npm malware

⚠️ New threat detected: unlock_fire_kirin_free_gifts_ios_influence_co911@1.0.2 ⚠️ The script poses a significant security risk due to hardcoded credentials and the potential for misuse in publishing spam or malicious npm packages. The automation of w... socket.dev/npm/package/un…

⚠️ New threat detected: obfuscation-detector@3.0.0 ⚠️ This source code is a highly obfuscated malicious script functioning as a credit card skimmer. It collects sensitive payment and personal data from web forms, stores it temporarily in cookies, and... socket.dev/npm/package/ob…

⚠️ New threat detected: anbularjs@1.1.4 ⚠️ The code performs unauthorized exfiltration of sensitive system information to an external Discord webhook without user consent. This constitutes malicious behavior consistent with spyware or backdoor malwar... socket.dev/npm/package/an…

⚠️ New threat detected: ts-lint-builders@1.0.5 ⚠️ This fragment is highly obfuscated and uses the Function constructor plus getters that expose require and module, and a setter that can overwrite module. Those capabilities allow arbitrary code loadin... socket.dev/npm/package/ts…

⚠️ New threat detected: pinokiod@7.1.8 ⚠️ The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an... socket.dev/npm/package/pi…

⚠️ New threat detected: pinokiod@7.1.2 ⚠️ The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an... socket.dev/npm/package/pi…

⚠️ New threat detected: pinokiod@7.1.1 ⚠️ The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an... socket.dev/npm/package/pi…

⚠️ New threat detected: pinokiod@7.1.0 ⚠️ The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an... socket.dev/npm/package/pi…

⚠️ New threat detected: pinokiod@7.0.12 ⚠️ The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play a... socket.dev/npm/package/pi…

⚠️ New threat detected: pinokiod@7.0.6 ⚠️ The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an... socket.dev/npm/package/pi…

⚠️ New threat detected: reuactjs@1.1.4 ⚠️ The code performs unauthorized exfiltration of sensitive system information to an external Discord webhook without user consent. This constitutes malicious behavior consistent with spyware or backdoor malware... socket.dev/npm/package/re…

⚠️ New threat detected: zngularjs@1.1.4 ⚠️ The code performs unauthorized exfiltration of sensitive system information to an external Discord webhook without user consent. This constitutes malicious behavior consistent with spyware or backdoor malwar... socket.dev/npm/package/zn…

⚠️ New threat detected: terminalstyle@2.1.0 ⚠️ This script decodes base64-encoded URLs pointing to drive[.]google[.]com/uc?export=download&id=1BVV0WgPSdOP9RoOOPOxWrzqtwV38G9I and drive[.]google[.]com/uc?export=download&id=1A4mYSUOjqGqypnDZAf2jlVKWvV2... socket.dev/npm/package/te…

⚠️ New threat detected: discord-backend-manager@1.2.33 ⚠️ This file embeds hardcoded Discord bot credentials (client ID '701375931918581810' and secret 'EV9ThdU09Hfa7LCtCznwImcAiZ_5C1hK') and iterates through a database of user OAuth tokens. For each... socket.dev/npm/package/di…

⚠️ New threat detected: pinokiod@7.0.1 ⚠️ The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an... socket.dev/npm/package/pi…

⚠️ New threat detected: @​@1.8.9" target="_blank" rel="nofollow noopener">teale.io/eslint-config@… ⚠️ This is a publishing automation script that enumerates npm packages owned by accounts associated with provided npm tokens and publishes updated versions by temporarily rewriting package.json a... @teale.io/eslint-config/files/1.8.9/scripts/deploy.js" target="_blank" rel="nofollow noopener">socket.dev/npm/package/@t…

⚠️ New threat detected: watch-all-episodes-of-big-break-golfpass935@1.0.2 ⚠️ The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential... socket.dev/npm/package/wa…

⚠️ New threat detected: as-ducati-core@9.9.9 ⚠️ The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an ... socket.dev/npm/package/as…

⚠️ New threat detected: json-lucide@1.0.7 ⚠️ This code implements a high-risk remote code execution mechanism: it decodes an API endpoint, fetches JavaScript from that endpoint, and executes it with access to require and therefore full host privilege... socket.dev/npm/package/js…

⚠️ New threat detected: react-outcome-error-alert@3.3.4 ⚠️ This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information inc... socket.dev/npm/package/re…