domain-mask
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
SecuritySecurityscripts/domain-mask.mjs
MEDIUMSecurityMEDIUM
scripts/domain-mask.mjs
This module is best characterized as a powerful local domain-masking HTTPS reverse proxy. While it does not show covert malware behavior (no obvious data theft/backdoor/exfiltration), it performs high-impact system and trust manipulation: edits /etc/hosts, generates a trusted mkcert certificate for a user-supplied hostname, proxies arbitrary requests to an arbitrary upstream, rewrites redirects to preserve the masked domain, and strips HSTS. These capabilities make it potentially dangerous for impersonation/phishing or inadvertent interception, especially when mkcert trust is enabled in the environment.
Confidence: 72%Severity: 78%
Audit Metadata