@hermit46/depguard-test-malicious
v1.0.0
Published
Security test package for DepGuard. Mimics axios/plain-crypto-js attack pattern. DO NOT install outside a sandbox.
Maintainers
Readme
@yongquantan/depguard-test-malicious
DO NOT install this package outside of a sandbox.
This is a security test package for DepGuard. It mimics the axios/plain-crypto-js supply chain attack pattern to test DepGuard's sandbox behavioral analysis.
What the postinstall does
- Writes files to /tmp and /root (filesystem signal)
- Creates an executable outside node_modules (executable signal)
- Attempts an HTTP POST to 192.0.2.1:8000 — a non-routable RFC 5737 TEST-NET address (network signal)
- Spawns a detached background process (process signal)
- Deletes itself after execution (anti-forensics signal)
None of these actions cause real harm — the network call goes nowhere, the "payload" is the text "fake RAT payload", and the background process is just sleep.
Usage
# Run ONLY inside DepGuard's Modal sandbox (step 04 or 05):
echo '{"hook_event_name":"PreToolUse","tool_input":{"command":"npm install @yongquantan/depguard-test-malicious"},...}' \
| bash steps/04-sandbox-analysis/hook.sh