Secure your dependencies. Ship with confidence.

This package will execute a local script (index.js) during installation. That behavior is potentially dangerous because index.js can run arbitrary code with the installer user's privileges. Review the contents of index.js before installing or running npm install. If you cannot inspect it, treat this as a moderate-to-high risk.

This code embeds an opaque compressed payload and executes it at import time via exec(), which is a high-risk pattern. Without decompressing and reviewing the payload, one cannot determine whether it is benign or malicious. Treat the module as untrusted: do not import/run it in production or on sensitive machines. Inspect and review the decompressed source in a secure, isolated environment and verify provenance before trusting or using this package.

Live on PyPI for 1 day, 8 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

Live on PyPI for 17 hours and 41 minutes before removal. Socket users were protected even while the package was live.

Extremely heavily obfuscated JavaScript package with unknown functionality. The level of obfuscation is suspicious and prevents security analysis. High risk due to inability to determine actual behavior.

This code performs continuous, automated screenshot capture and exfiltration to a Telegram chat, along with host metadata. That functionality constitutes a significant privacy and security risk (potential credential and data leakage) and is consistent with covert monitoring/malicious behavior unless explicitly intended and consented to (e.g., endpoint management with transparent consent). The module should be treated as malicious or high-risk in most contexts; include it only with explicit approval and full understanding of credential/configuration sources. Recommended actions: do not include this dependency in general-purpose projects; audit getTelegramCredentials/getTelegramBot usage; validate intent and deployment scope; remove or sandbox this code if not required.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code presents significant security risks, particularly regarding data privacy and potential malicious activity. It collects and transmits sensitive information to a suspicious domain without user consent, indicating malicious intent.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code is clearly malicious, engaging in unauthorized data exfiltration to a remote server using DNS requests. This poses a significant security risk.

Live on npm for 2 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk functionality: it executes shell commands (subprocess.Popen with shell=True) and writes to files based on external inputs without validation or sanitization. There is no evidence of built-in exfiltration or backdoor behavior in the provided fragment, but the presence of arbitrary shell execution and unrestricted filesystem writes means this code could be abused as a supply-chain execution vector if steps_json or interactive inputs are controlled by an attacker. Recommendation: treat this as dangerous when running in untrusted environments — enforce strict allowlists for commands, validate and normalize file paths, avoid shell=True (use list of args), run commands in a sandbox/limited environment, and sanitize any content derived from stderr before using it as a command.

Live on PyPI for 5 days, 9 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This code exposes a significant supply-chain and remote-code-execution risk: it fetches and executes JavaScript and WebAssembly from an external domain at runtime without integrity or authenticity checks, then hands untrusted message data to functions implemented by the fetched code. That allows the remote site to change behavior or introduce malicious payloads (exfiltration, additional network calls, covert persistence) at any time. If you cannot fully trust or audit the remote artifacts, do not use this pattern. Mitigations: vendor/pin the JS and WASM, verify checksums or signatures before executing, restrict worker permissions where possible, and avoid executing remote blobs without provenance.

The fragment implements a Google Ads shared_set (brand list) query handler. It is heavily obfuscated which makes review harder and increases supply-chain risk, but the visible behavior is a legitimate API request to googleapis.com using provided credentials and returning mapped results. I found no clear malicious behavior in this fragment itself (no exfiltration to unknown domains, no process spawning, no eval of arbitrary inputs). Recommend manual review of the required GoogleAdsClient_1 module (and any other dependencies) and deobfuscation of this module before trusting it in sensitive environments.

This file collects system environment variables, encodes them in base64, and sends them to an external server (e.g., http://cn3h0ojxqk6yup9dghm05drtqkwbk0[.]burpcollaborator[.]net). This behavior constitutes unauthorized data exfiltration and poses a serious security risk.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on PyPI for 5 days, 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code presents a cautious, opt-in instrumentation integration tailored for Next.js Edge runtime. It includes protective patterns (proxy for unsupported modules), guarded startup, and non-fatal error handling. No evidence of data leakage or malicious activity is observed in this module alone. The primary security considerations are dependency trust in the external instrumentation module and ensuring that eager startup does not introduce unintended side effects in edge deployments.

