npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@wobblyboots/df-sandbox-test

v1.0.0

Published

Security test fixture for the Dependency Firewall sandbox scanner. Simulates malicious postinstall behaviour without doing any actual harm.

Downloads

337

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

wobblybootswobblyboots

Keywords

securitytestsandbox

Readme

df-sandbox-test

Security test fixture for the Dependency Firewall sandbox scanner.

This package simulates every detection pattern the sandbox scanner supports. It is completely harmless — the domains and IPs it tries to reach are not registered or reachable, and no data leaves the machine — but it exercises all seven runtime detection categories so the full detection pipeline can be validated end-to-end.

What it does during postinstall

| # | Category | What it does | Expected finding | |---|---|---|---| | 1 | Env var harvesting | Reads NPM_TOKEN, GITHUB_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc. | sandbox-env-access HIGH | | 2 | Sensitive file reads | Attempts to read ~/.npmrc, ~/.aws/credentials, ~/.ssh/id_rsa, ~/.gitconfig, /etc/passwd | sandbox-file-read HIGH | | 3 | DNS exfiltration | Looks up c2-beacon.df-sandbox-test.io, exfil.df-sandbox-test.io | sandbox-network HIGH | | 4 | HTTPS exfiltration | POSTs payload to collect.df-sandbox-test.io:443 | sandbox-network HIGH (DNS query captured) | | 5 | Subprocess spawning | Runs curl and wget with the C2 endpoint as target | sandbox-exec HIGH | | 6 | Dynamic eval | Base64-decodes a payload and eval()s it | sandbox-eval MEDIUM | | 7 | Raw-IP connection | Connects to 203.0.113.99:4444 (RFC 5737, never routable) | sandbox-network HIGH (IP extracted from error) |

Expected Dependency Firewall findings

[
  { "category": "sandbox-env-access",  "severity": "high",   "description": "[email protected] read sensitive environment variables: NPM_TOKEN, NODE_AUTH_TOKEN, GITHUB_TOKEN, ..." },
  { "category": "sandbox-file-read",   "severity": "high",   "description": "[email protected] attempted to read sensitive files: /root/.npmrc, /root/.aws/credentials, ..." },
  { "category": "sandbox-network",     "severity": "high",   "description": "[email protected] attempted outbound network connection: c2-beacon.df-sandbox-test.io, exfil.df-sandbox-test.io, collect.df-sandbox-test.io, 203.0.113.99:4444" },
  { "category": "sandbox-exec",        "severity": "high",   "description": "[email protected] spawned suspicious subprocesses: curl ..., wget ..." },
  { "category": "sandbox-eval",        "severity": "medium", "description": "[email protected] called eval() during install lifecycle" }
]

Usage

# Run the sandbox scanner directly against this package (no server needed)
cd /path/to/df
make scan/sandbox

# Or publish to npm and install through the Dependency Firewall proxy
npm publish --access public
npm install --registry http://localhost:4873 @wobblyboots/df-sandbox-test