{"_id":"capabilities","_rev":"3-a2b932ef34535bd3f534984c16b6839b","name":"capabilities","dist-tags":{"latest":"0.0.3"},"versions":{"0.0.1":{"name":"capabilities","version":"0.0.1","description":"Secure your Node.js application via capabilities","main":"index.js","scripts":{"pretest":"xo","test":"best"},"keywords":["capabilities","vm","security","permissions","package"],"author":{"name":"Josh Junon","email":"josh@junon.me"},"license":"MIT","dependencies":{"find-package-json":"1.1.0","vm2":"3.6.4"},"devDependencies":{"@zeit/best":"^0.5.1","xo":"^0.23.0"},"gitHead":"bbab00cd71b6e34fe067d4db42854287f3232f4f","_id":"capabilities@0.0.1","_npmVersion":"6.4.1","_nodeVersion":"10.14.2","_npmUser":{"name":"qix","email":"i.am.qix@gmail.com"},"dist":{"integrity":"sha512-X1cqjY5r3O/uoq8HAkGBXeBWufnbs3E7aOSDkcLcT2fIlN7t4g72hYPDUqk+i6mhDSg6g68+6t7WCEJMu5qaoQ==","shasum":"f80537cd21d324f8c3fdbc86f7557bd3cedc38f1","tarball":"https://registry.npmjs.org/capabilities/-/capabilities-0.0.1.tgz","fileCount":10,"unpackedSize":5344,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJcKZoHCRA9TVsSAnZWagAAoQgP/2FcgZj1CsKBu5SqYIlo\nrPlJi0hUKHZZiY+a95nKmCAUTYf81HMZt+UcT04Xxykj3L6G72eFVBPHw78Z\nY28x4m6p4dV9lE2AxQK6iGvGFaPi6BfniqsCjZfBmb+bCIm/CHTI1rQdTeK5\nHO2/HL/vGuLs+1Gm8GjXbqn5FqWKKYKShWXVti20WZ188VxLevftPEbSs4S1\nIcQPkdHkcOoA5nbucpSAMMpUQ0W2x5gu21ilNOUYO9rEealP6+6QmHMG19OT\njaTwlPD91mHRrIqvlNYzBStDHJH1IgGkfOH7U1ODS7Z+Flp0O0VLGHZtC6lt\nbDeeCR1B31uaFJGkpt4U2FSM6O1rPyZ2umoPWnwpsRY/WRtjPjyggbfaJhyZ\n110vabpkJKYZcbqiJuFhXKlz5e+eENaOFowC8A8UbWEvDZcKP2SXM/E3WnjR\ntuqX/lpSR/NnA6+w+090AYWzk3tg+rNFKpV9+8UGLprF9NQzRIN6rXmgrkp/\njsUF0BcYL/EWnxenR0ArPXyZjKmX5XcsZVRonXqqO6tTH0r3AtsP4IazXSF4\n1tpESyv1qhOMDnR22kUmDS4ruSVfoE6guClsbBmch5/DkGFVYJMaqcAbMX+k\nsOskjzJkRxnoxozQlWhxyE42l+Q0pOXg9KGo4AQerRJcYMxOpmiYZvesINmK\nhwQ5\r\n=bg3s\r\n-----END PGP SIGNATURE-----\r\n","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEUCIAquYolWNOnlw1JU4ExZdaIX94HGthbiaHNyEAMPFPmqAiEA4VeDoR+AzTYsD2y95TjVdje1JqQn1TBHU8CkQguRomc="}]},"maintainers":[{"name":"qix","email":"i.am.qix@gmail.com"}],"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/capabilities_0.0.1_1546230279109_0.5359597643297791"},"_hasShrinkwrap":false},"0.0.2":{"name":"capabilities","version":"0.0.2","description":"Secure your Node.js application via capabilities","main":"index.js","scripts":{"pretest":"xo","test":"best -I 'test/*'"},"keywords":["capabilities","vm","security","permissions","package"],"author":{"name":"Josh Junon","email":"josh@junon.me"},"license":"MIT","xo":{"ignore":["test/acceptance-tests/**/*"]},"dependencies":{"find-package-json":"1.1.0","vm2":"3.6.4"},"devDependencies":{"@zeit/best":"0.5.1","chalk":"2.4.1","execa":"1.0.0","xo":"0.23.0"},"gitHead":"c991e507e4246444662a32b00198c8a140bb07ed","_id":"capabilities@0.0.2","_npmVersion":"6.4.1","_nodeVersion":"10.14.2","_npmUser":{"name":"qix","email":"i.am.qix@gmail.com"},"dist":{"integrity":"sha512