Similar to the EICAR anti-virus simulator file. Use it to test your defenses. This package makes an outbound call to www.stepsecurity.io as part of the pre-install step.
npm install @step-security/malware-simulatorTo simulate behavior of past compromised packages, StepSecurity has created a package called @step-security/malware-simulator. The simulator is NOT actual malware; the package just makes an outbound call to www.stepsecurity.io in a preinstall step
This package can be used by developers to:
1. Understand how malicious packages make outbound calls as part of the install steps
2. How the Harden-Runner GitHub Action can find this behavior (tutorial)
3. Use as a test package for your applications – to check if defenses are working as expected
You can think of the @step-security/malware-simulator being similar to the EICAR anti-virus simulator file, which is used as a test file for anti-virus software.