Secure your dependencies. Ship with confidence.

This module implements a runtime activation mechanism that decrypts and exec()s a bundled encrypted Python payload unlocked by an environment-supplied Fernet key. That allows execution of arbitrary, hidden code and conceals behavior from static review. Absent provenance and inspection of the decrypted payload, treat this as high-risk: do not install or run in sensitive environments until the encrypted payload is inspected and the activation key's origin/purpose is verified. If the package is expected to be open-source, this design is suspicious and warrants removal or replacement. If used for legitimate licensing, replace with a verifiable signature approach and avoid exec of opaque code.

This module itself does not contain obvious obfuscated malware (no encoded payloads, hardcoded secrets, network exfiltration code). However it provides powerful primitives (subprocess with shell=True, ability to change directories, write files and open OS terminals) that allow arbitrary code execution and file modification when given untrusted inputs (steps_json, user inputs, or compromised upstream agents). Therefore the package is high-risk in supply-chain contexts: if an upstream component or dependency is malicious, this code can be used to execute arbitrary commands on the host. Use only with trusted inputs and add sanitization and restrictions before use.

Live on pypi for 5 days, 6 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This file implements a DNS-based command-and-control client (implant) that encrypts and tunnels protobuf 'Envelope' messages over DNS queries and responses. It performs key exchange, fingerprinting of resolvers, and supports operator-controlled resolver configuration. In a software supply chain context, inclusion of this module would be highly suspicious/malicious because it establishes an encrypted covert channel to an operator-controlled server and can be used for data exfiltration and remote command execution. Do not include this package in benign applications; treat it as a high-risk malicious component.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

The mesh orchestration fragment is a well-structured, high-level specification of a plan-driven streaming orchestrator with defined gates and roles. It plausibly describes legitimate orchestration workflows and preflight safeguards. The primary security concern is supply-chain risk from external build/install sources (Zig, Homebrew taps, Git repos) and the lack of explicit pinning or signature verification in the fragment. No explicit credentials, data exfiltration patterns, or malware indicators are present within the provided material. Treat as BENIGN with MODERATE supply-chain risk requiring secure build practices, verified releases, and pinned dependencies in any real deployment.

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

This assembly contains a highly obfuscated loader/packer that reads encrypted embedded resources, performs cryptographic verification, decrypts payloads using a hard-coded symmetric key/IV, allocates unmanaged memory, writes payload bytes and invokes them (in-memory native execution). It also exposes functions to open other processes and write to their memory — capabilities consistent with code injection, process injection, and runtime method patching. The combination of obfuscation, embedded cryptographic keys, P/Invoke to sensitive kernel32 APIs, and runtime manipulation is a strong indicator of malicious or at least surreptitious behavior (loader/backdoor/packer). I recommend not using this package and treating it as malicious until proven otherwise; further dynamic analysis in an isolated environment would be required to extract the exact payload and intent.

This module is a credential harvesting / account extraction tool for Facebook. It automates login attempts (web/mobile/graph) and extracts sensitive account data (access tokens, cookies, account IDs, linked apps, contacts, birthday) and returns plaintext credentials/cookies in its outputs. While it does not directly exfiltrate data to a third-party domain, it is explicitly designed to collect and expose sensitive authentication material and account information that an attacker could misuse. It should not be used in production or included as a dependency in trusted projects.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits high-risk admin tooling characteristics with privileged system operations, active VPN configuration management, and remote hub synchronization that can lead to data exfiltration or unauthorized control if the remote payloads are compromised. The VACUUM_SQL issue and dynamic method invocation via getattr are notable risk factors. Recommended mitigations include: eliminating free-form remote control paths, validating all inputs, insulating Celery tasks with strict authentication/authorization, replacing bare except blocks with targeted exception handling, separating privileged actions from application logic, and adding robust auditing/logging to detect misuse. Given these concerns, treat the package as high-risk until hardened.

Live on pypi for 5 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code contains a significant security risk in the superSignKey function, which modifies the SSH authorized_keys file and could allow unauthorized access. This function should be reviewed and restricted to prevent misuse. Other functions appear secure in isolation, but overall risk is elevated due to the potential for misuse.

Live on npm for 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This setup.py contains a deliberate install-time data-exfiltration backdoor: it reads a likely-sensitive file at /flag.txt and posts its contents to a hardcoded external webhook during installation. The behavior is malicious and constitutes a supply-chain compromise. The package should not be installed; treat any installations as compromised and investigate/mitigate accordingly.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

The code is a dynamic gadget renderer that heavily relies on untrusted, runtime-supplied code (escapedCode) to define the Gadget component. It uses Babel and new Function to execute code received at runtime, which is a high-risk pattern for remote code execution. While this may be by design for hot-module replacement in a gadget environment, it presents clear security concerns: potential arbitrary code execution, data leakage through postMessage channels, and reliance on third-party CDNs. Recommendations include: implement strict origin checks, sandbox the dynamic code (e.g., via a dedicated worker or iframe with a sandbox attribute), validate and rate-limit gifted code, avoid executing unknown code with Function, and remove or harden reliance on third-party CDNs or verify integrity via Subresource Integrity (SRI). Improve error handling to avoid leaking sensitive state, and consider implementing a formal permission model for gadget actions and data access.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The presence of an exec call executing an external binary is highly suspicious and poses a significant security risk. This behavior is not typical for a library handling number calculations and could potentially be malicious.

Live on npm for 7 days, 17 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The code is malicious as it sends system information to an external domain without user consent. This represents a significant security risk due to unauthorized data exfiltration.

