networkAccess

Flags code paths that can initiate outbound network connections (HTTP requests, raw sockets, DNS, etc.).

Implemented in: src/lib/detection/plugins/network-access.ts
Enabled by default: yes

What it means

The package contains code that can communicate with hosts outside the local machine.

Why it matters

Network capability is often required for legitimate features, but it also enables:

• data exfiltration (tokens, .npmrc, env vars)
• remote payload download/execution
• beaconing to attacker infrastructure

What to do

• Identify the destination(s) and why they’re needed.
• Check whether the network calls happen on import / install / runtime hot paths.
• Prefer allowing-listing known domains and disabling unexpected telemetry where possible.

Common fields

• filePath, lineStart/lineEnd, codeSnippet (when matched via AST/static patterns)
• metadata may include the API/pattern that triggered the alert