Secure your dependencies. Ship with confidence.

This module provides a high-risk browser-side script execution primitive. It accepts message-driven input containing JavaScript code and executes it directly using eval() (both for an eval and exec command path). It then forwards execution results and console output back to an external host callback, creating an obvious data-return/exfil channel. The optional Worker messaging path further extends the execution surface. From a supply-chain security standpoint, this behavior is consistent with an eval/exec “runner” and should only be used with strict trust boundaries and strong access controls; otherwise it represents a severe security risk.

This dependency is highly likely malicious: it forges DKIM-Signature headers and associated spoofing artifacts (including exploit-labeled X-* headers), selects attack modes using DMARC-related DNS TXT lookups, and includes an exploitation path that explicitly uses deprecated RSA-SHA1. It also performs local file reads for hybrid attack setup and uses significant obfuscation. Treat as a high security risk supply-chain compromise or deliberate malware/sabotage tooling.

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

Overall assessment: high supply-chain risk. This fragment combines (1) WebSocket-based control plumbing, (2) host-level orchestration via child_process and process/file manipulation, and (3) a very large embedded client payload that performs DOM injection and synthetic user-input/control actions, with patterns consistent with sensitive input/clipboard handling. Even if intended for testing/simulation, the integrated capability profile is highly abusable, audit-unfriendly, and warrants strong scrutiny (e.g., sandboxing, dependency provenance review, and runtime behavior monitoring) before trust.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This module contains explicit, high-severity execution primitives: it can execute attacker-influenced JavaScript via `new Function` from configuration (`hook.handler`) and execute arbitrary OS shell commands via `child_process.exec/exec2` from configuration and generic command inputs (`hook.command` and `executeShellTask`). Safety/risk-analysis helpers exist but are not enforced on the execution paths shown, making these sinks effectively unmitigated. Treat this dependency as extremely dangerous unless hook definitions and command strings are strictly trusted, immutable, and access-controlled at runtime.

This wrapper primarily orchestrates a conditional execution of a bundled deploy runner while passing through an API key and other configuration via argv and inheriting the environment. The most significant supply-chain security concern is that it unconditionally imports a bundled module named keystroke.mjs for side effects, which is highly consistent with keylogging/input surveillance or other privacy-invasive behavior. The fragment also increases credential exposure by passing --api-key via command-line arguments to a child process. Without inspecting ../dist/keystroke.mjs (and its dependency tree), malicious intent cannot be proven, but the risk level is high and warrants immediate review/quarantine of the package artifact.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

The file implements a restricted remote execution/backdoor interface over Telegram for specific hardcoded owner accounts. It provides two critical capabilities: unrestricted in-process Python execution (via AST parsing and exec) and unrestricted OS shell execution (via subprocess). It returns command outputs and code execution results, including tracebacks, directly to the Telegram chat, facilitating data exfiltration and host compromise. This constitutes intentional malicious behavior allowing arbitrary code and command execution.

This code is a high-confidence malicious data-stealing and exfiltration routine. It harvests sensitive runtime/cloud-related environment variables from the current process and other processes by reading `/proc/*/environ` (including PID 1), persists the collected payload locally, and exfiltrates it via an unconditional HTTPS POST to a hardcoded external endpoint. The inclusion of credential-like material (AWS_ACCESS_KEY_ID, albeit truncated) and cross-process environment scraping make it especially indicative of credential/metadata theft.

High suspicion of malicious or sabotaging behavior due to the module’s combination of: local CDP/devtools control, OS command execution capability, filesystem deletion, and a very large embedded browser-side payload that includes dynamic execution/eval-like gadget patterns and extensive event/DOM manipulation. This is not consistent with a simple, safe library; it warrants urgent review and containment (pinning version, isolating runtime, and inspecting full source for network exfiltration and process spawning usage).

The file implements a restricted remote execution/backdoor interface over Telegram for specific hardcoded owner accounts. It provides two critical capabilities: unrestricted in-process Python execution (via AST parsing and exec) and unrestricted OS shell execution (via subprocess). It returns command outputs and code execution results, including tracebacks, directly to the Telegram chat, facilitating data exfiltration and host compromise. This constitutes intentional malicious behavior allowing arbitrary code and command execution.

