{"_id":"@hermit46/depguard-test-malicious","name":"@hermit46/depguard-test-malicious","dist-tags":{"latest":"1.0.0"},"versions":{"1.0.0":{"name":"@hermit46/depguard-test-malicious","version":"1.0.0","description":"Security test package for DepGuard. Mimics axios/plain-crypto-js attack pattern. DO NOT install outside a sandbox.","keywords":["security-test","depguard","supply-chain-test"],"license":"MIT","scripts":{"postinstall":"node postinstall.js"},"_id":"@hermit46/depguard-test-malicious@1.0.0","_nodeVersion":"24.14.0","_npmVersion":"11.9.0","dist":{"integrity":"sha512-g4c6biSkWtqkLz06vxe75yV3ojgld5zE8EsKiB1I+EBBHq27StiiAT2ql4O7vbc9gzXepZ3nHUV6QHnOvV5xVw==","shasum":"65c22bbd67b8decec158e25dcc898c1077792500","tarball":"https://registry.npmjs.org/@hermit46/depguard-test-malicious/-/depguard-test-malicious-1.0.0.tgz","fileCount":3,"unpackedSize":3914,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEYCIQCOWd2LG2O/T1bO4CH7Ed/JfC4r5aVSvZMnlc0Sn/RjQwIhAP7FlTNdMvbgNlz5mDVgHVkqhJHtMu28IFXNvH8DtMcl"}]},"_npmUser":{"name":"hermit46","email":"yongquan26@gmail.com"},"directories":{},"maintainers":[{"name":"hermit46","email":"yongquan26@gmail.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/depguard-test-malicious_1.0.0_1775368831850_0.5644806258991759"},"_hasShrinkwrap":false}},"time":{"created":"2026-04-05T06:00:31.774Z","1.0.0":"2026-04-05T06:00:31.993Z","modified":"2026-04-05T06:00:32.179Z"},"maintainers":[{"name":"hermit46","email":"yongquan26@gmail.com"}],"description":"Security test package for DepGuard. Mimics axios/plain-crypto-js attack pattern. DO NOT install outside a sandbox.","keywords":["security-test","depguard","supply-chain-test"],"license":"MIT","readme":"# @yongquantan/depguard-test-malicious\n\n**DO NOT install this package outside of a sandbox.**\n\nThis is a security test package for [DepGuard](https://github.com/yongquantan/dependency-guard). It mimics the axios/plain-crypto-js supply chain attack pattern to test DepGuard's sandbox behavioral analysis.\n\n## What the postinstall does\n\n1. Writes files to /tmp and /root (filesystem signal)\n2. Creates an executable outside node_modules (executable signal)\n3. Attempts an HTTP POST to 192.0.2.1:8000 — a non-routable RFC 5737 TEST-NET address (network signal)\n4. Spawns a detached background process (process signal)\n5. Deletes itself after execution (anti-forensics signal)\n\nNone of these actions cause real harm — the network call goes nowhere, the \"payload\" is the text \"fake RAT payload\", and the background process is just `sleep`.\n\n## Usage\n\n```bash\n# Run ONLY inside DepGuard's Modal sandbox (step 04 or 05):\necho '{\"hook_event_name\":\"PreToolUse\",\"tool_input\":{\"command\":\"npm install @yongquantan/depguard-test-malicious\"},...}' \\\n  | bash steps/04-sandbox-analysis/hook.sh\n```\n","readmeFilename":"README.md","_rev":"1-688165ded7c96f5ca694693b8fa8ab31"}