disposable-email-domains2 versions·0.0.196→0.0.197
A set of disposable email domains
catches
Every package the analyzer pipeline classified as auto-published. Sort by weekly downloads to surface the highest-blast-radius cases first.
A set of disposable email domains
A Durable Task Client SDK for Python
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
A minimal MCP server demo exposing a hello tool.
→ No suspicious destination, no remote-exec shape — extraction empty.
a domain ssl cert admin
Real-time music generation models.
A Python package for Azure Genome.
Name reserved for byn — a local-first secure secrets vault & credential manager (a Go CLI). Install via `go install`, Homebrew, or https://github.com/sandeepbaynes/byn.
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
EPyT: An EPANET-Python Toolkit for Smart Water Network Simulations. The EPyT is inspired by the EPANET-Matlab Toolkit.
→ Credential read (reads-pypirc) paired with http-to-public-ip destination — classic exfiltration signature.
Quasarr connects JDownloader with Radarr, Sonarr and Magazarr. It also decrypts links protected by CAPTCHAs.
Cloud Security Championship CI test utilities
→ No suspicious destination, no remote-exec shape — no network destinations.
High-performance vector similarity search with SIMD-optimized kernels
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Official Python SDK for the SoundSource API
→ No suspicious destination, no remote-exec shape — 2 other host(s).
just a silly logger :P
→ Excerpt too sparse to classify (no extractable code).
Packaging all common functionalities
→ No suspicious destination, no remote-exec shape — 1 other host(s).
Intelligent Windows GUI Automation Framework (Compiled)
→ Excerpt too sparse to classify (no extractable code).
Subpackage for Semantic-Kernel integration in NeMo Agent Toolkit
→ Excerpt too sparse to classify (no extractable code).
a package for parse html to noteinfo
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Module for Quick Calculations
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).
Official Massive (formerly Polygon.io) REST and Websocket client.
→ No suspicious destination, no remote-exec shape — 1 other host(s).
A simple utility wrapper for API access
→ Excerpt too sparse to classify (no extractable code).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ No suspicious destination, no remote-exec shape — 1 other host(s).
AuraPro UI
→ No suspicious destination, no remote-exec shape — no network destinations.
PRO — Terminal AI Coding Agent by SPRUKY
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
LiteLLM router-based LLM provider for AgentForge — 100+ underlying providers through one interface
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
通达信 TCP 协议行情数据客户端,支持在线行情与离线本地数据读取
→ Hardcoded public IP destination: 180.153.18.170, 124.71.187.122, 180.153.18.171, 180.153.18.172, 119.147.212.81, 115.238.56.198, 115.238.90.165, 218.75.126.9, 47.107.75.159, 59.175.238.38, 110.41.147.114, 110.41.2.72, 101.33.225.16, 175.178.112.197, 175.178.128.227, 43.139.95.83, 124.223.163.242, 122.51.120.217, 150.158.160.2, 123.60.164.122, 111.229.247.189, 124.70.199.56, 62.234.50.143, 81.70.151.186, 82.156.214.79, 159.75.29.111, 43.139.18.171, 81.71.32.47, 122.51.232.182, 118.25.98.114, 121.36.225.169, 123.60.70.228, 123.60.73.44, 124.70.133.119, 124.71.187.72, 119.97.185.59, 129.204.230.128, 101.42.240.54, 124.71.9.153, 123.60.84.66, 111.230.186.52, 101.0.0.43 (not RFC1918 / loopback).
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 2 other host(s).