Applied Science / University IT related
A standard sized project uses hundreds if not thousands of npm packages. Most of these packages are maintained as open source projects, which means you can view their internal workings. What you said is what you get, right? Well, not really. The code is there for you to see, but it does not mean that it is the same code as the one that was distributed as the npm package. This article for example explains how easy it is to exploit developer infrastructure. Other interesting example is covered in this article that explains how hackers can easily harvest creditcard numbers and passwords from a site.
Together with you we want to investigate if it is possible to write a tool that can effectively recognize these malware infections within npm packages. Currently, there is a tool available that will audit all your npm packages,but it does not properly inspect the code that is being used when you download the dependency. It will be your challenge to come up with a tool that is able to determine if the package that has been downloaded is the same package that you see online.
Are you interested in this internship? Please fill in the form on the right or send your resume and motivation letter to Kim Engelen via email firstname.lastname@example.org.
Do you have questions about the internship? Please feel free to contact Kim Engelen by phone +31(0)45 571 83 55 or by email: email@example.com.