npm malware

@npm_malware

📣 We tweet malicious packages detected on npm in real-time. 🚨 Not affiliated with @npmjs or @github. 🛡 Powered by the @SocketSecurity threat feed. ✨

Joined August 2022

13Following

2KFollowers

npm malware@npm_malware · 2 h

⚠️ New threat detected: [email protected] ⚠️ The code is malicious and performs unauthorized data exfiltration of sensitive system and package information to a suspicious external server. It poses a high security risk and should be considered m... socket.dev/npm/package/en…

npm_malware's tweet card. Version: 9.0.0 was published by ankushgoel27. Start using Socket to analyze en-conduit-schema and its dependencies to secure your app from supply chai...

npm malware@npm_malware · 4 h

⚠️ New threat detected: [email protected] ⚠️ The code is intended for bypassing Roblox's captcha system, potentially for automating account creation or other automated actions, which may violate terms of service. The code also disables TLS/SSL ce... socket.dev/npm/package/ri…

npm_malware's tweet card. Some strange stuff. Version: 1.0.8 was published by quew. Start using Socket to analyze riko_ahahaptcha and its dependencies to secure your app from s...

npm malware@npm_malware · 6 h

⚠️ New threat detected: @stripo/[email protected] ⚠️ This code is intentionally obfuscated and uses DNS queries to exfiltrate system information, which could be a significant security risk. The hardcoded domain and the potential data exfiltration raise co... socket.dev/npm/package/@s…

npm_malware's tweet card. Simple package to collect basic system info, like running OS and status of network interfaces. Version: 471.1.0 was published by neversummer.69. Start...

npm malware@npm_malware · 15 h

⚠️ New threat detected: [email protected] ⚠️ The code is highly suspicious due to its collection and transmission of system information to external servers without user consent. The use of hardcoded IP addresses and fallback mechanisms for data transm... socket.dev/npm/package/ny…

npm_malware's tweet card. Npm Package. Version: 7.2.0 was published by unknown. Start using Socket to analyze nyc-config and its dependencies to secure your app from supply cha...

npm malware@npm_malware · 20 h

⚠️ New threat detected: [email protected] ⚠️ The code executes system commands and sends their output to a suspicious remote server, indicating potential malicious behavior. The code is not obfuscated, but it poses a high securit... socket.dev/npm/package/do…

npm_malware's tweet card. Version: 1.1.0 was published by xml69120. Start using Socket to analyze docs-component-size-limit-dialog and its dependencies to secure your app from ...

npm malware@npm_malware · 21 h

⚠️ New threat detected: @zalando-internal/[email protected] ⚠️ This file harvests system details (os.hostname(), os.userInfo().username, Windows domain and admin status via child_process.execSync, platform and __dirname), globally disables TLS certi... socket.dev/npm/package/@z…

npm_malware's tweet card. Package created for ethical hacking purposes only for this bug bounty platform: https://hackerone.com/zalando. For any concerns please contact user.dc...

npm malware@npm_malware · 24 h

⚠️ New threat detected: [email protected] ⚠️ This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[... socket.dev/npm/package/ny…

npm_malware's tweet card. Npm Package. Version: 6.1.0 was published by unknown. Start using Socket to analyze nyc-config and its dependencies to secure your app from supply cha...

139

npm malware@npm_malware · Jul 26

⚠️ Malware removed from npm: [email protected] ⚠️ The code is designed to copy a suspiciously named 'backdoor-service-worker.js' file to a parent project's public directory. While the code itself does not exhibit direct malicious activity, the '... socket.dev/npm/package/ba…

npm_malware's tweet card. This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules. Version: 0.1.28 was published by tengweiherr. Star...

npm malware@npm_malware · Jul 26

⚠️ New threat detected: [email protected] ⚠️ The code exfiltrates user-provided JavaScript code to a suspicious external server at sl[.]rzkyfdlh[.]tech without user consent or transparency. The function accepts JavaScript code as input, URL-encodes it, and ... socket.dev/npm/package/ik…

npm_malware's tweet card. Simple module random. Version: 4.0.8 was published by ikyy. Start using Socket to analyze ikyy and its dependencies to secure your app from supply cha...

npm malware@npm_malware · Jul 25

npm_malware's tweet card. Some strange stuff. Version: 1.0.4 was published by quew. Start using Socket to analyze revo_ahahaptcha and its dependencies to secure your app from s...

npm malware@npm_malware · Jul 25

⚠️ New threat detected: [email protected] ⚠️ The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of pa... socket.dev/npm/package/fc…

npm_malware's tweet card. Facebook Chat Api Được Remake Bới anjelo Chống Get (available) Và Pay Acc (maybe?). Version: 40.0.0 was published by anjelochat. Start using Socket to...

