UNPKG

@rmejia32/malicious_package_demo

Version:

Demo-only package showing how malicious npm packages can behave (safe).

38 lines (24 loc) 938 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# @rmejia32/malicious_package_demo This is a **demo package** created to demonstrate how a malicious dependency could behave inside a Node.js / Express application. It’s safe — nothing is actually exfiltrated — and is intended purely for educational use. ## Prerequisites - Node.js ≥ 18 - Express and express-session (in the host app) ## Installation Add this as a local dependency in your demo project: ```bash npm install @rmejia32/malicious_package_demo ``` ## Usage 1. Import the middleware: ```js import { installSnoop } from "@rmejia32/malicious_package_demo"; ``` 2. Mount it after your middleware: ```js app.use(session(sessionOptions)); app.use(installSnoop(sessionOptions)); ``` ## Disclaimer This package is for demonstration and educational purposes only. It performs no network activity and does not collect or transmit any real data.