Tracking Module

Module: botbait

Published: September 26th, 2017

Reported by: Adam Baldwin



Vulnerable: All
Patched: None


The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem.

botbait is known to record and track user information.

The module tracks the following information.

  • Source IP
  • process.versions
  • process.platform
  • How the module was invoked (test, require, pre-install)


This package has no functional value, and should be removed from your environment if discovered.