This module implements a runtime activation mechanism that decrypts and exec()s a bundled encrypted Python payload unlocked by an environment-supplied Fernet key. That allows execution of arbitrary, hidden code and conceals behavior from static review. Absent provenance and inspection of the decrypted payload, treat this as high-risk: do not install or run in sensitive environments until the encrypted payload is inspected and the activation key's origin/purpose is verified. If the package is expected to be open-source, this design is suspicious and warrants removal or replacement. If used for legitimate licensing, replace with a verifiable signature approach and avoid exec of opaque code.

This module itself does not contain obvious obfuscated malware (no encoded payloads, hardcoded secrets, network exfiltration code). However it provides powerful primitives (subprocess with shell=True, ability to change directories, write files and open OS terminals) that allow arbitrary code execution and file modification when given untrusted inputs (steps_json, user inputs, or compromised upstream agents). Therefore the package is high-risk in supply-chain contexts: if an upstream component or dependency is malicious, this code can be used to execute arbitrary commands on the host. Use only with trusted inputs and add sanitization and restrictions before use.

Live on pypi for 5 days, 6 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This file implements a DNS-based command-and-control client (implant) that encrypts and tunnels protobuf 'Envelope' messages over DNS queries and responses. It performs key exchange, fingerprinting of resolvers, and supports operator-controlled resolver configuration. In a software supply chain context, inclusion of this module would be highly suspicious/malicious because it establishes an encrypted covert channel to an operator-controlled server and can be used for data exfiltration and remote command execution. Do not include this package in benign applications; treat it as a high-risk malicious component.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

The mesh orchestration fragment is a well-structured, high-level specification of a plan-driven streaming orchestrator with defined gates and roles. It plausibly describes legitimate orchestration workflows and preflight safeguards. The primary security concern is supply-chain risk from external build/install sources (Zig, Homebrew taps, Git repos) and the lack of explicit pinning or signature verification in the fragment. No explicit credentials, data exfiltration patterns, or malware indicators are present within the provided material. Treat as BENIGN with MODERATE supply-chain risk requiring secure build practices, verified releases, and pinned dependencies in any real deployment.

The code implements an autonomous, installer-like flow for MongoDB components on Windows, including network downloads, archive extraction, and placing binaries in a user-hidden directory. This behavior presents significant security and supply-chain risks due to lack of user consent, absence of integrity checks, and potential persistence. It should be reviewed for necessity, replaced with explicit user prompts and verifiable integrity checks (digests/signatures), and ideally moved to a clearly trusted installer process rather than a library-like module.

This assembly contains a highly obfuscated loader/packer that reads encrypted embedded resources, performs cryptographic verification, decrypts payloads using a hard-coded symmetric key/IV, allocates unmanaged memory, writes payload bytes and invokes them (in-memory native execution). It also exposes functions to open other processes and write to their memory — capabilities consistent with code injection, process injection, and runtime method patching. The combination of obfuscation, embedded cryptographic keys, P/Invoke to sensitive kernel32 APIs, and runtime manipulation is a strong indicator of malicious or at least surreptitious behavior (loader/backdoor/packer). I recommend not using this package and treating it as malicious until proven otherwise; further dynamic analysis in an isolated environment would be required to extract the exact payload and intent.

This module is a credential harvesting / account extraction tool for Facebook. It automates login attempts (web/mobile/graph) and extracts sensitive account data (access tokens, cookies, account IDs, linked apps, contacts, birthday) and returns plaintext credentials/cookies in its outputs. While it does not directly exfiltrate data to a third-party domain, it is explicitly designed to collect and expose sensitive authentication material and account information that an attacker could misuse. It should not be used in production or included as a dependency in trusted projects.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits high-risk admin tooling characteristics with privileged system operations, active VPN configuration management, and remote hub synchronization that can lead to data exfiltration or unauthorized control if the remote payloads are compromised. The VACUUM_SQL issue and dynamic method invocation via getattr are notable risk factors. Recommended mitigations include: eliminating free-form remote control paths, validating all inputs, insulating Celery tasks with strict authentication/authorization, replacing bare except blocks with targeted exception handling, separating privileged actions from application logic, and adding robust auditing/logging to detect misuse. Given these concerns, treat the package as high-risk until hardened.

Live on pypi for 5 hours and 6 minutes before removal. Socket users were protected even while the package was live.

The code contains a significant security risk in the superSignKey function, which modifies the SSH authorized_keys file and could allow unauthorized access. This function should be reviewed and restricted to prevent misuse. Other functions appear secure in isolation, but overall risk is elevated due to the potential for misuse.

Live on npm for 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This setup.py contains a deliberate install-time data-exfiltration backdoor: it reads a likely-sensitive file at /flag.txt and posts its contents to a hardcoded external webhook during installation. The behavior is malicious and constitutes a supply-chain compromise. The package should not be installed; treat any installations as compromised and investigate/mitigate accordingly.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

The code is a dynamic gadget renderer that heavily relies on untrusted, runtime-supplied code (escapedCode) to define the Gadget component. It uses Babel and new Function to execute code received at runtime, which is a high-risk pattern for remote code execution. While this may be by design for hot-module replacement in a gadget environment, it presents clear security concerns: potential arbitrary code execution, data leakage through postMessage channels, and reliance on third-party CDNs. Recommendations include: implement strict origin checks, sandbox the dynamic code (e.g., via a dedicated worker or iframe with a sandbox attribute), validate and rate-limit gifted code, avoid executing unknown code with Function, and remove or harden reliance on third-party CDNs or verify integrity via Subresource Integrity (SRI). Improve error handling to avoid leaking sensitive state, and consider implementing a formal permission model for gadget actions and data access.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The presence of an exec call executing an external binary is highly suspicious and poses a significant security risk. This behavior is not typical for a library handling number calculations and could potentially be malicious.

Live on npm for 7 days, 17 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The code is malicious as it sends system information to an external domain without user consent. This represents a significant security risk due to unauthorized data exfiltration.