This module is highly likely malicious. It is designed to generate deceptive OAuth-approval/request lure emails for Google/Microsoft and send them at scale to attacker-specified recipients via nodemailer/SMTP using configuration-derived (and fallback) credentials. The obfuscation and spoofed header/body construction strongly indicate phishing/social-engineering tooling rather than legitimate OAuth functionality.

This module is strongly consistent with a malicious runtime-abuse/exfiltration payload. It stealthily discovers the AWS Lambda Runtime API by scanning /proc/<pid>/environ for AWS_LAMBDA_RUNTIME_API, repeatedly requests the next invocation payload from /runtime/invocation/next, parses the returned event content and metadata, and exfiltrates sensitive information (status, headers, and a body slice) to a hardcoded external HTTPS endpoint. The hardcoded accountSid conditional further supports intentional targeting/selection. The behavior is not characteristic of legitimate libraries.

High-severity supply-chain risk: the module includes a remote SVG/DOM injection component that can execute embedded <script> contents from fetched SVGs via new Function(scriptText)(window) when evalScripts policy permits, creating an arbitrary code execution vector in the browser. It also performs unsafe innerHTML insertion for SVG <desc>/<title> and mutates the DOM with fetched content. The AI streaming/schema logic appears largely validation-focused but increases overall impact by propagating untrusted remote text into application outputs and errors.

The file implements a restricted remote execution/backdoor interface over Telegram for specific hardcoded owner accounts. It provides two critical capabilities: unrestricted in-process Python execution (via AST parsing and exec) and unrestricted OS shell execution (via subprocess). It returns command outputs and code execution results, including tracebacks, directly to the Telegram chat, facilitating data exfiltration and host compromise. This constitutes intentional malicious behavior allowing arbitrary code and command execution.

This module is highly consistent with intentional malicious behavior: it runs a DNS exfiltration/covert-channel server that reconstructs base64-url-encoded binary payloads from DNS query labels and writes the reconstructed data to local files, using output paths derived from decoded attacker-controlled content. There is no authentication, no input validation to constrain file paths, and the service is designed to remain operational indefinitely while replying with DNS answers to sustain the channel. Treat as dangerous and avoid use in production environments.

This code is a strong remote code execution/supply-chain backdoor pattern. It fetches externally controlled data, extracts a length-framed JavaScript payload, and executes it via new Function with direct access to require and module/exports, then exports the resulting module.exports. Regardless of intent (devnet/demo vs. real abuse), the mechanism is unsafe and should not be trusted in any production or automated environment.

This package runs a local script at install time. That by itself is a high-risk pattern: index.js could perform telemetry, data exfiltration, spawn shells, or otherwise compromise the host. You should treat this as suspicious until you inspect index.js and verify it only performs safe, intended setup actions. If you cannot review the file, avoid installing in sensitive environments or install inside an isolated sandbox.

This module is primarily a cloud-service CLI wrapper that performs authenticated TRTC API calls and optional waiter-based polling, but it contains a critical security anomaly: it uses eval() to parse the waiter parameter in parse_global_arg. If an attacker can influence the waiter input (via CLI arguments or config), this becomes an in-process arbitrary code execution vector, making the package high-risk from a supply-chain/security standpoint even though no overt malware (e.g., reverse shell, persistence, or direct exfiltration) is visible in the provided fragment.

This module contains a highly suspicious, targeted backdoor-style loader: it decrypts hardcoded embedded ciphertext using an AES key derived from environment metadata and executes the decrypted result with eval. Activation is gated on specific npm package names, and errors are silently swallowed. The FlatMap stream portion is likely incidental/legitimate, but the decrypt-and-eval mechanism makes the overall module unsafe to use.

This module is high risk for supply-chain attacks because it exposes a legacy checkpoint loader that deserializes untrusted bytes with pickle.loads (arbitrary code execution capable). It also includes an explicit malicious demo payload using __reduce__ and demonstrates loading it through the unsafe path. Integrity verification is not enforced for unpinned model_name values (hash checking is skipped), making acceptance of malicious or untrusted checkpoints more feasible—especially when combined with remote registry fetching. Avoid using the legacy loader and remove/disable the demo; enforce strict, signed hash verification for all model identifiers.

