id: npm-cli-metrics-json

info:
  name: NPM Anonymous CLI Metrics Json
  author: DhiyaneshDK
  severity: low
  description: anonymous-cli-metrics.json internal file in NPM is exposed.
  metadata:
    verified: true
    max-request: 2
    shodan-query: html:"anonymous-cli-metrics.json"
  tags: npm,devops,exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/anonymous-cli-metrics.json"
      - "{{BaseURL}}/.npm/anonymous-cli-metrics.json"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"metricId"'
          - '"metrics"'
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100eaf7f16886772d6881b4d42ae77c8b6616b04a7e28180a7bed7e15c3337ede25022100ab13085332c05794eef6e9bbdb40f9535a23bccd1649782c36159e906d7abac3:922c64590222798bb761d5b6d8e72950