@insaida/beacon 1.0.0

package/README.md

@@ -0,0 +1,39 @@
+# @insaida/beacon
+
+Canary package for security research.
+
+## Purpose
+
+This package confirms whether a JavaScript runtime can successfully import, execute, and interact with third-party packages. It is used in authorized security research.
+
+## What it does
+
+1. Lists the contents of the current working directory
+2. Writes a timestamped proof file (`.sandbox_canary_proof.txt`) to CWD
+3. Exports results for programmatic verification
+
+## What it does NOT do
+
+- No network requests
+- No system command execution
+- No file access outside the current working directory
+- No persistence mechanisms
+- No obfuscation
+
+The entire source is ~40 lines of straightforward JavaScript. Read it.
+
+## Usage
+
+```js
+import { canary } from "@insaida/beacon";
+console.log(canary.executed);    // true
+console.log(canary.writeSuccess); // true if CWD is writable
+```
+
+## Responsible Disclosure
+
+This package is part of an authorized security research effort. If you have questions, contact the author.
+
+## License
+
+MIT

package/index.js

@@ -0,0 +1,73 @@
+/**
+ * @insaida/beacon
+ *
+ * Security research canary package.
+ * Confirms package import and basic runtime capabilities
+ * in JavaScript execution environments.
+ *
+ * This package is intentionally simple and transparent.
+ * It performs no network requests, installs no hooks, and touches
+ * only the current working directory.
+ *
+ * Usage: import("npm:@insaida/sandbox-canary")
+ *
+ * What it does:
+ *   1. Reads the current working directory
+ *   2. Writes a timestamped canary file to CWD
+ *   3. Exports the result for programmatic verification
+ *
+ * Author: insaida (security researcher)
+ * License: MIT
+ */
+
+import { readFileSync, writeFileSync, readdirSync } from "node:fs";
+import { join } from "node:path";
+
+const timestamp = new Date().toISOString();
+const cwd = process.cwd();
+const canaryPath = join(cwd, ".sandbox_canary_proof.txt");
+
+// Step 1: List CWD contents
+let cwdContents = [];
+try {
+  cwdContents = readdirSync(cwd);
+} catch (e) {
+  cwdContents = [`error: ${e.message}`];
+}
+
+// Step 2: Write canary proof file
+let writeSuccess = false;
+try {
+  writeFileSync(canaryPath, [
+    "=== SANDBOX CANARY ===",
+    `Timestamp: ${timestamp}`,
+    `CWD: ${cwd}`,
+    `PID: ${process.pid}`,
+    `Platform: ${process.platform} ${process.arch}`,
+    `CWD files: ${cwdContents.length}`,
+    "",
+    "This file was written by @insaida/beacon",
+    "as part of authorized security research.",
+    "=== END ==="
+  ].join("\n"));
+  writeSuccess = true;
+} catch (e) {
+  writeSuccess = false;
+}
+
+// Step 3: Export results
+export const canary = {
+  executed: true,
+  timestamp,
+  cwd,
+  pid: process.pid,
+  platform: `${process.platform}/${process.arch}`,
+  cwdFileCount: cwdContents.length,
+  writeSuccess,
+  canaryPath: writeSuccess ? canaryPath : null,
+};
+
+// Log for stdout capture
+console.log("[CANARY] Package executed at", timestamp);
+console.log("[CANARY] CWD:", cwd, `(${cwdContents.length} files)`);
+console.log("[CANARY] Write proof:", writeSuccess ? canaryPath : "FAILED");

package/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "@insaida/beacon",
+  "version": "1.0.0",
+  "description": "Lightweight canary for security research — confirms package import, CWD access, and write capability in JavaScript runtimes.",
+  "main": "index.js",
+  "type": "module",
+  "keywords": [
+    "security-research",
+    "canary"
+  ],
+  "author": "insaida",
+  "license": "MIT"
+}