Typosquat npm package `lodahs` beaconing during CI build — secrets at risk
A hard Cybersecurity scenario on Supply Chain Package.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · supply-chain-typosquat-lodahs
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Typosquat dependency triage
- Developer-side supply-chain hygiene
- Supply Chain Compromise · Initial AccessT1195 · TA0001MappedHigh confidence
Trains supply-chain triage when a developer installs a look-alike package.
- File AnalysisD3-FAMappedHigh confidence
Trains static-analysis triage of the suspicious dependency.
- Service Binary VerificationD3-SBVMappedMedium confidence
Trains binary-verification reasoning for developer-side components.
- Supply Chain Risk Management · IdentifyID.SC · IDMappedHigh confidence
Trains the supply-chain risk baseline the scenario centers on.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains dependency-level evidence triage.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains dependency-removal and key-rotation workflow.
- Hardware and Software Approval Process2.NMappedHigh confidence
Trains the approval-process baseline that limits typosquat installs.
- Vendor/Supplier Cybersecurity Requirements2.RMappedMedium confidence
Trains the third-party requirements posture.
- Application Software SecurityControl 16MappedHigh confidence
Trains the application-software control the scenario exercises.
- Service Provider ManagementControl 15MappedMedium confidence
Trains the third-party provider control.