npm
Sign UpSign In

@fast-check/poisoning
TypeScript icon, indicating that this package has built-in type declarations

0.2.0 • Public • Published

@fast-check/poisoning

fast-check logo

Set of utilities to ease detection and revert of poisoning

npm version monthly downloads License

Why?

In JavaScript, "prototype poisoning" is one of the most common source for CVEs or zero days. It allows attackers to change the behaviour of some defaults like Array.prototype.map, Map, Set... so that they behave differently and can be leveraged for evil stuffs. This package can be used in addition to fast-check in order to detect poisoning that may occur during your property based tests.

Easy to use

The package comes with:

  • assertNoPoisoning: assert that the defaults known when first importing the package in your code have not been changed
  • restoreGlobals: restore the defaults so that any change that could have been detected by assertNoPoisoning will be resolved

Minimal requirements

  • Node ≥12.17.0

Dependencies (0)

    Dev Dependencies (9)

    Package Sidebar

    Install

    npm i @fast-check/poisoning

    Repository

    github.com/dubzzz/fast-check

    Homepage

    github.com/dubzzz/fast-check/tree/main/packages/poisoning#readme

    Fund this package

    Weekly Downloads

    138

    Version

    0.2.0

    License

    MIT

    Unpacked Size

    49.7 kB

    Total Files

    37

    Last publish

    Collaborators

    • ndubien
    Try on RunKit
    Report malware