This module is a high-confidence cookie/session harvesting component. It discovers local browser profiles, extracts and decrypts authentication cookies by retrieving OS secrets and using DPAPI/Chrome master-key decryption, then returns plaintext cookies and can format them into a Cookie header for reuse. This behavior strongly indicates malicious intent (session hijacking/credential theft) unless the broader application explicitly provides strong, user-consented and legitimate purposes.

This code strongly exhibits backdoor-style behavior: it discovers the Lambda Runtime API by scraping /proc environment variables, directly pulls the next invocation payload/metadata via /runtime/invocation/next, extracts identifiers (accountSid/requestId) and captures response headers and partial body content, then exfiltrates that information to a hardcoded external HTTPS endpoint. The presence of hardcoded exfiltration infrastructure, Lambda runtime API abuse, and /proc environment scraping indicate malicious intent rather than legitimate supply-chain functionality.

This module is highly obfuscated and primarily generates/validates configuration for a messaging/transport engine with explicit red-team/evasion and tracking/spoofing-like options (e.g., DKIM spoofing, html/header randomization, dynamic URL generation, favicon tracking, evasion/fingerprint mimicry). No direct malicious actions (network/fs/exec) are visible in the fragment, but the intent and operational toggles strongly suggest the package is designed to enable deceptive or bypass-oriented automated messaging. Treat as a high supply-chain risk component and audit the downstream code that consumes this configuration to confirm whether it performs abusive sending, tracking, or spoofing.

This module is a high-risk exploitation-capable “discovery harness” dependency: it defines and executes concrete exploit-style payloads for multiple critical vulnerability classes, repeatedly triggers outbound HTTP/URL callbacks to a hardcoded external canary domain, and uses persistence-like sensitive path indicators for oracle matching. While the design appears sandbox-oriented, the embedded payloads are inherently dangerous, and security depends critically on strong, correctly configured sandbox isolation and egress controls not shown in this fragment.

This module provides a high-risk browser-side script execution primitive. It accepts message-driven input containing JavaScript code and executes it directly using eval() (both for an eval and exec command path). It then forwards execution results and console output back to an external host callback, creating an obvious data-return/exfil channel. The optional Worker messaging path further extends the execution surface. From a supply-chain security standpoint, this behavior is consistent with an eval/exec “runner” and should only be used with strict trust boundaries and strong access controls; otherwise it represents a severe security risk.

This dependency is highly likely malicious: it forges DKIM-Signature headers and associated spoofing artifacts (including exploit-labeled X-* headers), selects attack modes using DMARC-related DNS TXT lookups, and includes an exploitation path that explicitly uses deprecated RSA-SHA1. It also performs local file reads for hybrid attack setup and uses significant obfuscation. Treat as a high security risk supply-chain compromise or deliberate malware/sabotage tooling.

This module is a security-sensitive distributed control/coordination component that can execute DevDuck agent logic based directly on untrusted UDP multicast “command” text, then streams and returns results/errors over the network. There is no authentication, authorization, or command allowlisting in this module, and it also prints untrusted streamed output to stdout. In hostile or multi-tenant network environments, it should be considered a high-risk remote-trigger capability and reviewed/segmented with strong access controls (e.g., authenticated transport, peer allowlisting, and strict command validation).

Overall assessment: high supply-chain risk. This fragment combines (1) WebSocket-based control plumbing, (2) host-level orchestration via child_process and process/file manipulation, and (3) a very large embedded client payload that performs DOM injection and synthetic user-input/control actions, with patterns consistent with sensitive input/clipboard handling. Even if intended for testing/simulation, the integrated capability profile is highly abusable, audit-unfriendly, and warrants strong scrutiny (e.g., sandboxing, dependency provenance review, and runtime behavior monitoring) before trust.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This module contains explicit, high-severity execution primitives: it can execute attacker-influenced JavaScript via `new Function` from configuration (`hook.handler`) and execute arbitrary OS shell commands via `child_process.exec/exec2` from configuration and generic command inputs (`hook.command` and `executeShellTask`). Safety/risk-analysis helpers exist but are not enforced on the execution paths shown, making these sinks effectively unmitigated. Treat this dependency as extremely dangerous unless hook definitions and command strings are strictly trusted, immutable, and access-controlled at runtime.

