rogue-module-do-not-install-do-not-use
TypeScript icon, indicating that this package has built-in type declarations

0.0.4 • Public • Published

security-experiment-rogue-npm-module

This is an experiment of a rogue npm module. DO NOT INSTALL !

context

In the context of my current mission, I'm doing research on JS security and how to prevent some kind of security breach. This is a demo for a presentation to my company.

Details

This module, once required (exposes an innocent «hello world» method), will try to hook into JS standard API to intercept plain objects with interesting keys (aka. "password"). It will then try to exfiltrate them via different methods.

This is a proof of concept. No sensitive data should be at risk BUT you'd rather not use it with truly sensitive data.

Only tested in latest Chrome browser environment (this is a proof of concept !)

Typescript compatible.

Follow up

I then like to experiment counter-measures. If I have time and motivation...

Dependents (0)

Package Sidebar

Install

npm i rogue-module-do-not-install-do-not-use

Weekly Downloads

0

Version

0.0.4

License

UNLICENSED

Last publish

Collaborators

  • offirmo