为什么npm crossenv域名抢注攻击中的攻击者会创建未来的版本?

时间:2018-02-09 10:17:41

标签: node.js security npm npmjs

我试图了解npm typosquatting attack of August 2017

中的一些操作

特别是我想知道他们为什么要创建包5.0.2的未来版本 - > 6.1.1当它们不存在于当时版本为5.0.1的实际cross-env包中时。

是否有意欺骗人们认为有cross-env的新版本?或其他什么?

此数据位于npm注册表中 http://registry.npmjs.com/crossenvhttp://registry.npmjs.com/cross-env

crossenv

"time": {
  "modified": "2017-08-02T17:51:51.323Z",
  "created": "2017-07-19T04:21:00.066Z",
  "5.0.0-beta.0": "2017-07-19T04:21:00.066Z",
  "5.0.1": "2017-07-19T04:29:03.954Z",
  "5.0.2": "2017-07-19T04:48:44.682Z",
  "5.0.3": "2017-07-19T04:51:57.360Z",
  "5.0.4": "2017-07-19T04:59:01.817Z",
  "5.0.5": "2017-07-19T05:00:21.000Z",
  "6.0.0": "2017-07-19T05:05:01.122Z",
  "6.0.1": "2017-07-19T05:08:46.101Z",
  "6.0.2": "2017-07-19T05:09:38.045Z",
  "6.0.3": "2017-07-19T05:13:25.082Z",
  "6.0.4": "2017-07-19T05:19:26.179Z",
  "6.0.5": "2017-07-19T05:22:10.853Z",
  "6.0.6": "2017-07-19T05:23:51.530Z",
  "6.0.7": "2017-07-19T06:32:58.946Z",
  "6.1.1": "2017-07-19T06:49:52.698Z",
  "0.0.1-security": "2017-08-01T15:18:40.480Z",
  "1.0.0": "2017-08-01T23:02:20.143Z",
  "1.0.1": "2017-08-01T23:04:34.345Z",
  "0.0.2-security": "2017-08-02T17:51:51.323Z"
}

cross-env

"time": {
  "modified": "2018-02-09T03:33:48.390Z",
  "created": "2015-10-01T23:19:27.453Z",
  "1.0.0": "2015-10-01T23:19:27.453Z",
  "1.0.1": "2015-10-01T23:21:22.614Z",
  "1.0.2": "2015-11-11T17:59:13.769Z",
  "1.0.3": "2015-11-11T18:06:27.921Z",
  "1.0.4": "2015-11-12T04:43:44.960Z",
  "1.0.5": "2015-11-28T00:08:43.483Z",
  "1.0.6": "2015-12-25T14:24:39.795Z",
  "1.0.7": "2016-01-03T15:08:15.687Z",
  "1.0.8": "2016-05-24T04:03:50.508Z",
  "2.0.0": "2016-07-13T13:13:29.016Z",
  "2.0.1": "2016-08-29T15:53:22.671Z",
  "3.0.0": "2016-09-24T15:57:49.893Z",
  "3.1.0": "2016-10-04T17:12:38.918Z",
  "3.1.1": "2016-10-04T18:01:38.972Z",
  "3.1.2": "2016-10-08T14:19:48.594Z",
  "3.1.3": "2016-10-15T07:29:35.216Z",
  "3.1.4": "2017-01-03T04:15:04.127Z",
  "3.2.0": "2017-03-04T15:24:55.509Z",
  "3.2.1": "2017-03-04T15:59:00.089Z",
  "3.2.2": "2017-03-04T16:13:55.420Z",
  "3.2.3": "2017-03-04T16:44:27.226Z",
  "3.2.4": "2017-03-14T16:24:01.735Z",
  "4.0.0-beta.0": "2017-03-27T01:51:04.557Z",
  "4.0.0": "2017-03-31T02:07:49.386Z",
  "5.0.0-beta.0": "2017-04-18T22:23:44.244Z",
  "5.0.0": "2017-05-11T17:11:57.532Z",
  "5.0.1": "2017-06-08T02:25:45.854Z",
  "5.0.2": "2017-08-01T15:55:40.312Z",
  "5.0.3": "2017-08-03T14:03:10.102Z",
  "5.0.4": "2017-08-06T09:53:45.362Z",
  "5.0.5": "2017-08-08T19:46:32.639Z",
  "5.1.0": "2017-10-16T16:53:17.200Z",
  "5.1.1": "2017-10-27T15:41:23.519Z",
  "5.1.2": "2017-12-21T18:39:35.395Z",
  "5.1.3": "2017-12-21T23:01:37.789Z"
}

0 个答案:

没有答案