A new tutorial has been added to <a href="https://github.com/step-security/supply-chain-goat/blob/main/CompromisedDependency.md" rel="nofollow">https://github.com/step-security/supply-chain-goat/blob/main...</a> to perform behavior analysis of dependencies.<p>For this a package was needed to simulate behavior of past hijacked packages. <a href="https://www.npmjs.com/package/@step-security/malware-simulator" rel="nofollow">https://www.npmjs.com/package/@step-security/malware-simulat...</a> makes an outbound call in a preinstall step.<p>You can think of the @step-security/malware-simulator package being like the EICAR file, which is used as a test file for anti-virus software.<p>Can be used to test if you can detect packages that make outbound calls, which is a common theme for hijacked packages.