SECURE NPM PACKAGES

Hackers find new ways to gain access to systems every day. The most recent approach is by infecting the so-called “developer infrastructure”. Hackers will distribute versions of (open source) libraries that contain malware. Most times in order to speed up the development time, developers will only install what they need. It leaves those malware infections undetected because standard auditing or security tools are unable to recognize those infections effectively.

Function
Internship

Educational background
Applied Science / University IT related

Experience
Student

Hours
40 hours

Location
Heerlen

Real-life examples

A standard sized project uses hundreds if not thousands of npm packages. Most of these packages are maintained as open source projects, which means you can view their internal workings. What you said is what you get, right? Well, not really. The code is there for you to see, but it does not mean that it is the same code as the one that was distributed as the npm package. This article for example explains how easy it is to exploit developer infrastructure. Other interesting example is covered in this article that explains how hackers can easily harvest creditcard numbers and passwords from a site.

What will you do?

Together with you we want to investigate if it is possible to write a tool that can effectively recognize these malware infections within npm packages. Currently, there is a tool available that will audit all your npm packages,but it does not properly inspect the code that is being used when you download the dependency. It will be your challenge to come up with a tool that is able to determine if the package that has been downloaded is the same package that you see online.

Who are we looking for?

  • You study Computer Science / IT (or related) at a bachelor or master level
  • You have strong analytical skills
  • You have strong communication skillss
  • You are a team player
  • You have an enthusiastic and motivated attitude
  • No 9 to 5 mentality
Challenging projects

Freedom & flexibility

International clients

Awesome colleagues

Responsibilities

Personal development

New technologies

Knowledge & expertise

Want to apply?

Are you interested in this internship? Please fill in the form on the right or send your resume and motivation letter to Kim Engelen via email solliciteren@mediaan.nl.

Got any questions?

Do you have questions about the internship? Please feel free to contact Kim Engelen by phone +31(0)45 571 83 55 or by email: solliciteren@mediaan.nl.