id: npm-cli-metrics-json

info:
  name: NPM Anonymous CLI Metrics Json
  author: DhiyaneshDK
  severity: low
  description: anonymous-cli-metrics.json internal file in NPM is exposed.
  classification:
    cpe: cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: npmjs
    product: npm
    shodan-query: html:"anonymous-cli-metrics.json"
  tags: npm,devops,exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/anonymous-cli-metrics.json"
      - "{{BaseURL}}/.npm/anonymous-cli-metrics.json"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"metricId"'
          - '"metrics"'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a004630440220476f02e3d953282b4c54404bad4d6d6d4578f7a45fc77bcbbf2bd1ab955f865e0220656d8d6d3dbc6a186cb97185bcfbd24c84f32dfb109febe07cd0b719dd6d983d:922c64590222798bb761d5b6d8e72950