Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "NPM Anonymous CLI Metrics Json" module is a test case designed to detect misconfigurations in the NPM (Node Package Manager) software. It focuses on the exposure of the "anonymous-cli-metrics.json" file, which contains anonymous CLI metrics data.
This module has a low severity level, indicating that the detected misconfigurations may not pose a significant risk but should still be addressed.
This module was authored by DhiyaneshDK.
If the "anonymous-cli-metrics.json" file is exposed, it may potentially leak anonymous CLI metrics data. While this data may not contain sensitive information, it is still advisable to secure the file to prevent any unintended exposure.
The "NPM Anonymous CLI Metrics Json" module works by sending HTTP requests to specific paths, namely "/anonymous-cli-metrics.json" and "/.npm/anonymous-cli-metrics.json". It then applies matching conditions to determine if misconfigurations are present.
One example of a matching condition is checking for the presence of the keywords "metricId" and "metrics" within the response. Additionally, the module verifies that the HTTP response status is 200 (OK).
By evaluating these conditions, the module can identify instances where the "anonymous-cli-metrics.json" file is exposed and potentially at risk of unauthorized access.