{"id":28363994,"url":"https://github.com/chrisfosterelli/multiply-by-two","last_synced_at":"2025-06-24T00:30:44.845Z","repository":{"id":57316079,"uuid":"84988565","full_name":"chrisfosterelli/multiply-by-two","owner":"chrisfosterelli","description":"This is a malicious demonstration module for the blog post at https://fosterelli.co/stealing-credentials-with-a-malicious-node-module.html","archived":false,"fork":false,"pushed_at":"2017-03-15T19:18:57.000Z","size":5,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-04T22:32:04.474Z","etag":null,"topics":["node","research","security"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chrisfosterelli.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-03-14T19:23:06.000Z","updated_at":"2017-03-17T04:42:12.000Z","dependencies_parsed_at":"2022-08-25T20:40:40.799Z","dependency_job_id":null,"html_url":"https://github.com/chrisfosterelli/multiply-by-two","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/chrisfosterelli/multiply-by-two","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisfosterelli%2Fmultiply-by-two","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisfosterelli%2Fmultiply-by-two/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisfosterelli%2Fmultiply-by-two/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisfosterelli%2Fmultiply-by-two/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chrisfosterelli","download_url":"https://codeload.github.com/chrisfosterelli/multiply-by-two/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrisfosterelli%2Fmultiply-by-two/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261582402,"owners_count":23180590,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["node","research","security"],"created_at":"2025-05-28T19:41:05.708Z","updated_at":"2025-06-24T00:30:44.839Z","avatar_url":"https://github.com/chrisfosterelli.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"Multiply By Two\n===============\n\n**Warning, this module has malicious behaviour. Read first.**\n\nThis is a demonstration module used in my [blog post] on malicious node modules.\nIf you import this module, it will return a function which multiplies a number\nby two. Additionally, it will attempt to hijack express in a manner that adds\na malicious payload to every request which intercepts stripe's client side \nlibrary. See the blog post for more details.\n\nThis code is explicitly designed to not be very copy-and-paste portable, and \nwill likely fail when imported into a project that doesn't behave exactly the\nsame as the [companion repository] for this project.\n\nAlthough the payload is harmless and will only trigger an alert statement, \nplease do not install this module unless you have evaluated it first and \nunderstand its behaviour. This exists on npm solely for research purposes as \npart of the companion repository, not for malicious usage.\n\n[blog post]: https://fosterelli.co/stealing-credentials-with-a-malicious-node-module.html\n[companion repository]: https://github.com/chrisfosterelli/node-stripe-membership-saas\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrisfosterelli%2Fmultiply-by-two","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchrisfosterelli%2Fmultiply-by-two","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrisfosterelli%2Fmultiply-by-two/lists"}