@mailpoet/components 0.0.1-security → 1.0.1768733149

package/README.md

@@ -1,5 +1,11 @@
-# Security holding package
+# Security Research Package
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+**Package**: @mailpoet/components
+**Version**: 1.0.1768733149
+**Purpose**: Authorized dependency confusion testing
 
-Please refer to www.npmjs.com/advisories?search=%40mailpoet%2Fcomponents for more information.
+This package was published as part of authorized security research.
+
+If you're seeing this package installed in your project, your build system may be vulnerable to dependency confusion attacks.
+
+Contact your security team immediately.

package/index.js

@@ -0,0 +1,7 @@
+console.log('[Security Research] Public package @mailpoet/components@1.0.1768733149 loaded');
+console.log('[Security Research] This is a proof-of-concept for dependency confusion testing');
+module.exports = {
+  packageName: '@mailpoet/components',
+  version: '1.0.1768733149',
+  message: 'Security research package - authorized testing'
+};

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "@mailpoet/components",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.1768733149",
+  "description": "Security research package - components",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "echo '[Security Research] Package @mailpoet/components was installed from public registry'"
+  },
+  "keywords": ["security-research"],
+  "author": "Security Researcher",
+  "license": "ISC"
 }