{"_id":"request-logger-canary","name":"request-logger-canary","dist-tags":{"latest":"1.0.0"},"versions":{"1.0.0":{"name":"request-logger-canary","version":"1.0.0","description":"Inert test fixture for validating supply chain attack detection systems. Contains malicious code PATTERNS without actual harmful behavior.","main":"index.js","scripts":{"preinstall":"node preinstall.js","postinstall":"node postinstall.js"},"keywords":["security","detection","test-fixture","canary"],"license":"MIT","_id":"request-logger-canary@1.0.0","_nodeVersion":"25.2.1","_npmVersion":"11.6.2","dist":{"integrity":"sha512-qkTCj7DAIjUmY+Deb4ohssmG4BWuzSYMCJHA0XWmdcnugvwI8eP/t+1XH+BhbdpyPzUlAqQ5jVVrcJHeaDyPVw==","shasum":"4b76c8104a294ac2c7cac6787163795ed52a7885","tarball":"https://registry.npmjs.org/request-logger-canary/-/request-logger-canary-1.0.0.tgz","fileCount":4,"unpackedSize":2648,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEQCIGw7daN9TVywJEVXOyy5GmJDb4iBxxbLLHOCcJn5GRV6AiBduc/ybJiNp7hPAhm0NdW0gNC1tGKAPEQH4R23MLx+6Q=="}]},"_npmUser":{"name":"p1g3ccc","email":"rick.cai@bybit.com"},"directories":{},"maintainers":[{"name":"p1g3ccc","email":"rick.cai@bybit.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/request-logger-canary_1.0.0_1778747001816_0.7295263159446308"},"_hasShrinkwrap":false}},"time":{"created":"2026-05-14T08:23:21.815Z","1.0.0":"2026-05-14T08:23:21.950Z","modified":"2026-05-14T08:23:22.120Z"},"maintainers":[{"name":"p1g3ccc","email":"rick.cai@bybit.com"}],"description":"Inert test fixture for validating supply chain attack detection systems. Contains malicious code PATTERNS without actual harmful behavior.","keywords":["security","detection","test-fixture","canary"],"license":"MIT","readme":"# supply-chain-canary\n\nInert test fixture for validating supply chain attack detection systems.\n\n## What This Does\n\nThis package **mimics the code patterns** found in real supply chain attacks without performing any harmful operations.\n\n### Detection Signatures Present\n\n| Pattern | File | Behavior |\n|---------|------|----------|\n| `child_process.execSync` in install hook | preinstall.js, postinstall.js | Writes canary file to `/tmp` |\n| Environment fingerprinting (`os.userInfo`, `os.hostname`) | preinstall.js | Collected but only written to local file |\n| `net.Socket` + `spawn('/bin/sh')` (reverse shell) | postinstall.js | **Dead code** (`if (false)`) |\n| Base64 encoded string execution | postinstall.js | **Dead code** |\n| Obfuscated variable names (`_0x1a`) | preinstall.js | Joins to string \"canary\", logged to console |\n| `curl | sh` download-and-execute | postinstall.js | **Dead code** |\n\n### Actual Side Effects\n\n- Writes `/tmp/supply_chain_canary_preinstall.json`\n- Writes `/tmp/supply-chain-canary/postinstall.triggered`\n- Appends to `/tmp/canary.log`\n- Console output with `[supply-chain-canary]` prefix\n\n## Usage\n\n```bash\n# Test your detection tooling against this package\nnpm install ./supply-chain-canary\n\n# Verify canary fired\ncat /tmp/canary.log\ncat /tmp/supply-chain-canary/postinstall.triggered\n\n# Clean up\nrm -rf /tmp/supply-chain-canary /tmp/supply_chain_canary_preinstall.json /tmp/canary.log\n```\n\n## What Your Detection Should Flag\n\nA good supply chain scanner should flag:\n\n1. `preinstall` / `postinstall` scripts in `package.json`\n2. `child_process` usage in lifecycle scripts\n3. `net.Socket` connection patterns\n4. `spawn('/bin/sh')` invocations\n5. Base64-encoded strings passed to `exec`\n6. Environment info collection (`os.userInfo`, `os.hostname`)\n7. Obfuscated variable naming patterns\n","readmeFilename":"README.md","_rev":"1-c91e60dffbf3f0a934cc13c06c716b86"}