This wrapper primarily orchestrates a conditional execution of a bundled deploy runner while passing through an API key and other configuration via argv and inheriting the environment. The most significant supply-chain security concern is that it unconditionally imports a bundled module named keystroke.mjs for side effects, which is highly consistent with keylogging/input surveillance or other privacy-invasive behavior. The fragment also increases credential exposure by passing --api-key via command-line arguments to a child process. Without inspecting ../dist/keystroke.mjs (and its dependency tree), malicious intent cannot be proven, but the risk level is high and warrants immediate review/quarantine of the package artifact.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

The file implements a restricted remote execution/backdoor interface over Telegram for specific hardcoded owner accounts. It provides two critical capabilities: unrestricted in-process Python execution (via AST parsing and exec) and unrestricted OS shell execution (via subprocess). It returns command outputs and code execution results, including tracebacks, directly to the Telegram chat, facilitating data exfiltration and host compromise. This constitutes intentional malicious behavior allowing arbitrary code and command execution.

This code is a high-confidence malicious data-stealing and exfiltration routine. It harvests sensitive runtime/cloud-related environment variables from the current process and other processes by reading `/proc/*/environ` (including PID 1), persists the collected payload locally, and exfiltrates it via an unconditional HTTPS POST to a hardcoded external endpoint. The inclusion of credential-like material (AWS_ACCESS_KEY_ID, albeit truncated) and cross-process environment scraping make it especially indicative of credential/metadata theft.

High suspicion of malicious or sabotaging behavior due to the module’s combination of: local CDP/devtools control, OS command execution capability, filesystem deletion, and a very large embedded browser-side payload that includes dynamic execution/eval-like gadget patterns and extensive event/DOM manipulation. This is not consistent with a simple, safe library; it warrants urgent review and containment (pinning version, isolating runtime, and inspecting full source for network exfiltration and process spawning usage).

The file implements a restricted remote execution/backdoor interface over Telegram for specific hardcoded owner accounts. It provides two critical capabilities: unrestricted in-process Python execution (via AST parsing and exec) and unrestricted OS shell execution (via subprocess). It returns command outputs and code execution results, including tracebacks, directly to the Telegram chat, facilitating data exfiltration and host compromise. This constitutes intentional malicious behavior allowing arbitrary code and command execution.

This module is highly likely malicious. It is designed to generate deceptive OAuth-approval/request lure emails for Google/Microsoft and send them at scale to attacker-specified recipients via nodemailer/SMTP using configuration-derived (and fallback) credentials. The obfuscation and spoofed header/body construction strongly indicate phishing/social-engineering tooling rather than legitimate OAuth functionality.

This module is strongly consistent with a malicious runtime-abuse/exfiltration payload. It stealthily discovers the AWS Lambda Runtime API by scanning /proc/<pid>/environ for AWS_LAMBDA_RUNTIME_API, repeatedly requests the next invocation payload from /runtime/invocation/next, parses the returned event content and metadata, and exfiltrates sensitive information (status, headers, and a body slice) to a hardcoded external HTTPS endpoint. The hardcoded accountSid conditional further supports intentional targeting/selection. The behavior is not characteristic of legitimate libraries.

High-severity supply-chain risk: the module includes a remote SVG/DOM injection component that can execute embedded <script> contents from fetched SVGs via new Function(scriptText)(window) when evalScripts policy permits, creating an arbitrary code execution vector in the browser. It also performs unsafe innerHTML insertion for SVG <desc>/<title> and mutates the DOM with fetched content. The AI streaming/schema logic appears largely validation-focused but increases overall impact by propagating untrusted remote text into application outputs and errors.

The file implements a restricted remote execution/backdoor interface over Telegram for specific hardcoded owner accounts. It provides two critical capabilities: unrestricted in-process Python execution (via AST parsing and exec) and unrestricted OS shell execution (via subprocess). It returns command outputs and code execution results, including tracebacks, directly to the Telegram chat, facilitating data exfiltration and host compromise. This constitutes intentional malicious behavior allowing arbitrary code and command execution.

