Subscribe to get notified when we publish new security blog posts.
A potential security risk in the npm ecosystem known as "manifest confusion" has recently been spotlighted by Darcy Clarke, former Staff Engineering Manager at GitHub.
Manifest confusion – a disparity between a package's manifest and its tarball contents – allows an attacker to include hidden install scripts and even entire hidden dependencies within a package. These hidden scripts and dependencies won’t show up on the npm website or in most security tools, even though they will be installed by the npm CLI. But don't worry – Socket has got you covered!
"Manifest confusion" refers to the fact that in the npm ecosystem, a package's manifest and its tarball are published independently. They are never fully validated against each other, making it possible for bad actors to hide malicious code and scripts. The npm registry has historically trusted the client for data validation, opening the door to potential misuse.
What's more, this issue isn't limited to the npm registry. It also affects various third-party organizations, package managers, and security tools - essentially, any tool or insight that uses the public registry.
As Darcy's original post puts it:
We're proud to share that Socket users can rest easy. We have been protecting you against "manifest confusion" since September 2022!
The Socket research team independently discovered this issue and implemented a fix promptly on September 5, 2022. Since then, all dependency analysis on Socket has been using the correct manifest file - the package.json inside the tarball - aligning perfectly with the installation behavior of every major package manager. This means any attempt to exploit the "manifest confusion" technique will not evade Socket’s analysis.
Additionally, we've made sure that our public package pages, such as this page for left-pad, now also use the correct data source.
In light of the publicity this technique is now receiving, we have deployed a new proactive detection. This means that if one of your dependencies attempts to use this technique, Socket will send you a critical security alert.
Existing Socket users can get protected by enabling the new "Manifest Confusion" detection in your Socket dashboard settings. We expect to enable this detection by default for all Socket users later this week.
If you're not using Socket, we encourage you to ensure that your security tooling use the package's contents for metadata. In all likelihood, your SCA tool does not handle this correctly. Without throwing any specific security vendors under the bus, we'll just share that literally none of the popular dependency security tools we have tested actually handle this issue correctly.
Darcy Clarke's discovery has emphasized the often-overlooked issue of data quality in software composition analysis (SCA) tooling. Many SCA tools take shortcuts, failing to understand the npm package installation process, which leads to missing entire dependencies.
While we won't point fingers, we want to stress the importance of rigorous, thorough tooling that evolves with the software landscape. At Socket, we strive for nothing less.
To immediately protect your projects, install Socket for free from the GitHub Marketplace. The install process takes 2-3 clicks and it starts working right away – no configuration necessary. Or, schedule a demo with an expert on our team.
Our team appreciates the community's efforts in surfacing these potential threats. Together, we can ensure a secure, efficient, and transparent software ecosystem.
The Socket Security Team
Socket Security Scan
Socket AI detected a malicious package on PyPI that had an abnormally high potential impact and the Socket security researchers investigated finding malicious behavior.