{"id":13574613,"url":"https://github.com/target/mmk-ui-api","last_synced_at":"2026-01-23T19:14:32.526Z","repository":{"id":38444041,"uuid":"438741671","full_name":"target/mmk-ui-api","owner":"target","description":"UI, API, and Scanner (Rules Engine) services for Merry Maker","archived":false,"fork":false,"pushed_at":"2025-12-04T22:05:40.000Z","size":2750,"stargazers_count":119,"open_issues_count":0,"forks_count":15,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-12-26T21:58:18.094Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/target.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-15T19:00:43.000Z","updated_at":"2025-12-11T14:00:25.000Z","dependencies_parsed_at":"2024-07-17T23:46:25.443Z","dependency_job_id":"33ba264a-b6b6-42bf-8518-9a29bf539909","html_url":"https://github.com/target/mmk-ui-api","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/target/mmk-ui-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fmmk-ui-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fmmk-ui-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fmmk-ui-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fmmk-ui-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/target","download_url":"https://codeload.github.com/target/mmk-ui-api/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fmmk-ui-api/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28698457,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T17:25:48.045Z","status":"ssl_error","status_checked_at":"2026-01-23T17:25:47.153Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T15:00:53.031Z","updated_at":"2026-01-23T19:14:32.511Z","avatar_url":"https://github.com/target.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"\u003e[!WARNING]\nThis repository is in an archived state. Use caution when evaluating or using this code as its methods or dependencies may be outdated or insecure.\n\n# Merry Maker 2.0\n\n\u003cdiv align=\"center\"\u003e\n\n[Documentation](https://target.github.io/mmk-ui-api/)\u0026nbsp;\u0026nbsp;\u0026nbsp;|\u0026nbsp;\u0026nbsp;\u0026nbsp;[Pull Requests](https://github.com/target/mmk-ui-api/pulls)\u0026nbsp;\u0026nbsp;\u0026nbsp;|\u0026nbsp;\u0026nbsp;\u0026nbsp;[Issues](https://github.com/target/mmk-ui-api/issues)\n\n\u003c/div\u003e\n\nMerry Maker is a fully scalable tool to detect the presence of digital skimmers.\n\n## Background\n\nMerry Maker is a solution designed to detect the presence of digital skimmers, built by two Target security\ndevelopers, @cawalch and @ebrandel.\n\nFundamentally, Merry Maker operationalizes three key processes:\n\n- Preserving a baseline of existing pages by saving the code being served by a website along with the\n  network traffic generated by test transactions\n- Scanning the saved code for any malicious indicators\n- Scanning the saved network traffic for any potential compromise\n\nMerry Maker continually simulates online browsing and completes test transactions to scan for the presence of\nmalicious code. It acts like a guest on Target.com by completing several typical activities, including\nonline purchases. While doing so, the tool gathers and analyzes a variety of information, including network requests,\nJavaScript files, and browser activity to look for any type of unwanted activity. Merry Maker was built to execute on\nall of this at scale.\n\nMerry Maker's purchases are flagged as test orders internally so that they don't get processed, but otherwise,\neverything happens behind the scenes just as it normally would during check out. If any possible malicious activity is\ndetected, Merry Maker triggers an alert to Target's 24/7 Cybersecurity Incident Response Team to prompt an\ninvestigation.\n\nSince its launch in 2018, Merry Maker has completed over one million website scans and we've filed multiple patent\napplications. The technology helps keep the holiday shopping season safe and merry here at Target (hence the name).\n\nWe have open sourced the Merry Maker framework along with several detection rules in the hopes that this\ninformation helps other cybersecurity teams stand up their own customized defense.\n\n## Features\n\n- [Puppeteer](https://pptr.dev/) scripts to simulate user interactions\n- Yara rules for static analysis\n- Hooks native JavaScript function calls for detection and attribution\n- Near real-time browser event detection and alerting\n- Distributed event scanning (rule engine)\n- Role based UI with local and OAuth2 authentication options\n\n\n## Related Projects\n\n- [mmk-js-scope](https://github.com/target/mmk-js-scope) Enumerates javascript requests and hooks native function calls\n  with Headless Chrome for use by Merry Maker\n- [mmk-types](https://github.com/target/mmk-types) Shared typings between services - only needed for developers\n\n\n## Full Stack Demo\n\n```\n# Start all the services\ndocker compose -f docker-compose.all.yml up\n```\n\nNavigate to `http://localhost:8080` to begin.\n\n## Requirements\n\n- docker\n- node v14.18.1\n\n## Setup\n\n### Docker Stack\n\nIncludes `postgres`, `redis` and a `testRedis` instance\n\n```\n# from ./\ndocker compose up -d\n```\n\n### Backend\n\nAPI service for the `frontend` and `scanner`\n\nDB Migration\n\n```\n# from ./backend\nyarn migrate\n```\n\n```\n# from ./backend\nyarn install\n\nyarn start\n```\n\nTesting\n\n```\nyarn test\n```\n\nUses nodemon to auto reload on change. Listens on two separate HTTP ports (UI and transport)\n\n### Frontend\n\nVue dev server for developing the frontend. Run `backend` prior to starting this service\n\n```\n# from ./frontend\nyarn install\nyarn serve\n```\n\n### Jobs\n\nMain scheduler for running scans, purging old data, and misc cron jobs\n\n```\n# from ./backend\nyarn jobs\n```\n\n### Scanner\n\nRules runner for processing browser events emitted by `jsscope`\n\n```\n# from ./scanner\nyarn install\nyarn start\n```\n\nTesting\n\n```\nyarn test\n```\n\n### Optional Auth Strategy\n\n#### OAuth2\n\n```\nexport MMK_AUTH_STRATEGY=oauth\nexport MMK_OAUTH_AUTH_URL=http://oauth-server/auth/oauth/v2/authorize\nexport MMK_OAUTH_TOKEN_URL=https://oauth-server/auth/oauth/v2/token\nexport MMK_OAUTH_CLIENT_ID=client_id\nexport MMK_OAUTH_SECRET=\u003coauth-secret\u003e\nexport MMK_OAUTH_REDIRECT_URL=http://localhost:8080/api/auth/login\nexport MMK_OAUTH_SCOPE=openid profile email\n```\n\n---\n\n```\nCopyright (c) 2021 Target Brands, Inc.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarget%2Fmmk-ui-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftarget%2Fmmk-ui-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarget%2Fmmk-ui-api/lists"}