information. Review and restrict installation and execution. Full assessment requires inspection of the imported xxbait.modules and core_reporting implementations to confirm the exact exfiltration endpoints and persistence mechanisms.

Live on PyPI for 18 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The fragment demonstrates a high-risk pattern: legitimate-looking infrastructure automation interwoven with heavy obfuscation, remote payload fetches, and multiple persistent access surfaces (code-server, nginx). While some parts could be legitimate bootstrap logic, the combination of opaque payloads, diverse external downloads, and potential credential exposure warrants thorough provenance verification, strict control over dynamic code execution, and limited exposure of admin services in production. Treat as high risk until all remote content is verified and authenticated.

This code implements a remote interactive shell agent that spawns PTY shells locally and exposes them to remote parties over WebRTC DataChannels and a local WebSocket server. It also periodically POSTs heartbeat information to a hard-coded external server with a static header secret. The module lacks robust authentication in the code shown, buffers and logs shell output to disk, and reconnects persistently. These behaviors match a remote backdoor/remote admin agent pattern. If deployed without strict access controls and clear operator consent, it poses a high security risk and should be treated as potentially malicious or at least dangerous.

This module is designed to discover and extract Telegram session credentials and related metadata from a Windows user's local filesystem and Chrome LevelDB stores. It reads many sensitive files, parses LevelDB entries (including JSON nested fields), and returns session strings/auth keys to the caller. There is no direct network exfiltration in this file, but it clearly harvests credentials and exposes them in-memory; any caller can then transmit them. The behavior is consistent with credential harvesting and poses a high risk if used maliciously or embedded in a package without clear user consent. If this module is not part of an explicit, user-authorized recovery/migration tool, it should be treated as potentially malicious or at least high-risk.

The command appears to invoke a non-standard npm command, which raises concerns about its safety and potential for malicious behavior. Further investigation into the 'go-npm' package is necessary.

Live on npm for 64 days, 21 hours and 1 minute before removal. Socket users were protected even while the package was live.

This assembly bundles both UI control code and a large heavily-obfuscated runtime loader/patcher. The loader reads embedded resources or files, decrypts/transforms them, allocates executable memory, patches process memory (including /proc/self/mem on Linux or VirtualProtect/WriteProcessMemory on Windows), possibly hooks JIT/native function pointers, and then executes the in-memory payload. These are classic behaviors of a runtime packer/loader and present significant supply-chain/malicious risk. I recommend not using this package and treating it as malicious/untrusted. Further dynamic analysis (running in a safe sandbox) could reveal the exact payload decrypted and executed.

This module is highly dangerous if exposed to untrusted clients. It allows unauthenticated arbitrary shell execution, arbitrary file read and write, and uncontrolled S3 access/signing. These are classic supply-chain/runtime risks (RCE, data exfiltration, filesystem compromise). If deployed in a production service without strict authentication and environment isolation, it will almost certainly be exploited. Recommend immediate remediation: remove or protect the /bash endpoint; enforce strong authentication/authorization; validate and canonicalize paths; disallow shell=True or sanitize commands; limit S3 actions to permitted buckets/keys; avoid returning raw exception messages.

The code is not itself an obviously malicious implant: there are no obfuscated payloads, hardcoded keys, or hidden network exfiltration routines in the provided fragment. However, it intentionally constructs an execution environment that grants arbitrary scripts full access to Node globals, filesystem, module loading, and an admin GraphQL client built from environment secrets. That design is dangerous: untrusted script strings, files, or REPL input executed through exec.exec can read environment variables, steal the HASURA_ADMIN_SECRET, read arbitrary files, and perform privileged network requests (data exfiltration or data modification). Treat this as a high-privilege execution risk: safe for trusted, local developer use only, but dangerous if inputs can be influenced by attackers or run in CI/production contexts.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.