-I8SmFjogi0BnOfkEF7ZJ6gKVYh3BbBLDPNrYokjBrGOQVK8970x241zpTRSvR+Ph8fTPowAtSJ8w1cJisX76+Q==","shasum":"497eaaddf591281d9836d28c601f60b1b393fda6","tarball":"https://registry.npmjs.org/capabilities/-/capabilities-0.0.2.tgz","fileCount":11,"unpackedSize":7791,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJcKb3MCRA9TVsSAnZWagAAcsIP/jVWsJ1wH4uT9kRPmhiB\nURzDXYp/js8BYNz6IQ46f9LeldPkC2FcYr491sK5pyjuMwhvPPlzWhb1l1b0\nms1FSXc4oPjJL5H11tDDCen0oAu5Fw+bOfR3cq3skLLQKhFjTKwSiZT9PZkE\nwc8SvEX26xsIJtBJrPS9NdKPS+M1coqknoHY/ByC7l9IC/nxfKIbOYmIDcCA\npAtcx3CzTA4GlBz2ZQQmf2xqvzObof10Ghm/Klqox55V3HYwzznC4IctOYpn\nVJC3iWGg3VfDp0EsSw4RyxstrUoI/dLCrvuZOC8c0LBGFQxQWWr1tUJpwwAJ\nJXCrAQG5BNyOtQDkJhSKqPVlu2XatKucywux/ijhadVuYyWYd+YvTH72bNMz\nGbk+f92fT8WcNp5UXdIt2cy5kC1TW7Z6nAX7JnzEfDVuvvi4euuJ/BgBJgS5\nX8XRYxM4LJUKnCpIO2Uw8PV/qrQU0mAHrSjOBN2nf9RdjVHI8kcSl8nVY0Z5\ng8zcE7Sf8nofmKeZIpzpHXwO3ZPlOj1B2yGwxBgGYhbyzl6SOYsr/Q7hj1MC\nWd7GSYR9qk6ccnEzi7y6LUu6/QYOrhlBBIHZQ33/H+NthhvqWgAPk3gPd/vk\nwXud0GB2ZZQH5j/KpTO92kdWef13opQELMmzHas9MKcZFozf8+4KvTdZlt7n\n+Rnp\r\n=kkBQ\r\n-----END PGP SIGNATURE-----\r\n","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEQCIElJVfLoL5NdXWGnR5NhH46E8+F0fisafn0yuy06NO/PAiB8GTUV1I+x9zjZDc9jQ5ZccWIwBhvCarMNDqubE+Qi1g=="}]},"maintainers":[{"name":"qix","email":"i.am.qix@gmail.com"}],"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/capabilities_0.0.2_1546239435780_0.9450590170870747"},"_hasShrinkwrap":false},"0.0.3":{"name":"capabilities","version":"0.0.3","description":"Secure your Node.js application via capabilities","main":"index.js","scripts":{"pretest":"xo","test":"best -I 'test/*'"},"keywords":["capabilities","vm","security","permissions","package"],"author":{"name":"Josh Junon","email":"josh@junon.me"},"license":"MIT","xo":{"ignore":["test/acceptance-tests/**/*"]},"dependencies":{"find-package-json":"1.1.0","vm2":"3.6.4"},"devDependencies":{"@zeit/best":"0.5.1","chalk":"2.4.1","execa":"1.0.0","xo":"0.23.0"},"gitHead":"d9d5807c8f2b80829ca2bc1114d78ea6b181b08b","_id":"capabilities@0.0.3","_npmVersion":"6.4.1","_nodeVersion":"10.14.2","_npmUser":{"name":"qix","email":"i.am.qix@gmail.com"},"dist":{"integrity":"sha512-OujsOGSDquiusPuGNUmauBB9bMUQxCEGZ7BiyXCXL/ZHZbLeOQruZgtL/cFn/KRSYb9dov2LGkIG+DwYG9jbpw==","shasum":"fd36a54e15aa18e6d67e7b5f8ae371febf46a0d4","tarball":"https://registry.npmjs.org/capabilities/-/capabilities-0.0.3.tgz","fileCount":13,"unpackedSize":11388,"npm-signature":"-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJcKfKwCRA9TVsSAnZWagAAet8P/3mQ1qW0FGV6L0Vte0rS\nljB/IOitmYnARr7yOVAN3YidDbKLReqlORMU68Gm/lhUTb2JgjQJwKupYi4d\nAH5TmVJouKzqDO0EaA7ajMhGm9MI0HUnCYTD9agX/ve7joEQaYQyHJKn2NN7\nEr/nD2W+cfK/PW83Bl0GnTwY3TAX2T1uWGrWoOc4heSs4x3gYZq+wfjTobYh\nySEo+PxXzvY70Q6Az1P6Vngz8Rse+8E33yhO9y344ZR1Izwu1TAJifmwRr6E\n9w+weX6+qozp0IFVMzQOQvHX7/I2KyBjCzcx8Yf7utp1VjcPrEcgqwbVeIAv\nzE2fBbFDEMHNQvdCHZFNTcx1wTXgcsa7xU0OIQOCeXSgeqcsOUow1uZ5rXn0\nSsMAaa1aSn42I136eSRyr6Z6NLiLcBmG/tdMc1+Bqt/BFcEzBKHDQroiW8z7\nHu1PoZJzqqWE4IF5I5KRBc+tZ9K7MYqeYOdzg+F8OeFP7iwTjOehEXynFrrS\nicRB2zsVRoCrRd/22v/3cnm7oyQ4lr1UwRS/GHhsKY+9WPZo5Ej047J/+iec\nrt9JBHWiUlHbSPHZ/0rFNgqaDf/O1C5JRAMHDDjVqMwz2accfUcl4F8HWHio\nt4FMWDKKWNChqG8yDuFoBYba2N+Drd4lmHM9BViqljrEsWdsVGevXMSF+FIk\nTREY\r\n=l65S\r\n-----END