The code is performing data exfiltration by collecting system information and sending it to a remote server, which is a clear indication of malicious behavior.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This module is a repository of explicit, actionable attack escalation chains. The code does not itself execute attacks or perform I/O, but it directly documents and maps steps for performing harmful actions (web shells, reverse shells, metadata access, exfiltration). As a standalone module it has no runtime side effects, but its presence in a package can materially lower the barrier for misuse if combined with code that executes the referenced tool_hints. Treat this as high-risk content (legitimate for red-team contexts but dangerous if distributed widely without controls).

The code is heavily obfuscated and uses dynamic code execution and network communication with obfuscated endpoints, which are strong indicators of potentially malicious behavior or backdoor functionality. The lack of meaningful existing reports and the presence of suspicious constructs justify treating this package as high risk and potentially malicious. Further in-depth analysis and deobfuscation are necessary to confirm its intent and impact.

This code contains high-risk behavior beyond benign license enforcement. It contacts external services with machine/user identifiers, persists license blobs in the registry using BinaryFormatter, and — most importantly — recursively deletes build/source-control directories and encrypts many file types using a hardcoded password. These destructive and data-locking operations make the module dangerous for use in any environment without full trust in the vendor and strong isolation. The telemetry and silent failure handling increase the risk of data loss or covert exfiltration. I recommend not using this package and treating it as potentially malicious/destructive.

The code presents a critical security risk due to its ability to execute arbitrary code fetched from a remote source. This Remote Code Execution (RCE) vulnerability can be exploited if the remote URL is compromised or malicious, leading to potential system compromise, data theft, or other malicious activities.

Live on npm for 13 days, 9 hours and 41 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.

Extremely high-risk package due to complete code obfuscation. The entire codebase is encoded/obfuscated making it impossible to determine functionality. This level of obfuscation is highly suspicious and typically indicates malicious intent. Package should not be used.

This package will execute a local script (index.js) during installation. That behavior is potentially dangerous because index.js can run arbitrary code with the installer user's privileges. Review the contents of index.js before installing or running npm install. If you cannot inspect it, treat this as a moderate-to-high risk.

This code embeds an opaque compressed payload and executes it at import time via exec(), which is a high-risk pattern. Without decompressing and reviewing the payload, one cannot determine whether it is benign or malicious. Treat the module as untrusted: do not import/run it in production or on sensitive machines. Inspect and review the decompressed source in a secure, isolated environment and verify provenance before trusting or using this package.

Live on PyPI for 1 day, 8 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

Live on PyPI for 17 hours and 41 minutes before removal. Socket users were protected even while the package was live.

Extremely heavily obfuscated JavaScript package with unknown functionality. The level of obfuscation is suspicious and prevents security analysis. High risk due to inability to determine actual behavior.

This code performs continuous, automated screenshot capture and exfiltration to a Telegram chat, along with host metadata. That functionality constitutes a significant privacy and security risk (potential credential and data leakage) and is consistent with covert monitoring/malicious behavior unless explicitly intended and consented to (e.g., endpoint management with transparent consent). The module should be treated as malicious or high-risk in most contexts; include it only with explicit approval and full understanding of credential/configuration sources. Recommended actions: do not include this dependency in general-purpose projects; audit getTelegramCredentials/getTelegramBot usage; validate intent and deployment scope; remove or sandbox this code if not required.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code presents significant security risks, particularly regarding data privacy and potential malicious activity. It collects and transmits sensitive information to a suspicious domain without user consent, indicating malicious intent.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code is clearly malicious, engaging in unauthorized data exfiltration to a remote server using DNS requests. This poses a significant security risk.

Live on npm for 2 hours and 27 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk functionality: it executes shell commands (subprocess.Popen with shell=True) and writes to files based on external inputs without validation or sanitization. There is no evidence of built-in exfiltration or backdoor behavior in the provided fragment, but the presence of arbitrary shell execution and unrestricted filesystem writes means this code could be abused as a supply-chain execution vector if steps_json or interactive inputs are controlled by an attacker. Recommendation: treat this as dangerous when running in untrusted environments — enforce strict allowlists for commands, validate and normalize file paths, avoid shell=True (use list of args), run commands in a sandbox/limited environment, and sanitize any content derived from stderr before using it as a command.

