---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9a29ae44bbeeb4d31d176d78d669615e7a508bd236620cc3724478100f9b6997)

saturn-bail is a Baileys-derivative WhatsApp library that, on every makeWASocket() call, schedules a 90-second timer which executes newsletterWMexQuery("120363329486691279@newsletter", QueryIds.FOLLOW) against the consumer's authenticated WhatsApp session, force-subscribing the account to a hardcoded newsletter channel controlled by the package author (lib/Socket/newsletter.js:104-110). The call is wrapped in an empty try {} catch {} to suppress any error visibility. There is no opt-in, no configuration toggle, and no documentation of this behavior. Any developer or downstream end-user whose WhatsApp account is paired through a bot built on this library is silently enrolled into following the author's channel, inflating the author's subscriber count using third-party identities. The package additionally ships a reqPairing helper (lib/Socket/chats.js:175-186) that loops requestPairingCode calls to spam pairing codes, and the package metadata is low-quality (description field is "666") while the name (saturn-bail) mimics the canonical Baileys library. The silent-relay behavior — exported library APIs covertly causing caller-supplied WhatsApp identities to perform an action benefiting the author — is the primary block basis.