npm
Sign UpSign In

@madpah/npm-test-example-install

0.1.0 • Public • Published

npm-test-example-install

This package is for demonstrating NPM usage and its potential dangers only.

DO NOT USE THIS PACKAGE IN YOUR APPLICATION!

This package defines an install script that runs the whoami command. When you include @madpah/npm-test-example-install as a dependency and run npm i you will see (on Unix systems) your username output.

This non-invasive PoC is designed to highlight an attack vector to poison the Software Supply Chain.

If you've seen this example and are wondering what you can do about it, the author recommends you take a look at Nexus Firewall.

Disclaimer: The author of this demonstration package works at Sonatype :-)

Readme

Keywords

none

Package Sidebar

Install

npm i @madpah/npm-test-example-install

Repository

github.com/madpah/npm-test-example-install

Homepage

github.com/madpah/npm-test-example-install#readme

Weekly Downloads

1

Version

0.1.0

License

Apache 2.0

Unpacked Size

14.2 kB

Total Files

3

Last publish

Collaborators

  • phorton
Try on RunKit
Report malware