Verdicts
The output of verdicts contain behavioural activities which could be generalized as a table of insights detected for a given npm package, where each row in the table represents a single occurrence of that behavior, with the following columns:
message: A brief description of the behavior exhibited by the packagemetadata: Details about the behavior, including the following fields:commandline: The command line used to run the packageexecutable_path: The path to the executable file for the packagefile_descriptor: The file descriptor for the package, if applicablenpm_package_name: The name of the npm packagenpm_package_version: The version of the npm packageparent_name: The name of the parent package, if applicableserver_ip: The IP address of the server used to run the packageserver_port: The port number used to run the package on the server
priority: A priority level for the vulnerability or risk, such as "high", "medium", or "low"
This table would provide an overview of the security risks associated with a given npm package, making it easier for developers to understand the potential risks and make informed decisions about whether or not to use the package in their projects.
Example:
Running lstn to jq --json | jq produces the following verdicts. Examining a portion of the output below, it can be seen that the package contextify 0.1.15 exhibits behavioral activity (spawning of npm processes and outbound network connections).
This is due to the execution of node-gyp command (in order to pull in external binaries from an external source part of the build). As this activity is not malicious in nature, the verdicts show "priority": "medium" and can be ignored if needed.
...
{
"name": "caseless",
"shasum": "1b681c21ff84033c826543090689420d187151dc",
"verdicts": [],
"version": "0.12.0"
},
{
"name": "combined-stream",
"shasum": "c3d45a8b34fd730631a110a8a2520682b31d5a7f",
"verdicts": [],
"version": "1.0.8"
},
{
"name": "contextify",
"shasum": "3d34681d14a5ccbbe609c9ee11eda206b8cf266f",
"verdicts": [
{
"message": "npm install spawned a process",
"metadata": {
"commandline": "sh -c node-gyp rebuild",
"executable_path": "/bin/sh",
"file_descriptor": "",
"npm_package_name": "contextify",
"npm_package_version": "0.1.15",
"parent_name": "node",
"server_ip": "",
"server_port": 0
},
"priority": "medium"
},
{
"message": "unexpected outbound connection destination",
"metadata": {
"commandline": "node-gyp ",
"executable_path": "/usr/local/bin/node",
"file_descriptor": "10.0.2.100:55473->104.20.23.46:0",
"npm_package_name": "contextify",
"npm_package_version": "0.1.15",
"parent_name": "",
"server_ip": "104.20.23.46",
"server_port": 0
},
"priority": "medium"
},
{
"message": "unexpected outbound connection destination",
"metadata": {
"commandline": "node-gyp ",
"executable_path": "/usr/local/bin/node",
"file_descriptor": "10.0.2.100:50471->104.20.22.46:0",
"npm_package_name": "contextify",
"npm_package_version": "0.1.15",
"parent_name": "",
"server_ip": "104.20.22.46",
"server_port": 0
},
"priority": "medium"
},
{
"message": "unexpected outbound connection destination",
"metadata": {
"commandline": "node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js rebuild",
"executable_path": "/usr/local/bin/node",
"file_descriptor": "10.0.2.100:35390->104.20.23.46:443",
"npm_package_name": "contextify",
"npm_package_version": "0.1.15",
"parent_name": "",
"server_ip": "104.20.23.46",
"server_port": 443
},
"priority": "medium"
}
],
"version": "0.1.15"
},
{
"name": "core-util-is",
"shasum": "b5fd54220aa2bc5ab57aab7140c940754503c1a7",
"verdicts": [],
"version": "1.0.2"
},
{
"name": "cssom",
"shasum": "2682709b5902e7212df529116ff788cd5b254894",
"verdicts": [],
"version": "0.2.5"
},
...