"axios": "https://registry.npmjs.org/@putrifransiska/kwonthol36/-/kwonthol36-1.1.4.tgz"
Here it's clear that the package links to something in a weird, non-standard way. A manual review would tell you that this is not axios. "axios": "git://cdnnpmjs.com/axios"
And it becomes less clear that this is not the thing you were intending. But at least in this case, it's clear that you're hitting a git repository somewhere. What about if we update it to the following? "axios": "axiosjs/latest"
This would pull the package from GitHub, from the org named "axiosjs" and the project named "latest". This is much less clear and is part of the package.json spec [2]. Couple this with the fact that the npm website tells you the project depends on Axios, and I doubt many people would ever notice. phylum npm install <pkgName>
Happy to answer any questions about this campaign or others we've uncovered! phylum pip install <pkgName>
Really glad to see software supply chain security getting some academic, rigorous study. Backstabbers Knife was one of the first I came across, and it's been a consistent stream of papers since. phylum npm install <pkg>
To be clear, this particular package did not execute code during install, so the sandbox wouldn't have come into play, but it would have been blocked by the pre-check against Phylum's API. phylum npm install <somePkg>
Will reach out to the Phylum API to ask what we know about it (e.g., does the source have characteristics congruent with malware?), if that passes it'll then install the package from within the confines of the sandbox with limited disk, network and env access (as defined by allowed resources in the TOML file). phylum cargo build
In addition to this, we've also developed and released an open-source sandbox [3] that provides facilities for limiting access to disk, network, and environment variables. This is baked into our `npm`, `yarn`, and `pip` CLI extensions; we're working on adding it to more.
https://www.darpa.mil/program/translating-all-c-to-rust