Injecting backdoors to NPM packages

This page summarizes the projects mentioned and recommended in the original post on dev.to
HacktoberFest Command-line apps Npm HTTP Yarn

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
Our great sponsors

  • http-server

    a simple zero-configuration command-line http server

    • For this experiment we won't even publish it to npm or anywhere else, we can just serve this file locally with http-server. This file will be accessible locally via http://127.0.0.1:8080/is-number-7.0.0.tgz.

  • lockfile-lint

    Lint an npm or yarn lockfile to analyze and detect security issues

    • An additional approach may be to use lockfile-lint, but you shouldn't just rely on this script entirely because there are other ecosystems than npm, and they may have similar issues.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts