{"id":17246265,"url":"https://github.com/davidwells/dom-guard","last_synced_at":"2025-04-12T10:21:20.253Z","repository":{"id":57214681,"uuid":"352198934","full_name":"DavidWells/dom-guard","owner":"DavidWells","description":"🔐 Lock DOM node contents to protect people against scammers using browser devtools","archived":false,"fork":false,"pushed_at":"2021-03-29T16:59:58.000Z","size":151,"stargazers_count":19,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-03T10:02:38.114Z","etag":null,"topics":["dom-manipulation","security"],"latest_commit_sha":null,"homepage":"https://dom-guard.netlify.app","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DavidWells.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-27T23:20:29.000Z","updated_at":"2024-10-26T06:46:49.000Z","dependencies_parsed_at":"2022-08-26T13:41:17.289Z","dependency_job_id":null,"html_url":"https://github.com/DavidWells/dom-guard","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidWells%2Fdom-guard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidWells%2Fdom-guard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidWells%2Fdom-guard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavidWells%2Fdom-guard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DavidWells","download_url":"https://codeload.github.com/DavidWells/dom-guard/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248550630,"owners_count":21122936,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dom-manipulation","security"],"created_at":"2024-10-15T06:33:00.049Z","updated_at":"2025-04-12T10:21:20.226Z","avatar_url":"https://github.com/DavidWells.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DOM Guard\n\nStop scammers from the manipulating DOM. [See demo](https://dom-guard.netlify.app)\n\n## About\n\nScammers are using dev tools to manipulate values in pages to trick unsuspecting victims into sending them money. These victims are typically the elderly. 😢\n\nThey connect to their victim's machines via remote desktop software under the guise of tech support or some other well known company.\n\nThe scammer then attempts to convince the victim they have received a larger than expected \"refund\" by manipulating the victim's bank user interface via chrome dev tools with the goal of getting the victim to mail them cash.\n\nSee this video for [how the refund scams work](https://www.youtube.com/watch?v=J4mkZU2Y0as).\n\nDOMGuard is a small javascript library (~130 lines of code) \u0026 proof of concept to help put an end to these criminals.\n\n## How does this work?\n\nAny changes attempted via Javascript are detected by MutationObserver.\n\nAdditionally, guarded DOM nodes are checked via a \"hearbeat\" every `500ms` to ensure the values are what they should be.\n\nView the \u003ca href=\"https://github.com/DavidWells/dom-guard/blob/master/index.js\"\u003esource code\u003c/a\u003e.\n\n## Install\n\n```bash\nnpm install dom-guard\n```\n\n## Usage\n\n```js\nimport DOMGuard from 'dom-guard'\n\nconst guard = new DOMGuard({\n  selector: '#protected', // DOM Selector to protect\n  heartbeat: 1000 // Check for manipulation every 1 second\n})\n\n// Initialize DOMGuard on the #protected selector\nguard.init()\n\n// Turn off guard\nguard.disable()\n```\n\n## Running the demo\n\n```bash\nnpm install\nnpm run build\nnpm run serve\n```\n\n## Caveats\n\nPlease note, there isn't a foolproof solution for stopping social engineering attacks against your users.\n\nPlease educate your users on the dangers of these scams \u0026 add 2FA etc into your apps.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidwells%2Fdom-guard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidwells%2Fdom-guard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidwells%2Fdom-guard/lists"}