Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@hettiger/ngx-spa-honeypot
Advanced tools
Angular Frontend Companion Library for hettiger/spa-honeypot
Angular Frontend Companion Library for the Laravel PHP package hettiger/spa-honeypot.
This project was generated with Angular CLI version 14.2.3.
Run ng serve demo
for a dev server. Navigate to http://localhost:4200/
. The application will automatically reload if you change any of the source files.
Run ng generate component component-name
to generate a new component. You can also use ng generate directive|pipe|service|class|guard|interface|enum|module
.
Run npm run build
to build the project. The build artifacts will be stored in the dist/
directory.
Don't run
ng build
manually. There are additional pre- and post-build-steps involved.
Run ng test
to execute the unit tests via Karma.
Run npm run publish
to build and publish the project.
To get more help on the Angular CLI use ng help
or go check out the Angular CLI Overview and Command Reference page.
Without any customization on the backend configuration can be skipped entirely. However, a configuration may be required when customization takes place. Apply your configuration as follows:
import { SPA_HONEYPOT_CONFIG, SpaHoneypotConfig } from 'ngx-spa-honeypot';
@NgModule({
providers: [
{
provide: SPA_HONEYPOT_CONFIG,
useFactory: (): SpaHoneypotConfig => ({
domainTokenRoutePathMap: {
'api.domain.tld': 'token',
},
}),
},
],
// …
})
export class AppModule {}
See
SpaHoneypotConfig
for documentation on individual configuration values.
There are numerous ways to add a honeypot field which is actually a good thing. This package does not try to provide a one size fits all solution because bots could easily optimize for that. Instead, you should simply add your honeypot fields exactly the same way that you would add any other form field. However, there are some things to consider:
first-child
CSS selector)tabindex="-1"
attribute so users don't navigate to the honeypot field using the Tab
keyautocomplete="off"
attribute when applicable so browsers don't fill out the honeypot fieldTime based anti SPAM protection relies on a custom HTTP header that needs to be sent with each form request.
This package uses a directive and an HTTP interceptor to make this as convenient as possible.
Simply add the action
attribute to each form element that should be protected:
<form
action="https://api.domain.tld/api/endpoint"
novalidate
(ngSubmit)="onSubmit()"
>
<!-- Form Controls … -->
</form>
Don't forget to protect the API endpoint using the
form
orform.token
middleware. (Or using the@requireFormToken
directive when you're calling a Lighthouse GraphQL API.)
FAQs
Angular Frontend Companion Library for hettiger/spa-honeypot
The npm package @hettiger/ngx-spa-honeypot receives a total of 0 weekly downloads. As such, @hettiger/ngx-spa-honeypot popularity was classified as not popular.
We found that @hettiger/ngx-spa-honeypot demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.