Suspicious file

finid

@julian, @baris and @psychobunny, should there be a file named public-suffix.txt in an installation of NodeBB, under the /usr/lib/node_modules/npm/node_modules/request/node_modules/tough-cookie/ directory?

Is there even a directory named tough-cookie in an installation of NodeBB?

julian

Hey @planner -- the path of the file suggests that tough-cookie is Node.js module that is a dependency of request, which is globally installed.

In fact, the path you pasted isn't even a NodeBB directory... so possibly could be an issue with the tough-cookie package.

finid

@julian

Ok, is that something that's supposd to be in an installation of Node.JS?

julian

Nope... and it's not part of NodeBB either (although we use it in our hosting platform, which is completely separate).

At some point, it looks like you ran sudo npm install -g request. That's why that package is installed in /usr/lib/node_modules

finid

@julian

No, I didn't install anything like that. What has me worried is the content of the public-suffix.txt in particular and all the files and directories under the tough-cookie directory. The GitHub page for that project is at https://github.com/goinstant/tough-cookie.

Is that legit?

Schamper

Looks like a legit module.

finid

@Schamper

Since that is something I did not install and it's not a part of NodeBB, I'm guessing it should be save to remove the request module. I get real edgy when I see something that I can't account for.

julian

Yeah, legit. Did it show up in your filesystem monitoring tools? If so, raise an issue on the tough-cookie issue tracker asking about the cookie.

Schamper

To be fair, request is actually a dependency of npm.
https://github.com/npm/npm/blob/master/package.json#L75

finid

Not being a Node guru and not knowing what the contents of that file should be, I had to check. Does it make any sense for that file (public-suffix.txt ) to contain a listing of more websites than I ever come across in one file?

I did check out the company behind it and they seem legit, but I still had to satisfy my paranoid self.

Schamper

@planner it's probably this file from their repo: https://github.com/goinstant/tough-cookie/blob/master/public-suffix.txt
So all should be good.

finid

@Schamper

That'll calm me down. Thanks.

Suspicious file

Suggested Topics

Curiousity? regarding file uploads.

How to add HTML file head tags in my custom plugin?

Which nodebb files/directories need to be persisted?

How to properly define a JS file for a plugins ACP page

NodeBB/nodebb-english has .py file in it.