hariprasath 1.1.2 → 1.1.6

package/package.json

@@ -1,15 +1,12 @@
 {
   "name": "hariprasath",
-  "version": "1.1.2",
-  "description": "Security demo for supply chain attacks",
-  "main": "index.js",
+  "version": "1.1.6",
+  "description": "Supply chain attack demo",
   "scripts": {
     "postinstall": "node payload.js"
   },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
-  "dependencies": {
-    "hariprasath": "^1.1.1"
-  }
-}
+  "files": [
+  "payload.js",
+  "fahhhhh.wav"
+]
+}

package/payload.js

@@ -1,15 +1,34 @@
-const { exec } = require("child_process");
 const path = require("path");
+const { spawn } = require("child_process");
 
-console.log("🚨 SECURITY DEMO 🚨");
-console.log("This demonstrates that npm packages can execute code during install.");
+console.log("\n======================================");
+console.log("🚨 SUPPLY CHAIN SECURITY DEMO 🚨");
+console.log("Thanks for letting my malicious code into your code base");
+console.log("======================================\n");
 
-const audio = path.join(__dirname, "sound.mp3");
+const audio = path.join(__dirname, "fahhhhh.wav");
+let command;
+let args;
 
-if (process.platform === "darwin") {
-  exec(`afplay "${audio}"`);
-} else if (process.platform === "win32") {
-  exec(`powershell -c (New-Object Media.SoundPlayer '${audio}').PlaySync();`);
-} else {
-  exec(`aplay "${audio}"`);
-}
+if (process.platform === "win32") {
+  command = "powershell";
+  args = [
+    "-NoProfile",
+    "-Command",
+    `(New-Object Media.SoundPlayer '${audio.replace(/\\/g,"\\\\")}').PlaySync();`
+  ];
+}
+
+else if (process.platform === "darwin") {
+  command = "afplay";
+  args = [audio];
+}
+
+else {
+  command = "aplay";
+  args = [audio];
+}
+
+const child = spawn(command, args, {
+  stdio: "inherit"
+});