This module is highly consistent with intentional malicious behavior: it runs a DNS exfiltration/covert-channel server that reconstructs base64-url-encoded binary payloads from DNS query labels and writes the reconstructed data to local files, using output paths derived from decoded attacker-controlled content. There is no authentication, no input validation to constrain file paths, and the service is designed to remain operational indefinitely while replying with DNS answers to sustain the channel. Treat as dangerous and avoid use in production environments.

This code is a strong remote code execution/supply-chain backdoor pattern. It fetches externally controlled data, extracts a length-framed JavaScript payload, and executes it via new Function with direct access to require and module/exports, then exports the resulting module.exports. Regardless of intent (devnet/demo vs. real abuse), the mechanism is unsafe and should not be trusted in any production or automated environment.

This package runs a local script at install time. That by itself is a high-risk pattern: index.js could perform telemetry, data exfiltration, spawn shells, or otherwise compromise the host. You should treat this as suspicious until you inspect index.js and verify it only performs safe, intended setup actions. If you cannot review the file, avoid installing in sensitive environments or install inside an isolated sandbox.

This module is primarily a cloud-service CLI wrapper that performs authenticated TRTC API calls and optional waiter-based polling, but it contains a critical security anomaly: it uses eval() to parse the waiter parameter in parse_global_arg. If an attacker can influence the waiter input (via CLI arguments or config), this becomes an in-process arbitrary code execution vector, making the package high-risk from a supply-chain/security standpoint even though no overt malware (e.g., reverse shell, persistence, or direct exfiltration) is visible in the provided fragment.

This module contains a highly suspicious, targeted backdoor-style loader: it decrypts hardcoded embedded ciphertext using an AES key derived from environment metadata and executes the decrypted result with eval. Activation is gated on specific npm package names, and errors are silently swallowed. The FlatMap stream portion is likely incidental/legitimate, but the decrypt-and-eval mechanism makes the overall module unsafe to use.

This module is high risk for supply-chain attacks because it exposes a legacy checkpoint loader that deserializes untrusted bytes with pickle.loads (arbitrary code execution capable). It also includes an explicit malicious demo payload using __reduce__ and demonstrates loading it through the unsafe path. Integrity verification is not enforced for unpinned model_name values (hash checking is skipped), making acceptance of malicious or untrusted checkpoints more feasible—especially when combined with remote registry fetching. Avoid using the legacy loader and remove/disable the demo; enforce strict, signed hash verification for all model identifiers.

This module is a high-confidence cookie/session harvesting component. It discovers local browser profiles, extracts and decrypts authentication cookies by retrieving OS secrets and using DPAPI/Chrome master-key decryption, then returns plaintext cookies and can format them into a Cookie header for reuse. This behavior strongly indicates malicious intent (session hijacking/credential theft) unless the broader application explicitly provides strong, user-consented and legitimate purposes.

This code strongly exhibits backdoor-style behavior: it discovers the Lambda Runtime API by scraping /proc environment variables, directly pulls the next invocation payload/metadata via /runtime/invocation/next, extracts identifiers (accountSid/requestId) and captures response headers and partial body content, then exfiltrates that information to a hardcoded external HTTPS endpoint. The presence of hardcoded exfiltration infrastructure, Lambda runtime API abuse, and /proc environment scraping indicate malicious intent rather than legitimate supply-chain functionality.

This module is highly obfuscated and primarily generates/validates configuration for a messaging/transport engine with explicit red-team/evasion and tracking/spoofing-like options (e.g., DKIM spoofing, html/header randomization, dynamic URL generation, favicon tracking, evasion/fingerprint mimicry). No direct malicious actions (network/fs/exec) are visible in the fragment, but the intent and operational toggles strongly suggest the package is designed to enable deceptive or bypass-oriented automated messaging. Treat as a high supply-chain risk component and audit the downstream code that consumes this configuration to confirm whether it performs abusive sending, tracking, or spoofing.

This module is a high-risk exploitation-capable “discovery harness” dependency: it defines and executes concrete exploit-style payloads for multiple critical vulnerability classes, repeatedly triggers outbound HTTP/URL callbacks to a hardcoded external canary domain, and uses persistence-like sensitive path indicators for oracle matching. While the design appears sandbox-oriented, the embedded payloads are inherently dangerous, and security depends critically on strong, correctly configured sandbox isolation and egress controls not shown in this fragment.