Severity: low

Tracking Module



The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem.

botbait is known to record and track user information.

The module tracks the following information.

  • Source IP
  • process.versions
  • process.platform
  • How the module was invoked (test, require, pre-install)


This package has no functional value, and should be removed from your environment if discovered.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Sep 26th, 2017
  2. reported

    Initial report by Adam Baldwin
    Aug 8th, 2017