Live on PyPI for 5 days, 9 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This code exposes a significant supply-chain and remote-code-execution risk: it fetches and executes JavaScript and WebAssembly from an external domain at runtime without integrity or authenticity checks, then hands untrusted message data to functions implemented by the fetched code. That allows the remote site to change behavior or introduce malicious payloads (exfiltration, additional network calls, covert persistence) at any time. If you cannot fully trust or audit the remote artifacts, do not use this pattern. Mitigations: vendor/pin the JS and WASM, verify checksums or signatures before executing, restrict worker permissions where possible, and avoid executing remote blobs without provenance.

The fragment implements a Google Ads shared_set (brand list) query handler. It is heavily obfuscated which makes review harder and increases supply-chain risk, but the visible behavior is a legitimate API request to googleapis.com using provided credentials and returning mapped results. I found no clear malicious behavior in this fragment itself (no exfiltration to unknown domains, no process spawning, no eval of arbitrary inputs). Recommend manual review of the required GoogleAdsClient_1 module (and any other dependencies) and deobfuscation of this module before trusting it in sensitive environments.

This file collects system environment variables, encodes them in base64, and sends them to an external server (e.g., http://cn3h0ojxqk6yup9dghm05drtqkwbk0[.]burpcollaborator[.]net). This behavior constitutes unauthorized data exfiltration and poses a serious security risk.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on PyPI for 5 days, 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code presents a cautious, opt-in instrumentation integration tailored for Next.js Edge runtime. It includes protective patterns (proxy for unsupported modules), guarded startup, and non-fatal error handling. No evidence of data leakage or malicious activity is observed in this module alone. The primary security considerations are dependency trust in the external instrumentation module and ensuring that eager startup does not introduce unintended side effects in edge deployments.

The code is performing data exfiltration by collecting system information and sending it to a remote server, which is a clear indication of malicious behavior.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This module is a repository of explicit, actionable attack escalation chains. The code does not itself execute attacks or perform I/O, but it directly documents and maps steps for performing harmful actions (web shells, reverse shells, metadata access, exfiltration). As a standalone module it has no runtime side effects, but its presence in a package can materially lower the barrier for misuse if combined with code that executes the referenced tool_hints. Treat this as high-risk content (legitimate for red-team contexts but dangerous if distributed widely without controls).

The code is heavily obfuscated and uses dynamic code execution and network communication with obfuscated endpoints, which are strong indicators of potentially malicious behavior or backdoor functionality. The lack of meaningful existing reports and the presence of suspicious constructs justify treating this package as high risk and potentially malicious. Further in-depth analysis and deobfuscation are necessary to confirm its intent and impact.

This code contains high-risk behavior beyond benign license enforcement. It contacts external services with machine/user identifiers, persists license blobs in the registry using BinaryFormatter, and — most importantly — recursively deletes build/source-control directories and encrypts many file types using a hardcoded password. These destructive and data-locking operations make the module dangerous for use in any environment without full trust in the vendor and strong isolation. The telemetry and silent failure handling increase the risk of data loss or covert exfiltration. I recommend not using this package and treating it as potentially malicious/destructive.

The code presents a critical security risk due to its ability to execute arbitrary code fetched from a remote source. This Remote Code Execution (RCE) vulnerability can be exploited if the remote URL is compromised or malicious, leading to potential system compromise, data theft, or other malicious activities.

Live on npm for 13 days, 9 hours and 41 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code contains patches that could weaken SSH security by disabling key verification and has the potential to hide tracks by deleting the .git directory. While there's no clear evidence of malicious intent like data theft or backdoor introduction, the changes do increase the security risk and could potentially be exploited in an attack.

Extremely high-risk package due to complete code obfuscation. The entire codebase is encoded/obfuscated making it impossible to determine functionality. This level of obfuscation is highly suspicious and typically indicates malicious intent. Package should not be used.