Checking if a JavaScript native function is monkey patched (2022)

userbinator 2 days ago | parent | next [-]

Be it for malicious intent

"malicious" according to who? Somehow this article makes me think those trying to do things like this are on the pro-DRM side, which I absolutely abhor. The slow and forceful insertion of JS where it's not needed means users will increasingly need to inject and modify JS to retain control of their experience.

▲

sneakerblack 2 days ago | parent [-]

I think this was posted because the of the recent Npm malware fiasco. The malware monkey-patched native JS functions to replace strings that matched crypto addresses in certain the fetch, and XMLHttpRequest functions:

https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com...

Considering there's no way to check whether a function is monkey-patched, this just tells me the JavaScript ecosystem was not designed with malicious actors in mind

	▲	pwdisswordfishz 2 days ago \| parent [-]
		It wasn't, but that is not why.

▲

rasz 2 days ago | parent | prev | next [-]

>// Store a reference of the original "clean" native function before any >// other script has a chance to modify it.

joke is on you, adblock loads first and there is no way you will grab unmodified functions to detect it

▲

sgammon a day ago | parent | prev | next [-]

of course one can simply monkey patch `toString`, or provide a symbol such that an object stringifies to that value, but sure

▲

1718627440 2 days ago | parent | prev [-]

What is this even good for? When someone decides you now run in a JS emulator, why should you care and try to break out?