https://github.com/httptoolkit/evil-package

An npm package demonstrating how packages can steal your data (but not actually doing so!)
https://github.com/httptoolkit/evil-package

Last synced: 3 months ago
JSON representation

An npm package demonstrating how packages can steal your data (but not actually doing so!)

Host: GitHub
URL: https://github.com/httptoolkit/evil-package
Owner: httptoolkit
License: apache-2.0
Created: 2021-01-21T14:52:37.000Z (about 5 years ago)
Default Branch: main
Last Pushed: 2021-01-21T15:17:45.000Z (about 5 years ago)
Last Synced: 2025-02-28T05:57:21.300Z (12 months ago)
Language: JavaScript
Size: 7.81 KB
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

          # evil-package

An npm package demonstrating how packages can steal your data (but not actually doing so!)

This captures the environment variable `$PLEASE_STEAL_THESE_CREDENTIALS` and sends it to an evil site when the package is installed or required.

The evil site in question is `evil.test` - note that `.test` is a reserved TLD, which will never resolve, and so these requests will always fail, that's OK.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/httptoolkit/evil-package

Awesome Lists containing this project

README