Suspicious file
-
@julian, @baris and @psychobunny, should there be a file named public-suffix.txt in an installation of NodeBB, under the /usr/lib/node_modules/npm/node_modules/request/node_modules/tough-cookie/ directory?
Is there even a directory named tough-cookie in an installation of NodeBB?
-
Hey @planner -- the path of the file suggests that
tough-cookieis Node.js module that is a dependency ofrequest, which is globally installed.In fact, the path you pasted isn't even a NodeBB directory... so possibly could be an issue with the
tough-cookiepackage.
-
Ok, is that something that's supposd to be in an installation of Node.JS?
-
Nope... and it's not part of NodeBB either (although we use it in our hosting platform, which is completely separate).
At some point, it looks like you ran
sudo npm install -g request. That's why that package is installed in/usr/lib/node_modules
-
No, I didn't install anything like that. What has me worried is the content of the public-suffix.txt in particular and all the files and directories under the tough-cookie directory. The GitHub page for that project is at https://github.com/goinstant/tough-cookie.
Is that legit?
-
Looks like a legit module.
-
Since that is something I did not install and it's not a part of NodeBB, I'm guessing it should be save to remove the request module. I get real edgy when I see something that I can't account for.
-
Yeah, legit. Did it show up in your filesystem monitoring tools? If so, raise an issue on the tough-cookie issue tracker asking about the cookie.
-
To be fair, request is actually a dependency of npm.
https://github.com/npm/npm/blob/master/package.json#L75
-
Not being a Node guru and not knowing what the contents of that file should be, I had to check. Does it make any sense for that file (public-suffix.txt ) to contain a listing of more websites than I ever come across in one file?
I did check out the company behind it and they seem legit, but I still had to satisfy my paranoid self.
-
@planner it's probably this file from their repo: https://github.com/goinstant/tough-cookie/blob/master/public-suffix.txt
So all should be good.
-
That'll calm me down. Thanks.