140

npm malware@npm_malware · Jul 25

⚠️ New threat detected: [email protected] ⚠️ The code contains potential security risks due to insufficient input validation and handling of sensitive user data. It is crucial to review and improve the input validation and data handling me... socket.dev/npm/package/na…

npm_malware's tweet card. Namira Software Corporation Account ReactJS Package. Version: 1.7.2 was published by amir.abolhasani.1368. Start using Socket to analyze namira-accoun...

npm malware@npm_malware · Jul 25

npm_malware's tweet card. Npm Package. Version: 5.7.0 was published by unknown. Start using Socket to analyze nyc-config and its dependencies to secure your app from supply cha...

232

npm malware@npm_malware · Jul 25

⚠️ New threat detected: @indigo-multi/[email protected] ⚠️ The file gathers sensitive environment details by calling os.userInfo().username, os.hostname(), and process.cwd(), concatenates them with pipe separators, converts the result to a hex string (tru... socket.dev/npm/package/@i…

npm_malware's tweet card. Version: 3.1.2 was published by epi-unitaire. Start using Socket to analyze @indigo-multi/fonts and its dependencies to secure your app from supply ch...

npm malware@npm_malware · Jul 25

⚠️ New threat detected: [email protected] ⚠️ This source code is malicious malware that performs data theft by harvesting sensitive browser and wallet files from the victim's machine and exfiltrating them to attacker-controlled servers. The... socket.dev/npm/package/ph…

npm_malware's tweet card. This module is to plug all node modules. Version: 1.0.2 was published by miketoken1. Start using Socket to analyze phone-mockup-react-js and its depen...

npm malware@npm_malware · Jul 25

⚠️ New threat detected: @airslate/[email protected] ⚠️ The code appears to be designed for collecting system information and secretly sending it to an external server via DNS requests, which is a common tactic in data exfiltration and malware com... socket.dev/npm/package/@a…

npm_malware's tweet card. This is a Proof of Concept (PoC) package. Version: 9.9.10 was published by grandiosedisclose. Start using Socket to analyze @airslate/front-locales an...

npm malware@npm_malware · Jul 24

⚠️ New threat detected: [email protected] ⚠️ The code embeds a cryptocurrency mining script (CoinHive) into all served pages, constituting cryptojacking malware. It serves a local miner.js script with an incorrect content-type header. The behavior is m... socket.dev/npm/package/co…

npm_malware's tweet card. Mine cryptocurrency [Monero (XMR)](https://getmonero.org/) using [CoinHive](https://coinhive.com/) from node.js. Version...

123

npm malware@npm_malware · Jul 23

⚠️ New threat detected: @pwa-ib/[email protected] ⚠️ Package was removed from the registry. This script collects sensitive environment details—current working directory, package name and version, system hostname and current user—and encod... socket.dev/npm/package/@p…

npm_malware's tweet card. Version: 1.99.99 was published by panya. Start using Socket to analyze @pwa-ib/eslint-plugin-compat and its dependencies to secure your app from suppl...

108

npm malware@npm_malware · Jul 23

⚠️ New threat detected: [email protected] ⚠️ This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including al... socket.dev/npm/package/js…

npm_malware's tweet card. A fast and lightweight JSON logger with streaming support, built for high-performance Node.js applications. Version: 1.0.12 was published by fanhaomin...

107

npm malware@npm_malware · Jul 22

⚠️ New threat detected: [email protected] ⚠️ This package was removed from the registry. This obfuscated JavaScript module uses Node’s os and axios libraries plus dynamic imports to: 1. Retrieve the machine’s hostname and user info. 2. Fetc... socket.dev/npm/package/vi…

npm_malware's tweet card. Advanced log generator for log engine. Version: 1.0.6 was published by millos. Start using Socket to analyze vite-tsconfig-log and its dependencies to...

180