Suspicious file

finid

@julian

Ok, is that something that's supposd to be in an installation of Node.JS?

julian

Nope... and it's not part of NodeBB either (although we use it in our hosting platform, which is completely separate).

At some point, it looks like you ran sudo npm install -g request. That's why that package is installed in /usr/lib/node_modules

finid

@julian

No, I didn't install anything like that. What has me worried is the content of the public-suffix.txt in particular and all the files and directories under the tough-cookie directory. The GitHub page for that project is at https://github.com/goinstant/tough-cookie.

Is that legit?

Schamper

Looks like a legit module.

finid

@Schamper

Since that is something I did not install and it's not a part of NodeBB, I'm guessing it should be save to remove the request module. I get real edgy when I see something that I can't account for.

julian

Yeah, legit. Did it show up in your filesystem monitoring tools? If so, raise an issue on the tough-cookie issue tracker asking about the cookie.

Schamper

To be fair, request is actually a dependency of npm.
https://github.com/npm/npm/blob/master/package.json#L75

finid

Not being a Node guru and not knowing what the contents of that file should be, I had to check. Does it make any sense for that file (public-suffix.txt ) to contain a listing of more websites than I ever come across in one file?

I did check out the company behind it and they seem legit, but I still had to satisfy my paranoid self.

Schamper

@planner it's probably this file from their repo: https://github.com/goinstant/tough-cookie/blob/master/public-suffix.txt
So all should be good.

finid

@Schamper

That'll calm me down. Thanks.