Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
express-fingerprint-fullgeoip
Advanced tools
Fingerprint express middleware
https://w3c.github.io/fingerprinting-guidance/#bib-NDSS-FINGERPRINTING
Passive fingerprinting is browser fingerprinting based on characteristics observable in the contents of Web requests, without the use of any code executing on the client side.
Passive fingerprinting would trivially include cookies (often unique identifiers sent in HTTP requests) and the set of HTTP request headers and the IP address and other network-level information. The User-Agent string, for example, is an HTTP request header that typically identifies the browser, renderer, version and operating system. For some populations, the user agent string and IP address will commonly uniquely identify a particular user's browser.
Default implementation is Never trust clients, So collect only server-side information.
But you can push additional parameter with initialization config.
TODO
Implement this: http://research.microsoft.com/pubs/156901/ndss2012.pdf
Installation
npm install express-fingerprint
Usage
As a Express middleware
var Fingerprint = require('express-fingerprint')
app.use(Fingerprint({
parameters:[
// Defaults
Fingerprint.useragent,
Fingerprint.acceptHeaders,
Fingerprint.geoip,
// Additional parameters
function(next) {
// ...do something...
next(null,{
'param1':'value1'
})
},
function(next) {
// ...do something...
next(null,{
'param2':'value2'
})
},
]
}))
app.get('*',function(req,res,next) {
// Fingerprint object
console.log(req.fingerprint)
})
req.fingerprint object is like below.
{
"hash": "bd767932c289b92b4de510f4c4d48246",
"components": {
"useragent": {
"browser": {
"family": "Chrome",
"version": "50"
},
"device": {
"family": "Other",
"version": "0"
},
"os": {
"family": "Mac OS",
"major": "10",
"minor":"11"
},
"acceptHeaders": {
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"encoding": "gzip, deflate, sdch",
"language": "en-US,en;q=0.8"
},
"geoip": {
"country": "US",
"region": "CA",
"city": "San Francisco"
},
"param1": "value1",
"param2": "value2"
}
}
List of fingerprinting sources
- User Agent
- HTTP_ACCEPT Headers
- GEO-ip
License
MIT
FAQs
Client fingerprint server implementation.
We found that express-fingerprint-fullgeoip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Apr 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025