Tracking Module

Module: botbait

Published: September 26th, 2017

Reported by: Adam Baldwin

CVE-NONE

CWE-200

Vulnerable: All
Patched: None

Overview

The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem.

botbait is known to record and track user information.

The module tracks the following information.

  • Source IP
  • process.versions
  • process.platform
  • How the module was invoked (test, require, pre-install)

Remediation

This package has no functional value, and should be removed from your environment if discovered.