{"_id":"suspicious-package","name":"suspicious-package","dist-tags":{"latest":"0.1.0"},"versions":{"0.1.0":{"name":"suspicious-package","version":"0.1.0","description":"Intentionally suspicious npm package for evaluating supply-chain security scanners.","main":"index.js","type":"module","scripts":{"postinstall":"node scripts/postinstall.js","test":"node -e \"import('./index.js').then(() => console.log('ok'))\""},"keywords":["research","security","supply-chain","test-fixture"],"author":{"name":"research fixture"},"license":"MIT","engines":{"node":">=22"},"gitHead":"af27ef9c13c498c2c64950fe1e09a621bca8093f","_id":"suspicious-package@0.1.0","_nodeVersion":"25.2.1","_npmVersion":"11.6.2","dist":{"integrity":"sha512-DBN2ltM5OzZuieb6z6HJ518NoSAHAc70fGEbYag5sEgiUYOUHyP+Y34Pijcj3Hy8+j/SqtPr3VwNJXDjU+v2LQ==","shasum":"027edb9de90869d68e4647dc9c4d07b1ffc64ce6","tarball":"https://registry.npmjs.org/suspicious-package/-/suspicious-package-0.1.0.tgz","fileCount":8,"unpackedSize":6896,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEYCIQDN8Pi7p7RROpV+iGcCcztHMpJWfKobhQrN6IMd0We98gIhAJY1LVkHN3asQ7zsto2LfbUd8Ab0ZCLK9slTIRmIFKWz"}]},"_npmUser":{"name":"hyrsky","email":"santeri@oikeuttaelaimille.fi"},"directories":{},"maintainers":[{"name":"hyrsky","email":"santeri@oikeuttaelaimille.fi"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/suspicious-package_0.1.0_1777963808634_0.4422174491242399"},"_hasShrinkwrap":false}},"time":{"created":"2026-05-05T06:50:08.561Z","0.1.0":"2026-05-05T06:50:08.783Z","modified":"2026-05-05T06:50:09.580Z"},"maintainers":[{"name":"hyrsky","email":"santeri@oikeuttaelaimille.fi"}],"description":"Intentionally suspicious npm package for evaluating supply-chain security scanners.","keywords":["research","security","supply-chain","test-fixture"],"author":{"name":"research fixture"},"license":"MIT","readme":"# suspicious-package\n\n> ⚠️ **RESEARCH FIXTURE**\n>\n> This package intentionally exhibits behaviors typical of malicious npm\n> packages. It exists solely to evaluate supply-chain security scanners\n\n## What it does\n\nWhen installed, npm runs `scripts/postinstall.js`. That script simulates a\nsupply-chain attack and exercises suspicious **runtime behaviors** without\ndoing anything malicious. A behavioral scanner is expected to catch these\nactions\n\n| Behavior simulated                                                        | Where in the code      |\n|---------------------------------------------------------------------------|------------------------|\n| System fingerprinting (hostname, user, network interfaces, CPU, memory)   | `fingerprintHost()`    |\n| Sensitive file recon (`~/.ssh`, `~/.aws/credentials`, …)                  | `readSensitiveFiles()` |\n| Environment-variable harvesting (`NPM_TOKEN`, `GITHUB_TOKEN`, `AWS_*`, …) | `harvestEnv()`         |\n| Child-process recon (`whoami`, `id`, `uname -a`, `ifconfig`)              | `shellRecon()`         |\n| Outbound HTTPS POST of the collected payload                              | `exfiltrate()`         |\n","readmeFilename":"README.md","_rev":"1-a92b8ecdc1ec9cb0af58ca76b570a5b3"}