pumpfun

The JavaScript file itself does not contain classical malware (no obfuscation, no remote shell, no eval-based code injection). The main security concern is financial: it signs and submits transactions to two hardcoded program IDs and a hardcoded fee recipient, meaning a user running this against their wallet may pay fees or have funds redirected to those addresses if the on-chain programs implement such behavior. The loadWallet() function reads the private key from disk — necessary but sensitive. Overall, code is functional for interacting with a bonding curve program but should only be used if the PUMP program IDs and fee recipient are audited/trusted. Exercise caution: do not run with a funded wallet unless you trust the target programs.