PGP SIGNATURE-----\r\n","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEYCIQCw9w0q1ivdpD3BM6pheUeCBLfZwCmEXkZe9G9D1BwJvAIhAL0Tcsm7XR0CAE6xV1zesjmkGpkx/vE8HrzVI6y9miyT"}]},"maintainers":[{"name":"qix","email":"i.am.qix@gmail.com"}],"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/capabilities_0.0.3_1546252976120_0.9149386609308126"},"_hasShrinkwrap":false}},"time":{"created":"2018-12-31T04:24:39.109Z","0.0.1":"2018-12-31T04:24:39.220Z","modified":"2022-04-12T05:14:41.994Z","0.0.2":"2018-12-31T06:57:15.943Z","0.0.3":"2018-12-31T10:42:56.229Z"},"maintainers":[{"name":"qix","email":"i.am.qix@gmail.com"}],"description":"Secure your Node.js application via capabilities","keywords":["capabilities","vm","security","permissions","package"],"author":{"name":"Josh Junon","email":"josh@junon.me"},"license":"MIT","readme":"<h1 align=\"center\"><br/><br/><img src=\"asset/logo.svg\" width=\"500\" alt=\"capabilities\" /><br/><br/><br/></h1>\n\n`capabilities` is a Node.js package that allows the **whitelisting** (blacklist by default)\nof various functionality, including built-in module access, parent module privacy (hiding\ninformation about the overall application), and behavior auditing.\n\nCapabilities are granted on a per-package basis, allowing packages to 'request' capabilities\ndirectly from withing their package.json manifests.\n\n## Installation\n\n```console\n$ npm install capabilities\n```\n\n## Usage\n\n`capabilities` should only be used via `node -r`. Other forms of inclusion will result in an error.\n\n```console\n$ node -r capabilities /path/to/program.js\n```\n\n## Caveats\n\nFirst, some caveats:\n\n- We don't filter syscalls, check file permissions, or containerize anything.\n  `capabilities` is meant to get a handle on the acceptable and expected behaviors\n  of your dependencies - anything else is out of scope.\n- Preload modules (those included via `node -r`) are **not** covered by `capabilities`\n  and thus have free reign over the execution context. Be aware of this and make sure\n  you trust what you're loading.\n- The lack `console.*` capabilities do not cause code to throw if they use the console.\n  The output is instead silently ignored.\n\n## Configuration\n\n> TODO\n\n# Responsible Disclosures\n\nIf you have found a **security-related bug or vulnerability**, please do not open an issue on Github.\n\nInstead, please message [@qix](https://spectrum.chat/users/qix) on spectrum.chat so we can discuss the\ndetails.\n\n# License\n\nCopyright &copy; 2018-2019 by Josh Junon. Released under the [MIT License](LICENSE).\n","readmeFilename":"README.md"}