Checking if a JavaScript native function is monkey patched (2022)

Posted by aragonite 6 days ago

Checking if a JavaScript native function is monkey patched (2022)(mmazzarolo.com)

16 points | 6 comments

rasz 3 days ago|

>// Store a reference of the original "clean" native function before any >// other script has a chance to modify it.

joke is on you, adblock loads first and there is no way you will grab unmodified functions to detect it

userbinator 3 days ago||

Be it for malicious intent

"malicious" according to who? Somehow this article makes me think those trying to do things like this are on the pro-DRM side, which I absolutely abhor. The slow and forceful insertion of JS where it's not needed means users will increasingly need to inject and modify JS to retain control of their experience.

sneakerblack 3 days ago|

I think this was posted because the of the recent Npm malware fiasco. The malware monkey-patched native JS functions to replace strings that matched crypto addresses in certain the fetch, and XMLHttpRequest functions:

https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com...

Considering there's no way to check whether a function is monkey-patched, this just tells me the JavaScript ecosystem was not designed with malicious actors in mind

pwdisswordfishz 2 days ago||

It wasn't, but that is not why.

sgammon 2 days ago||

of course one can simply monkey patch `toString`, or provide a symbol such that an object stringifies to that value, but sure

1718627440 3 days ago|

What is this even good for? When someone decides you now run in a JS emulator, why should you care and try to break out?