Birdcage Bug Bounty

Attack the developer during package install and steal their secret key

Steal the secret key - win the bounty

Developers are under attack. Typosquats, dependency confusion and obfuscated code are persistent threats during package installation. has built a sandbox that limits access to the filesystem, environment variables and the network. For example:

phylum npm install pkgName

The sandbox is free, open source, and built into the Phylum CLI. Both of which are available on Github.

How to participate

  1. Create an NPM package that runs a pre/post- install hook
  2. In the install hook, read the data at
  3. POST the contents of this file to the URL below. If successful, you will get a JSON response back that includes additional instructions. Note this host is only accessible from inside the CTF playground. There is no external route.

Rules of engagement

  1. A successful attack should focus on breaking out of the sandbox, and simulate an attacker exfiltrating data during package installation.
  2. To win the bounty, you must provide a detailed writeup describing how you escaped the sandbox.
  3. Do not publish your packages to NPM. This will disqualify you.

Submit a package

Phylum is here to make open source better. Please help us! Upload your malicious NPM package and attempt to escape the sandbox to steal the secret key!

There have been -- attempts to break the sandbox.